Initial changes for the ICPC World Finals in Baku #189
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -33,26 +33,69 @@ | |
| src: chroot-list | ||
| dest: /tmp/dj_ansible/ | ||
|
|
||
| - name: Check if pc2packages key is already in ubuntu-archive-keyring.gpg | ||
| ansible.builtin.shell: | | ||
| gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg --list-keys --with-colons | \ | ||
| grep -q "$(gpg --show-keys --with-colons /etc/apt/trusted.gpg.d/pc2packages.asc | grep '^fpr:' | head -1 | cut -d: -f10)" | ||
| register: key_exists | ||
| failed_when: false | ||
| changed_when: false | ||
| check_mode: false | ||
| when: ICPC_IMAGE | ||
|
There was a problem hiding this comment. Let's put this in a block? All the next statements depend on the ICPC_IMAGE boolean. |
||
|
|
||
| - name: Add pc2packages key to ubuntu-archive-keyring.gpg | ||
|
There was a problem hiding this comment. Isn't the whole idea of the There was a problem hiding this comment. We need this for the chroot, not for There was a problem hiding this comment. So it should be passed to the There was a problem hiding this comment. If we can create a gpg store with all needed keys (maybe it's only the pc2 one), sure. I don't have time to fix this in the next couple of weeks so feel free to try and improve. At least this works for now. |
||
| ansible.builtin.shell: | | ||
| gpg --no-default-keyring --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg --import /etc/apt/trusted.gpg.d/pc2packages.asc | ||
| when: | ||
| - ICPC_IMAGE | ||
| - key_exists.rc != 0 | ||
|
|
||
| - name: Create chroot | ||
| shell: "set -o pipefail && | ||
| {{ DJ_DIR }}/misc-tools/dj_make_chroot -y -H | ||
| -i openjdk-21-jdk-headless | ||
| -l \"$(ls /tmp/dj_ansible/install-chroot/*.deb 2>/dev/null | tr '\n' ',')\" | ||
| -s \"$(ls /tmp/dj_ansible/chroot-list/*.list 2>/dev/null | tr '\n' ',')\" | ||
| 2>&1 | tee /tmp/dj_make_chroot.log; | ||
| grep '^Done building chroot in' /tmp/dj_make_chroot.log" | ||
| environment: | ||
| DEBMIRROR: "{%- if WF_RESTRICTED_NETWORK and ICPC_IMAGE -%}https://packages/ubuntu-noble | ||
| {%- elif ICPC_IMAGE -%}https://sysopspackages.icpc.global/ubuntu-noble | ||
| {%- else -%} | ||
| {%- endif -%}" | ||
| args: | ||
| executable: /bin/bash | ||
| creates: "/chroot/domjudge" | ||
|
|
||
| - name: Create kotlinc directory in chroot | ||
| ansible.builtin.file: | ||
| path: /chroot/domjudge/usr/lib/kotlinc | ||
| state: directory | ||
| mode: '0755' | ||
| when: ICPC_IMAGE | ||
|
|
||
| - name: Sync kotlinc folder to chroot | ||
| ansible.posix.synchronize: | ||
|
There was a problem hiding this comment. I think this is "expensive" on next runs, maybe add an explicit tag for this (I was already planning that so a remark here should be good enough). There was a problem hiding this comment. The folder is very small and it runs about instant on my test VM. Feel free to change it later if you really want. There was a problem hiding this comment. It starts another SSH session, so on a There was a problem hiding this comment. Ok so what do you propose? We could also add a check first if some file in it already exists and then don't do this (like the kotinc binary). I prefer that over a tag There was a problem hiding this comment. Maybe tar/gzip the file locally and make sure that's present and if changed unzip remotely? Not sure this is ideal, but adding a tag that manually needs to be triggered (if I understand @vmcj correctly) I think has the risk of forgetting to update things. There was a problem hiding this comment. They are not really local. They are on the server but just need to be copied. My thought was adding a check if /chroot/domjudge/usr/lib/kotlinc/bin/Kolton exists and if so, don't do anything. A bit similar to how we don't rebuild the chroot if /chroot/DOMjudge exists. |
||
| src: /opt/kotlinc/ | ||
| dest: /chroot/domjudge/usr/lib/kotlinc/ | ||
| delete: false | ||
| recursive: true | ||
| delegate_to: "{{ inventory_hostname }}" | ||
| when: ICPC_IMAGE | ||
|
|
||
| - name: Create symlinks for kotlin binaries in chroot | ||
| ansible.builtin.file: | ||
| src: ../../lib/kotlinc/bin/{{ item }} | ||
| dest: /chroot/domjudge/usr/local/bin/{{ item }} | ||
| state: link | ||
| loop: | ||
| - kotlin | ||
| - kotlinc | ||
| when: ICPC_IMAGE | ||
|
|
||
| - name: Pre-generate the kernel flags for ansible usage | ||
| set_fact: | ||
| procline: "apparmor=0 cgroup_enable=memory swapaccount=1 isolcpus={{ cpucore | join(',') }}" | ||
|
|
||
| - name: Add cgroup kernel parameters | ||
| lineinfile: | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: let's keep this list sorted.