From d59752ebe847dd4cb71892c857be87e9dd7c2d5f Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Fri, 28 Jan 2022 11:06:16 +0100 Subject: [PATCH 01/51] Update mailing list URL's --- website/about.shtml | 2 +- website/development.shtml | 4 ++-- website/download.shtml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/website/about.shtml b/website/about.shtml index 7c167959..741aa73d 100644 --- a/website/about.shtml +++ b/website/about.shtml @@ -76,7 +76,7 @@ you the freedom to use it for any purpose, without cost, make changes that you require and share those with the community.

You can reach us through the development mailinglist -DOMjudge-devel. +DOMjudge-devel. (You need to be subscribed to the list before you can post, to counter spam.) This is also the place to get help with your questions about installing or using DOMjudge.

diff --git a/website/development.shtml b/website/development.shtml index 35213d2d..e15ae649 100644 --- a/website/development.shtml +++ b/website/development.shtml @@ -22,13 +22,13 @@ for how to run DOMjudge from git sources.

our Github project. You may report a new issue there. If you have a question or you are unsure whether what you're seeing is -a bug, please discuss it on the development mailinglist or +a bug, please discuss it on the development mailinglist or chat beforehand (see below).

Mailinglist and chat

You are welcome to subscribe to our -development mailinglist +development mailinglist for discussions on development, but also for asking general questions on using and installing DOMjudge (you need to subscribe to the list before you can post). diff --git a/website/download.shtml b/website/download.shtml index 569e8dc1..464b5f5c 100644 --- a/website/download.shtml +++ b/website/download.shtml @@ -35,7 +35,7 @@ dated .

To get notifications of new releases, subscribe to the low volume -announcements +announcements mailing list.

DOMjudge docker images

From 7ae802acaccc1c1df51397aa10af19826a8c8fc7 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sun, 30 Jan 2022 11:11:36 +0100 Subject: [PATCH 02/51] Release 8.0.0. --- website/header.shtml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/header.shtml b/website/header.shtml index 8ae61899..f0af5894 100644 --- a/website/header.shtml +++ b/website/header.shtml @@ -1,7 +1,7 @@ - From 3c80a40e69d22cf4ce02367c7d9f0cfac9da4add Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+mvr320@users.noreply.github.com> Date: Wed, 9 Mar 2022 19:21:02 +0100 Subject: [PATCH 03/51] All current issues are for single quoted items Shellcheck seems to ignore annotations in the files. For now globally ignore these issues. --- .github/workflows/shellcheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index b917f770..91187d0a 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -11,4 +11,4 @@ jobs: - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: - SHELLCHECK_OPTS: -e SC1090 + SHELLCHECK_OPTS: -e SC1090 -e SC2086 -e SC2046 From 5ace33edf9504a9e63ecfe0bbab3dc92ac260f76 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 9 Mar 2022 18:49:31 +0100 Subject: [PATCH 04/51] Allow single domserver usage --- icpc-wf/ansible/domserver.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/icpc-wf/ansible/domserver.yml b/icpc-wf/ansible/domserver.yml index e7cd1660..561bc3cd 100644 --- a/icpc-wf/ansible/domserver.yml +++ b/icpc-wf/ansible/domserver.yml @@ -36,6 +36,7 @@ tags: mysql_replication - role: keepalived tags: keepalived + when: KEEPALIVED_PRIORITY is defined - role: prometheus_target_web tags: prometheus_target_web when: GRAFANA_MONITORING From bcf6b6d3aa0a5766e8f7200b7c8baaa08fb0a7e3 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 9 Mar 2022 18:49:55 +0100 Subject: [PATCH 05/51] Use default used at regional contests We typicly later branch from main to a dedicated branch but this should work most of the time. --- icpc-wf/ansible/group_vars/all/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icpc-wf/ansible/group_vars/all/all.yml b/icpc-wf/ansible/group_vars/all/all.yml index aae584e1..2e22382e 100644 --- a/icpc-wf/ansible/group_vars/all/all.yml +++ b/icpc-wf/ansible/group_vars/all/all.yml @@ -2,7 +2,7 @@ DJ_DIR: /opt/domjudge # Branch to checkout and use. -DJ_BRANCH: wf2020 +DJ_BRANCH: main # Server VLAN IP prefix. SERVER_IP_PREFIX: 10.3.3 From 1835a47503e47ce955bc6f8c7fa445049ef684ca Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 9 Mar 2022 18:50:55 +0100 Subject: [PATCH 06/51] Allow bare repo and upstream usage There is a correlation between the restricted network and dedicated git repo this makes this very explicit. --- icpc-wf/ansible/group_vars/all/all.yml | 1 + icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/icpc-wf/ansible/group_vars/all/all.yml b/icpc-wf/ansible/group_vars/all/all.yml index 2e22382e..76a54ce7 100644 --- a/icpc-wf/ansible/group_vars/all/all.yml +++ b/icpc-wf/ansible/group_vars/all/all.yml @@ -38,6 +38,7 @@ PHP_MAX_FILE_UPLOADS: 101 # Git repo URL DJ_GIT_HOST: "{{MAIN_ADMIN_IP}}" DJ_GIT_REPO: "domjudge@{{DJ_GIT_HOST}}:domjudge" +DJ_GIT_REPO_UPSTREAM: "https://github.com/domjudge/domjudge.git" DJ_GIT_REPO_SCRIPTS: "domjudge@{{DJ_GIT_HOST}}:domjudge-scripts-bare" PHPSTORM_VERSION: 2021.2 diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml index 1cfdfe16..d7dfe4a4 100644 --- a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml @@ -13,6 +13,14 @@ become_user: domjudge git: repo={{DJ_GIT_REPO}} dest={{DJ_DIR}} version={{DJ_BRANCH}} accept_hostkey=yes update=yes register: git_working_copy + when: WF_RESTRICTED_NETWORK + +- name: create working copy of the domjudge repo + become: yes + become_user: domjudge + git: repo={{DJ_GIT_REPO_UPSTREAM}} dest={{DJ_DIR}} version={{DJ_BRANCH}} accept_hostkey=yes update=yes + register: git_working_copy + when: WF_RESTRICTED_NETWORK != true - name: Check composer dependencies present become: no From 2a7890f43b64bda7b1c57d597617fdc1ea12e570 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 9 Mar 2022 18:51:50 +0100 Subject: [PATCH 07/51] Set this on host level --- icpc-wf/ansible/hosts | 1 - 1 file changed, 1 deletion(-) diff --git a/icpc-wf/ansible/hosts b/icpc-wf/ansible/hosts index a09b27b5..bdb643f4 100644 --- a/icpc-wf/ansible/hosts +++ b/icpc-wf/ansible/hosts @@ -1,7 +1,6 @@ [all:vars] ansible_user=root ansible_python_interpreter=/usr/bin/python3 -EFI_ORDER='2,1' [domserver] domjudge-primary ansible_host=10.3.3.216 KEEPALIVED_PRIORITY=100 EFI_ORDER='0\,1\,3\,4' From e3cf8532d56287436339f61d37792a2d9bb0987c Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 9 Mar 2022 18:52:08 +0100 Subject: [PATCH 08/51] With inplace-conf being broken this was needed to install domserver --- icpc-wf/ansible/roles/base_packages/tasks/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/icpc-wf/ansible/roles/base_packages/tasks/main.yml b/icpc-wf/ansible/roles/base_packages/tasks/main.yml index caed77dc..70d493e8 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/main.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/main.yml @@ -93,6 +93,17 @@ - tig - bat - jq + - python3-sphinx + - autoconf + - automake + - bats + - python3-sphinx + - python3-sphinx-rtd-theme + - rst2pdf + - fontconfig + - python3-yaml + - latexmk + - acl - name: install local DEB packages include: install-local-package.yml From 7f4fbd8efb901140e006421a8fac5a77d013a30f Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 9 Mar 2022 22:40:22 +0100 Subject: [PATCH 09/51] Address comments from Nicky+Jaap --- icpc-wf/ansible/group_vars/all/all.yml | 7 ++++--- .../ansible/roles/domjudge_checkout/tasks/main.yml | 13 +++++-------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/icpc-wf/ansible/group_vars/all/all.yml b/icpc-wf/ansible/group_vars/all/all.yml index 76a54ce7..88a0cce6 100644 --- a/icpc-wf/ansible/group_vars/all/all.yml +++ b/icpc-wf/ansible/group_vars/all/all.yml @@ -37,9 +37,10 @@ PHP_MAX_FILE_UPLOADS: 101 # Git repo URL DJ_GIT_HOST: "{{MAIN_ADMIN_IP}}" -DJ_GIT_REPO: "domjudge@{{DJ_GIT_HOST}}:domjudge" -DJ_GIT_REPO_UPSTREAM: "https://github.com/domjudge/domjudge.git" -DJ_GIT_REPO_SCRIPTS: "domjudge@{{DJ_GIT_HOST}}:domjudge-scripts-bare" +DJ_GIT_REPO: "https://github.com/domjudge/domjudge.git" +DJ_GIT_REPO_RESTRICTED: "domjudge@{{DJ_GIT_HOST}}:domjudge" +DJ_GIT_REPO_SCRIPTS: "https://github.com/domjudge/domjudge-scripts.git" +DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{DJ_GIT_HOST}}:domjudge-scripts-bare" PHPSTORM_VERSION: 2021.2 PHPSTORM_FULL_VERSION: 212.5284.49 diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml index d7dfe4a4..fa6220f7 100644 --- a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml @@ -8,20 +8,17 @@ owner: domjudge group: domjudge -- name: create working copy of the domjudge repo +- name: Update repo URL based on network + set_fact: + DJ_GIT_REPO: "{{ DJ_GIT_REPO_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO}}" + +- name: Create working copy of the domjudge repo become: yes become_user: domjudge git: repo={{DJ_GIT_REPO}} dest={{DJ_DIR}} version={{DJ_BRANCH}} accept_hostkey=yes update=yes register: git_working_copy when: WF_RESTRICTED_NETWORK -- name: create working copy of the domjudge repo - become: yes - become_user: domjudge - git: repo={{DJ_GIT_REPO_UPSTREAM}} dest={{DJ_DIR}} version={{DJ_BRANCH}} accept_hostkey=yes update=yes - register: git_working_copy - when: WF_RESTRICTED_NETWORK != true - - name: Check composer dependencies present become: no local_action: stat path=files/lib/vendor From 3543032f2bf568fcc243ab8bbf5a53d7fd77d4a8 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 9 Mar 2022 22:44:12 +0100 Subject: [PATCH 10/51] untested --- icpc-wf/ansible/admin.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/icpc-wf/ansible/admin.yml b/icpc-wf/ansible/admin.yml index ba9a8ece..672c14dd 100644 --- a/icpc-wf/ansible/admin.yml +++ b/icpc-wf/ansible/admin.yml @@ -84,6 +84,10 @@ regexp: 'printsrv$' line: "10.3.3.211 nisprint nismaster printsrv" + - name: Update repo URL based on network + set_fact: + DJ_GIT_REPO_SCRIPTS: "{{ DJ_GIT_REPO_SCRIPTS_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO_SCRIPTS}}" + - name: create working copy of the domjudge-scripts repo become: yes become_user: domjudge From 209120da0ebf5cad1a16f2a37ee93301b45dc9bc Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Tue, 22 Mar 2022 19:06:13 +0100 Subject: [PATCH 11/51] Install composer 2.x. --- .../ansible/roles/base_packages/tasks/main.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/icpc-wf/ansible/roles/base_packages/tasks/main.yml b/icpc-wf/ansible/roles/base_packages/tasks/main.yml index 70d493e8..13eca381 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/main.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/main.yml @@ -85,7 +85,6 @@ - libcurl4-gnutls-dev - libjsoncpp-dev - libmagic-dev - - composer - debootstrap - texlive-latex-recommended - texlive-latex-extra @@ -105,6 +104,21 @@ - latexmk - acl +- name: Check if composer is installed + stat: + path: /usr/local/bin/composer + register: composer_file + +- name: Download Composer Installer + get_url: + url: https://getcomposer.org/installer + dest: /root/composer-setup.php + when: not composer_file.stat.exists + +- name: Install composer + command: php /root/composer-setup.php --install-dir=/usr/local/bin --filename=composer + when: not composer_file.stat.exists + - name: install local DEB packages include: install-local-package.yml with_fileglob: From 7432f036dd9a13a224fbfc630464804e02ae4b21 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Tue, 22 Mar 2022 19:17:14 +0100 Subject: [PATCH 12/51] We always want to clone the repo. --- icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml index fa6220f7..18f5c642 100644 --- a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml @@ -17,7 +17,6 @@ become_user: domjudge git: repo={{DJ_GIT_REPO}} dest={{DJ_DIR}} version={{DJ_BRANCH}} accept_hostkey=yes update=yes register: git_working_copy - when: WF_RESTRICTED_NETWORK - name: Check composer dependencies present become: no From f1563486e868aabd8d2f80e1d6ff82c0857480c4 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sat, 2 Apr 2022 11:16:35 +0200 Subject: [PATCH 13/51] Add CDS role to Ansible. Co-authored-by: MCJ Vasseur <14887731+vmcj@users.noreply.github.com> --- icpc-wf/ansible/Makefile | 5 +- icpc-wf/ansible/cds.yml | 29 ++++ icpc-wf/ansible/group_vars/all/all.yml | 8 ++ .../ansible/group_vars/all/secret.yml.example | 31 +++++ icpc-wf/ansible/hosts | 3 + icpc-wf/ansible/roles/cds/files/cds.service | 9 ++ icpc-wf/ansible/roles/cds/handlers/main.yml | 11 ++ icpc-wf/ansible/roles/cds/tasks/main.yml | 126 ++++++++++++++++++ .../ansible/roles/cds/templates/cds.conf.j2 | 37 +++++ .../roles/cds/templates/cdsConfig.xml.j2 | 7 + .../ansible/roles/cds/templates/users.xml.j2 | 7 + 11 files changed, 271 insertions(+), 2 deletions(-) create mode 100644 icpc-wf/ansible/cds.yml create mode 100644 icpc-wf/ansible/roles/cds/files/cds.service create mode 100644 icpc-wf/ansible/roles/cds/handlers/main.yml create mode 100644 icpc-wf/ansible/roles/cds/tasks/main.yml create mode 100644 icpc-wf/ansible/roles/cds/templates/cds.conf.j2 create mode 100644 icpc-wf/ansible/roles/cds/templates/cdsConfig.xml.j2 create mode 100644 icpc-wf/ansible/roles/cds/templates/users.xml.j2 diff --git a/icpc-wf/ansible/Makefile b/icpc-wf/ansible/Makefile index bc23a055..0ce0d25c 100644 --- a/icpc-wf/ansible/Makefile +++ b/icpc-wf/ansible/Makefile @@ -5,6 +5,7 @@ default: @echo " - make judgehost" @echo " - make admin" @echo " - make grafana" + @echo " - make cds" LIBVENDORTGZ=roles/domjudge_checkout/files/lib-vendor.tgz SSHKEY=roles/ssh/files/id_rsa @@ -21,7 +22,7 @@ $(LIBVENDOR): $(LIBVENDORTGZ) -cd roles/domjudge_checkout/files && tar xzf $(notdir $<) endif -domserver judgehost admin grafana: %: %.yml hosts group_vars/all/secret.yml $(LIBVENDOR) $(SSHKEY) $(SSHKEY).pub +domserver judgehost admin grafana cds: %: %.yml hosts group_vars/all/secret.yml $(LIBVENDOR) $(SSHKEY) $(SSHKEY).pub ansible-playbook -i hosts $< admin: $(SSL_LOCALHOST_FILES) @@ -45,4 +46,4 @@ distclean: clean rm -f $(SSL_LOCALHOST_FILES) rm -f $(SSL_GRAFANA_FILES) -.PHONY: default clean distclean domserver judgehost admin grafana +.PHONY: default clean distclean domserver judgehost admin grafana cds diff --git a/icpc-wf/ansible/cds.yml b/icpc-wf/ansible/cds.yml new file mode 100644 index 00000000..3d81811f --- /dev/null +++ b/icpc-wf/ansible/cds.yml @@ -0,0 +1,29 @@ +--- +# This playbook installs the CDS + +- name: setup CDS + hosts: cds + vars: + host_type: cds + become: yes + roles: + - role: base_packages + tags: base_packages + - role: icpc_fixes + tags: icpc_fixes + when: ICPC_IMAGE + - role: system_fixes + tags: system_fixes + - role: hosts + tags: hosts + - role: ssl + tags: ssl + when: CDS_HOSTNAME + vars: + INSTALL_SSL_PRIVATE_KEYS: true + - role: domjudge_user + tags: domjudge_user + - role: ssh + tags: ssh + - role: cds + tags: cds diff --git a/icpc-wf/ansible/group_vars/all/all.yml b/icpc-wf/ansible/group_vars/all/all.yml index 88a0cce6..acd829a9 100644 --- a/icpc-wf/ansible/group_vars/all/all.yml +++ b/icpc-wf/ansible/group_vars/all/all.yml @@ -46,3 +46,11 @@ PHPSTORM_VERSION: 2021.2 PHPSTORM_FULL_VERSION: 212.5284.49 GRAFANA_MONITORING: false + +# Hostname of the CDS. If set, will add an nginx in front of the CDS +# If not set, will only expose CDS directly +CDS_HOSTNAME: cds + +# CDS SSL cert and key. Only needed when CDS_HOSTNAME is set +CDS_SSL_CERT: /etc/ssl/certs/cds.crt +CDS_SSL_KEY: /etc/ssl/private/cds.key diff --git a/icpc-wf/ansible/group_vars/all/secret.yml.example b/icpc-wf/ansible/group_vars/all/secret.yml.example index 74a24831..56a32db1 100644 --- a/icpc-wf/ansible/group_vars/all/secret.yml.example +++ b/icpc-wf/ansible/group_vars/all/secret.yml.example @@ -17,3 +17,34 @@ ADMIN_PASSWORD: some-admin-password # Set this to enable a password on the 'domjudge' shell accounts # created on the domserver and judgehosts. #DJ_SHELL_USER_PW: some-hashed-password + +# Users to create when setting up the CDS +CDS_USERS: + - username: admin + password: adm1n + - username: presAdmin + password: padm1n + - username: blue + password: blu3 + - username: balloon + password: balloonPr1nter + - username: public + password: publ1c + - username: presentation + password: presentat1on + - username: myicpc + password: my1cpc + - username: live + password: l1ve + - username: team1 + password: t3am + +# Contest(s) to configure in the CDS +CDS_CONTESTS: + - path: nwerc18 # Path in the contest directory + ccs: + id: nwerc18 # ID of the contest if hosted at DOMJUDGE_URL + # Or provide a absolute URL + # url: https://www.domjudge.org/demoweb/api/contests/nwerc18 + username: admin + password: admin diff --git a/icpc-wf/ansible/hosts b/icpc-wf/ansible/hosts index bdb643f4..e2ac7099 100644 --- a/icpc-wf/ansible/hosts +++ b/icpc-wf/ansible/hosts @@ -35,3 +35,6 @@ domjudge-ccsadmin5 ansible_host=10.3.3.227 [grafana] domjudge-prometheus ansible_host=10.3.3.223 + +[cds] +domjudge-cds ansible_host=10.2.2.228 diff --git a/icpc-wf/ansible/roles/cds/files/cds.service b/icpc-wf/ansible/roles/cds/files/cds.service new file mode 100644 index 00000000..a1e6e7b4 --- /dev/null +++ b/icpc-wf/ansible/roles/cds/files/cds.service @@ -0,0 +1,9 @@ +[Unit] +Description=CDS +[Service] +User=domjudge +Restart=always +ExecStart=/home/domjudge/cds/wlp/bin/server run cds +TimeoutStopSec=20s +[Install] +WantedBy=multi-user.target diff --git a/icpc-wf/ansible/roles/cds/handlers/main.yml b/icpc-wf/ansible/roles/cds/handlers/main.yml new file mode 100644 index 00000000..93e459e0 --- /dev/null +++ b/icpc-wf/ansible/roles/cds/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# Define here handlers associated to this role. + +- name: restart systemctl + shell: systemctl daemon-reload + +- name: restart cds + service: name=cds enabled=yes state=restarted + +- name: restart nginx + service: name=nginx enabled=yes state=restarted diff --git a/icpc-wf/ansible/roles/cds/tasks/main.yml b/icpc-wf/ansible/roles/cds/tasks/main.yml new file mode 100644 index 00000000..1e4ed807 --- /dev/null +++ b/icpc-wf/ansible/roles/cds/tasks/main.yml @@ -0,0 +1,126 @@ +--- +# These tasks configure the CDS + +- name: Get the latest CDS release + uri: + url: https://api.github.com/repos/icpctools/icpctools/releases/latest + method: GET + return_content: yes + status_code: 200 + body_format: json + register: latest_cds_release + +- name: Set CDS latest version + set_fact: + cds_version: "{{ latest_cds_release.json.name | replace('v', '') }}" + +- name: Check if CDS is installed + stat: + path: /home/domjudge/cds/wlp/usr/servers/cds/apps/CDS.war + register: cds_war + +- name: create CDS directory + file: + path: /home/domjudge/cds + state: directory + owner: domjudge + group: domjudge + mode: 0755 + +- name: Download and unpack full CDS + unarchive: + src: https://github.com/icpctools/icpctools/releases/download/v{{ cds_version }}/wlp.CDS-{{ cds_version }}.zip + dest: /home/domjudge/cds + remote_src: true + owner: domjudge + group: domjudge + when: not cds_war.stat.exists + notify: restart cds + +- name: Download and unpack CDS WAR + unarchive: + src: https://github.com/icpctools/icpctools/releases/download/v{{ cds_version }}/CDS-{{ cds_version }}.zip + dest: /root + remote_src: true + when: cds_war.stat.exists + +- name: Copy new CDS war + copy: + src: /root/CDS-2.3/CDS.war + dest: /home/domjudge/cds/wlp/usr/servers/cds/apps/CDS.war + remote_src: yes + owner: domjudge + group: domjudge + when: cds_war.stat.exists + notify: restart cds + +- name: Populate CDS users.xml + template: + src: users.xml.j2 + dest: /home/domjudge/cds/wlp/usr/servers/cds/users.xml + owner: domjudge + group: domjudge + mode: 0600 + notify: restart cds + +- name: Populate CDS cdsConfig.xml + template: + src: cdsConfig.xml.j2 + dest: /home/domjudge/cds/wlp/usr/servers/cds/config/cdsConfig.xml + owner: domjudge + group: domjudge + mode: 0600 + notify: restart cds + +- name: Create contests config directory + file: + path: /home/domjudge/cds/contests + state: directory + owner: domjudge + group: domjudge + mode: 0755 + +- name: Create contest specific directory + file: + path: /home/domjudge/cds/contests/{{ item.path }} + state: directory + owner: domjudge + group: domjudge + mode: 0755 + loop: "{{ CDS_CONTESTS }}" + +- name: copy cds systemd unit file + copy: + src: cds.service + dest: /etc/systemd/system/ + notify: + - restart systemctl + - restart cds + +- name: Setup nginx + block: + - name: install nginx + apt: + state: present + pkg: + - nginx + + - name: add CDS nginx conf + template: + src: cds.conf.j2 + dest: /etc/nginx/sites-available/cds.conf + notify: restart nginx + + - name: enable nginx conf for CDS + file: + src: /etc/nginx/sites-available/cds.conf + dest: /etc/nginx/sites-enabled/cds.conf + state: link + notify: restart nginx + + - name: disable default nginx site + file: + path: /etc/nginx/sites-enabled/default + state: absent + notify: restart nginx + when: CDS_HOSTNAME diff --git a/icpc-wf/ansible/roles/cds/templates/cds.conf.j2 b/icpc-wf/ansible/roles/cds/templates/cds.conf.j2 new file mode 100644 index 00000000..13dd26fb --- /dev/null +++ b/icpc-wf/ansible/roles/cds/templates/cds.conf.j2 @@ -0,0 +1,37 @@ +# nginx configuration for the CDS +server { + listen 80; + listen [::]:80; + + server_name {{CDS_HOSTNAME}}; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{CDS_HOSTNAME}}; + + ssl_certificate {{CDS_SSL_CERT}}; + ssl_certificate_key {{CDS_SSL_KEY}}; + ssl_session_timeout 5m; + ssl_prefer_server_ciphers on; + + add_header Strict-Transport-Security max-age=31556952; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $host; + + proxy_pass https://localhost:8443; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_request_buffering off; + proxy_buffering off; + } +} diff --git a/icpc-wf/ansible/roles/cds/templates/cdsConfig.xml.j2 b/icpc-wf/ansible/roles/cds/templates/cdsConfig.xml.j2 new file mode 100644 index 00000000..5e4d14dc --- /dev/null +++ b/icpc-wf/ansible/roles/cds/templates/cdsConfig.xml.j2 @@ -0,0 +1,7 @@ + + {% for contest in CDS_CONTESTS %} + + + + {% endfor %} + diff --git a/icpc-wf/ansible/roles/cds/templates/users.xml.j2 b/icpc-wf/ansible/roles/cds/templates/users.xml.j2 new file mode 100644 index 00000000..37682500 --- /dev/null +++ b/icpc-wf/ansible/roles/cds/templates/users.xml.j2 @@ -0,0 +1,7 @@ + + + {% for user in CDS_USERS %} + + {% endfor %} + + From fa3b55bef030cd6e879dd9e922f02df6e841d92d Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sun, 3 Apr 2022 15:53:38 +0200 Subject: [PATCH 14/51] Add Ansible role for setting up static scoreboard. --- icpc-wf/ansible/Makefile | 5 +- icpc-wf/ansible/group_vars/all/all.yml | 6 + icpc-wf/ansible/hosts | 5 +- .../roles/scoreboard/handlers/main.yml | 5 + .../ansible/roles/scoreboard/tasks/main.yml | 112 ++++++++++++++++++ .../scoreboard/templates/scoreboard.conf.j2 | 25 ++++ .../templates/update-scoreboard.sh.j2 | 8 ++ icpc-wf/ansible/scoreboard.yml | 28 +++++ 8 files changed, 191 insertions(+), 3 deletions(-) create mode 100644 icpc-wf/ansible/roles/scoreboard/handlers/main.yml create mode 100644 icpc-wf/ansible/roles/scoreboard/tasks/main.yml create mode 100644 icpc-wf/ansible/roles/scoreboard/templates/scoreboard.conf.j2 create mode 100644 icpc-wf/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 create mode 100644 icpc-wf/ansible/scoreboard.yml diff --git a/icpc-wf/ansible/Makefile b/icpc-wf/ansible/Makefile index 0ce0d25c..77b354fc 100644 --- a/icpc-wf/ansible/Makefile +++ b/icpc-wf/ansible/Makefile @@ -6,6 +6,7 @@ default: @echo " - make admin" @echo " - make grafana" @echo " - make cds" + @echo " - make scoreboard" LIBVENDORTGZ=roles/domjudge_checkout/files/lib-vendor.tgz SSHKEY=roles/ssh/files/id_rsa @@ -22,7 +23,7 @@ $(LIBVENDOR): $(LIBVENDORTGZ) -cd roles/domjudge_checkout/files && tar xzf $(notdir $<) endif -domserver judgehost admin grafana cds: %: %.yml hosts group_vars/all/secret.yml $(LIBVENDOR) $(SSHKEY) $(SSHKEY).pub +domserver judgehost admin grafana cds scoreboard: %: %.yml hosts group_vars/all/secret.yml $(LIBVENDOR) $(SSHKEY) $(SSHKEY).pub ansible-playbook -i hosts $< admin: $(SSL_LOCALHOST_FILES) @@ -46,4 +47,4 @@ distclean: clean rm -f $(SSL_LOCALHOST_FILES) rm -f $(SSL_GRAFANA_FILES) -.PHONY: default clean distclean domserver judgehost admin grafana cds +.PHONY: default clean distclean domserver judgehost admin grafana cds scoreboard diff --git a/icpc-wf/ansible/group_vars/all/all.yml b/icpc-wf/ansible/group_vars/all/all.yml index acd829a9..47de5730 100644 --- a/icpc-wf/ansible/group_vars/all/all.yml +++ b/icpc-wf/ansible/group_vars/all/all.yml @@ -54,3 +54,9 @@ CDS_HOSTNAME: cds # CDS SSL cert and key. Only needed when CDS_HOSTNAME is set CDS_SSL_CERT: /etc/ssl/certs/cds.crt CDS_SSL_KEY: /etc/ssl/private/cds.key + +# Hostname of the static scoreboard +STATIC_SCOREBOARD_HOSTNAME: scoreboard + +STATIC_SCOREBOARD_SSL_CERT: /etc/ssl/certs/scoreboard.crt +STATIC_SCOREBOARD_SSL_KEY: /etc/ssl/private/scoreboard.key diff --git a/icpc-wf/ansible/hosts b/icpc-wf/ansible/hosts index e2ac7099..b70c197e 100644 --- a/icpc-wf/ansible/hosts +++ b/icpc-wf/ansible/hosts @@ -37,4 +37,7 @@ domjudge-ccsadmin5 ansible_host=10.3.3.227 domjudge-prometheus ansible_host=10.3.3.223 [cds] -domjudge-cds ansible_host=10.2.2.228 +domjudge-cds ansible_host=10.2.2.228 + +[scoreboard] +domjudge-scoreboard ansible_host=10.2.2.229 diff --git a/icpc-wf/ansible/roles/scoreboard/handlers/main.yml b/icpc-wf/ansible/roles/scoreboard/handlers/main.yml new file mode 100644 index 00000000..1acd9836 --- /dev/null +++ b/icpc-wf/ansible/roles/scoreboard/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# Define here handlers associated to this role. + +- name: restart nginx + service: name=nginx enabled=yes state=restarted diff --git a/icpc-wf/ansible/roles/scoreboard/tasks/main.yml b/icpc-wf/ansible/roles/scoreboard/tasks/main.yml new file mode 100644 index 00000000..4438f697 --- /dev/null +++ b/icpc-wf/ansible/roles/scoreboard/tasks/main.yml @@ -0,0 +1,112 @@ +--- +# These tasks configure a static scoreboard + +- name: create directories for styling, scripts, fonts and flags + file: + path: /home/domjudge/scoreboard/{{ item }} + state: directory + owner: domjudge + group: domjudge + mode: 0755 + loop: + - css + - js + - webfonts + - flags + +- name: download required assets + get_url: + url: "{{ DOMSERVER_URL }}/{{ item }}" + dest: /home/domjudge/scoreboard/{{ item }} + owner: domjudge + group: domjudge + mode: 0644 + loop: + - favicon.ico + - css/bootstrap.min.css + - css/fontawesome-all.min.css + - js/jquery.min.js + - js/bootstrap.bundle.min.js + - js/domjudge.js + - style_domjudge.css + - webfonts/fa-brands-400.ttf + - webfonts/fa-brands-400.woff2 + - webfonts/fa-regular-400.ttf + - webfonts/fa-regular-400.woff2 + - webfonts/fa-solid-900.ttf + - webfonts/fa-solid-900.woff2 + - webfonts/fa-v4compatibility.ttf + - webfonts/fa-v4compatibility.woff2 + +- name: install contest images + synchronize: + src: files/domjudge-public/ + dest: "/home/domjudge/scoreboard/" + owner: no + use_ssh_args: true + become: yes + become_user: domjudge + +- name: download and unpack flag icons package + unarchive: + src: https://github.com/lipis/flag-icons/archive/refs/tags/3.5.0.zip + dest: /tmp + remote_src: true + owner: domjudge + group: domjudge + +- name: copy flag icon SVG's + copy: + src: /tmp/flag-icons-3.5.0/flags/ + dest: /home/domjudge/scoreboard/flags/ + remote_src: true + owner: domjudge + group: domjudge + +- name: create bin directory + file: + path: /home/domjudge/bin + state: directory + owner: domjudge + group: domjudge + mode: 0755 + +- name: install update scoreboard script + template: + src: update-scoreboard.sh.j2 + dest: "/home/domjudge/bin/update-scoreboard.sh" + owner: domjudge + group: domjudge + mode: 0755 + +# Ansible cron task defaults to * for all cron parts +- name: set up cron to update scoreboard + cron: + name: update public scoreboard + job: /home/domjudge/bin/update-scoreboard.sh + user: domjudge + +- name: install nginx + apt: + state: present + pkg: + - nginx + +- name: add scoreboard nginx conf + template: + src: scoreboard.conf.j2 + dest: /etc/nginx/sites-available/scoreboard.conf + notify: restart nginx + +- name: enable nginx conf for static scoreboard + file: + src: /etc/nginx/sites-available/scoreboard.conf + dest: /etc/nginx/sites-enabled/scoreboard.conf + state: link + notify: restart nginx + +- name: disable default nginx site + file: + path: /etc/nginx/sites-enabled/default + state: absent + notify: restart nginx diff --git a/icpc-wf/ansible/roles/scoreboard/templates/scoreboard.conf.j2 b/icpc-wf/ansible/roles/scoreboard/templates/scoreboard.conf.j2 new file mode 100644 index 00000000..3621e2af --- /dev/null +++ b/icpc-wf/ansible/roles/scoreboard/templates/scoreboard.conf.j2 @@ -0,0 +1,25 @@ +# nginx configuration for the static scoreboard +server { + listen 80; + listen [::]:80; + + server_name {{STATIC_SCOREBOARD_HOSTNAME}}; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{STATIC_SCOREBOARD_HOSTNAME}}; + + ssl_certificate {{STATIC_SCOREBOARD_SSL_CERT}}; + ssl_certificate_key {{STATIC_SCOREBOARD_SSL_KEY}}; + ssl_session_timeout 5m; + ssl_prefer_server_ciphers on; + + add_header Strict-Transport-Security max-age=31556952; + + root /home/domjudge/scoreboard; +} diff --git a/icpc-wf/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 b/icpc-wf/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 new file mode 100644 index 00000000..ceaf99a8 --- /dev/null +++ b/icpc-wf/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 @@ -0,0 +1,8 @@ +#!/bin/sh + +for _ in $(seq 1 6) +do + wget -O /tmp/scoreboard-tmp.html '{{DOMSERVER_URL}}/public?static=1' + mv /tmp/scoreboard-tmp.html /home/domjudge/scoreboard/index.html + sleep 10 +done diff --git a/icpc-wf/ansible/scoreboard.yml b/icpc-wf/ansible/scoreboard.yml new file mode 100644 index 00000000..ccf2e657 --- /dev/null +++ b/icpc-wf/ansible/scoreboard.yml @@ -0,0 +1,28 @@ +--- +# This playbook installs the static scoreboard + +- name: setup static scoreboard + hosts: scoreboard + vars: + host_type: scoreboard + become: yes + roles: + - role: base_packages + tags: base_packages + - role: icpc_fixes + tags: icpc_fixes + when: ICPC_IMAGE + - role: system_fixes + tags: system_fixes + - role: hosts + tags: hosts + - role: ssl + tags: ssl + vars: + INSTALL_SSL_PRIVATE_KEYS: true + - role: domjudge_user + tags: domjudge_user + - role: ssh + tags: ssh + - role: scoreboard + tags: scoreboard From 0d1a7f126505d4e8e1a0f46063eb990bfa97ae66 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sun, 3 Apr 2022 16:14:00 +0200 Subject: [PATCH 15/51] Use loop instead of with_items in all the places. --- icpc-wf/ansible/domserver.yml | 4 ++-- icpc-wf/ansible/judgehost.yml | 4 ++-- icpc-wf/ansible/roles/base_packages/tasks/main.yml | 2 +- icpc-wf/ansible/roles/clusterssh/tasks/main.yml | 2 +- icpc-wf/ansible/roles/domjudge_user/tasks/main.yml | 2 +- icpc-wf/ansible/roles/domserver/tasks/main.yml | 4 ++-- icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml | 2 +- icpc-wf/ansible/roles/judgedaemon/handlers/main.yml | 2 +- icpc-wf/ansible/roles/judgedaemon/tasks/main.yml | 6 +++--- icpc-wf/ansible/roles/ssh/tasks/main.yml | 6 +++--- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/icpc-wf/ansible/domserver.yml b/icpc-wf/ansible/domserver.yml index 561bc3cd..bcc56a08 100644 --- a/icpc-wf/ansible/domserver.yml +++ b/icpc-wf/ansible/domserver.yml @@ -81,7 +81,7 @@ owner: domjudge group: domjudge mode: 0755 - with_items: + loop: - htop - taillog-domserver-nginx-error @@ -92,5 +92,5 @@ owner: domjudge group: domjudge mode: 0755 - with_items: + loop: - taillog-domserver-symfony-error diff --git a/icpc-wf/ansible/judgehost.yml b/icpc-wf/ansible/judgehost.yml index e1189204..b280db72 100644 --- a/icpc-wf/ansible/judgehost.yml +++ b/icpc-wf/ansible/judgehost.yml @@ -54,7 +54,7 @@ owner: domjudge group: domjudge mode: 0755 - with_items: + loop: - rotate - name: add autostart shortcuts from template @@ -64,5 +64,5 @@ owner: domjudge group: domjudge mode: 0755 - with_items: + loop: - taillog diff --git a/icpc-wf/ansible/roles/base_packages/tasks/main.yml b/icpc-wf/ansible/roles/base_packages/tasks/main.yml index 13eca381..9e27d416 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/main.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/main.yml @@ -6,7 +6,7 @@ dest: "/etc/apt/{{ item }}" regexp: 'pc2\.ecs\.baylor\.edu' replace: 'packages' - with_items: + loop: - sources.list - sources.list.d/microsoft.list - sources.list.d/mono.list diff --git a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml b/icpc-wf/ansible/roles/clusterssh/tasks/main.yml index 2aa11601..4929a2d6 100644 --- a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml +++ b/icpc-wf/ansible/roles/clusterssh/tasks/main.yml @@ -24,7 +24,7 @@ regexp: '^{{ item }}s' line: "{{item}}s {{ groups[item] | join(' ') }}" create: yes - with_items: + loop: - domserver - judgehost - admin diff --git a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml index f1561174..0f448a67 100644 --- a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml @@ -23,7 +23,7 @@ value: "{{item.value}}" owner: domjudge group: domjudge - with_items: + loop: - { name: 'email', value: 'team@domjudge.org' } - { name: 'name', value: 'DOMjudge team' } diff --git a/icpc-wf/ansible/roles/domserver/tasks/main.yml b/icpc-wf/ansible/roles/domserver/tasks/main.yml index b29fb0d5..1e46e61a 100644 --- a/icpc-wf/ansible/roles/domserver/tasks/main.yml +++ b/icpc-wf/ansible/roles/domserver/tasks/main.yml @@ -43,7 +43,7 @@ command: phpenmod {{item}} args: creates: /etc/php/7.4/fpm/conf.d/20-{{item}}.ini - with_items: + loop: - zip - intl @@ -85,7 +85,7 @@ dest: /etc/php/7.4/fpm/pool.d/domjudge.conf regexp: "{{item.regexp}}" line: "{{item.key}} = {{item.value}}" - with_items: + loop: - { key: 'pm.max_children', regexp: '^pm\.max_children', value: '{{PHP_FPM_MAX_CHILDREN}}' } - { key: 'pm.max_requests', regexp: '^pm\.max_requests', value: '{{PHP_FPM_MAX_REQUESTS}}' } - { key: 'php_admin_value[memory_limit]', regexp: '^php_admin_value\[memory_limit\]', value: '{{PHP_MEMORY_LIMIT}}' } diff --git a/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml b/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml index 26cda45d..064be7dc 100644 --- a/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml +++ b/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml @@ -24,6 +24,6 @@ name: "{{ item }}" state: stopped enabled: no - with_items: + loop: - mumble-server - selfie diff --git a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml b/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml index 5629a7f0..73a10a23 100644 --- a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml @@ -15,7 +15,7 @@ name="domjudge-judgedaemon@{{item}}" enabled=yes state=restarted - with_items: "{{CPUCORE}}" + loop: "{{CPUCORE}}" - name: update grub shell: update-grub diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index ef223e14..d4a1ec2d 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -3,7 +3,7 @@ - name: create domjudge-run users user: name=domjudge-run-{{item}} createhome=no home=/nonexistent group=nogroup shell=/bin/false - with_items: "{{CPUCORE}}" + loop: "{{CPUCORE}}" - name: create domjudge-run group group: name=domjudge-run state=present @@ -68,7 +68,7 @@ remote_src: true src: "{{DJ_DIR}}/lib/judge/{{item}}.service" dest: /etc/systemd/system/ - with_items: + loop: - create-cgroups - domjudge-judgedaemon@ notify: @@ -80,7 +80,7 @@ command: systemctl mask {{item}} args: creates: /etc/systemd/system/{{item}} - with_items: + loop: - apt-daily-upgrade.timer - apt-daily.timer - systemd-tmpfiles-clean.timer diff --git a/icpc-wf/ansible/roles/ssh/tasks/main.yml b/icpc-wf/ansible/roles/ssh/tasks/main.yml index b76a9a26..45e6a52c 100644 --- a/icpc-wf/ansible/roles/ssh/tasks/main.yml +++ b/icpc-wf/ansible/roles/ssh/tasks/main.yml @@ -16,7 +16,7 @@ owner: domjudge group: domjudge mode: 0600 - with_items: + loop: - config - id_rsa - id_rsa.pub @@ -26,7 +26,7 @@ src: "{{ item }}" dest: /root/.ssh/ mode: 0600 - with_items: + loop: - config - id_rsa - id_rsa.pub @@ -36,6 +36,6 @@ user: "{{ item }}" state: present key: "{{ lookup('file', 'id_rsa.pub') }}" - with_items: + loop: - domjudge - root From 5d268c200252d24b17f381f414cce279a23402a2 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sun, 3 Apr 2022 16:08:51 +0200 Subject: [PATCH 16/51] Add scripts to dump and load database to mysql server role. --- .../ansible/roles/mysql_server/files/dump-db | 10 +++++++++ .../ansible/roles/mysql_server/files/load-db | 18 +++++++++++++++ .../ansible/roles/mysql_server/tasks/main.yml | 22 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 icpc-wf/ansible/roles/mysql_server/files/dump-db create mode 100644 icpc-wf/ansible/roles/mysql_server/files/load-db diff --git a/icpc-wf/ansible/roles/mysql_server/files/dump-db b/icpc-wf/ansible/roles/mysql_server/files/dump-db new file mode 100644 index 00000000..0a8adee3 --- /dev/null +++ b/icpc-wf/ansible/roles/mysql_server/files/dump-db @@ -0,0 +1,10 @@ +#!/bin/sh + +if [ -z "$1" ] +then + echo "Usage dump-db [name]" + echo ".sql.gz will be appended" + exit 1 +fi + +sudo mysqldump --opt --skip-lock-tables domjudge | pv | gzip > "/home/domjudge/db-dumps/${1}.sql.gz" diff --git a/icpc-wf/ansible/roles/mysql_server/files/load-db b/icpc-wf/ansible/roles/mysql_server/files/load-db new file mode 100644 index 00000000..e5351de5 --- /dev/null +++ b/icpc-wf/ansible/roles/mysql_server/files/load-db @@ -0,0 +1,18 @@ +#!/bin/sh + +if [ -z "$1" ] +then + echo "Usage load-db [name]" + echo ".sql.gz will be appended" + exit 1 +fi + +FILE="/home/domjudge/db-dumps/${1}.sql.gz" + +if [ ! -f "${FILE}" ] +then + echo "Error. File ${FILE} not found" + exit 1 +fi + +pv "${FILE}" | gunzip | sudo mysql domjudge diff --git a/icpc-wf/ansible/roles/mysql_server/tasks/main.yml b/icpc-wf/ansible/roles/mysql_server/tasks/main.yml index dd011512..e65a4dde 100644 --- a/icpc-wf/ansible/roles/mysql_server/tasks/main.yml +++ b/icpc-wf/ansible/roles/mysql_server/tasks/main.yml @@ -25,3 +25,25 @@ - name: make sure mysql is restarted meta: flush_handlers + +- name: create directory to store scripts & database dumps + file: + path: /home/domjudge/{{ item }} + owner: domjudge + group: domjudge + state: directory + mode: 0755 + loop: + - db-dumps + - bin + +- name: copy database dump/load scripts + copy: + src: "{{ item }}" + dest: /home/domjudge/bin/{{ item }} + owner: domjudge + group: domjudge + mode: 0755 + loop: + - load-db + - dump-db From 3502b6f35e999a3a0dd1620efbcd6e3e71ebf8f9 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Tue, 5 Apr 2022 11:53:28 +0200 Subject: [PATCH 17/51] Add judgehost .target systemd file. --- icpc-wf/ansible/roles/judgedaemon/handlers/main.yml | 3 +-- icpc-wf/ansible/roles/judgedaemon/tasks/main.yml | 7 +++++++ .../judgedaemon/templates/domjudge-judgehost.target.j2 | 6 ++++++ 3 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 icpc-wf/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 diff --git a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml b/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml index 73a10a23..d7ac3cb7 100644 --- a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml @@ -12,10 +12,9 @@ - name: enable and restart judgedaemon service: - name="domjudge-judgedaemon@{{item}}" + name="domjudge-judgehost.target" enabled=yes state=restarted - loop: "{{CPUCORE}}" - name: update grub shell: update-grub diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index d4a1ec2d..7069fc56 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -74,6 +74,13 @@ notify: - restart systemctl - enable and restart create-cgroups + +- name: template judgedaemon template systemd unit file + template: + src: domjudge-judgehost.target.j2 + dest: /etc/systemd/system/ + notify: + - restart systemctl - enable and restart judgedaemon - name: disable systemd timers diff --git a/icpc-wf/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 b/icpc-wf/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 new file mode 100644 index 00000000..d39dc784 --- /dev/null +++ b/icpc-wf/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 @@ -0,0 +1,6 @@ +[Unit] +Description=DOMjudge judgehost running one or more judgedaemons +Requires={% for core in CPUCORE %}domjudge-judgedaemon@{{ core }}.service {% endfor %} + +[Install] +WantedBy=multi-user.target From f313a84a7fc2ef2e8497a3eba33636b56d710f4d Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sat, 9 Apr 2022 11:22:03 +0200 Subject: [PATCH 18/51] Fix updating of docs by removing vendor directory in each loop iteration. --- update_docs.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/update_docs.sh b/update_docs.sh index e89e63cf..19430d46 100755 --- a/update_docs.sh +++ b/update_docs.sh @@ -16,6 +16,7 @@ for version in $(jq -r -c '.[]' < "${JSON}") ; do git clean -df git checkout "$version" rm -rf doc/manual/build/html/ + rm -rf lib/vendor/ if [ "$version" = "main" ]; then sed -i -e "s/^version.*/version = 'main'/" doc/manual/version.py.in fi From 9f8eb1ef79988b9df9fd3495c2256a35d1ea319c Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sat, 9 Apr 2022 11:51:04 +0200 Subject: [PATCH 19/51] Add accounts and persons to JSON API verifier. For now, don't drop team-members yet. --- contest-api/check-api.sh | 4 ++++ contest-api/json-schema/account.json | 23 +++++++++++++++++++++++ contest-api/json-schema/accounts.json | 12 ++++++++++++ contest-api/json-schema/common.json | 2 ++ contest-api/json-schema/event-feed.json | 2 ++ contest-api/json-schema/person.json | 25 +++++++++++++++++++++++++ contest-api/json-schema/persons.json | 12 ++++++++++++ 7 files changed, 80 insertions(+) create mode 100644 contest-api/json-schema/account.json create mode 100644 contest-api/json-schema/accounts.json create mode 100644 contest-api/json-schema/person.json create mode 100644 contest-api/json-schema/persons.json diff --git a/contest-api/check-api.sh b/contest-api/check-api.sh index eacfe95e..7e611d74 100755 --- a/contest-api/check-api.sh +++ b/contest-api/check-api.sh @@ -14,7 +14,9 @@ languages problems groups organizations +persons team-members +accounts teams state submissions @@ -30,6 +32,8 @@ scoreboard ENDPOINTS_OPTIONAL=' team-members +persons +accounts awards commentary ' diff --git a/contest-api/json-schema/account.json b/contest-api/json-schema/account.json new file mode 100644 index 00000000..af093e37 --- /dev/null +++ b/contest-api/json-schema/account.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "CLICS Contest API - account", + "description": "Definition of a single account object", + + "type": "object", + "properties": { + "id": { "$ref": "common.json#/identifier" }, + "username": { "type": "string" }, + "password": { "type": ["string", "null"] }, + "type": { + "oneOf": [ + { "enum": [ "team", "judge", "admin", "analyst", "staff" ] }, + { "type": "null" } + ] + }, + "ip": { "type": ["string", "null"] }, + "team_id": { "$ref": "common.json#/identifierornull" }, + "person_id": { "$ref": "common.json#/identifierornull" } + }, + "required": ["id", "username", "type"], + "$ref": "common.json#/strictproperties" +} diff --git a/contest-api/json-schema/accounts.json b/contest-api/json-schema/accounts.json new file mode 100644 index 00000000..29cb973a --- /dev/null +++ b/contest-api/json-schema/accounts.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "CLICS Contest API: accounts", + "description": "JSON response of this API call", + + "type": "array", + "uniqueItems": true, + "$ref": "common.json#/nonemptyarray", + "items": { + "$ref": "account.json#" + } +} diff --git a/contest-api/json-schema/common.json b/contest-api/json-schema/common.json index 9250b539..f7d0811e 100644 --- a/contest-api/json-schema/common.json +++ b/contest-api/json-schema/common.json @@ -11,7 +11,9 @@ "problems", "groups", "organizations", + "persons", "team-members", + "accounts", "teams", "state", "submissions", diff --git a/contest-api/json-schema/event-feed.json b/contest-api/json-schema/event-feed.json index 43c4abaa..656f5e05 100644 --- a/contest-api/json-schema/event-feed.json +++ b/contest-api/json-schema/event-feed.json @@ -22,7 +22,9 @@ { "$ref": "group.json#" }, { "$ref": "organization.json#" }, { "$ref": "team.json#" }, + { "$ref": "person.json#" }, { "$ref": "team-member.json#" }, + { "$ref": "account.json#" }, { "$ref": "state.json#" }, { "$ref": "submission.json#" }, { "$ref": "judgement.json#" }, diff --git a/contest-api/json-schema/person.json b/contest-api/json-schema/person.json new file mode 100644 index 00000000..5ea2cdc4 --- /dev/null +++ b/contest-api/json-schema/person.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "CLICS Contest API - person", + "description": "Definition of a single person object", + + "type": "object", + "properties": { + "id": { "$ref": "common.json#/identifier" }, + "team_id": { "$ref": "common.json#/identifier" }, + "icpc_id": { "type": [ "string", "null" ] }, + "name": { "type": "string" }, + "title": { "type": [ "string", "null" ] }, + "email": { "type": [ "string", "null" ] }, + "sex": { + "oneOf": [ + { "enum": [ "male", "female" ] }, + { "type": "null" } + ] + }, + "role": { "enum": [ "contestant", "coach", "staff" ] }, + "photo": { "$ref": "common.json#/imagerefsornull" } + }, + "required": ["id", "team_id", "name", "role"], + "$ref": "common.json#/strictproperties" +} diff --git a/contest-api/json-schema/persons.json b/contest-api/json-schema/persons.json new file mode 100644 index 00000000..0c24e937 --- /dev/null +++ b/contest-api/json-schema/persons.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "CLICS Contest API: persons", + "description": "JSON response of this API call", + + "type": "array", + "uniqueItems": true, + "$ref": "common.json#/nonemptyarray", + "items": { + "$ref": "person.json#" + } +} From 1d01dc8af7b09f43586873df7d8b6731d9f7dd76 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sun, 10 Apr 2022 11:10:45 +0200 Subject: [PATCH 20/51] Update CDS role to work with new 2.5 CDS with accounts.json. Also fix some small issues. --- .../ansible/group_vars/all/secret.yml.example | 14 +++++++++++-- icpc-wf/ansible/roles/cds/tasks/main.yml | 20 +++++++++++-------- .../roles/cds/templates/accounts.json.j2 | 13 ++++++++++++ .../ansible/roles/cds/templates/users.xml.j2 | 7 ------- 4 files changed, 37 insertions(+), 17 deletions(-) create mode 100644 icpc-wf/ansible/roles/cds/templates/accounts.json.j2 delete mode 100644 icpc-wf/ansible/roles/cds/templates/users.xml.j2 diff --git a/icpc-wf/ansible/group_vars/all/secret.yml.example b/icpc-wf/ansible/group_vars/all/secret.yml.example index 56a32db1..adbf3e04 100644 --- a/icpc-wf/ansible/group_vars/all/secret.yml.example +++ b/icpc-wf/ansible/group_vars/all/secret.yml.example @@ -18,26 +18,36 @@ ADMIN_PASSWORD: some-admin-password # created on the domserver and judgehosts. #DJ_SHELL_USER_PW: some-hashed-password -# Users to create when setting up the CDS -CDS_USERS: +# Accounts to create when setting up the CDS +CDS_ACCOUNTS: - username: admin password: adm1n + type: admin - username: presAdmin password: padm1n + type: admin - username: blue password: blu3 + type: staff - username: balloon password: balloonPr1nter + type: balloon - username: public password: publ1c + type: public - username: presentation password: presentat1on + type: public - username: myicpc password: my1cpc + type: spectator - username: live password: l1ve + type: analyst - username: team1 password: t3am + type: team + team_id: 1 # Contest(s) to configure in the CDS CDS_CONTESTS: diff --git a/icpc-wf/ansible/roles/cds/tasks/main.yml b/icpc-wf/ansible/roles/cds/tasks/main.yml index 1e4ed807..1ad65e02 100644 --- a/icpc-wf/ansible/roles/cds/tasks/main.yml +++ b/icpc-wf/ansible/roles/cds/tasks/main.yml @@ -1,18 +1,22 @@ --- # These tasks configure the CDS -- name: Get the latest CDS release +- name: Get the CDS release uri: - url: https://api.github.com/repos/icpctools/icpctools/releases/latest + url: https://api.github.com/repos/icpctools/icpctools/releases?per_page=1 method: GET return_content: yes status_code: 200 body_format: json - register: latest_cds_release + register: latest_cds_release_array - name: Set CDS latest version set_fact: - cds_version: "{{ latest_cds_release.json.name | replace('v', '') }}" + cds_version: "{{ latest_cds_release_array.json[0].name | replace('v', '') }}" + +- name: Set CDS minor version + set_fact: + cds_version_minor: "{{ cds_version | regex_replace('\\.\\d+$', '') }}" - name: Check if CDS is installed stat: @@ -46,7 +50,7 @@ - name: Copy new CDS war copy: - src: /root/CDS-2.3/CDS.war + src: /root/CDS-{{ cds_version_minor }}/CDS.war dest: /home/domjudge/cds/wlp/usr/servers/cds/apps/CDS.war remote_src: yes owner: domjudge @@ -54,10 +58,10 @@ when: cds_war.stat.exists notify: restart cds -- name: Populate CDS users.xml +- name: Populate CDS accounts.json template: - src: users.xml.j2 - dest: /home/domjudge/cds/wlp/usr/servers/cds/users.xml + src: accounts.json.j2 + dest: /home/domjudge/cds/wlp/usr/servers/cds/config/accounts.json owner: domjudge group: domjudge mode: 0600 diff --git a/icpc-wf/ansible/roles/cds/templates/accounts.json.j2 b/icpc-wf/ansible/roles/cds/templates/accounts.json.j2 new file mode 100644 index 00000000..e8345d7d --- /dev/null +++ b/icpc-wf/ansible/roles/cds/templates/accounts.json.j2 @@ -0,0 +1,13 @@ +[ +{% for account in CDS_ACCOUNTS %} + { + "id": "{{ account.username }}", + "username": "{{ account.username }}", + "password": "{{ account.password }}", + "type": "{{ account.type }}"{% if account.team_id is defined %}, + "team_id": "{{ account.team_id }}"{% endif %} + + }{% if not loop.last %},{% endif %} + +{% endfor %} +] diff --git a/icpc-wf/ansible/roles/cds/templates/users.xml.j2 b/icpc-wf/ansible/roles/cds/templates/users.xml.j2 deleted file mode 100644 index 37682500..00000000 --- a/icpc-wf/ansible/roles/cds/templates/users.xml.j2 +++ /dev/null @@ -1,7 +0,0 @@ - - - {% for user in CDS_USERS %} - - {% endfor %} - - From 9986155aa0a0881ce84cc0a06c7d51fcf7232ebc Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Tue, 12 Apr 2022 10:58:10 +0200 Subject: [PATCH 21/51] Fix CDS_HOSTNAME check. --- icpc-wf/ansible/cds.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icpc-wf/ansible/cds.yml b/icpc-wf/ansible/cds.yml index 3d81811f..9f036dc9 100644 --- a/icpc-wf/ansible/cds.yml +++ b/icpc-wf/ansible/cds.yml @@ -18,7 +18,7 @@ tags: hosts - role: ssl tags: ssl - when: CDS_HOSTNAME + when: CDS_HOSTNAME is defined vars: INSTALL_SSL_PRIVATE_KEYS: true - role: domjudge_user From 628d72924e9c46ef17b043c7732fe11565ae1c36 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Tue, 12 Apr 2022 11:17:56 +0200 Subject: [PATCH 22/51] Fix another CDS hostname check. --- icpc-wf/ansible/roles/cds/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icpc-wf/ansible/roles/cds/tasks/main.yml b/icpc-wf/ansible/roles/cds/tasks/main.yml index 1ad65e02..e258ea05 100644 --- a/icpc-wf/ansible/roles/cds/tasks/main.yml +++ b/icpc-wf/ansible/roles/cds/tasks/main.yml @@ -127,4 +127,4 @@ path: /etc/nginx/sites-enabled/default state: absent notify: restart nginx - when: CDS_HOSTNAME + when: CDS_HOSTNAME is defined From deddb351ff64b6b05ab30373c8ca3211fc2506be Mon Sep 17 00:00:00 2001 From: DOMjudge team Date: Wed, 13 Apr 2022 21:30:43 +0200 Subject: [PATCH 23/51] CDS now has YAML support for accounts, use it as it is way more easy to populate. --- icpc-wf/ansible/roles/cds/tasks/main.yml | 6 +++--- .../ansible/roles/cds/templates/accounts.json.j2 | 13 ------------- .../ansible/roles/cds/templates/accounts.yaml.j2 | 9 +++++++++ 3 files changed, 12 insertions(+), 16 deletions(-) delete mode 100644 icpc-wf/ansible/roles/cds/templates/accounts.json.j2 create mode 100644 icpc-wf/ansible/roles/cds/templates/accounts.yaml.j2 diff --git a/icpc-wf/ansible/roles/cds/tasks/main.yml b/icpc-wf/ansible/roles/cds/tasks/main.yml index e258ea05..f129053c 100644 --- a/icpc-wf/ansible/roles/cds/tasks/main.yml +++ b/icpc-wf/ansible/roles/cds/tasks/main.yml @@ -58,10 +58,10 @@ when: cds_war.stat.exists notify: restart cds -- name: Populate CDS accounts.json +- name: Populate CDS accounts.yaml template: - src: accounts.json.j2 - dest: /home/domjudge/cds/wlp/usr/servers/cds/config/accounts.json + src: accounts.yaml.j2 + dest: /home/domjudge/cds/wlp/usr/servers/cds/config/accounts.yaml owner: domjudge group: domjudge mode: 0600 diff --git a/icpc-wf/ansible/roles/cds/templates/accounts.json.j2 b/icpc-wf/ansible/roles/cds/templates/accounts.json.j2 deleted file mode 100644 index e8345d7d..00000000 --- a/icpc-wf/ansible/roles/cds/templates/accounts.json.j2 +++ /dev/null @@ -1,13 +0,0 @@ -[ -{% for account in CDS_ACCOUNTS %} - { - "id": "{{ account.username }}", - "username": "{{ account.username }}", - "password": "{{ account.password }}", - "type": "{{ account.type }}"{% if account.team_id is defined %}, - "team_id": "{{ account.team_id }}"{% endif %} - - }{% if not loop.last %},{% endif %} - -{% endfor %} -] diff --git a/icpc-wf/ansible/roles/cds/templates/accounts.yaml.j2 b/icpc-wf/ansible/roles/cds/templates/accounts.yaml.j2 new file mode 100644 index 00000000..ac4c1833 --- /dev/null +++ b/icpc-wf/ansible/roles/cds/templates/accounts.yaml.j2 @@ -0,0 +1,9 @@ +{% for account in CDS_ACCOUNTS %} +- id: {{ account.username }} + username: {{ account.username }} + password: {{ account.password }} + type: {{ account.type }} +{% if account.team_id is defined %} + team_id: "{{ account.team_id }}" +{% endif %} +{% endfor %} From b96fd93c5f6d8907f4a7a19fb60014db42d7e08f Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 14 Apr 2022 11:37:13 +0200 Subject: [PATCH 24/51] Monitor the management machine --- icpc-wf/ansible/Makefile | 2 +- icpc-wf/ansible/hosts | 3 +++ icpc-wf/ansible/mgmt.yml | 12 ++++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 icpc-wf/ansible/mgmt.yml diff --git a/icpc-wf/ansible/Makefile b/icpc-wf/ansible/Makefile index 77b354fc..85365fcf 100644 --- a/icpc-wf/ansible/Makefile +++ b/icpc-wf/ansible/Makefile @@ -23,7 +23,7 @@ $(LIBVENDOR): $(LIBVENDORTGZ) -cd roles/domjudge_checkout/files && tar xzf $(notdir $<) endif -domserver judgehost admin grafana cds scoreboard: %: %.yml hosts group_vars/all/secret.yml $(LIBVENDOR) $(SSHKEY) $(SSHKEY).pub +domserver judgehost admin grafana cds scoreboard mgmt: %: %.yml hosts group_vars/all/secret.yml $(LIBVENDOR) $(SSHKEY) $(SSHKEY).pub ansible-playbook -i hosts $< admin: $(SSL_LOCALHOST_FILES) diff --git a/icpc-wf/ansible/hosts b/icpc-wf/ansible/hosts index b70c197e..d9e25401 100644 --- a/icpc-wf/ansible/hosts +++ b/icpc-wf/ansible/hosts @@ -41,3 +41,6 @@ domjudge-cds ansible_host=10.2.2.228 [scoreboard] domjudge-scoreboard ansible_host=10.2.2.229 + +[mgmt] +domjudge-mgmg ansible_host=10.3.3.223 diff --git a/icpc-wf/ansible/mgmt.yml b/icpc-wf/ansible/mgmt.yml new file mode 100644 index 00000000..717556b5 --- /dev/null +++ b/icpc-wf/ansible/mgmt.yml @@ -0,0 +1,12 @@ +--- +# This playbook installs the Management machine + +- name: setup management + hosts: mgmt + vars: + host_type: mgmt + become: yes + roles: + - role: prometheus_target_all + tags: prometheus_target_all + when: GRAFANA_MONITORING From 90c50057cbd39103dd78486609a5180bf37ad9e4 Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 14 Apr 2022 23:35:24 +0200 Subject: [PATCH 25/51] Update metric scraping for new webservers --- icpc-wf/ansible/cds.yml | 9 +++++ icpc-wf/ansible/domserver.yml | 3 ++ .../ansible/roles/grafana/defaults/main.yml | 1 + .../ansible/roles/grafana/handlers/main.yml | 22 ++++++++++- icpc-wf/ansible/roles/grafana/tasks/main.yml | 39 ++++++++++++------- .../nginx.conf => templates/nginx.conf.j2} | 0 .../roles/grafana/templates/prometheus.yml.j2 | 33 ++++++++++++++++ icpc-wf/ansible/roles/grafana/vars/.gitignore | 1 + .../files/nginx-status.conf | 4 +- .../prometheus_target_web/handlers/main.yml | 2 - .../roles/prometheus_target_web/meta/main.yml | 4 -- .../prometheus_target_web/tasks/main.yml | 38 ++++++++++++++---- icpc-wf/ansible/scoreboard.yml | 9 +++++ 13 files changed, 132 insertions(+), 33 deletions(-) create mode 100644 icpc-wf/ansible/roles/grafana/defaults/main.yml rename icpc-wf/ansible/roles/grafana/{files/nginx.conf => templates/nginx.conf.j2} (100%) create mode 100644 icpc-wf/ansible/roles/grafana/vars/.gitignore delete mode 100644 icpc-wf/ansible/roles/prometheus_target_web/meta/main.yml diff --git a/icpc-wf/ansible/cds.yml b/icpc-wf/ansible/cds.yml index 9f036dc9..b226bc9c 100644 --- a/icpc-wf/ansible/cds.yml +++ b/icpc-wf/ansible/cds.yml @@ -27,3 +27,12 @@ tags: ssh - role: cds tags: cds + - role: prometheus_target_web + tags: prometheus_target_web + vars: + MARIADB: false + FPM: false + when: GRAFANA_MONITORING + - role: prometheus_target_all + tags: prometheus_target_all + when: GRAFANA_MONITORING diff --git a/icpc-wf/ansible/domserver.yml b/icpc-wf/ansible/domserver.yml index bcc56a08..e5667af3 100644 --- a/icpc-wf/ansible/domserver.yml +++ b/icpc-wf/ansible/domserver.yml @@ -39,6 +39,9 @@ when: KEEPALIVED_PRIORITY is defined - role: prometheus_target_web tags: prometheus_target_web + vars: + MARIADB: true + FPM: true when: GRAFANA_MONITORING - role: prometheus_target_all tags: prometheus_target_all diff --git a/icpc-wf/ansible/roles/grafana/defaults/main.yml b/icpc-wf/ansible/roles/grafana/defaults/main.yml new file mode 100644 index 00000000..e46f3533 --- /dev/null +++ b/icpc-wf/ansible/roles/grafana/defaults/main.yml @@ -0,0 +1 @@ +grafana_port: 8443 diff --git a/icpc-wf/ansible/roles/grafana/handlers/main.yml b/icpc-wf/ansible/roles/grafana/handlers/main.yml index 46913eab..11e657f7 100644 --- a/icpc-wf/ansible/roles/grafana/handlers/main.yml +++ b/icpc-wf/ansible/roles/grafana/handlers/main.yml @@ -2,7 +2,25 @@ # Define here handlers associated to this role. - name: restart nginx-exporter - service: name=prometheus-nginx-exporter enabled=yes state=restarted + service: + name: prometheus-nginx-exporter + enabled: true + state: restarted - name: restart php-exporter - service: name=php-fpm-exporter enabled=yes state=restarted + service: + name: php-fpm-exporter + enabled: true + state: restarted + +- name: restart nginx + service: + name: nginx + enabled: true + state: restarted + +- name: restart grafana + service: + name: grafana-server + enabled: true + state: restarted diff --git a/icpc-wf/ansible/roles/grafana/tasks/main.yml b/icpc-wf/ansible/roles/grafana/tasks/main.yml index 8df58379..0f3739bf 100644 --- a/icpc-wf/ansible/roles/grafana/tasks/main.yml +++ b/icpc-wf/ansible/roles/grafana/tasks/main.yml @@ -15,49 +15,58 @@ template: src: prometheus.yml.j2 dest: /etc/prometheus/prometheus.yml - -- name: restart prometheus - service: name=prometheus state=restarted + notify: restart prometheus ## Setup grafana +- name: Install grafana + apt: + deb: https://dl.grafana.com/enterprise/release/grafana-enterprise_8.4.6_amd64.deb + state: present + notify: restart grafana + - name: configure grafana synchronize: src: files/grafana/environment dest: /etc/default/grafana-server + notify: restart grafana - name: set up grafana datasources synchronize: src: files/grafana/datasources.yml dest: /etc/grafana/provisioning/datasources/default.yml + notify: restart grafana - name: set up grafana dashboards synchronize: src: files/grafana/dashboards.yml dest: /etc/grafana/provisioning/dashboards/default.yml + notify: restart grafana - name: copy grafana dashboards synchronize: src: dashboards/ dest: /etc/grafana/dashboards/ - -- name: restart grafana - service: name=grafana-server state=restarted + notify: restart grafana # Setup nginx with selfsigned certificate - name: copy ssl cert synchronize: - src=ssl.crt - dest=/etc/ssl/certs/grafana.crt + src: ssl.crt + dest: /etc/ssl/certs/grafana.crt + notify: restart nginx - name: copy ssl key synchronize: - src=ssl.key - dest=/etc/ssl/private/grafana.key + src: ssl.key + dest: /etc/ssl/private/grafana.key + notify: restart nginx - name: copy default nginx config - synchronize: - src=nginx.conf - dest=/etc/nginx/sites-enabled/grafana.conf + template: + src: nginx.conf.j2 + dest: /etc/nginx/sites-enabled/grafana.conf + owner: root + group: root + mode: 0644 + notify: restart nginx -- name: restart nginx - service: name=nginx enabled=yes state=restarted diff --git a/icpc-wf/ansible/roles/grafana/files/nginx.conf b/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/nginx.conf rename to icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 diff --git a/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 b/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 index 6723a31a..91d5e7b3 100644 --- a/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 +++ b/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 @@ -3,6 +3,9 @@ global: evaluation_interval: 15s # By default, scrape targets every 15 seconds. # scrape_timeout is set to the global default (10s). scrape_configs: + - job_name: 'grafana' + static_configs: + - targets: ['localhost:443'] - job_name: 'prometheus' static_configs: - targets: ['localhost:9090'] @@ -29,6 +32,24 @@ scrape_configs: - targets: {% for host in groups["grafana"] %} - {{ hostvars[host].ansible_host }}:9100 +{% endfor %} + - job_name: node_mgmt + static_configs: + - targets: +{% for host in groups["mgmt"] %} + - {{ hostvars[host].ansible_host }}:9100 +{% endfor %} + - job_name: node_scoreboard + static_configs: + - targets: +{% for host in groups["scoreboard"] %} + - {{ hostvars[host].ansible_host }}:9100 +{% endfor %} + - job_name: node_cds + static_configs: + - targets: +{% for host in groups["cds"] %} + - {{ hostvars[host].ansible_host }}:9100 {% endfor %} - job_name: domjudge basic_auth: @@ -42,6 +63,18 @@ scrape_configs: - targets: {% for host in groups["domserver"] %} - {{ hostvars[host].ansible_host }} +{% endfor %} + - job_name: 'nginx_cds' + static_configs: + - targets: +{% for host in groups["cds"] %} + - {{ hostvars[host].ansible_host }}:9113 +{% endfor %} + - job_name: 'nginx_scoreboard' + static_configs: + - targets: +{% for host in groups["scoreboard"] %} + - {{ hostvars[host].ansible_host }}:9113 {% endfor %} - job_name: 'nginx_domjudge' static_configs: diff --git a/icpc-wf/ansible/roles/grafana/vars/.gitignore b/icpc-wf/ansible/roles/grafana/vars/.gitignore new file mode 100644 index 00000000..1cda54be --- /dev/null +++ b/icpc-wf/ansible/roles/grafana/vars/.gitignore @@ -0,0 +1 @@ +*.yml diff --git a/icpc-wf/ansible/roles/prometheus_target_web/files/nginx-status.conf b/icpc-wf/ansible/roles/prometheus_target_web/files/nginx-status.conf index 41638999..5617c246 100644 --- a/icpc-wf/ansible/roles/prometheus_target_web/files/nginx-status.conf +++ b/icpc-wf/ansible/roles/prometheus_target_web/files/nginx-status.conf @@ -1,6 +1,6 @@ server { - listen 8080; - listen [::]:8080; + listen 8787; + listen [::]:8787; server_name _default_; location = /basic_status { diff --git a/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml b/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml index c52fe7a8..0588ac9b 100644 --- a/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml @@ -1,6 +1,4 @@ --- -# Define here handlers associated to this role. - - name: restart php-exporter service: name=php-fpm-exporter enabled=yes state=restarted diff --git a/icpc-wf/ansible/roles/prometheus_target_web/meta/main.yml b/icpc-wf/ansible/roles/prometheus_target_web/meta/main.yml deleted file mode 100644 index 389a3278..00000000 --- a/icpc-wf/ansible/roles/prometheus_target_web/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -# Role dependencies ---- -dependencies: - - role: domserver diff --git a/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml b/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml index e2304e7d..e39fcf07 100644 --- a/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml @@ -1,36 +1,48 @@ --- # These tasks configure metric collectors -- name: install required packages +- name: Every webserver runs nginx so expose metrics apt: state: present pkg: - prometheus-mysqld-exporter - - prometheus-nginx-exporter + notify: restart nginx-exporter + +- name: Expose MariaDB metrics + when: MARIADB + apt: + state: present + pkg: + - prometheus-mysqld-exporter + notify: restart mysqld-exporter # Gather PHP-FPM statistics # The exporter from this is currently not in deb sources # so we need to download this from GitHub see the README in files - name: Install PHP-fpm exporter binary + when: FPM ansible.builtin.unarchive: - src: php-fpm_exporter.tar.gz + src: https://github.com/hipages/php-fpm_exporter/releases/download/v2.0.4/php-fpm_exporter_2.0.4_linux_amd64.tar.gz dest: /usr/bin/ + remote_src: true exclude: - LICENSE - README.md + notify: restart php-exporter - name: Export PHP-FPM metrics + when: FPM synchronize: - src=php-fpm-exporter.service - dest=/etc/systemd/system/php-fpm-exporter.service + src: php-fpm-exporter.service + dest: /etc/systemd/system/php-fpm-exporter.service notify: restart php-exporter # Gather NGINX statistics, # Observe that we use the observed process itself in the monitoring - name: Get NGINX status synchronize: - src=nginx-status.conf - dest=/etc/nginx/sites-enabled/nginx-status.conf + src: nginx-status.conf + dest: /etc/nginx/sites-enabled/nginx-status.conf notify: restart nginx - name: Prometheus nginx exporter @@ -38,12 +50,22 @@ dest: /etc/default/prometheus-nginx-exporter state: present regexp: '^ARGS=""' - line: 'ARGS="-nginx.scrape-uri=http://localhost:8080/basic_status"' + line: 'ARGS="-nginx.scrape-uri=http://localhost:8787/basic_status"' notify: restart nginx-exporter +- name: Create storage dir for exporter settings + when: MARIADB + file: + state: directory + owner: prometheus + group: prometheus + mode: 0700 + path: /var/lib/prometheus + # Because the scrape happens inside the same machine we reuse the DB password # which is also used for the normal installation - name: Create MySQL authentication file + when: MARIADB template: src: mysqld-exporter-authentication.cnf.j2 dest: /var/lib/prometheus/.my.cnf diff --git a/icpc-wf/ansible/scoreboard.yml b/icpc-wf/ansible/scoreboard.yml index ccf2e657..5d9ab8f5 100644 --- a/icpc-wf/ansible/scoreboard.yml +++ b/icpc-wf/ansible/scoreboard.yml @@ -26,3 +26,12 @@ tags: ssh - role: scoreboard tags: scoreboard + - role: prometheus_target_web + tags: prometheus_target_web + vars: + MARIADB: false + FPM: false + when: GRAFANA_MONITORING + - role: prometheus_target_all + tags: prometheus_target_all + when: GRAFANA_MONITORING From 492fad94f40927f47f2faec5e0af4ffaa8bb622b Mon Sep 17 00:00:00 2001 From: DOMjudge team Date: Sat, 16 Apr 2022 10:09:10 +0200 Subject: [PATCH 26/51] Wirte correct target file --- icpc-wf/ansible/roles/judgedaemon/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index 7069fc56..94d33e0b 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -78,7 +78,7 @@ - name: template judgedaemon template systemd unit file template: src: domjudge-judgehost.target.j2 - dest: /etc/systemd/system/ + dest: /etc/systemd/system/domjudge-judgehost.target notify: - restart systemctl - enable and restart judgedaemon From e15961073299f513f7a0e1239c6697f8fc390fc0 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 21 Apr 2022 18:17:33 +0200 Subject: [PATCH 27/51] Use up-to-date prometheus to fix grafana bug --- icpc-wf/ansible/roles/grafana/tasks/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/icpc-wf/ansible/roles/grafana/tasks/main.yml b/icpc-wf/ansible/roles/grafana/tasks/main.yml index 0f3739bf..d614ef57 100644 --- a/icpc-wf/ansible/roles/grafana/tasks/main.yml +++ b/icpc-wf/ansible/roles/grafana/tasks/main.yml @@ -1,5 +1,14 @@ --- -# These tasks install and configure grafana +- name: Add upstream prometheus apt key + apt_key: + url: https://packagecloud.io/the_asten/prometheus/gpgkey + state: present + +- name: Add upstream prometheus apt repo + apt_repository: + repo: deb https://packagecloud.io/the_asten/prometheus/ubuntu/ focal main + state: present + register: prometheus_repo - name: install dependencies apt: From a6f9d50cd6872975d59108abdd0863bc967a96a3 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 21 Apr 2022 11:31:10 +0200 Subject: [PATCH 28/51] Use promtail to gather local logs and PUSH these to grafana Both loki and prometheus can now be used as datasourse in grafana, this is useful to make dashboards with metrics (prometheus) and the logs (loki receiving logs from promtail on the client) --- .../ansible/roles/grafana/defaults/main.yml | 2 + .../grafana/files/loki-local-config.yaml | 47 +++++++++++++++++++ .../ansible/roles/grafana/files/loki.service | 10 ++++ .../ansible/roles/grafana/handlers/main.yml | 7 +++ icpc-wf/ansible/roles/grafana/tasks/main.yml | 44 +++++++++++++++++ .../roles/grafana/templates/nginx.conf.j2 | 14 ++++++ .../prometheus_target_all/defaults/main.yml | 2 + .../files/promtail.service | 10 ++++ .../prometheus_target_all/handlers/main.yml | 8 ++++ .../prometheus_target_all/tasks/main.yml | 47 +++++++++++++++++++ .../templates/promtail-local-config.yaml.j2 | 20 ++++++++ 11 files changed, 211 insertions(+) create mode 100644 icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml create mode 100644 icpc-wf/ansible/roles/grafana/files/loki.service create mode 100644 icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml create mode 100644 icpc-wf/ansible/roles/prometheus_target_all/files/promtail.service create mode 100644 icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml create mode 100644 icpc-wf/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 diff --git a/icpc-wf/ansible/roles/grafana/defaults/main.yml b/icpc-wf/ansible/roles/grafana/defaults/main.yml index e46f3533..136dc243 100644 --- a/icpc-wf/ansible/roles/grafana/defaults/main.yml +++ b/icpc-wf/ansible/roles/grafana/defaults/main.yml @@ -1 +1,3 @@ grafana_port: 8443 +LOKI: false + diff --git a/icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml b/icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml new file mode 100644 index 00000000..26719529 --- /dev/null +++ b/icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml @@ -0,0 +1,47 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + grpc_listen_port: 9096 + +ingester: + lifecycler: + address: 127.0.0.1 + ring: + kvstore: + store: inmemory + replication_factor: 1 + final_sleep: 0s + chunk_idle_period: 5m + chunk_retain_period: 30s + max_transfer_retries: 0 + +schema_config: + configs: + - from: 2018-04-15 + store: boltdb + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 168h + +storage_config: + boltdb: + directory: /data/loki/index + + filesystem: + directory: /data/loki/chunks + +limits_config: + enforce_metric_name: false + reject_old_samples: true + reject_old_samples_max_age: 168h + +chunk_store_config: + max_look_back_period: 0s + +table_manager: + retention_deletes_enabled: false + retention_period: 0s + diff --git a/icpc-wf/ansible/roles/grafana/files/loki.service b/icpc-wf/ansible/roles/grafana/files/loki.service new file mode 100644 index 00000000..dfa8f51e --- /dev/null +++ b/icpc-wf/ansible/roles/grafana/files/loki.service @@ -0,0 +1,10 @@ +[Unit] +Description=Loki service +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/loki-linux-amd64 --config.file /etc/grafana/loki/loki-local-config.yaml + +[Install] +WantedBy=multi-user.target diff --git a/icpc-wf/ansible/roles/grafana/handlers/main.yml b/icpc-wf/ansible/roles/grafana/handlers/main.yml index 11e657f7..2edc8520 100644 --- a/icpc-wf/ansible/roles/grafana/handlers/main.yml +++ b/icpc-wf/ansible/roles/grafana/handlers/main.yml @@ -24,3 +24,10 @@ name: grafana-server enabled: true state: restarted + +- name: restart loki + service: + name: loki + enabled: yes + state: restarted + diff --git a/icpc-wf/ansible/roles/grafana/tasks/main.yml b/icpc-wf/ansible/roles/grafana/tasks/main.yml index d614ef57..897efbbc 100644 --- a/icpc-wf/ansible/roles/grafana/tasks/main.yml +++ b/icpc-wf/ansible/roles/grafana/tasks/main.yml @@ -26,6 +26,50 @@ dest: /etc/prometheus/prometheus.yml notify: restart prometheus +# Setup loki which gathers our logs +- name: Install loki + unarchive: + src: https://github.com/grafana/loki/releases/download/v2.5.0/loki-linux-amd64.zip + dest: /usr/bin/ + remote_src: true + owner: domjudge + group: domjudge + when: LOKI + +- name: Dir for loki settings + file: + state: directory + path: /etc/grafana/loki/ + owner: root + group: root + mode: 0755 + when: LOKI + +- name: Set loki settings + copy: + src: loki-local-config.yaml + dest: /etc/grafana/loki/ + owner: root + group: root + mode: 0644 + when: LOKI + notify: restart loki + +- name: Setup loki systemd + copy: + src: loki.service + dest: /etc/systemd/system/ + mode: 0655 + when: LOKI + notify: restart loki + +- name: Start loki service + service: + name: loki + state: started + enabled: true + when: LOKI + ## Setup grafana - name: Install grafana apt: diff --git a/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 b/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 index 18b5d666..4b88e3be 100644 --- a/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 +++ b/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 @@ -9,6 +9,20 @@ server { proxy_pass http://127.0.0.1:3000/; proxy_read_timeout 90; } + +{% if LOKI %} + location /loki/ { + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:3099/; + proxy_buffering off; + proxy_redirect off; + proxy_set_header Host $host; + } +{% endif $} + access_log /var/log/nginx/prometheus.log; error_log /var/log/nginx/prometheus.log; diff --git a/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml b/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml new file mode 100644 index 00000000..783920bd --- /dev/null +++ b/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml @@ -0,0 +1,2 @@ +PROM: true + diff --git a/icpc-wf/ansible/roles/prometheus_target_all/files/promtail.service b/icpc-wf/ansible/roles/prometheus_target_all/files/promtail.service new file mode 100644 index 00000000..10606214 --- /dev/null +++ b/icpc-wf/ansible/roles/prometheus_target_all/files/promtail.service @@ -0,0 +1,10 @@ +[Unit] +Description=Promtail service +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/promtail-linux-amd64 --config.file /etc/promtail/promtail-local-config.yaml + +[Install] +WantedBy=multi-user.target diff --git a/icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml b/icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml new file mode 100644 index 00000000..eca8360b --- /dev/null +++ b/icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: restart promtail + service: + name: promtail + enabled: yes + state: restarted + daemon_reload: true + diff --git a/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml b/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml index 438b3ca5..7c2fac54 100644 --- a/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml @@ -6,3 +6,50 @@ state: present pkg: - prometheus-node-exporter + +# Setup promtail which sends our logs +- name: Install promtail + unarchive: + src: https://github.com/grafana/loki/releases/download/v2.5.0/promtail-linux-amd64.zip + dest: /usr/bin/ + remote_src: true + owner: domjudge + group: domjudge + when: PROM + +- name: Dir for promtail settings + file: + state: directory + path: /etc/promtail + owner: root + group: root + mode: 0755 + when: PROM + +- name: Set promtail settings + copy: + src: promtail-local-config.yaml + dest: /etc/promtail/ + owner: root + group: root + mode: 0644 + when: PROM + notify: restart promtail + +- name: Setup promtail systemd + copy: + src: promtail.service + dest: /etc/systemd/system/ + mode: 0655 + owner: root + group: root + when: PROM + notify: restart promtail + +- name: Start promtail service + service: + name: promtail + state: started + enabled: true + when: PROM + diff --git a/icpc-wf/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 b/icpc-wf/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 new file mode 100644 index 00000000..af053e76 --- /dev/null +++ b/icpc-wf/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 @@ -0,0 +1,20 @@ +server: + http_listen_port: 9080 + #grpc_listen_port: 0 + +positions: + filename: /var/log/positions.yaml + +clients: +{% for host in groups["grafana"] %} + - url: https://{{ hostvars[host].ansible_host }} +{% endfor %} + +scrape_configs: +- job_name: system + static_configs: + - targets: + - localhost + labels: + job: varlogs + __path__: /var/log/*log From 058b3ae676565cdfa272532de0c84ee255a86a6a Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 21 Apr 2022 19:23:48 +0200 Subject: [PATCH 29/51] Use consistent naming format for webservers This will be split in the dashboard for webservers to select the correct query based on used techniques. --- icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 b/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 index 91d5e7b3..33e22df8 100644 --- a/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 +++ b/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 @@ -64,25 +64,25 @@ scrape_configs: {% for host in groups["domserver"] %} - {{ hostvars[host].ansible_host }} {% endfor %} - - job_name: 'nginx_cds' + - job_name: 'web_nginx_cds' static_configs: - targets: {% for host in groups["cds"] %} - {{ hostvars[host].ansible_host }}:9113 {% endfor %} - - job_name: 'nginx_scoreboard' + - job_name: 'web_nginx_scoreboard' static_configs: - targets: {% for host in groups["scoreboard"] %} - {{ hostvars[host].ansible_host }}:9113 {% endfor %} - - job_name: 'nginx_domjudge' + - job_name: 'web_nginx_domserver' static_configs: - targets: {% for host in groups["domserver"] %} - {{ hostvars[host].ansible_host }}:9113 {% endfor %} - - job_name: 'fpm_domjudge' + - job_name: 'web_fpm_domserver' static_configs: - targets: {% for host in groups["domserver"] %} From 3e63a12fd7af7f0842096342e04fbb0f4d61a055 Mon Sep 17 00:00:00 2001 From: Tobias Werth Date: Fri, 22 Apr 2022 18:24:26 +0200 Subject: [PATCH 30/51] Deduplicate domlogo. Also fix log file location. --- domlogo/domlogo.py | 17 ++- .../ansible/roles/domlogo/files/domlogo.py | 110 +----------------- 2 files changed, 12 insertions(+), 115 deletions(-) mode change 100755 => 120000 icpc-wf/ansible/roles/domlogo/files/domlogo.py diff --git a/domlogo/domlogo.py b/domlogo/domlogo.py index ce60a337..f8bd7285 100755 --- a/domlogo/domlogo.py +++ b/domlogo/domlogo.py @@ -5,6 +5,7 @@ import os import requests import re +import time font = ('Roboto', 14) team_image = sg.Image(filename='domlogo-files/photos/idle.png') @@ -41,7 +42,7 @@ api_url = f'{api_url}/contests/{cid}' print(f'Contest is {cid}.') -latest_logfile = max(glob.glob('output/log/judge.*-0.log'), key=os.path.getctime) +latest_logfile = max(glob.glob('output/log/judge.*-2.log'), key=os.path.getctime) print(f'Checking logfile {latest_logfile}') with open(latest_logfile, 'r') as logfile: # Seeks to the end of the file. @@ -49,10 +50,13 @@ results = [] last_seen, needs_update = (None, None) while True: - event, values = window.read(timeout=10) + event, values = window.read(timeout=30) if event == sg.WIN_CLOSED: break line = logfile.readline() + # Sleep here for a tiny amount of time to avoid using too much CPU. + if len(line) == 0: + time.sleep(0.01) if 'Working directory:' in line: token = line.strip().split('/') judging_id = token[-1] @@ -65,10 +69,9 @@ team_id = submission_data['team_id'] last_seen = (submission_id, judging_id, team_id) new_filename = f'domlogo-files/photos/{team_id}.png' - if team_id>=120: - team_image.update(filename=new_filename) - f'domlogo-files/photos/{team_id}.png') - team_image.update(filename=f'domlogo-files/photos/{team_id}.png') + if (int)(team_id) >= 120: + new_filename = f'domlogo-files/photos/crew.png' + team_image.update(filename=new_filename) metadata_text.update(f's{submission_id} / {submission_data["problem_id"]} / {submission_data["language_id"]}') results_text.update('Busy compiling.') elif 'No submissions in queue' in line: @@ -96,6 +99,8 @@ color = 'DeepSkyBlue' for i in range(len(cache)-1): cache[i] = cache[i+1] + if (int)(tid) >= 120: + tid = 'DOMjudge' cache[-1] = (f'domlogo-files/logos/{tid}.png', f's{sid}/j{jid}\n{verdict}', color, jid) for i in range(len(cache)): previous_column[i][0].update(filename=cache[i][0]) diff --git a/icpc-wf/ansible/roles/domlogo/files/domlogo.py b/icpc-wf/ansible/roles/domlogo/files/domlogo.py deleted file mode 100755 index 11d07a23..00000000 --- a/icpc-wf/ansible/roles/domlogo/files/domlogo.py +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/python3 - -import PySimpleGUI as sg -import glob -import os -import requests -import re -import time - -font = ('Roboto', 14) -team_image = sg.Image(filename='domlogo-files/photos/idle.png') -metadata_text = sg.Text('No submissions in queue.', font=font) -results_text = sg.Text('', font=font) -current_column = [ - [team_image], - [metadata_text], - [results_text], -] -cache = [('domlogo-files/logos/DOMjudge.png', ' \n ', None, None) for _ in range(10)] -previous_column = [ - [sg.Image(filename=c[0]), sg.Text(c[1], font=font), sg.Canvas(size=(10,50))] for c in cache -] -layout = [ - [sg.Column(current_column), sg.VerticalSeparator(), sg.Column(previous_column)], -] -window = sg.Window('DOMlogo', layout, location=(1000,0), keep_on_top=True) - -with open('etc/restapi.secret', 'r') as secrets: - while True: - line = secrets.readline() - if not line: - break - if line.startswith('#'): - continue - id, api_url, user, passwd = line.strip().split() - break -print(f'Using {api_url} as endpoint.') - -contests = requests.get(f'{api_url}/contests', auth=(user,passwd)).json() -latest_contest = sorted(contests, key=lambda c: c['end_time'])[-1] -cid = latest_contest['id'] -api_url = f'{api_url}/contests/{cid}' -print(f'Contest is {cid}.') - -latest_logfile = max(glob.glob('output/log/judge.*-0.log'), key=os.path.getctime) -print(f'Checking logfile {latest_logfile}') -with open(latest_logfile, 'r') as logfile: - # Seeks to the end of the file. - logfile.seek(0, 2) - results = [] - last_seen, needs_update = (None, None) - while True: - event, values = window.read(timeout=30) - if event == sg.WIN_CLOSED: - break - line = logfile.readline() - if len(line) == 0: - time.sleep(0.01) - if 'Working directory:' in line: - token = line.strip().split('/') - judging_id = token[-1] - submission_id = token[-2] - if not last_seen or last_seen[1] != judging_id: - print(f'new submission, line was {line}') - needs_update = last_seen - results = [] - submission_data = requests.get(f'{api_url}/submissions/{submission_id}', auth=(user,passwd)).json() - team_id = submission_data['team_id'] - last_seen = (submission_id, judging_id, team_id) - new_filename = f'domlogo-files/photos/{team_id}.png' - if (int)(team_id) >= 120: - new_filename = f'domlogo-files/photos/crew.png' - team_image.update(filename=new_filename) - metadata_text.update(f's{submission_id} / {submission_data["problem_id"]} / {submission_data["language_id"]}') - results_text.update('Busy compiling.') - elif 'No submissions in queue' in line: - needs_update = last_seen - last_seen = None - team_image.update(filename=f'domlogo-files/photos/idle.png') - metadata_text.update('No submissions in queue.') - results_text.update('') - elif ' Compilation: ' in line: - results_text.update(line.split('💻')[1:]) - elif ', result: ' in line: - result = line.split(', result: ')[-1].strip() - results.append('✔' if result == 'correct' else '✘') - results_text.update('\n'.join(re.findall( - '.{1,78}', ' '.join(results)))) - if needs_update: - sid, jid, tid = needs_update - needs_update = None - judging_data = requests.get(f'{api_url}/judgements/{jid}', auth=(user,passwd)).json() - verdict = judging_data['judgement_type_id'] or 'pending' - color = 'firebrick1' - if verdict == 'AC': - color = 'LightGreen' - elif verdict == 'pending': - color = 'DeepSkyBlue' - for i in range(len(cache)-1): - cache[i] = cache[i+1] - if (int)(tid) >= 120: - tid = 'DOMjudge' - cache[-1] = (f'domlogo-files/logos/{tid}.png', f's{sid}/j{jid}\n{verdict}', color, jid) - for i in range(len(cache)): - previous_column[i][0].update(filename=cache[i][0]) - previous_column[i][1].update(cache[i][1]) - previous_column[i][2].TKCanvas.config(bg=cache[i][2]) - -window.close() diff --git a/icpc-wf/ansible/roles/domlogo/files/domlogo.py b/icpc-wf/ansible/roles/domlogo/files/domlogo.py new file mode 120000 index 00000000..929daa20 --- /dev/null +++ b/icpc-wf/ansible/roles/domlogo/files/domlogo.py @@ -0,0 +1 @@ +/home/sitowert/domjudge-scripts/domlogo/domlogo.py \ No newline at end of file From 30482b9faa09d50cbc9c33af579f99896373ee89 Mon Sep 17 00:00:00 2001 From: Tobias Werth Date: Fri, 22 Apr 2022 18:28:53 +0200 Subject: [PATCH 31/51] Use relative symlink instead. --- icpc-wf/ansible/roles/domlogo/files/domlogo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icpc-wf/ansible/roles/domlogo/files/domlogo.py b/icpc-wf/ansible/roles/domlogo/files/domlogo.py index 929daa20..06a32d9f 120000 --- a/icpc-wf/ansible/roles/domlogo/files/domlogo.py +++ b/icpc-wf/ansible/roles/domlogo/files/domlogo.py @@ -1 +1 @@ -/home/sitowert/domjudge-scripts/domlogo/domlogo.py \ No newline at end of file +../../../../../domlogo/domlogo.py \ No newline at end of file From 758edd88fc7a6298e69fb5bd5d78f91813c2bd4c Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 27 Apr 2022 19:51:34 +0200 Subject: [PATCH 32/51] Update maintainerlist from github info (#43) --- website/about.shtml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/about.shtml b/website/about.shtml index 741aa73d..c51c2793 100644 --- a/website/about.shtml +++ b/website/about.shtml @@ -67,8 +67,8 @@ administrator manual.

Authors and contact

The main developers are Jaap Eldering, Nicky Gerritsen, Keith -Johnson, Thijs Kinkhorst, and Tobias Werth, with contributions from -many other people. +Johnson, Thijs Kinkhorst, Mart Pluijmaekers, Michael Vasseur and Tobias Werth, +with contributions from many other people. Anyone interested is welcome to contribute to DOMjudge.

The project is licensed under the GNU General Public Licence. This gives From e4082102f117875f618461499100776b67d06e97 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Wed, 27 Apr 2022 19:42:09 +0200 Subject: [PATCH 33/51] Promote Nicky/GEHACK autologin Co-authored-by: Jaap Eldering --- website/tools.shtml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/website/tools.shtml b/website/tools.shtml index c94ed8bc..c81c97ea 100644 --- a/website/tools.shtml +++ b/website/tools.shtml @@ -62,4 +62,11 @@ can connect to.

+

Autologin for team machines

+ +

LightDM CCS autologin makes + it possible to automatically log in to team machines when the contest starts in DOMjudge. This + is useful to keep problem data secret and to make sharing credentials easier on the organizer. +

+ From f5bf6660ff94f3a292e8202ae4620238e1444955 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 5 May 2022 11:36:04 +0200 Subject: [PATCH 34/51] Notify demoweb users of sentry usage --- website/demo.shtml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/demo.shtml b/website/demo.shtml index 4dd4cb67..27125619 100644 --- a/website/demo.shtml +++ b/website/demo.shtml @@ -45,4 +45,8 @@ contest, NWERC 2018, with some sensitive things removed.

If there's something not working, or you've got questions, please contact us at admin@domjudge.org.

+

Logging

+ +We send exceptions encountered on the demo instance to Sentry. This should not contain personal information but we prefer to inform you of this. These errors make it easier to detect and debug bugs in our current development version, so you already help us by encountering these bugs! + From 07dd870638ed8f223e69fd29922924933ac75e97 Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+mvr320@users.noreply.github.com> Date: Wed, 2 Feb 2022 21:35:01 +0100 Subject: [PATCH 35/51] Test ansible scripts with default linter We first ignore all errors and fix those in separate commits. --- .github/linting.sh | 14 ++++++++++++++ .github/workflows/ansible-linting.yml | 22 ++++++++++++++++++++++ icpc-wf/ansible/.ansible-lint | 10 ++++++++++ icpc-wf/ansible/judgehost.yml | 3 +++ 4 files changed, 49 insertions(+) create mode 100755 .github/linting.sh create mode 100644 .github/workflows/ansible-linting.yml create mode 100644 icpc-wf/ansible/.ansible-lint diff --git a/.github/linting.sh b/.github/linting.sh new file mode 100755 index 00000000..65ae7b8a --- /dev/null +++ b/.github/linting.sh @@ -0,0 +1,14 @@ +#!/usr/bin/bash + +set -euxo pipefail + +# shellcheck disable=SC2044 +for book in $(find ./ -maxdepth 1 -name "*.yml"); do + if [ "$book" != "./handlers.yml" ]; then + ansible-lint "$book" -x braces,line-length + fi +done +# shellcheck disable=SC2044 +for dir in $(find ./roles -maxdepth 1 -type d); do + ansible-lint "$dir" -x braces,line-length +done diff --git a/.github/workflows/ansible-linting.yml b/.github/workflows/ansible-linting.yml new file mode 100644 index 00000000..6ffc09ec --- /dev/null +++ b/.github/workflows/ansible-linting.yml @@ -0,0 +1,22 @@ +name: Test contest deployment (ansible scripts) [PIP] + +on: [push,pull_request] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v2 + - name: Install ansible lint tools + run: sudo apt update; sudo pip install ansible-lint + - name: Lint the different scripts + run: | + set -eux + ansible-lint --version + ansible-lint . + working-directory: icpc-wf/ansible + - name: Lint the different scripts (Via the script) + run: ../../.github/linting.sh + working-directory: icpc-wf/ansible + diff --git a/icpc-wf/ansible/.ansible-lint b/icpc-wf/ansible/.ansible-lint new file mode 100644 index 00000000..8f5e28fd --- /dev/null +++ b/icpc-wf/ansible/.ansible-lint @@ -0,0 +1,10 @@ +parseable: true +skip_list: + - no-handler # TODO: this might break existing playbooks + - 503 # TODO: this might break existing playbooks + - meta-no-info # We don't publish to galaxy (yet) + - 701 # We don't publish to galaxy (yet) + - fqcn-builtins # I see no benefit as we dont use custom roles + - 204 # The long line should be re-evaluated +use_default_rules: true +verbosity: 1 diff --git a/icpc-wf/ansible/judgehost.yml b/icpc-wf/ansible/judgehost.yml index b280db72..fe759dc6 100644 --- a/icpc-wf/ansible/judgehost.yml +++ b/icpc-wf/ansible/judgehost.yml @@ -41,11 +41,14 @@ tags: prometheus_target_all when: GRAFANA_MONITORING pre_tasks: + - name: Get current services + service_facts: - name: Disable all cores service: name="domjudge-judgedaemon@{{item}}" state=stopped with_sequence: start=0 end={{ ansible_processor_vcpus }} format=domjudge-judgedaemon@%1x + when: '"domjudge-judgedaemon@0.service" in services' tasks: - name: add autostart shortcuts template: From 76c5e913669c1109df9cb4b349422f9bc8a227fc Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 13:14:56 +0200 Subject: [PATCH 36/51] Various yaml fixes --- icpc-wf/ansible/admin.yml | 14 +-- icpc-wf/ansible/cds.yml | 2 +- icpc-wf/ansible/domserver.yml | 10 +- icpc-wf/ansible/grafana.yml | 2 +- icpc-wf/ansible/handlers.yml | 2 +- icpc-wf/ansible/judgehost.yml | 5 +- icpc-wf/ansible/mgmt.yml | 2 +- .../roles/base_packages/tasks/main.yml | 102 +++++++++--------- icpc-wf/ansible/roles/cds/handlers/main.yml | 4 +- icpc-wf/ansible/roles/cds/tasks/main.yml | 52 ++++----- .../ansible/roles/clusterssh/tasks/main.yml | 8 +- .../roles/domjudge_build/handlers/main.yml | 2 +- .../roles/domjudge_build/tasks/main.yml | 4 +- .../roles/domjudge_checkout/tasks/main.yml | 8 +- .../roles/domjudge_user/handlers/main.yml | 2 +- .../roles/domjudge_user/tasks/main.yml | 2 +- icpc-wf/ansible/roles/domlogo/tasks/main.yml | 4 +- .../ansible/roles/domserver/handlers/main.yml | 4 +- .../ansible/roles/domserver/tasks/main.yml | 2 +- .../ansible/roles/grafana/defaults/main.yml | 1 - .../roles/grafana/files/datasources.yml | 76 ++++++------- .../grafana/files/loki-local-config.yaml | 1 - .../ansible/roles/grafana/handlers/main.yml | 3 +- icpc-wf/ansible/roles/grafana/tasks/main.yml | 3 +- .../ansible/roles/icpc_fixes/tasks/main.yml | 2 +- .../roles/judgedaemon/handlers/main.yml | 6 +- .../roles/mysql_server/handlers/main.yml | 2 +- .../ansible/roles/mysql_server/tasks/main.yml | 4 +- icpc-wf/ansible/roles/phpstorm/tasks/main.yml | 24 ++--- .../prometheus_target_all/defaults/main.yml | 1 - .../prometheus_target_all/handlers/main.yml | 3 +- .../prometheus_target_all/tasks/main.yml | 1 - .../prometheus_target_web/handlers/main.yml | 8 +- .../roles/scoreboard/handlers/main.yml | 2 +- .../ansible/roles/scoreboard/tasks/main.yml | 42 ++++---- icpc-wf/ansible/scoreboard.yml | 2 +- 36 files changed, 203 insertions(+), 209 deletions(-) diff --git a/icpc-wf/ansible/admin.yml b/icpc-wf/ansible/admin.yml index 672c14dd..3e01e0d8 100644 --- a/icpc-wf/ansible/admin.yml +++ b/icpc-wf/ansible/admin.yml @@ -5,7 +5,7 @@ hosts: admin vars: host_type: admin - become: yes + become: true roles: - role: base_packages tags: base_packages @@ -49,10 +49,10 @@ apt: state: present pkg: - - gitk - - git-gui - - makepasswd - - mmv + - gitk + - git-gui + - makepasswd + - mmv - name: enable developer mode lineinfile: @@ -89,13 +89,13 @@ DJ_GIT_REPO_SCRIPTS: "{{ DJ_GIT_REPO_SCRIPTS_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO_SCRIPTS}}" - name: create working copy of the domjudge-scripts repo - become: yes + become: true become_user: domjudge # We use a different directory here to have one single 'upstream' and not have issues with it git: repo={{DJ_GIT_REPO_SCRIPTS}} dest=/home/domjudge/domjudge-scripts-checkout version=main accept_hostkey=yes update=no - name: create working copy of the wf2020 repo - become: yes + become: true become_user: domjudge git: repo=git@cds:wf2020 dest=/home/domjudge/wf2020 version=master accept_hostkey=yes update=no diff --git a/icpc-wf/ansible/cds.yml b/icpc-wf/ansible/cds.yml index b226bc9c..fa9b45cd 100644 --- a/icpc-wf/ansible/cds.yml +++ b/icpc-wf/ansible/cds.yml @@ -5,7 +5,7 @@ hosts: cds vars: host_type: cds - become: yes + become: true roles: - role: base_packages tags: base_packages diff --git a/icpc-wf/ansible/domserver.yml b/icpc-wf/ansible/domserver.yml index e5667af3..9b2398cd 100644 --- a/icpc-wf/ansible/domserver.yml +++ b/icpc-wf/ansible/domserver.yml @@ -5,7 +5,7 @@ hosts: domserver vars: host_type: domserver - become: yes + become: true roles: - role: base_packages tags: base_packages @@ -53,9 +53,9 @@ apt: state: present pkg: - - python3-mysqldb - - macchanger - - molly-guard + - python3-mysqldb + - macchanger + - molly-guard - name: disable developer mode lineinfile: @@ -67,7 +67,7 @@ synchronize: src: files/domjudge-public/ dest: "{{DJ_DIR}}/webapp/public" - owner: no + owner: false use_ssh_args: true notify: clear application cache diff --git a/icpc-wf/ansible/grafana.yml b/icpc-wf/ansible/grafana.yml index 32c91027..e7ab4b67 100644 --- a/icpc-wf/ansible/grafana.yml +++ b/icpc-wf/ansible/grafana.yml @@ -3,7 +3,7 @@ - hosts: grafana vars: host_type: grafana - become: yes + become: true roles: - role: base_packages tags: base_packages diff --git a/icpc-wf/ansible/handlers.yml b/icpc-wf/ansible/handlers.yml index 41668c85..2f17b9f6 100644 --- a/icpc-wf/ansible/handlers.yml +++ b/icpc-wf/ansible/handlers.yml @@ -2,5 +2,5 @@ --- - name: clear application cache command: "{{DJ_DIR}}/webapp/bin/console cache:clear" - become: yes + become: true become_user: domjudge diff --git a/icpc-wf/ansible/judgehost.yml b/icpc-wf/ansible/judgehost.yml index fe759dc6..4dce69d2 100644 --- a/icpc-wf/ansible/judgehost.yml +++ b/icpc-wf/ansible/judgehost.yml @@ -3,13 +3,14 @@ - name: setup judgehost hosts: judgehost + # We always leave 1/3 of the judges online serial: - - 33% # We always leave 1/3 of the judges online + - 33% - 33% - 34% vars: host_type: judgehost - become: yes + become: true roles: - role: base_packages tags: base_packages diff --git a/icpc-wf/ansible/mgmt.yml b/icpc-wf/ansible/mgmt.yml index 717556b5..dba3333e 100644 --- a/icpc-wf/ansible/mgmt.yml +++ b/icpc-wf/ansible/mgmt.yml @@ -5,7 +5,7 @@ hosts: mgmt vars: host_type: mgmt - become: yes + become: true roles: - role: prometheus_target_all tags: prometheus_target_all diff --git a/icpc-wf/ansible/roles/base_packages/tasks/main.yml b/icpc-wf/ansible/roles/base_packages/tasks/main.yml index 9e27d416..b0fb4fde 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/main.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/main.yml @@ -47,62 +47,62 @@ apt: state: absent pkg: - - apport - - ntp + - apport + - ntp - name: install common required/useful packages apt: state: present pkg: - - ack - - git - - htop - - httpie - - ncdu - - pv - - screen - - autoconf - - automake - - efibootmgr - - curl - - gcc - - g++ - - default-jdk-headless - - make - - zip - - unzip - - php-cli - - php-gd - - php-curl - - php-mysql - - php-json - - php-xml - - php-zip - - php-mbstring - - php-intl - - bsdmainutils - - libcgroup-dev - - libcurl4-gnutls-dev - - libjsoncpp-dev - - libmagic-dev - - debootstrap - - texlive-latex-recommended - - texlive-latex-extra - - apache2-utils - - tig - - bat - - jq - - python3-sphinx - - autoconf - - automake - - bats - - python3-sphinx - - python3-sphinx-rtd-theme - - rst2pdf - - fontconfig - - python3-yaml - - latexmk - - acl + - ack + - git + - htop + - httpie + - ncdu + - pv + - screen + - autoconf + - automake + - efibootmgr + - curl + - gcc + - g++ + - default-jdk-headless + - make + - zip + - unzip + - php-cli + - php-gd + - php-curl + - php-mysql + - php-json + - php-xml + - php-zip + - php-mbstring + - php-intl + - bsdmainutils + - libcgroup-dev + - libcurl4-gnutls-dev + - libjsoncpp-dev + - libmagic-dev + - debootstrap + - texlive-latex-recommended + - texlive-latex-extra + - apache2-utils + - tig + - bat + - jq + - python3-sphinx + - autoconf + - automake + - bats + - python3-sphinx + - python3-sphinx-rtd-theme + - rst2pdf + - fontconfig + - python3-yaml + - latexmk + - acl - name: Check if composer is installed stat: diff --git a/icpc-wf/ansible/roles/cds/handlers/main.yml b/icpc-wf/ansible/roles/cds/handlers/main.yml index 93e459e0..45b12be6 100644 --- a/icpc-wf/ansible/roles/cds/handlers/main.yml +++ b/icpc-wf/ansible/roles/cds/handlers/main.yml @@ -5,7 +5,7 @@ shell: systemctl daemon-reload - name: restart cds - service: name=cds enabled=yes state=restarted + service: name=cds enabled=true state=restarted - name: restart nginx - service: name=nginx enabled=yes state=restarted + service: name=nginx enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/cds/tasks/main.yml b/icpc-wf/ansible/roles/cds/tasks/main.yml index f129053c..317786ae 100644 --- a/icpc-wf/ansible/roles/cds/tasks/main.yml +++ b/icpc-wf/ansible/roles/cds/tasks/main.yml @@ -5,7 +5,7 @@ uri: url: https://api.github.com/repos/icpctools/icpctools/releases?per_page=1 method: GET - return_content: yes + return_content: true status_code: 200 body_format: json register: latest_cds_release_array @@ -52,7 +52,7 @@ copy: src: /root/CDS-{{ cds_version_minor }}/CDS.war dest: /home/domjudge/cds/wlp/usr/servers/cds/apps/CDS.war - remote_src: yes + remote_src: true owner: domjudge group: domjudge when: cds_war.stat.exists @@ -103,28 +103,28 @@ - name: Setup nginx block: - - name: install nginx - apt: - state: present - pkg: - - nginx - - - name: add CDS nginx conf - template: - src: cds.conf.j2 - dest: /etc/nginx/sites-available/cds.conf - notify: restart nginx - - - name: enable nginx conf for CDS - file: - src: /etc/nginx/sites-available/cds.conf - dest: /etc/nginx/sites-enabled/cds.conf - state: link - notify: restart nginx - - - name: disable default nginx site - file: - path: /etc/nginx/sites-enabled/default - state: absent - notify: restart nginx + - name: install nginx + apt: + state: present + pkg: + - nginx + + - name: add CDS nginx conf + template: + src: cds.conf.j2 + dest: /etc/nginx/sites-available/cds.conf + notify: restart nginx + + - name: enable nginx conf for CDS + file: + src: /etc/nginx/sites-available/cds.conf + dest: /etc/nginx/sites-enabled/cds.conf + state: link + notify: restart nginx + + - name: disable default nginx site + file: + path: /etc/nginx/sites-enabled/default + state: absent + notify: restart nginx when: CDS_HOSTNAME is defined diff --git a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml b/icpc-wf/ansible/roles/clusterssh/tasks/main.yml index 4929a2d6..85967386 100644 --- a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml +++ b/icpc-wf/ansible/roles/clusterssh/tasks/main.yml @@ -8,22 +8,22 @@ - clusterssh - name: create clusterssh 'all' config group - become: yes + become: true become_user: domjudge lineinfile: dest: /home/domjudge/.clusterssh/clusters regexp: '^all' line: "all {{ groups['all'] | join(' ') }}" - create: yes + create: true - name: create clusterssh config groups - become: yes + become: true become_user: domjudge lineinfile: dest: /home/domjudge/.clusterssh/clusters regexp: '^{{ item }}s' line: "{{item}}s {{ groups[item] | join(' ') }}" - create: yes + create: true loop: - domserver - judgehost diff --git a/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml b/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml index 8083931e..102c1219 100644 --- a/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml +++ b/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml @@ -5,4 +5,4 @@ shell: make -C {{DJ_DIR}} inplace-postinstall-permissions - name: restart rsyslog - service: name=rsyslog enabled=yes state=restarted + service: name=rsyslog enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml index 1371da37..916ac3f7 100644 --- a/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml @@ -10,7 +10,7 @@ mode: 0600 - name: run inplace-conf - become: yes + become: true become_user: domjudge command: make inplace-conf CONFIGURE_FLAGS='--disable-doc-build --with-baseurl={{DOMSERVER}}/' register: dj_configured @@ -23,7 +23,7 @@ register: judgedaemon_binary - name: build domjudge - become: yes + become: true become_user: domjudge command: make inplace-install args: diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml index 18f5c642..e7c1e46d 100644 --- a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml @@ -13,13 +13,13 @@ DJ_GIT_REPO: "{{ DJ_GIT_REPO_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO}}" - name: Create working copy of the domjudge repo - become: yes + become: true become_user: domjudge git: repo={{DJ_GIT_REPO}} dest={{DJ_DIR}} version={{DJ_BRANCH}} accept_hostkey=yes update=yes register: git_working_copy - name: Check composer dependencies present - become: no + become: false local_action: stat path=files/lib/vendor register: libvendor @@ -27,13 +27,13 @@ synchronize: src: files/lib/vendor/ dest: "{{DJ_DIR}}/lib/vendor/" - owner: no + owner: false use_ssh_args: true when: libvendor.stat.exists - name: fix ownership of lib/vendor file: path: "{{DJ_DIR}}/lib/vendor" - recurse: yes + recurse: true owner: domjudge group: domjudge diff --git a/icpc-wf/ansible/roles/domjudge_user/handlers/main.yml b/icpc-wf/ansible/roles/domjudge_user/handlers/main.yml index ecb35cbd..e905aa84 100644 --- a/icpc-wf/ansible/roles/domjudge_user/handlers/main.yml +++ b/icpc-wf/ansible/roles/domjudge_user/handlers/main.yml @@ -2,4 +2,4 @@ # Define here handlers associated to this role. - name: restart gdm - service: name=gdm3 enabled=yes state=restarted + service: name=gdm3 enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml index 0f448a67..dc2679a1 100644 --- a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml @@ -41,7 +41,7 @@ path: /etc/gdm3/custom.conf regexp: 'AutomaticLoginEnable' line: 'AutomaticLoginEnable=true' - create: yes + create: true notify: restart gdm - name: Automatically login domjudge user diff --git a/icpc-wf/ansible/roles/domlogo/tasks/main.yml b/icpc-wf/ansible/roles/domlogo/tasks/main.yml index 824a275c..c9d90cfd 100644 --- a/icpc-wf/ansible/roles/domlogo/tasks/main.yml +++ b/icpc-wf/ansible/roles/domlogo/tasks/main.yml @@ -19,14 +19,14 @@ synchronize: src: lib dest: /home/domjudge/.local/ - owner: no + owner: false use_ssh_args: true - name: install domlogo images synchronize: src: images dest: "{{DJ_DIR}}" - owner: no + owner: false use_ssh_args: true - name: add autostart shortcuts diff --git a/icpc-wf/ansible/roles/domserver/handlers/main.yml b/icpc-wf/ansible/roles/domserver/handlers/main.yml index 6ebc67dd..6fe95874 100644 --- a/icpc-wf/ansible/roles/domserver/handlers/main.yml +++ b/icpc-wf/ansible/roles/domserver/handlers/main.yml @@ -2,7 +2,7 @@ # Define here handlers associated to this role. - name: restart nginx - service: name=nginx enabled=yes state=restarted + service: name=nginx enabled=true state=restarted - name: restart PHP FPM - service: name=php7.4-fpm enabled=yes state=restarted + service: name=php7.4-fpm enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/domserver/tasks/main.yml b/icpc-wf/ansible/roles/domserver/tasks/main.yml index 1e46e61a..2aaa9e08 100644 --- a/icpc-wf/ansible/roles/domserver/tasks/main.yml +++ b/icpc-wf/ansible/roles/domserver/tasks/main.yml @@ -77,7 +77,7 @@ path: /etc/php/7.4/fpm/pool.d/domjudge.conf src: "{{DJ_DIR}}/etc/domjudge-fpm.conf" state: link - force: yes + force: true notify: restart PHP FPM - name: set PHP settings diff --git a/icpc-wf/ansible/roles/grafana/defaults/main.yml b/icpc-wf/ansible/roles/grafana/defaults/main.yml index 136dc243..7bfa199a 100644 --- a/icpc-wf/ansible/roles/grafana/defaults/main.yml +++ b/icpc-wf/ansible/roles/grafana/defaults/main.yml @@ -1,3 +1,2 @@ grafana_port: 8443 LOKI: false - diff --git a/icpc-wf/ansible/roles/grafana/files/datasources.yml b/icpc-wf/ansible/roles/grafana/files/datasources.yml index d6f596e4..36088aff 100644 --- a/icpc-wf/ansible/roles/grafana/files/datasources.yml +++ b/icpc-wf/ansible/roles/grafana/files/datasources.yml @@ -10,41 +10,41 @@ deleteDatasources: # what's available in the database datasources: # name of the datasource. Required -- name: Prometheus - # datasource type. Required - type: prometheus - # access mode. proxy or direct (Server or Browser in the UI). Required - access: proxy - # org id. will default to orgId 1 if not specified - orgId: 1 - # url - url: http://localhost:9090 - # database password, if used - # password: - # database user, if used - # user: - # database name, if used - # database: - # enable/disable basic auth - # basicAuth: - # basic auth username - # basicAuthUser: - # basic auth password - # basicAuthPassword: - # enable/disable with credentials headers - # withCredentials: - # mark as default datasource. Max one per org - isDefault: true - # fields that will be converted to json and stored in jsonData - # jsonData: - # graphiteVersion: "1.1" - # tlsAuth: true - # tlsAuthWithCACert: true - # json object of data that will be encrypted. - # secureJsonData: - # tlsCACert: "..." - # tlsClientCert: "..." - # tlsClientKey: "..." - version: 1 - # allow users to edit datasources from the UI. - editable: true + - name: Prometheus + # datasource type. Required + type: prometheus + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:9090 + # database password, if used + # password: + # database user, if used + # user: + # database name, if used + # database: + # enable/disable basic auth + # basicAuth: + # basic auth username + # basicAuthUser: + # basic auth password + # basicAuthPassword: + # enable/disable with credentials headers + # withCredentials: + # mark as default datasource. Max one per org + isDefault: true + # fields that will be converted to json and stored in jsonData + # jsonData: + # graphiteVersion: "1.1" + # tlsAuth: true + # tlsAuthWithCACert: true + # json object of data that will be encrypted. + # secureJsonData: + # tlsCACert: "..." + # tlsClientCert: "..." + # tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: true diff --git a/icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml b/icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml index 26719529..b52f9864 100644 --- a/icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml +++ b/icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml @@ -44,4 +44,3 @@ chunk_store_config: table_manager: retention_deletes_enabled: false retention_period: 0s - diff --git a/icpc-wf/ansible/roles/grafana/handlers/main.yml b/icpc-wf/ansible/roles/grafana/handlers/main.yml index 2edc8520..d2a23bee 100644 --- a/icpc-wf/ansible/roles/grafana/handlers/main.yml +++ b/icpc-wf/ansible/roles/grafana/handlers/main.yml @@ -28,6 +28,5 @@ - name: restart loki service: name: loki - enabled: yes + enabled: true state: restarted - diff --git a/icpc-wf/ansible/roles/grafana/tasks/main.yml b/icpc-wf/ansible/roles/grafana/tasks/main.yml index 897efbbc..8cabe11a 100644 --- a/icpc-wf/ansible/roles/grafana/tasks/main.yml +++ b/icpc-wf/ansible/roles/grafana/tasks/main.yml @@ -13,7 +13,7 @@ - name: install dependencies apt: state: present - install_recommends: no + install_recommends: false pkg: - nginx - prometheus @@ -122,4 +122,3 @@ group: root mode: 0644 notify: restart nginx - diff --git a/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml b/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml index 064be7dc..ca548616 100644 --- a/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml +++ b/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml @@ -23,7 +23,7 @@ service: name: "{{ item }}" state: stopped - enabled: no + enabled: false loop: - mumble-server - selfie diff --git a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml b/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml index d7ac3cb7..8b805df0 100644 --- a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml @@ -5,15 +5,15 @@ shell: systemctl daemon-reload - name: enable and restart tune_cpu - service: name=tune_cpu enabled=yes state=restarted + service: name=tune_cpu enabled=true state=restarted - name: enable and restart create-cgroups - service: name=create-cgroups enabled=yes state=restarted + service: name=create-cgroups enabled=true state=restarted - name: enable and restart judgedaemon service: name="domjudge-judgehost.target" - enabled=yes + enabled=true state=restarted - name: update grub diff --git a/icpc-wf/ansible/roles/mysql_server/handlers/main.yml b/icpc-wf/ansible/roles/mysql_server/handlers/main.yml index 07246cb4..5ef1bb20 100644 --- a/icpc-wf/ansible/roles/mysql_server/handlers/main.yml +++ b/icpc-wf/ansible/roles/mysql_server/handlers/main.yml @@ -2,4 +2,4 @@ # Define here handlers associated to this role. - name: restart mysql - service: name=mysql enabled=yes state=restarted + service: name=mysql enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/mysql_server/tasks/main.yml b/icpc-wf/ansible/roles/mysql_server/tasks/main.yml index e65a4dde..a83009b7 100644 --- a/icpc-wf/ansible/roles/mysql_server/tasks/main.yml +++ b/icpc-wf/ansible/roles/mysql_server/tasks/main.yml @@ -45,5 +45,5 @@ group: domjudge mode: 0755 loop: - - load-db - - dump-db + - load-db + - dump-db diff --git a/icpc-wf/ansible/roles/phpstorm/tasks/main.yml b/icpc-wf/ansible/roles/phpstorm/tasks/main.yml index 70db3566..02246560 100644 --- a/icpc-wf/ansible/roles/phpstorm/tasks/main.yml +++ b/icpc-wf/ansible/roles/phpstorm/tasks/main.yml @@ -5,32 +5,32 @@ synchronize: src: PhpStorm-{{ PHPSTORM_FULL_VERSION }} dest: "/opt/phpstorm" - owner: no + owner: false use_ssh_args: true - name: Copy in PHPStorm config synchronize: src: PhpStorm{{ PHPSTORM_VERSION }} dest: "/home/domjudge/.config/JetBrains" - owner: no + owner: false use_ssh_args: true - name: Copy in PHPStorm jdbc drivers synchronize: src: jdbc-drivers dest: "/home/domjudge/.config/JetBrains/PhpStorm{{ PHPSTORM_VERSION }}/" - owner: no + owner: false use_ssh_args: true - name: fix ownership of PHPStorm config file: path: "/home/domjudge/.config/JetBrains/PhpStorm{{ PHPSTORM_VERSION }}" - recurse: yes + recurse: true owner: domjudge group: domjudge - name: Create local directory - become: yes + become: true become_user: domjudge file: path: "/home/domjudge/.local/share/JetBrains/" @@ -41,14 +41,14 @@ synchronize: src: PhpStorm{{ PHPSTORM_VERSION }}-local-share/ dest: "/home/domjudge/.local/share/JetBrains/PhpStorm{{ PHPSTORM_VERSION }}" - owner: no - recursive: yes + owner: false + recursive: true use_ssh_args: true - name: fix ownership of PHPStorm local share file: path: "/home/domjudge/.local/share/JetBrains/PhpStorm{{ PHPSTORM_VERSION }}" - recurse: yes + recurse: true owner: domjudge group: domjudge @@ -56,18 +56,18 @@ synchronize: src: .idea dest: "{{DJ_DIR}}" - owner: no + owner: false use_ssh_args: true - name: fix ownership of PHPStorm config file: path: "{{DJ_DIR}}/.idea" - recurse: yes + recurse: true owner: domjudge group: domjudge - name: Create a directory if it does not exist - become: yes + become: true become_user: domjudge file: path: /home/domjudge/.local/share/applications @@ -75,7 +75,7 @@ mode: '0755' - name: Copy in PHPStorm Desktop icon - become: yes + become: true become_user: domjudge template: src: jetbrains-phpstorm.desktop.j2 diff --git a/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml b/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml index 783920bd..b63a6b98 100644 --- a/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml @@ -1,2 +1 @@ PROM: true - diff --git a/icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml b/icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml index eca8360b..4d60f810 100644 --- a/icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml @@ -2,7 +2,6 @@ - name: restart promtail service: name: promtail - enabled: yes + enabled: true state: restarted daemon_reload: true - diff --git a/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml b/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml index 7c2fac54..3f850b43 100644 --- a/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml @@ -52,4 +52,3 @@ state: started enabled: true when: PROM - diff --git a/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml b/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml index 0588ac9b..b5739a5f 100644 --- a/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml @@ -1,12 +1,12 @@ --- - name: restart php-exporter - service: name=php-fpm-exporter enabled=yes state=restarted + service: name=php-fpm-exporter enabled=true state=restarted - name: restart nginx - service: name=nginx enabled=yes state=restarted + service: name=nginx enabled=true state=restarted - name: restart nginx-exporter - service: name=prometheus-nginx-exporter enabled=yes state=restarted + service: name=prometheus-nginx-exporter enabled=true state=restarted - name: restart mysqld-exporter - service: name=prometheus-mysqld-exporter enabled=yes state=restarted + service: name=prometheus-mysqld-exporter enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/scoreboard/handlers/main.yml b/icpc-wf/ansible/roles/scoreboard/handlers/main.yml index 1acd9836..1d442fdc 100644 --- a/icpc-wf/ansible/roles/scoreboard/handlers/main.yml +++ b/icpc-wf/ansible/roles/scoreboard/handlers/main.yml @@ -2,4 +2,4 @@ # Define here handlers associated to this role. - name: restart nginx - service: name=nginx enabled=yes state=restarted + service: name=nginx enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/scoreboard/tasks/main.yml b/icpc-wf/ansible/roles/scoreboard/tasks/main.yml index 4438f697..85f26592 100644 --- a/icpc-wf/ansible/roles/scoreboard/tasks/main.yml +++ b/icpc-wf/ansible/roles/scoreboard/tasks/main.yml @@ -9,10 +9,10 @@ group: domjudge mode: 0755 loop: - - css - - js - - webfonts - - flags + - css + - js + - webfonts + - flags - name: download required assets get_url: @@ -22,29 +22,29 @@ group: domjudge mode: 0644 loop: - - favicon.ico - - css/bootstrap.min.css - - css/fontawesome-all.min.css - - js/jquery.min.js - - js/bootstrap.bundle.min.js - - js/domjudge.js - - style_domjudge.css - - webfonts/fa-brands-400.ttf - - webfonts/fa-brands-400.woff2 - - webfonts/fa-regular-400.ttf - - webfonts/fa-regular-400.woff2 - - webfonts/fa-solid-900.ttf - - webfonts/fa-solid-900.woff2 - - webfonts/fa-v4compatibility.ttf - - webfonts/fa-v4compatibility.woff2 + - favicon.ico + - css/bootstrap.min.css + - css/fontawesome-all.min.css + - js/jquery.min.js + - js/bootstrap.bundle.min.js + - js/domjudge.js + - style_domjudge.css + - webfonts/fa-brands-400.ttf + - webfonts/fa-brands-400.woff2 + - webfonts/fa-regular-400.ttf + - webfonts/fa-regular-400.woff2 + - webfonts/fa-solid-900.ttf + - webfonts/fa-solid-900.woff2 + - webfonts/fa-v4compatibility.ttf + - webfonts/fa-v4compatibility.woff2 - name: install contest images synchronize: src: files/domjudge-public/ dest: "/home/domjudge/scoreboard/" - owner: no + owner: false use_ssh_args: true - become: yes + become: true become_user: domjudge - name: download and unpack flag icons package diff --git a/icpc-wf/ansible/scoreboard.yml b/icpc-wf/ansible/scoreboard.yml index 5d9ab8f5..221ceaf7 100644 --- a/icpc-wf/ansible/scoreboard.yml +++ b/icpc-wf/ansible/scoreboard.yml @@ -5,7 +5,7 @@ hosts: scoreboard vars: host_type: scoreboard - become: yes + become: true roles: - role: base_packages tags: base_packages From a8687d80b63f8a5f87ff455fe706586482a83cf8 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 14:11:22 +0200 Subject: [PATCH 37/51] Fix variable spacing issues, no change intended --- icpc-wf/ansible/admin.yml | 8 ++--- icpc-wf/ansible/domserver.yml | 12 +++---- ...taillog-domserver-symfony-error.desktop.j2 | 2 +- icpc-wf/ansible/files/taillog.desktop.j2 | 2 +- icpc-wf/ansible/handlers.yml | 2 +- icpc-wf/ansible/judgehost.yml | 8 ++--- .../tasks/install-local-package.yml | 6 ++-- .../roles/base_packages/tasks/main.yml | 2 +- .../ansible/roles/clusterssh/tasks/main.yml | 2 +- .../roles/domjudge_build/handlers/main.yml | 2 +- .../roles/domjudge_build/tasks/main.yml | 14 ++++---- .../roles/domjudge_checkout/tasks/main.yml | 10 +++--- .../roles/domjudge_user/tasks/main.yml | 6 ++-- icpc-wf/ansible/roles/domlogo/tasks/main.yml | 4 +-- .../domlogo/templates/domjudgelogo.desktop.j2 | 2 +- .../ansible/roles/domserver/tasks/main.yml | 32 +++++++++---------- .../templates/nginx-domjudge-inner.j2 | 2 +- icpc-wf/ansible/roles/hosts/tasks/main.yml | 2 +- .../ansible/roles/judgedaemon/tasks/main.yml | 12 +++---- .../roles/mysql_replication/tasks/main.yml | 2 +- icpc-wf/ansible/roles/phpstorm/tasks/main.yml | 4 +-- .../ansible/roles/system_fixes/tasks/main.yml | 4 +-- 22 files changed, 70 insertions(+), 70 deletions(-) diff --git a/icpc-wf/ansible/admin.yml b/icpc-wf/ansible/admin.yml index 3e01e0d8..5f17678e 100644 --- a/icpc-wf/ansible/admin.yml +++ b/icpc-wf/ansible/admin.yml @@ -58,7 +58,7 @@ lineinfile: regexp: 'APP_ENV=' line: 'APP_ENV=dev' - dest: "{{DJ_DIR}}/webapp/.env.local" + dest: "{{ DJ_DIR }}/webapp/.env.local" - name: add cds to hosts file lineinfile: @@ -86,13 +86,13 @@ - name: Update repo URL based on network set_fact: - DJ_GIT_REPO_SCRIPTS: "{{ DJ_GIT_REPO_SCRIPTS_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO_SCRIPTS}}" + DJ_GIT_REPO_SCRIPTS: "{{ DJ_GIT_REPO_SCRIPTS_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO_SCRIPTS }}" - name: create working copy of the domjudge-scripts repo become: true become_user: domjudge # We use a different directory here to have one single 'upstream' and not have issues with it - git: repo={{DJ_GIT_REPO_SCRIPTS}} dest=/home/domjudge/domjudge-scripts-checkout version=main accept_hostkey=yes update=no + git: repo={{ DJ_GIT_REPO_SCRIPTS }} dest=/home/domjudge/domjudge-scripts-checkout version=main accept_hostkey=yes update=no - name: create working copy of the wf2020 repo become: true @@ -102,7 +102,7 @@ - name: copy custom CSS file for admin machines copy: src: admin-machine.css - dest: "{{DJ_DIR}}/webapp/public/css/custom/admin-machine.css" + dest: "{{ DJ_DIR }}/webapp/public/css/custom/admin-machine.css" owner: domjudge group: domjudge mode: 0644 diff --git a/icpc-wf/ansible/domserver.yml b/icpc-wf/ansible/domserver.yml index 9b2398cd..63bd9a6c 100644 --- a/icpc-wf/ansible/domserver.yml +++ b/icpc-wf/ansible/domserver.yml @@ -61,12 +61,12 @@ lineinfile: regexp: '^APP_ENV=dev' state: absent - dest: "{{DJ_DIR}}/webapp/.env.local" + dest: "{{ DJ_DIR }}/webapp/.env.local" - name: install contest images synchronize: src: files/domjudge-public/ - dest: "{{DJ_DIR}}/webapp/public" + dest: "{{ DJ_DIR }}/webapp/public" owner: false use_ssh_args: true notify: clear application cache @@ -74,12 +74,12 @@ - name: Add documentation in DOMjudge team interface copy: src: files/docs.yaml - dest: "{{DJ_DIR}}/etc/" + dest: "{{ DJ_DIR }}/etc/" notify: clear application cache - name: add autostart shortcuts copy: - src: files/{{item}}.desktop + src: files/{{ item }}.desktop dest: /home/domjudge/.config/autostart/ owner: domjudge group: domjudge @@ -90,8 +90,8 @@ - name: add autostart shortcuts from template template: - src: files/{{item}}.desktop.j2 - dest: /home/domjudge/.config/autostart/{{item}}.desktop + src: files/{{ item }}.desktop.j2 + dest: /home/domjudge/.config/autostart/{{ item }}.desktop owner: domjudge group: domjudge mode: 0755 diff --git a/icpc-wf/ansible/files/taillog-domserver-symfony-error.desktop.j2 b/icpc-wf/ansible/files/taillog-domserver-symfony-error.desktop.j2 index 922a9385..e1bb4ee2 100644 --- a/icpc-wf/ansible/files/taillog-domserver-symfony-error.desktop.j2 +++ b/icpc-wf/ansible/files/taillog-domserver-symfony-error.desktop.j2 @@ -1,4 +1,4 @@ [Desktop Entry] Name=taillog-domserver-symfony-error Type=Application -Exec=gnome-terminal --window --geometry 74x17+1000+400 -e 'bash -c "tail -F {{DJ_DIR}}/webapp/var/log/prod.log"' +Exec=gnome-terminal --window --geometry 74x17+1000+400 -e 'bash -c "tail -F {{ DJ_DIR }}/webapp/var/log/prod.log"' diff --git a/icpc-wf/ansible/files/taillog.desktop.j2 b/icpc-wf/ansible/files/taillog.desktop.j2 index 78a9ff7c..6b9b6f74 100644 --- a/icpc-wf/ansible/files/taillog.desktop.j2 +++ b/icpc-wf/ansible/files/taillog.desktop.j2 @@ -1,4 +1,4 @@ [Desktop Entry] Name=taillog Type=Application -Exec=gnome-terminal --window --full-screen -e 'bash -c "tail -f {{DJ_DIR}}/output/log/*-0.log"' +Exec=gnome-terminal --window --full-screen -e 'bash -c "tail -f {{ DJ_DIR }}/output/log/*-0.log"' diff --git a/icpc-wf/ansible/handlers.yml b/icpc-wf/ansible/handlers.yml index 2f17b9f6..e1378e82 100644 --- a/icpc-wf/ansible/handlers.yml +++ b/icpc-wf/ansible/handlers.yml @@ -1,6 +1,6 @@ # Common definition of handlers --- - name: clear application cache - command: "{{DJ_DIR}}/webapp/bin/console cache:clear" + command: "{{ DJ_DIR }}/webapp/bin/console cache:clear" become: true become_user: domjudge diff --git a/icpc-wf/ansible/judgehost.yml b/icpc-wf/ansible/judgehost.yml index 4dce69d2..e2f51b07 100644 --- a/icpc-wf/ansible/judgehost.yml +++ b/icpc-wf/ansible/judgehost.yml @@ -46,14 +46,14 @@ service_facts: - name: Disable all cores service: - name="domjudge-judgedaemon@{{item}}" + name="domjudge-judgedaemon@{{ item }}" state=stopped with_sequence: start=0 end={{ ansible_processor_vcpus }} format=domjudge-judgedaemon@%1x when: '"domjudge-judgedaemon@0.service" in services' tasks: - name: add autostart shortcuts template: - src: files/{{item}}.desktop + src: files/{{ item }}.desktop dest: /home/domjudge/.config/autostart/ owner: domjudge group: domjudge @@ -63,8 +63,8 @@ - name: add autostart shortcuts from template template: - src: files/{{item}}.desktop.j2 - dest: /home/domjudge/.config/autostart/{{item}}.desktop + src: files/{{ item }}.desktop.j2 + dest: /home/domjudge/.config/autostart/{{ item }}.desktop owner: domjudge group: domjudge mode: 0755 diff --git a/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml b/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml index 736562f5..3610535c 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml @@ -9,9 +9,9 @@ mode: 0700 - name: copy DEB package to remote - copy: src={{item}} dest="/tmp/dj_ansible/{{item|basename}}" + copy: src={{ item }} dest="/tmp/dj_ansible/{{ item|basename }}" register: deb_copied -- name: install DEB package {{item|basename}} - apt: deb="/tmp/dj_ansible/{{item|basename}}" +- name: install DEB package {{ item|basename }} + apt: deb="/tmp/dj_ansible/{{ item|basename }}" when: deb_copied.changed diff --git a/icpc-wf/ansible/roles/base_packages/tasks/main.yml b/icpc-wf/ansible/roles/base_packages/tasks/main.yml index b0fb4fde..2118d89f 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/main.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/main.yml @@ -122,4 +122,4 @@ - name: install local DEB packages include: install-local-package.yml with_fileglob: - - install-{{host_type}}/*.deb + - install-{{ host_type }}/*.deb diff --git a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml b/icpc-wf/ansible/roles/clusterssh/tasks/main.yml index 85967386..164af188 100644 --- a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml +++ b/icpc-wf/ansible/roles/clusterssh/tasks/main.yml @@ -22,7 +22,7 @@ lineinfile: dest: /home/domjudge/.clusterssh/clusters regexp: '^{{ item }}s' - line: "{{item}}s {{ groups[item] | join(' ') }}" + line: "{{ item }}s {{ groups[item] | join(' ') }}" create: true loop: - domserver diff --git a/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml b/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml index 102c1219..9e40b776 100644 --- a/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml +++ b/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml @@ -2,7 +2,7 @@ # Define here handlers associated to this role. - name: fix permissions on domjudge inplace-install - shell: make -C {{DJ_DIR}} inplace-postinstall-permissions + shell: make -C {{ DJ_DIR }} inplace-postinstall-permissions - name: restart rsyslog service: name=rsyslog enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml index 916ac3f7..461913e3 100644 --- a/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml @@ -4,7 +4,7 @@ - name: add the restapi secret file template: src: restapi.secret.j2 - dest: "{{DJ_DIR}}/etc/restapi.secret" + dest: "{{ DJ_DIR }}/etc/restapi.secret" owner: domjudge group: domjudge mode: 0600 @@ -12,14 +12,14 @@ - name: run inplace-conf become: true become_user: domjudge - command: make inplace-conf CONFIGURE_FLAGS='--disable-doc-build --with-baseurl={{DOMSERVER}}/' + command: make inplace-conf CONFIGURE_FLAGS='--disable-doc-build --with-baseurl={{ DOMSERVER }}/' register: dj_configured args: - chdir: "{{DJ_DIR}}" - creates: "{{DJ_DIR}}/paths.mk" + chdir: "{{ DJ_DIR }}" + creates: "{{ DJ_DIR }}/paths.mk" - name: check if domjudge is built - stat: path="{{DJ_DIR}}/judge/judgedaemon" + stat: path="{{ DJ_DIR }}/judge/judgedaemon" register: judgedaemon_binary - name: build domjudge @@ -27,14 +27,14 @@ become_user: domjudge command: make inplace-install args: - chdir: "{{DJ_DIR}}" + chdir: "{{ DJ_DIR }}" notify: fix permissions on domjudge inplace-install when: (git_working_copy is defined and git_working_copy.changed) or dj_configured.changed or not judgedaemon_binary.stat.exists - name: copy domjudge-sudoers file copy: remote_src: true - src: "{{DJ_DIR}}/etc/sudoers-domjudge" + src: "{{ DJ_DIR }}/etc/sudoers-domjudge" dest: /etc/sudoers.d/domjudge mode: 0440 owner: root diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml index e7c1e46d..c74e5216 100644 --- a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml @@ -3,19 +3,19 @@ - name: create working copy directory file: - path: "{{DJ_DIR}}" + path: "{{ DJ_DIR }}" state: directory owner: domjudge group: domjudge - name: Update repo URL based on network set_fact: - DJ_GIT_REPO: "{{ DJ_GIT_REPO_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO}}" + DJ_GIT_REPO: "{{ DJ_GIT_REPO_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO }}" - name: Create working copy of the domjudge repo become: true become_user: domjudge - git: repo={{DJ_GIT_REPO}} dest={{DJ_DIR}} version={{DJ_BRANCH}} accept_hostkey=yes update=yes + git: repo={{ DJ_GIT_REPO }} dest={{ DJ_DIR }} version={{ DJ_BRANCH }} accept_hostkey=yes update=yes register: git_working_copy - name: Check composer dependencies present @@ -26,14 +26,14 @@ - name: Copy in composer dependencies (if they exist locally) synchronize: src: files/lib/vendor/ - dest: "{{DJ_DIR}}/lib/vendor/" + dest: "{{ DJ_DIR }}/lib/vendor/" owner: false use_ssh_args: true when: libvendor.stat.exists - name: fix ownership of lib/vendor file: - path: "{{DJ_DIR}}/lib/vendor" + path: "{{ DJ_DIR }}/lib/vendor" recurse: true owner: domjudge group: domjudge diff --git a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml index dc2679a1..e863e9a6 100644 --- a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml @@ -6,7 +6,7 @@ name: domjudge shell: /bin/bash groups: sudo - password: "{{DJ_SHELL_USER_PW | default(omit)}}" + password: "{{ DJ_SHELL_USER_PW | default(omit) }}" - name: Allow 'sudo' group to have passwordless sudo lineinfile: @@ -19,8 +19,8 @@ ini_file: dest: /home/domjudge/.gitconfig section: user - option: "{{item.name}}" - value: "{{item.value}}" + option: "{{ item.name }}" + value: "{{ item.value }}" owner: domjudge group: domjudge loop: diff --git a/icpc-wf/ansible/roles/domlogo/tasks/main.yml b/icpc-wf/ansible/roles/domlogo/tasks/main.yml index c9d90cfd..7bd14cf8 100644 --- a/icpc-wf/ansible/roles/domlogo/tasks/main.yml +++ b/icpc-wf/ansible/roles/domlogo/tasks/main.yml @@ -10,7 +10,7 @@ - name: install domlogo copy: src: domlogo.py - dest: "{{DJ_DIR}}" + dest: "{{ DJ_DIR }}" owner: domjudge group: domjudge mode: 0755 @@ -25,7 +25,7 @@ - name: install domlogo images synchronize: src: images - dest: "{{DJ_DIR}}" + dest: "{{ DJ_DIR }}" owner: false use_ssh_args: true diff --git a/icpc-wf/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 b/icpc-wf/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 index b905e534..7cb14e98 100644 --- a/icpc-wf/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 +++ b/icpc-wf/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 @@ -1,4 +1,4 @@ [Desktop Entry] Name=domjudgelogo Type=Application -Exec=bash -c "sleep 10 && cd {{DJ_DIR}} && python3 ./domlogo.py 1>/home/domjudge/logo.out 2>/home/domjudge/logo.err" +Exec=bash -c "sleep 10 && cd {{ DJ_DIR }} && python3 ./domlogo.py 1>/home/domjudge/logo.out 2>/home/domjudge/logo.err" diff --git a/icpc-wf/ansible/roles/domserver/tasks/main.yml b/icpc-wf/ansible/roles/domserver/tasks/main.yml index 2aaa9e08..9deb31ce 100644 --- a/icpc-wf/ansible/roles/domserver/tasks/main.yml +++ b/icpc-wf/ansible/roles/domserver/tasks/main.yml @@ -4,24 +4,24 @@ - name: install dbpasswords.secret file template: src: dbpasswords.secret.j2 - dest: "{{DJ_DIR}}/etc/dbpasswords.secret" + dest: "{{ DJ_DIR }}/etc/dbpasswords.secret" notify: fix permissions on domjudge inplace-install - name: install initial_admin_password.secret file template: src: initial_admin_password.secret.j2 - dest: "{{DJ_DIR}}/etc/initial_admin_password.secret" + dest: "{{ DJ_DIR }}/etc/initial_admin_password.secret" notify: fix permissions on domjudge inplace-install # When using replication, the DB will be dropped and recreated on the slave later. - name: check if the database is configured - command: "{{DJ_DIR}}/bin/dj_setup_database -u root status" + command: "{{ DJ_DIR }}/bin/dj_setup_database -u root status" register: db_status ignore_errors: true changed_when: false - name: make sure the database is configured - command: "{{DJ_DIR}}/bin/dj_setup_database -u root bare-install" + command: "{{ DJ_DIR }}/bin/dj_setup_database -u root bare-install" when: "'failed' in db_status.stdout" - name: install required packages @@ -37,12 +37,12 @@ dest: /etc/php/7.4/fpm/php.ini state: present regexp: 'date\.timezone\s*=' - line: 'date.timezone = {{TIMEZONE}}' + line: 'date.timezone = {{ TIMEZONE }}' - name: enable PHP modules - command: phpenmod {{item}} + command: phpenmod {{ item }} args: - creates: /etc/php/7.4/fpm/conf.d/20-{{item}}.ini + creates: /etc/php/7.4/fpm/conf.d/20-{{ item }}.ini loop: - zip - intl @@ -75,7 +75,7 @@ - name: symlink domjudge FPM conf file: path: /etc/php/7.4/fpm/pool.d/domjudge.conf - src: "{{DJ_DIR}}/etc/domjudge-fpm.conf" + src: "{{ DJ_DIR }}/etc/domjudge-fpm.conf" state: link force: true notify: restart PHP FPM @@ -83,13 +83,13 @@ - name: set PHP settings lineinfile: dest: /etc/php/7.4/fpm/pool.d/domjudge.conf - regexp: "{{item.regexp}}" - line: "{{item.key}} = {{item.value}}" + regexp: "{{ item.regexp }}" + line: "{{ item.key }} = {{ item.value }}" loop: - - { key: 'pm.max_children', regexp: '^pm\.max_children', value: '{{PHP_FPM_MAX_CHILDREN}}' } - - { key: 'pm.max_requests', regexp: '^pm\.max_requests', value: '{{PHP_FPM_MAX_REQUESTS}}' } - - { key: 'php_admin_value[memory_limit]', regexp: '^php_admin_value\[memory_limit\]', value: '{{PHP_MEMORY_LIMIT}}' } - - { key: 'php_admin_value[upload_max_filesize]', regexp: '^php_admin_value\[upload_max_filesize\]', value: '{{PHP_UPLOAD_MAX_FILESIZE}}' } - - { key: 'php_admin_value[post_max_size]', regexp: '^php_admin_value\[post_max_size\]', value: '{{PHP_POST_MAX_SIZE}}' } - - { key: 'php_admin_value[max_file_uploads]', regexp: '^php_admin_value\[max_file_uploads\]', value: '{{PHP_MAX_FILE_UPLOADS}}' } + - { key: 'pm.max_children', regexp: '^pm\.max_children', value: '{{ PHP_FPM_MAX_CHILDREN }}' } + - { key: 'pm.max_requests', regexp: '^pm\.max_requests', value: '{{ PHP_FPM_MAX_REQUESTS }}' } + - { key: 'php_admin_value[memory_limit]', regexp: '^php_admin_value\[memory_limit\]', value: '{{ PHP_MEMORY_LIMIT }}' } + - { key: 'php_admin_value[upload_max_filesize]', regexp: '^php_admin_value\[upload_max_filesize\]', value: '{{ PHP_UPLOAD_MAX_FILESIZE }}' } + - { key: 'php_admin_value[post_max_size]', regexp: '^php_admin_value\[post_max_size\]', value: '{{ PHP_POST_MAX_SIZE }}' } + - { key: 'php_admin_value[max_file_uploads]', regexp: '^php_admin_value\[max_file_uploads\]', value: '{{ PHP_MAX_FILE_UPLOADS }}' } notify: restart PHP FPM diff --git a/icpc-wf/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 b/icpc-wf/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 index 283828e1..2d19afe6 100644 --- a/icpc-wf/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 +++ b/icpc-wf/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 @@ -7,7 +7,7 @@ server_name _default_; client_max_body_size {{PHP_UPLOAD_MAX_FILESIZE}}; # Variables used in the nginx configuration -set $domjudgeRoot {{DJ_DIR}}/webapp/public; +set $domjudgeRoot {{ DJ_DIR }}/webapp/public; set $prefix ''; location / { diff --git a/icpc-wf/ansible/roles/hosts/tasks/main.yml b/icpc-wf/ansible/roles/hosts/tasks/main.yml index 7e4031d5..0e8d5811 100644 --- a/icpc-wf/ansible/roles/hosts/tasks/main.yml +++ b/icpc-wf/ansible/roles/hosts/tasks/main.yml @@ -16,4 +16,4 @@ lineinfile: dest: /etc/hosts regexp: 'domserver' - line: "{{DOMSERVER_IP}} domjudge domserver" + line: "{{ DOMSERVER_IP }} domjudge domserver" diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index 94d33e0b..9a8a0db5 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -2,8 +2,8 @@ # These tasks configure the DOMjudge judgedaemon with chroot - name: create domjudge-run users - user: name=domjudge-run-{{item}} createhome=no home=/nonexistent group=nogroup shell=/bin/false - loop: "{{CPUCORE}}" + user: name=domjudge-run-{{ item }} createhome=no home=/nonexistent group=nogroup shell=/bin/false + loop: "{{ CPUCORE }}" - name: create domjudge-run group group: name=domjudge-run state=present @@ -22,7 +22,7 @@ dest: /tmp/dj_ansible/ - name: create chroot - shell: "{{DJ_DIR}}/misc-tools/dj_make_chroot -y -i openjdk-11-jdk-headless -l \"$(ls /tmp/dj_ansible/install-chroot/*.deb 2>/dev/null | tr '\n' ',')\" 2>&1 | tee /tmp/dj_make_chroot.log; grep '^Done building chroot in' /tmp/dj_make_chroot.log" + shell: "{{ DJ_DIR }}/misc-tools/dj_make_chroot -y -i openjdk-11-jdk-headless -l \"$(ls /tmp/dj_ansible/install-chroot/*.deb 2>/dev/null | tr '\n' ',')\" 2>&1 | tee /tmp/dj_make_chroot.log; grep '^Done building chroot in' /tmp/dj_make_chroot.log" environment: DEBMIRROR: "{{ 'https://packages/ubuntu' if WF_RESTRICTED_NETWORK else '' }}" args: @@ -66,7 +66,7 @@ - name: copy judgedaemon related systemd unit files copy: remote_src: true - src: "{{DJ_DIR}}/lib/judge/{{item}}.service" + src: "{{ DJ_DIR }}/lib/judge/{{ item }}.service" dest: /etc/systemd/system/ loop: - create-cgroups @@ -84,9 +84,9 @@ - enable and restart judgedaemon - name: disable systemd timers - command: systemctl mask {{item}} + command: systemctl mask {{ item }} args: - creates: /etc/systemd/system/{{item}} + creates: /etc/systemd/system/{{ item }} loop: - apt-daily-upgrade.timer - apt-daily.timer diff --git a/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml b/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml index 716bd986..5d1ec1e9 100644 --- a/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml +++ b/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml @@ -24,7 +24,7 @@ mysql_user: name: replication host: '%' - password: "{{REPLICATION_PASSWORD}}" + password: "{{ REPLICATION_PASSWORD }}" append_privs: true priv: '*.*:REPLICATION SLAVE' state: present diff --git a/icpc-wf/ansible/roles/phpstorm/tasks/main.yml b/icpc-wf/ansible/roles/phpstorm/tasks/main.yml index 02246560..f9e86ee4 100644 --- a/icpc-wf/ansible/roles/phpstorm/tasks/main.yml +++ b/icpc-wf/ansible/roles/phpstorm/tasks/main.yml @@ -55,13 +55,13 @@ - name: Copy in PHPStorm settings for repo synchronize: src: .idea - dest: "{{DJ_DIR}}" + dest: "{{ DJ_DIR }}" owner: false use_ssh_args: true - name: fix ownership of PHPStorm config file: - path: "{{DJ_DIR}}/.idea" + path: "{{ DJ_DIR }}/.idea" recurse: true owner: domjudge group: domjudge diff --git a/icpc-wf/ansible/roles/system_fixes/tasks/main.yml b/icpc-wf/ansible/roles/system_fixes/tasks/main.yml index 5743386e..8a6bc02f 100644 --- a/icpc-wf/ansible/roles/system_fixes/tasks/main.yml +++ b/icpc-wf/ansible/roles/system_fixes/tasks/main.yml @@ -3,14 +3,14 @@ - name: set timezone timezone: - name: "{{TIMEZONE}}" + name: "{{ TIMEZONE }}" - name: set PHP timezone for CLI lineinfile: dest: /etc/php/7.4/cli/php.ini state: present regexp: 'date\.timezone\s*=' - line: 'date.timezone = {{TIMEZONE}}' + line: 'date.timezone = {{ TIMEZONE }}' - name: enable bash completion globally blockinfile: From 578a31a0a3a8ddb87fb151097e7b734bbbc58077 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 14:38:23 +0200 Subject: [PATCH 38/51] Notify is not needed as we can check the aptDB --- .../base_packages/tasks/install-local-package.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml b/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml index 3610535c..180b53a3 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml @@ -9,9 +9,11 @@ mode: 0700 - name: copy DEB package to remote - copy: src={{ item }} dest="/tmp/dj_ansible/{{ item|basename }}" - register: deb_copied + synchronize: + src: "{{ item }}" + dest: "/tmp/dj_ansible/{{ item|basename }}" - name: install DEB package {{ item|basename }} - apt: deb="/tmp/dj_ansible/{{ item|basename }}" - when: deb_copied.changed + apt: + deb: "/tmp/dj_ansible/{{ item|basename }}" + state: present From 92269128a47b5cd33d7a13e4a8634d1c6e04b4a5 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 14:46:32 +0200 Subject: [PATCH 39/51] For all these files the tabs are not needed We can exclude the rule on the lines but I personally rather see the spaces compared to extra annotations in the files --- icpc-wf/ansible/admin.yml | 8 ++++---- icpc-wf/ansible/roles/base_packages/tasks/main.yml | 2 +- icpc-wf/ansible/roles/hosts/tasks/main.yml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/icpc-wf/ansible/admin.yml b/icpc-wf/ansible/admin.yml index 5f17678e..cfe09871 100644 --- a/icpc-wf/ansible/admin.yml +++ b/icpc-wf/ansible/admin.yml @@ -64,25 +64,25 @@ lineinfile: dest: /etc/hosts regexp: 'cds$' - line: "10.3.3.207 cds" + line: "10.3.3.207 cds" - name: add kattis to hosts file lineinfile: dest: /etc/hosts regexp: 'kattis$' - line: "10.3.3.212 kattis" + line: "10.3.3.212 kattis" - name: add domjudge-laptop to hosts file lineinfile: dest: /etc/hosts regexp: 'domjudge-laptop$' - line: "10.3.3.200 domjudge-laptop" + line: "10.3.3.200 domjudge-laptop" - name: add nisprint to hosts file lineinfile: dest: /etc/hosts regexp: 'printsrv$' - line: "10.3.3.211 nisprint nismaster printsrv" + line: "10.3.3.211 nisprint nismaster printsrv" - name: Update repo URL based on network set_fact: diff --git a/icpc-wf/ansible/roles/base_packages/tasks/main.yml b/icpc-wf/ansible/roles/base_packages/tasks/main.yml index 2118d89f..4da0c74a 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/main.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/main.yml @@ -19,7 +19,7 @@ lineinfile: dest: /etc/hosts regexp: '^10\.3\.3\.209' - line: "10.3.3.209 packages" + line: "10.3.3.209 packages" notify: run apt update when: WF_RESTRICTED_NETWORK diff --git a/icpc-wf/ansible/roles/hosts/tasks/main.yml b/icpc-wf/ansible/roles/hosts/tasks/main.yml index 0e8d5811..825265ed 100644 --- a/icpc-wf/ansible/roles/hosts/tasks/main.yml +++ b/icpc-wf/ansible/roles/hosts/tasks/main.yml @@ -9,11 +9,11 @@ lineinfile: dest: /etc/hosts regexp: '{{ item }}$' - line: "{{ hostvars[item].ansible_host }} {{ item }}" + line: "{{ hostvars[item].ansible_host }} {{ item }}" loop: "{{ groups['all'] }}" - name: add domjudge in hosts file lineinfile: dest: /etc/hosts regexp: 'domserver' - line: "{{ DOMSERVER_IP }} domjudge domserver" + line: "{{ DOMSERVER_IP }} domjudge domserver" From 92d2df5280360ed0b31a5516d696d29dda6fa37c Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 15:06:53 +0200 Subject: [PATCH 40/51] Command is less risky Shell opens a real shell and allowes shell features (piping etc.) but command only runs the command prepared from the python shell Also changed some of the services as we already assume systemd and now we can use the reload directly to use less code. --- icpc-wf/ansible/roles/cds/handlers/main.yml | 15 ++++++++---- icpc-wf/ansible/roles/cds/tasks/main.yml | 1 - .../roles/domjudge_build/handlers/main.yml | 2 +- .../ansible/roles/icpc_fixes/tasks/main.yml | 2 +- .../roles/judgedaemon/handlers/main.yml | 24 ++++++++++++------- .../ansible/roles/judgedaemon/tasks/main.yml | 3 --- .../roles/system_fixes/handlers/main.yml | 2 +- 7 files changed, 28 insertions(+), 21 deletions(-) diff --git a/icpc-wf/ansible/roles/cds/handlers/main.yml b/icpc-wf/ansible/roles/cds/handlers/main.yml index 45b12be6..71fde60f 100644 --- a/icpc-wf/ansible/roles/cds/handlers/main.yml +++ b/icpc-wf/ansible/roles/cds/handlers/main.yml @@ -1,11 +1,16 @@ --- # Define here handlers associated to this role. -- name: restart systemctl - shell: systemctl daemon-reload - - name: restart cds - service: name=cds enabled=true state=restarted + systemd: + name: cds + enabled: true + state: restarted + daemon_reload: true - name: restart nginx - service: name=nginx enabled=true state=restarted + systemd: + name: nginx + enabled: true + state: restarted + daemon_reload: true diff --git a/icpc-wf/ansible/roles/cds/tasks/main.yml b/icpc-wf/ansible/roles/cds/tasks/main.yml index 317786ae..458d81e1 100644 --- a/icpc-wf/ansible/roles/cds/tasks/main.yml +++ b/icpc-wf/ansible/roles/cds/tasks/main.yml @@ -98,7 +98,6 @@ src: cds.service dest: /etc/systemd/system/ notify: - - restart systemctl - restart cds - name: Setup nginx diff --git a/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml b/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml index 9e40b776..8e0de116 100644 --- a/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml +++ b/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml @@ -2,7 +2,7 @@ # Define here handlers associated to this role. - name: fix permissions on domjudge inplace-install - shell: make -C {{ DJ_DIR }} inplace-postinstall-permissions + command: make -C {{ DJ_DIR }} inplace-postinstall-permissions - name: restart rsyslog service: name=rsyslog enabled=true state=restarted diff --git a/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml b/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml index ca548616..862eed55 100644 --- a/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml +++ b/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml @@ -16,7 +16,7 @@ state: absent - name: Re-order PXEboot - shell: efibootmgr -o {{ EFI_ORDER }} + command: efibootmgr -o {{ EFI_ORDER }} when: EFI_ORDER is defined - name: disable mumble,selfie services diff --git a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml b/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml index 8b805df0..5676e7b2 100644 --- a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml @@ -1,23 +1,29 @@ --- # Define here handlers associated to this role. -- name: restart systemctl - shell: systemctl daemon-reload - - name: enable and restart tune_cpu - service: name=tune_cpu enabled=true state=restarted + systemd: + name: tune_cpu + enabled: true + state: restarted + daemon_reload: true - name: enable and restart create-cgroups - service: name=create-cgroups enabled=true state=restarted + service: + name: create-cgroups + enabled: true + state: restarted + daemon_reload: true - name: enable and restart judgedaemon service: - name="domjudge-judgehost.target" - enabled=true - state=restarted + name: "domjudge-judgehost.target" + enabled: true + state: restarted + daemon_reload: true - name: update grub - shell: update-grub + command: update-grub - name: reboot reboot: diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index 9a8a0db5..745f0c4b 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -60,7 +60,6 @@ src: tune_cpu.service dest: /etc/systemd/system/ notify: - - restart systemctl - enable and restart tune_cpu - name: copy judgedaemon related systemd unit files @@ -72,7 +71,6 @@ - create-cgroups - domjudge-judgedaemon@ notify: - - restart systemctl - enable and restart create-cgroups - name: template judgedaemon template systemd unit file @@ -80,7 +78,6 @@ src: domjudge-judgehost.target.j2 dest: /etc/systemd/system/domjudge-judgehost.target notify: - - restart systemctl - enable and restart judgedaemon - name: disable systemd timers diff --git a/icpc-wf/ansible/roles/system_fixes/handlers/main.yml b/icpc-wf/ansible/roles/system_fixes/handlers/main.yml index cf8e5b7f..572a8e29 100644 --- a/icpc-wf/ansible/roles/system_fixes/handlers/main.yml +++ b/icpc-wf/ansible/roles/system_fixes/handlers/main.yml @@ -2,4 +2,4 @@ # Define here handlers associated to this role. - name: update dconf - shell: dconf update + command: dconf update From f011574fb2f0624d8a4fc47a0a1229edad9b8002 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 15:28:57 +0200 Subject: [PATCH 41/51] Changing to systemd instead of the service or command We already assume 1 OS, this makes it more stable without much extra risk --- icpc-wf/ansible/roles/icpc_fixes/handlers/main.yml | 4 +++- icpc-wf/ansible/roles/judgedaemon/tasks/main.yml | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/icpc-wf/ansible/roles/icpc_fixes/handlers/main.yml b/icpc-wf/ansible/roles/icpc_fixes/handlers/main.yml index d5338801..d3c5d9d3 100644 --- a/icpc-wf/ansible/roles/icpc_fixes/handlers/main.yml +++ b/icpc-wf/ansible/roles/icpc_fixes/handlers/main.yml @@ -2,4 +2,6 @@ # Define here handlers associated to this role. - name: restart systemd timesyncd - command: systemctl restart systemd-timesyncd + systemd: + name: systemd-timesyncd + state: restarted diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index 745f0c4b..f3cfe793 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -81,9 +81,9 @@ - enable and restart judgedaemon - name: disable systemd timers - command: systemctl mask {{ item }} - args: - creates: /etc/systemd/system/{{ item }} + systemd: + name: "{{ item }}" + masked: true loop: - apt-daily-upgrade.timer - apt-daily.timer From a0a05201442fd0ebe931483e699bbf89ebed9bcf Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 15:34:08 +0200 Subject: [PATCH 42/51] In the future we should see if we can do this without shell --- icpc-wf/ansible/roles/judgedaemon/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index f3cfe793..e973e545 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -22,7 +22,7 @@ dest: /tmp/dj_ansible/ - name: create chroot - shell: "{{ DJ_DIR }}/misc-tools/dj_make_chroot -y -i openjdk-11-jdk-headless -l \"$(ls /tmp/dj_ansible/install-chroot/*.deb 2>/dev/null | tr '\n' ',')\" 2>&1 | tee /tmp/dj_make_chroot.log; grep '^Done building chroot in' /tmp/dj_make_chroot.log" + shell: "set -o pipefail && {{ DJ_DIR }}/misc-tools/dj_make_chroot -y -i openjdk-11-jdk-headless -l \"$(ls /tmp/dj_ansible/install-chroot/*.deb 2>/dev/null | tr '\n' ',')\" 2>&1 | tee /tmp/dj_make_chroot.log; grep '^Done building chroot in' /tmp/dj_make_chroot.log" environment: DEBMIRROR: "{{ 'https://packages/ubuntu' if WF_RESTRICTED_NETWORK else '' }}" args: From de5ff9f6e8e283f173da3ae0d514038a2fef5230 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 16:15:10 +0200 Subject: [PATCH 43/51] Some of these permissions might need to be redone In the past we only picked the umask of the client system, but what happens in case of a directory is not well defined. --- icpc-wf/ansible/domserver.yml | 3 ++ .../roles/base_packages/tasks/main.yml | 3 ++ icpc-wf/ansible/roles/cds/tasks/main.yml | 5 ++++ .../ansible/roles/clusterssh/tasks/main.yml | 2 ++ .../roles/domjudge_build/tasks/main.yml | 6 ++++ .../roles/domjudge_checkout/tasks/main.yml | 1 + .../roles/domjudge_user/tasks/main.yml | 10 ++++++- .../ansible/roles/domserver/tasks/main.yml | 12 ++++++++ icpc-wf/ansible/roles/grafana/tasks/main.yml | 3 ++ .../ansible/roles/judgedaemon/tasks/main.yml | 9 ++++++ .../ansible/roles/keepalived/tasks/main.yml | 4 +++ .../roles/mysql_replication/tasks/main.yml | 7 ++++- .../ansible/roles/mysql_server/tasks/main.yml | 28 ++++++++++++++++--- icpc-wf/ansible/roles/phpstorm/tasks/main.yml | 1 + .../prometheus_target_web/tasks/main.yml | 1 + .../ansible/roles/scoreboard/tasks/main.yml | 2 ++ icpc-wf/ansible/roles/ssl/tasks/main.yml | 1 + .../ansible/roles/system_fixes/tasks/main.yml | 7 ++++- 18 files changed, 98 insertions(+), 7 deletions(-) diff --git a/icpc-wf/ansible/domserver.yml b/icpc-wf/ansible/domserver.yml index 63bd9a6c..a578b159 100644 --- a/icpc-wf/ansible/domserver.yml +++ b/icpc-wf/ansible/domserver.yml @@ -75,6 +75,9 @@ copy: src: files/docs.yaml dest: "{{ DJ_DIR }}/etc/" + mode: 0644 + group: root + owner: root notify: clear application cache - name: add autostart shortcuts diff --git a/icpc-wf/ansible/roles/base_packages/tasks/main.yml b/icpc-wf/ansible/roles/base_packages/tasks/main.yml index 4da0c74a..2fede9ff 100644 --- a/icpc-wf/ansible/roles/base_packages/tasks/main.yml +++ b/icpc-wf/ansible/roles/base_packages/tasks/main.yml @@ -113,6 +113,9 @@ get_url: url: https://getcomposer.org/installer dest: /root/composer-setup.php + owner: root + group: root + mode: 0755 when: not composer_file.stat.exists - name: Install composer diff --git a/icpc-wf/ansible/roles/cds/tasks/main.yml b/icpc-wf/ansible/roles/cds/tasks/main.yml index 458d81e1..e55f112f 100644 --- a/icpc-wf/ansible/roles/cds/tasks/main.yml +++ b/icpc-wf/ansible/roles/cds/tasks/main.yml @@ -55,6 +55,7 @@ remote_src: true owner: domjudge group: domjudge + mode: 0644 when: cds_war.stat.exists notify: restart cds @@ -97,6 +98,7 @@ copy: src: cds.service dest: /etc/systemd/system/ + mode: 0644 notify: - restart cds @@ -112,6 +114,9 @@ template: src: cds.conf.j2 dest: /etc/nginx/sites-available/cds.conf + mode: 0644 + group: root + owner: root notify: restart nginx - name: enable nginx conf for CDS diff --git a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml b/icpc-wf/ansible/roles/clusterssh/tasks/main.yml index 164af188..b9d7f783 100644 --- a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml +++ b/icpc-wf/ansible/roles/clusterssh/tasks/main.yml @@ -15,6 +15,7 @@ regexp: '^all' line: "all {{ groups['all'] | join(' ') }}" create: true + mode: 0644 - name: create clusterssh config groups become: true @@ -24,6 +25,7 @@ regexp: '^{{ item }}s' line: "{{ item }}s {{ groups[item] | join(' ') }}" create: true + mode: 0644 loop: - domserver - judgehost diff --git a/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml index 461913e3..5737e455 100644 --- a/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml @@ -44,9 +44,15 @@ copy: src: rsyslog.domjudge.conf dest: /etc/rsyslog.d/domjudge.conf + mode: 0644 + group: root + owner: root notify: restart rsyslog - name: configure domjudge logrotate copy: src: logrotate.domjudge dest: /etc/logrotate.d/domjudge + mode: 0644 + group: root + owner: root diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml index c74e5216..d0fc4295 100644 --- a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml @@ -7,6 +7,7 @@ state: directory owner: domjudge group: domjudge + mode: 0755 - name: Update repo URL based on network set_fact: diff --git a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml index e863e9a6..d9f7efc4 100644 --- a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml @@ -23,6 +23,7 @@ value: "{{ item.value }}" owner: domjudge group: domjudge + mode: 0644 loop: - { name: 'email', value: 'team@domjudge.org' } - { name: 'name', value: 'DOMjudge team' } @@ -35,6 +36,7 @@ value: "remote" owner: domjudge group: domjudge + mode: 0644 - name: enable GDM autologin lineinfile: @@ -42,6 +44,7 @@ regexp: 'AutomaticLoginEnable' line: 'AutomaticLoginEnable=true' create: true + mode: 0644 notify: restart gdm - name: Automatically login domjudge user @@ -52,4 +55,9 @@ notify: restart gdm - name: make sure autostart directory exists - file: dest=/home/domjudge/.config/autostart state=directory owner=domjudge group=domjudge + file: + dest: /home/domjudge/.config/autostart + state: directory + owner: domjudge + group: domjudge + mode: 0755 diff --git a/icpc-wf/ansible/roles/domserver/tasks/main.yml b/icpc-wf/ansible/roles/domserver/tasks/main.yml index 9deb31ce..db44a25e 100644 --- a/icpc-wf/ansible/roles/domserver/tasks/main.yml +++ b/icpc-wf/ansible/roles/domserver/tasks/main.yml @@ -5,12 +5,18 @@ template: src: dbpasswords.secret.j2 dest: "{{ DJ_DIR }}/etc/dbpasswords.secret" + mode: 0644 + group: root + owner: root notify: fix permissions on domjudge inplace-install - name: install initial_admin_password.secret file template: src: initial_admin_password.secret.j2 dest: "{{ DJ_DIR }}/etc/initial_admin_password.secret" + mode: 0644 + group: domjudge + owner: domjudge notify: fix permissions on domjudge inplace-install # When using replication, the DB will be dropped and recreated on the slave later. @@ -51,12 +57,18 @@ template: src: nginx-domjudge.conf.j2 dest: /etc/nginx/sites-available/domjudge.conf + mode: 0644 + group: root + owner: root notify: restart nginx - name: add domjudge inner nginx conf template: src: nginx-domjudge-inner.j2 dest: /etc/nginx/snippets/domjudge-inner + mode: 0644 + group: root + owner: root notify: restart nginx - name: enable nginx conf for domjudge diff --git a/icpc-wf/ansible/roles/grafana/tasks/main.yml b/icpc-wf/ansible/roles/grafana/tasks/main.yml index 8cabe11a..86b3d299 100644 --- a/icpc-wf/ansible/roles/grafana/tasks/main.yml +++ b/icpc-wf/ansible/roles/grafana/tasks/main.yml @@ -24,6 +24,9 @@ template: src: prometheus.yml.j2 dest: /etc/prometheus/prometheus.yml + mode: 0644 + owner: root + group: root notify: restart prometheus # Setup loki which gathers our logs diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index e973e545..b44b790b 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -59,6 +59,9 @@ copy: src: tune_cpu.service dest: /etc/systemd/system/ + mode: 0644 + group: root + owner: root notify: - enable and restart tune_cpu @@ -67,6 +70,9 @@ remote_src: true src: "{{ DJ_DIR }}/lib/judge/{{ item }}.service" dest: /etc/systemd/system/ + mode: 0644 + group: root + owner: root loop: - create-cgroups - domjudge-judgedaemon@ @@ -77,6 +83,9 @@ template: src: domjudge-judgehost.target.j2 dest: /etc/systemd/system/domjudge-judgehost.target + mode: 0644 + group: root + owner: root notify: - enable and restart judgedaemon diff --git a/icpc-wf/ansible/roles/keepalived/tasks/main.yml b/icpc-wf/ansible/roles/keepalived/tasks/main.yml index 74179980..8225b237 100644 --- a/icpc-wf/ansible/roles/keepalived/tasks/main.yml +++ b/icpc-wf/ansible/roles/keepalived/tasks/main.yml @@ -11,6 +11,9 @@ template: src: keepalived.conf.j2 dest: /etc/keepalived/keepalived.conf + mode: 0644 + group: root + owner: root notify: restart keepalived service - name: Start but disable keepalived (so it does not fail back to primary) @@ -25,3 +28,4 @@ dest: /home/domjudge/ owner: domjudge group: domjudge + mode: 0755 diff --git a/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml b/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml index 5d1ec1e9..45f8b4a6 100644 --- a/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml +++ b/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml @@ -14,7 +14,12 @@ replace: '#bind-address =' - name: add mysql config snippet for replication - template: src=mysql.replication.cnf.j2 dest=/etc/mysql/mariadb.conf.d/zzz_replication.cnf + template: + src: mysql.replication.cnf.j2 + dest: /etc/mysql/mariadb.conf.d/zzz_replication.cnf + mode: 0644 + group: root + owner: root notify: restart mysql - name: copy script to setup replication diff --git a/icpc-wf/ansible/roles/mysql_server/tasks/main.yml b/icpc-wf/ansible/roles/mysql_server/tasks/main.yml index a83009b7..26479b04 100644 --- a/icpc-wf/ansible/roles/mysql_server/tasks/main.yml +++ b/icpc-wf/ansible/roles/mysql_server/tasks/main.yml @@ -10,17 +10,37 @@ - mycli - name: copy in MySQL config - copy: src=my.cnf dest=/root/.my.cnf + copy: + src: my.cnf + dest: /root/.my.cnf + mode: 0644 + owner: root + group: root - name: create directory for systemd mysql settings - file: path=/etc/systemd/system/mysql.service.d/ state=directory + file: + path: /etc/systemd/system/mysql.service.d/ + state: directory + group: root + owner: root + mode: 0755 - name: update systemd so mysql has bigger limits - copy: src=mysql.override.cnf dest=/etc/systemd/system/mysql.service.d/override.conf + copy: + src: mysql.override.cnf + dest: /etc/systemd/system/mysql.service.d/override.conf + mode: 0644 + group: root + owner: root notify: restart mysql - name: add mysql config snippet to increase limits - copy: src=mysql.domjudge.cnf dest=/etc/mysql/mariadb.conf.d/zz_domjudge.cnf + copy: + src: mysql.domjudge.cnf + dest: /etc/mysql/mariadb.conf.d/zz_domjudge.cnf + mode: 0644 + owner: root + group: root notify: restart mysql - name: make sure mysql is restarted diff --git a/icpc-wf/ansible/roles/phpstorm/tasks/main.yml b/icpc-wf/ansible/roles/phpstorm/tasks/main.yml index f9e86ee4..fb0b1f4e 100644 --- a/icpc-wf/ansible/roles/phpstorm/tasks/main.yml +++ b/icpc-wf/ansible/roles/phpstorm/tasks/main.yml @@ -80,3 +80,4 @@ template: src: jetbrains-phpstorm.desktop.j2 dest: /home/domjudge/.local/share/applications/jetbrains-phpstorm.desktop + mode: 0644 diff --git a/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml b/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml index e39fcf07..77660578 100644 --- a/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml @@ -70,4 +70,5 @@ src: mysqld-exporter-authentication.cnf.j2 dest: /var/lib/prometheus/.my.cnf owner: prometheus + mode: 0644 notify: restart mysqld-exporter diff --git a/icpc-wf/ansible/roles/scoreboard/tasks/main.yml b/icpc-wf/ansible/roles/scoreboard/tasks/main.yml index 85f26592..f5726d64 100644 --- a/icpc-wf/ansible/roles/scoreboard/tasks/main.yml +++ b/icpc-wf/ansible/roles/scoreboard/tasks/main.yml @@ -62,6 +62,7 @@ remote_src: true owner: domjudge group: domjudge + mode: 0755 - name: create bin directory file: @@ -96,6 +97,7 @@ template: src: scoreboard.conf.j2 dest: /etc/nginx/sites-available/scoreboard.conf + mode: 0644 notify: restart nginx - name: enable nginx conf for static scoreboard diff --git a/icpc-wf/ansible/roles/ssl/tasks/main.yml b/icpc-wf/ansible/roles/ssl/tasks/main.yml index ef31743c..691c5210 100644 --- a/icpc-wf/ansible/roles/ssl/tasks/main.yml +++ b/icpc-wf/ansible/roles/ssl/tasks/main.yml @@ -18,6 +18,7 @@ state: directory owner: root group: root + mode: 0755 - name: install SSL server certificates into CA certificates copy: diff --git a/icpc-wf/ansible/roles/system_fixes/tasks/main.yml b/icpc-wf/ansible/roles/system_fixes/tasks/main.yml index 8a6bc02f..115a45cf 100644 --- a/icpc-wf/ansible/roles/system_fixes/tasks/main.yml +++ b/icpc-wf/ansible/roles/system_fixes/tasks/main.yml @@ -26,5 +26,10 @@ fi - name: Force enable alt-tab for switching windows - copy: src=dconf/ dest=/etc/dconf/ + copy: + src: dconf/ + dest: /etc/dconf/ + owner: root + group: root + mode: 0755 notify: update dconf From 057846df78196ea3440ad6c42af7445226f3be72 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 16:20:42 +0200 Subject: [PATCH 44/51] Use newer syntax --- icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml index d0fc4295..8e6e7086 100644 --- a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml @@ -21,7 +21,9 @@ - name: Check composer dependencies present become: false - local_action: stat path=files/lib/vendor + delegate_to: localhost + stat: + path: files/lib/vendor register: libvendor - name: Copy in composer dependencies (if they exist locally) From cd648444b66ca2fe40b8c38e5dc437b0f1dd1bff Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sat, 30 Apr 2022 18:55:18 +0200 Subject: [PATCH 45/51] Variables cannot be uppercased --- icpc-wf/ansible/admin.yml | 4 ++-- icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml | 4 ++-- icpc-wf/ansible/roles/grafana/defaults/main.yml | 2 +- icpc-wf/ansible/roles/grafana/tasks/main.yml | 10 +++++----- icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 | 2 +- icpc-wf/ansible/roles/judgedaemon/tasks/main.yml | 4 ++-- icpc-wf/ansible/roles/judgedaemon/vars/main.yml | 2 +- .../roles/prometheus_target_all/defaults/main.yml | 2 +- .../ansible/roles/prometheus_target_all/tasks/main.yml | 10 +++++----- 9 files changed, 20 insertions(+), 20 deletions(-) diff --git a/icpc-wf/ansible/admin.yml b/icpc-wf/ansible/admin.yml index cfe09871..c7419c70 100644 --- a/icpc-wf/ansible/admin.yml +++ b/icpc-wf/ansible/admin.yml @@ -86,13 +86,13 @@ - name: Update repo URL based on network set_fact: - DJ_GIT_REPO_SCRIPTS: "{{ DJ_GIT_REPO_SCRIPTS_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO_SCRIPTS }}" + dj_git_repo_scripts: "{{ DJ_GIT_REPO_SCRIPTS_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO_SCRIPTS }}" - name: create working copy of the domjudge-scripts repo become: true become_user: domjudge # We use a different directory here to have one single 'upstream' and not have issues with it - git: repo={{ DJ_GIT_REPO_SCRIPTS }} dest=/home/domjudge/domjudge-scripts-checkout version=main accept_hostkey=yes update=no + git: repo={{ dj_git_repo_scripts }} dest=/home/domjudge/domjudge-scripts-checkout version=main accept_hostkey=yes update=no - name: create working copy of the wf2020 repo become: true diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml index 8e6e7086..3fdd9aa7 100644 --- a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml +++ b/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml @@ -11,12 +11,12 @@ - name: Update repo URL based on network set_fact: - DJ_GIT_REPO: "{{ DJ_GIT_REPO_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO }}" + dj_git_repo: "{{ DJ_GIT_REPO_RESTRICTED if WF_RESTRICTED_NETWORK else DJ_GIT_REPO }}" - name: Create working copy of the domjudge repo become: true become_user: domjudge - git: repo={{ DJ_GIT_REPO }} dest={{ DJ_DIR }} version={{ DJ_BRANCH }} accept_hostkey=yes update=yes + git: repo={{ dj_git_repo }} dest={{ DJ_DIR }} version={{ DJ_BRANCH }} accept_hostkey=yes update=yes register: git_working_copy - name: Check composer dependencies present diff --git a/icpc-wf/ansible/roles/grafana/defaults/main.yml b/icpc-wf/ansible/roles/grafana/defaults/main.yml index 7bfa199a..804c3e1b 100644 --- a/icpc-wf/ansible/roles/grafana/defaults/main.yml +++ b/icpc-wf/ansible/roles/grafana/defaults/main.yml @@ -1,2 +1,2 @@ grafana_port: 8443 -LOKI: false +loki: false diff --git a/icpc-wf/ansible/roles/grafana/tasks/main.yml b/icpc-wf/ansible/roles/grafana/tasks/main.yml index 86b3d299..ea84629a 100644 --- a/icpc-wf/ansible/roles/grafana/tasks/main.yml +++ b/icpc-wf/ansible/roles/grafana/tasks/main.yml @@ -37,7 +37,7 @@ remote_src: true owner: domjudge group: domjudge - when: LOKI + when: loki - name: Dir for loki settings file: @@ -46,7 +46,7 @@ owner: root group: root mode: 0755 - when: LOKI + when: loki - name: Set loki settings copy: @@ -55,7 +55,7 @@ owner: root group: root mode: 0644 - when: LOKI + when: loki notify: restart loki - name: Setup loki systemd @@ -63,7 +63,7 @@ src: loki.service dest: /etc/systemd/system/ mode: 0655 - when: LOKI + when: loki notify: restart loki - name: Start loki service @@ -71,7 +71,7 @@ name: loki state: started enabled: true - when: LOKI + when: loki ## Setup grafana - name: Install grafana diff --git a/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 b/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 index 4b88e3be..3be8301b 100644 --- a/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 +++ b/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 @@ -10,7 +10,7 @@ server { proxy_read_timeout 90; } -{% if LOKI %} +{% if loki %} location /loki/ { proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml index b44b790b..8906e2a2 100644 --- a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml @@ -3,7 +3,7 @@ - name: create domjudge-run users user: name=domjudge-run-{{ item }} createhome=no home=/nonexistent group=nogroup shell=/bin/false - loop: "{{ CPUCORE }}" + loop: "{{ cpucore }}" - name: create domjudge-run group group: name=domjudge-run state=present @@ -30,7 +30,7 @@ - name: Pre-generate the kernel flags for ansible usage set_fact: - procline: "cgroup_enable=memory swapaccount=1 isolcpus={{ CPUCORE|join(',') }}" + procline: "cgroup_enable=memory swapaccount=1 isolcpus={{ cpucore|join(',') }}" - name: add cgroup kernel parameters lineinfile: diff --git a/icpc-wf/ansible/roles/judgedaemon/vars/main.yml b/icpc-wf/ansible/roles/judgedaemon/vars/main.yml index e6cf0230..80d35c0b 100644 --- a/icpc-wf/ansible/roles/judgedaemon/vars/main.yml +++ b/icpc-wf/ansible/roles/judgedaemon/vars/main.yml @@ -1,4 +1,4 @@ -CPUCORE: +cpucore: - 2 # Add additional CPU cores to pin judgedaemons on as: # - 3 diff --git a/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml b/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml index b63a6b98..0686e6c9 100644 --- a/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml @@ -1 +1 @@ -PROM: true +prom: true diff --git a/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml b/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml index 3f850b43..6716f037 100644 --- a/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml +++ b/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml @@ -15,7 +15,7 @@ remote_src: true owner: domjudge group: domjudge - when: PROM + when: prom - name: Dir for promtail settings file: @@ -24,7 +24,7 @@ owner: root group: root mode: 0755 - when: PROM + when: prom - name: Set promtail settings copy: @@ -33,7 +33,7 @@ owner: root group: root mode: 0644 - when: PROM + when: prom notify: restart promtail - name: Setup promtail systemd @@ -43,7 +43,7 @@ mode: 0655 owner: root group: root - when: PROM + when: prom notify: restart promtail - name: Start promtail service @@ -51,4 +51,4 @@ name: promtail state: started enabled: true - when: PROM + when: prom From 69680dff64a497ec6b53d7c46afb0c188720c27d Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sun, 1 May 2022 10:33:16 +0200 Subject: [PATCH 46/51] Those are old style linters --- icpc-wf/ansible/.ansible-lint | 3 --- 1 file changed, 3 deletions(-) diff --git a/icpc-wf/ansible/.ansible-lint b/icpc-wf/ansible/.ansible-lint index 8f5e28fd..4310b985 100644 --- a/icpc-wf/ansible/.ansible-lint +++ b/icpc-wf/ansible/.ansible-lint @@ -1,10 +1,7 @@ parseable: true skip_list: - no-handler # TODO: this might break existing playbooks - - 503 # TODO: this might break existing playbooks - meta-no-info # We don't publish to galaxy (yet) - - 701 # We don't publish to galaxy (yet) - fqcn-builtins # I see no benefit as we dont use custom roles - - 204 # The long line should be re-evaluated use_default_rules: true verbosity: 1 From 9f1a7ab1f984ac504624a485569bc3fa7ecf5394 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sun, 1 May 2022 10:38:36 +0200 Subject: [PATCH 47/51] These scripts are also used outside WF --- .github/workflows/ansible-linting.yml | 6 +++--- README.md | 2 +- .../ansible/.ansible-lint | 0 {icpc-wf => provision-contest}/ansible/Makefile | 0 {icpc-wf => provision-contest}/ansible/README.md | 0 {icpc-wf => provision-contest}/ansible/admin.yml | 0 {icpc-wf => provision-contest}/ansible/cds.yml | 0 .../ansible/domserver.yml | 0 .../ansible/files/.gitignore | 0 .../ansible/files/admin-machine.css | 0 .../ansible/files/collectd-mysql.py | 0 .../ansible/files/collectd.conf.j2 | 0 .../ansible/files/docs.yaml | 0 .../ansible/files/domjudge-public/.gitignore | 0 .../ansible/files/grafana/.gitignore | 0 .../ansible/files/grafana/dashboards.yml | 0 .../grafana/dashboards/DOMjudge_Dashboard.json | 0 .../files/grafana/dashboards/mysql_14057.json | 0 .../ansible/files/grafana/dashboards/nginx.json | 0 .../dashboards/node_exporter_grafana_1860.json | 0 .../ansible/files/grafana/dashboards/php_fpm.json | 0 .../ansible/files/grafana/datasources.yml | 0 .../ansible/files/grafana/environment | 0 .../ansible/files/grafana/nginx-status.conf | 0 .../ansible/files/grafana/nginx.conf | 0 .../ansible/files/grafana/prometheus.yml.j2 | 0 .../ansible/files/htop.desktop | 0 .../ansible/files/netrc.j2 | 0 .../ansible/files/rotate.desktop | 0 .../files/taillog-domserver-nginx-error.desktop | 0 .../taillog-domserver-symfony-error.desktop.j2 | 0 .../ansible/files/taillog.desktop.j2 | 0 {icpc-wf => provision-contest}/ansible/grafana.yml | 0 .../ansible/group_vars/admin.yml | 0 .../ansible/group_vars/all/.gitignore | 0 .../ansible/group_vars/all/all.yml | 0 .../ansible/group_vars/all/secret.yml.example | 0 {icpc-wf => provision-contest}/ansible/handlers.yml | 0 {icpc-wf => provision-contest}/ansible/hosts | 0 .../ansible/judgehost.yml | 0 {icpc-wf => provision-contest}/ansible/mgmt.yml | 0 .../base_packages/files/install-admin/.gitignore | 0 .../base_packages/files/install-admin/README.md | 0 .../files/install-domserver/.gitignore | 0 .../base_packages/files/install-domserver/README.md | 0 .../base_packages/files/install-grafana/.gitignore | 0 .../base_packages/files/install-grafana/README.md | 0 .../files/install-judgehost/.gitignore | 0 .../base_packages/files/install-judgehost/README.md | 0 .../ansible/roles/base_packages/handlers/main.yml | 0 .../base_packages/tasks/install-local-package.yml | 0 .../ansible/roles/base_packages/tasks/main.yml | 0 .../ansible/roles/cds/files/cds.service | 0 .../ansible/roles/cds/handlers/main.yml | 0 .../ansible/roles/cds/tasks/main.yml | 0 .../ansible/roles/cds/templates/accounts.yaml.j2 | 0 .../ansible/roles/cds/templates/cds.conf.j2 | 0 .../ansible/roles/cds/templates/cdsConfig.xml.j2 | 0 .../ansible/roles/clusterssh/tasks/main.yml | 0 .../roles/domjudge_build/files/logrotate.domjudge | 0 .../domjudge_build/files/rsyslog.domjudge.conf | 0 .../ansible/roles/domjudge_build/handlers/main.yml | 0 .../ansible/roles/domjudge_build/meta/main.yml | 0 .../ansible/roles/domjudge_build/tasks/main.yml | 0 .../domjudge_build/templates/restapi.secret.j2 | 0 .../roles/domjudge_checkout/files/.gitignore | 0 .../roles/domjudge_checkout/files/lib-vendor.tgz | Bin .../ansible/roles/domjudge_checkout/meta/main.yml | 0 .../ansible/roles/domjudge_checkout/tasks/main.yml | 0 .../ansible/roles/domjudge_user/handlers/main.yml | 0 .../ansible/roles/domjudge_user/tasks/main.yml | 0 .../ansible/roles/domlogo/files/domlogo.py | 0 .../roles/domlogo/files/images/logos/.gitignore | 0 .../roles/domlogo/files/images/photos/.gitignore | 0 .../ansible/roles/domlogo/files/lib/.gitignore | 0 .../ansible/roles/domlogo/tasks/main.yml | 0 .../roles/domlogo/templates/domjudgelogo.desktop.j2 | 0 .../ansible/roles/domserver/handlers/main.yml | 0 .../ansible/roles/domserver/meta/main.yml | 0 .../ansible/roles/domserver/tasks/main.yml | 0 .../roles/domserver/templates/dbpasswords.secret.j2 | 0 .../templates/initial_admin_password.secret.j2 | 0 .../domserver/templates/nginx-domjudge-inner.j2 | 0 .../domserver/templates/nginx-domjudge.conf.j2 | 0 .../ansible/roles/grafana/defaults/main.yml | 0 .../ansible/roles/grafana/files/.gitignore | 0 .../ansible/roles/grafana/files/dashboards.yml | 0 .../files/dashboards/DOMjudge_Dashboard.json | 0 .../roles/grafana/files/dashboards/mysql_14057.json | 0 .../roles/grafana/files/dashboards/nginx.json | 0 .../dashboards/node_exporter_grafana_1860.json | 0 .../roles/grafana/files/dashboards/php_fpm.json | 0 .../ansible/roles/grafana/files/datasources.yml | 0 .../ansible/roles/grafana/files/environment | 0 .../roles/grafana/files/loki-local-config.yaml | 0 .../ansible/roles/grafana/files/loki.service | 0 .../ansible/roles/grafana/handlers/main.yml | 0 .../ansible/roles/grafana/tasks/main.yml | 0 .../ansible/roles/grafana/templates/nginx.conf.j2 | 0 .../roles/grafana/templates/prometheus.yml.j2 | 0 .../ansible/roles/grafana/vars/.gitignore | 0 .../ansible/roles/hosts/tasks/main.yml | 0 .../ansible/roles/icpc_fixes/handlers/main.yml | 0 .../ansible/roles/icpc_fixes/tasks/main.yml | 0 .../roles/judgedaemon/files/disable-turboboost_ht | 0 .../judgedaemon/files/install-chroot/.gitignore | 0 .../judgedaemon/files/install-chroot/README.md | 0 .../roles/judgedaemon/files/tune_cpu.service | 0 .../ansible/roles/judgedaemon/handlers/main.yml | 0 .../ansible/roles/judgedaemon/meta/main.yml | 0 .../ansible/roles/judgedaemon/tasks/main.yml | 0 .../templates/domjudge-judgehost.target.j2 | 0 .../ansible/roles/judgedaemon/vars/main.yml | 0 .../.config/autostart/alert_listener.desktop | 0 .../keepalived/files/alerting/bin/alert_listener.sh | 0 .../files/alerting/bin/alerting.sh.template | 0 .../keepalived/files/alerting/bin/trigger_alert.sh | 0 .../ansible/roles/keepalived/handlers/main.yml | 0 .../ansible/roles/keepalived/meta/main.yml | 0 .../ansible/roles/keepalived/tasks/main.yml | 0 .../roles/keepalived/templates/keepalived.conf.j2 | 0 .../ansible/roles/mysql_replication/meta/main.yml | 0 .../ansible/roles/mysql_replication/tasks/main.yml | 0 .../templates/mysql.replication.cnf.j2 | 0 .../templates/setup-replication.sh.j2 | 0 .../ansible/roles/mysql_server/files/dump-db | 0 .../ansible/roles/mysql_server/files/load-db | 0 .../ansible/roles/mysql_server/files/my.cnf | 0 .../roles/mysql_server/files/mysql.domjudge.cnf | 0 .../roles/mysql_server/files/mysql.override.cnf | 0 .../ansible/roles/mysql_server/handlers/main.yml | 0 .../ansible/roles/mysql_server/tasks/main.yml | 0 .../ansible/roles/phpstorm/files/.gitignore | 0 .../ansible/roles/phpstorm/files/.idea/.gitignore | 0 .../phpstorm/files/.idea/domjudge-checkout.iml | 0 .../.idea/inspectionProfiles/Project_Default.xml | 0 .../roles/phpstorm/files/.idea/jsLinters/jshint.xml | 0 .../ansible/roles/phpstorm/files/.idea/modules.xml | 0 .../ansible/roles/phpstorm/files/.idea/php.xml | 0 .../ansible/roles/phpstorm/files/.idea/symfony2.xml | 0 .../ansible/roles/phpstorm/files/.idea/vcs.xml | 0 .../ansible/roles/phpstorm/files/README.md | 0 .../2.7.3/mariadb-java-client-2.7.3.jar | Bin .../2.7.3/mysql-connector-license.txt | 0 .../phpstorm/files/jdbc-drivers/jdbc-drivers.xml | 0 .../ansible/roles/phpstorm/meta/main.yml | 0 .../ansible/roles/phpstorm/tasks/main.yml | 0 .../templates/jetbrains-phpstorm.desktop.j2 | 0 .../roles/prometheus_target_all/defaults/main.yml | 0 .../prometheus_target_all/files/promtail.service | 0 .../roles/prometheus_target_all/handlers/main.yml | 0 .../roles/prometheus_target_all/tasks/main.yml | 0 .../templates/promtail-local-config.yaml.j2 | 0 .../roles/prometheus_target_web/files/.gitignore | 0 .../roles/prometheus_target_web/files/README.md | 0 .../prometheus_target_web/files/nginx-status.conf | 0 .../files/php-fpm-exporter.service | 0 .../roles/prometheus_target_web/handlers/main.yml | 0 .../roles/prometheus_target_web/tasks/main.yml | 0 .../templates/mysqld-exporter-authentication.cnf.j2 | 0 .../ansible/roles/scoreboard/handlers/main.yml | 0 .../ansible/roles/scoreboard/tasks/main.yml | 0 .../roles/scoreboard/templates/scoreboard.conf.j2 | 0 .../scoreboard/templates/update-scoreboard.sh.j2 | 0 .../ansible/roles/ssh/files/.gitignore | 0 .../ansible/roles/ssh/files/README.md | 0 .../ansible/roles/ssh/files/config | 0 .../ansible/roles/ssh/meta/main.yml | 0 .../ansible/roles/ssh/tasks/main.yml | 0 .../ansible/roles/ssl/files/.gitignore | 0 .../ansible/roles/ssl/files/README.md | 0 .../ansible/roles/ssl/handlers/main.yml | 0 .../ansible/roles/ssl/tasks/main.yml | 0 .../system_fixes/files/dconf/db/local.d/01-alt-tab | 0 .../system_fixes/files/dconf/db/local.d/locks/locks | 0 .../roles/system_fixes/files/dconf/profile/user | 0 .../ansible/roles/system_fixes/handlers/main.yml | 0 .../ansible/roles/system_fixes/tasks/main.yml | 0 .../ansible/scoreboard.yml | 0 {icpc-wf => provision-contest}/check-turboboost | 0 {icpc-wf => provision-contest}/comp_config | 0 {icpc-wf => provision-contest}/comp_scores | 0 {icpc-wf => provision-contest}/disable-screenlock | 0 .../disable-turboboost_ht | 0 {icpc-wf => provision-contest}/dump-api.sh | 0 {icpc-wf => provision-contest}/fix-mounts.sh | 0 {icpc-wf => provision-contest}/prepare-photos | 0 {icpc-wf => provision-contest}/replay.py | 0 {icpc-wf => provision-contest}/retrieve-judging.sh | 0 ...teams2_organization_images_to_domlogo_naming.php | 0 190 files changed, 4 insertions(+), 4 deletions(-) rename {icpc-wf => provision-contest}/ansible/.ansible-lint (100%) rename {icpc-wf => provision-contest}/ansible/Makefile (100%) rename {icpc-wf => provision-contest}/ansible/README.md (100%) rename {icpc-wf => provision-contest}/ansible/admin.yml (100%) rename {icpc-wf => provision-contest}/ansible/cds.yml (100%) rename {icpc-wf => provision-contest}/ansible/domserver.yml (100%) rename {icpc-wf => provision-contest}/ansible/files/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/files/admin-machine.css (100%) rename {icpc-wf => provision-contest}/ansible/files/collectd-mysql.py (100%) rename {icpc-wf => provision-contest}/ansible/files/collectd.conf.j2 (100%) rename {icpc-wf => provision-contest}/ansible/files/docs.yaml (100%) rename {icpc-wf => provision-contest}/ansible/files/domjudge-public/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/dashboards.yml (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/dashboards/DOMjudge_Dashboard.json (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/dashboards/mysql_14057.json (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/dashboards/nginx.json (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/dashboards/node_exporter_grafana_1860.json (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/dashboards/php_fpm.json (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/datasources.yml (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/environment (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/nginx-status.conf (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/nginx.conf (100%) rename {icpc-wf => provision-contest}/ansible/files/grafana/prometheus.yml.j2 (100%) rename {icpc-wf => provision-contest}/ansible/files/htop.desktop (100%) rename {icpc-wf => provision-contest}/ansible/files/netrc.j2 (100%) rename {icpc-wf => provision-contest}/ansible/files/rotate.desktop (100%) rename {icpc-wf => provision-contest}/ansible/files/taillog-domserver-nginx-error.desktop (100%) rename {icpc-wf => provision-contest}/ansible/files/taillog-domserver-symfony-error.desktop.j2 (100%) rename {icpc-wf => provision-contest}/ansible/files/taillog.desktop.j2 (100%) rename {icpc-wf => provision-contest}/ansible/grafana.yml (100%) rename {icpc-wf => provision-contest}/ansible/group_vars/admin.yml (100%) rename {icpc-wf => provision-contest}/ansible/group_vars/all/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/group_vars/all/all.yml (100%) rename {icpc-wf => provision-contest}/ansible/group_vars/all/secret.yml.example (100%) rename {icpc-wf => provision-contest}/ansible/handlers.yml (100%) rename {icpc-wf => provision-contest}/ansible/hosts (100%) rename {icpc-wf => provision-contest}/ansible/judgehost.yml (100%) rename {icpc-wf => provision-contest}/ansible/mgmt.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/files/install-admin/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/files/install-admin/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/files/install-domserver/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/files/install-domserver/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/files/install-grafana/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/files/install-grafana/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/files/install-judgehost/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/files/install-judgehost/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/tasks/install-local-package.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/base_packages/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/cds/files/cds.service (100%) rename {icpc-wf => provision-contest}/ansible/roles/cds/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/cds/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/cds/templates/accounts.yaml.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/cds/templates/cds.conf.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/cds/templates/cdsConfig.xml.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/clusterssh/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_build/files/logrotate.domjudge (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_build/files/rsyslog.domjudge.conf (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_build/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_build/meta/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_build/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_build/templates/restapi.secret.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_checkout/files/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_checkout/files/lib-vendor.tgz (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_checkout/meta/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_checkout/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_user/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domjudge_user/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domlogo/files/domlogo.py (100%) rename {icpc-wf => provision-contest}/ansible/roles/domlogo/files/images/logos/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/domlogo/files/images/photos/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/domlogo/files/lib/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/domlogo/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/domserver/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domserver/meta/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domserver/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/domserver/templates/dbpasswords.secret.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/domserver/templates/initial_admin_password.secret.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/domserver/templates/nginx-domjudge.conf.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/defaults/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/dashboards.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/dashboards/DOMjudge_Dashboard.json (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/dashboards/mysql_14057.json (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/dashboards/nginx.json (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/dashboards/node_exporter_grafana_1860.json (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/dashboards/php_fpm.json (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/datasources.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/environment (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/loki-local-config.yaml (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/files/loki.service (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/templates/nginx.conf.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/templates/prometheus.yml.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/grafana/vars/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/hosts/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/icpc_fixes/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/icpc_fixes/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/files/disable-turboboost_ht (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/files/install-chroot/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/files/install-chroot/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/files/tune_cpu.service (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/meta/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/judgedaemon/vars/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/keepalived/files/alerting/.config/autostart/alert_listener.desktop (100%) rename {icpc-wf => provision-contest}/ansible/roles/keepalived/files/alerting/bin/alert_listener.sh (100%) rename {icpc-wf => provision-contest}/ansible/roles/keepalived/files/alerting/bin/alerting.sh.template (100%) rename {icpc-wf => provision-contest}/ansible/roles/keepalived/files/alerting/bin/trigger_alert.sh (100%) rename {icpc-wf => provision-contest}/ansible/roles/keepalived/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/keepalived/meta/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/keepalived/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/keepalived/templates/keepalived.conf.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_replication/meta/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_replication/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_replication/templates/setup-replication.sh.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_server/files/dump-db (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_server/files/load-db (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_server/files/my.cnf (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_server/files/mysql.domjudge.cnf (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_server/files/mysql.override.cnf (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_server/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/mysql_server/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.idea/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.idea/domjudge-checkout.iml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.idea/inspectionProfiles/Project_Default.xml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.idea/jsLinters/jshint.xml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.idea/modules.xml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.idea/php.xml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.idea/symfony2.xml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/.idea/vcs.xml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mariadb-java-client-2.7.3.jar (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mysql-connector-license.txt (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/files/jdbc-drivers/jdbc-drivers.xml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/meta/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/phpstorm/templates/jetbrains-phpstorm.desktop.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_all/defaults/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_all/files/promtail.service (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_all/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_all/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_web/files/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_web/files/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_web/files/nginx-status.conf (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_web/files/php-fpm-exporter.service (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_web/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_web/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/prometheus_target_web/templates/mysqld-exporter-authentication.cnf.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/scoreboard/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/scoreboard/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/scoreboard/templates/scoreboard.conf.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssh/files/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssh/files/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssh/files/config (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssh/meta/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssh/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssl/files/.gitignore (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssl/files/README.md (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssl/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/ssl/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/system_fixes/files/dconf/db/local.d/01-alt-tab (100%) rename {icpc-wf => provision-contest}/ansible/roles/system_fixes/files/dconf/db/local.d/locks/locks (100%) rename {icpc-wf => provision-contest}/ansible/roles/system_fixes/files/dconf/profile/user (100%) rename {icpc-wf => provision-contest}/ansible/roles/system_fixes/handlers/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/roles/system_fixes/tasks/main.yml (100%) rename {icpc-wf => provision-contest}/ansible/scoreboard.yml (100%) rename {icpc-wf => provision-contest}/check-turboboost (100%) rename {icpc-wf => provision-contest}/comp_config (100%) rename {icpc-wf => provision-contest}/comp_scores (100%) rename {icpc-wf => provision-contest}/disable-screenlock (100%) rename {icpc-wf => provision-contest}/disable-turboboost_ht (100%) rename {icpc-wf => provision-contest}/dump-api.sh (100%) rename {icpc-wf => provision-contest}/fix-mounts.sh (100%) rename {icpc-wf => provision-contest}/prepare-photos (100%) rename {icpc-wf => provision-contest}/replay.py (100%) rename {icpc-wf => provision-contest}/retrieve-judging.sh (100%) rename {icpc-wf => provision-contest}/teams2_organization_images_to_domlogo_naming.php (100%) diff --git a/.github/workflows/ansible-linting.yml b/.github/workflows/ansible-linting.yml index 6ffc09ec..2bc0eeeb 100644 --- a/.github/workflows/ansible-linting.yml +++ b/.github/workflows/ansible-linting.yml @@ -1,4 +1,4 @@ -name: Test contest deployment (ansible scripts) [PIP] +name: Test contest deployment (ansible scripts) on: [push,pull_request] @@ -15,8 +15,8 @@ jobs: set -eux ansible-lint --version ansible-lint . - working-directory: icpc-wf/ansible + working-directory: provision-contest/ansible - name: Lint the different scripts (Via the script) run: ../../.github/linting.sh - working-directory: icpc-wf/ansible + working-directory: provision-contest/ansible diff --git a/README.md b/README.md index bc6ac73a..993fff96 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,6 @@ developers, but might be of use for others too. The following subdirectories contain: * `website` the HTML code for www.domjudge.org -* `icpc-wf` scripts used at the ICPC World Finals +* `provision-contest` scripts used at ICPC style contests, such as the World Finals * `contest-api` a script to validate an implementation of the [ICPC contest API](https://ccs-specs.icpc.io/contest_api) diff --git a/icpc-wf/ansible/.ansible-lint b/provision-contest/ansible/.ansible-lint similarity index 100% rename from icpc-wf/ansible/.ansible-lint rename to provision-contest/ansible/.ansible-lint diff --git a/icpc-wf/ansible/Makefile b/provision-contest/ansible/Makefile similarity index 100% rename from icpc-wf/ansible/Makefile rename to provision-contest/ansible/Makefile diff --git a/icpc-wf/ansible/README.md b/provision-contest/ansible/README.md similarity index 100% rename from icpc-wf/ansible/README.md rename to provision-contest/ansible/README.md diff --git a/icpc-wf/ansible/admin.yml b/provision-contest/ansible/admin.yml similarity index 100% rename from icpc-wf/ansible/admin.yml rename to provision-contest/ansible/admin.yml diff --git a/icpc-wf/ansible/cds.yml b/provision-contest/ansible/cds.yml similarity index 100% rename from icpc-wf/ansible/cds.yml rename to provision-contest/ansible/cds.yml diff --git a/icpc-wf/ansible/domserver.yml b/provision-contest/ansible/domserver.yml similarity index 100% rename from icpc-wf/ansible/domserver.yml rename to provision-contest/ansible/domserver.yml diff --git a/icpc-wf/ansible/files/.gitignore b/provision-contest/ansible/files/.gitignore similarity index 100% rename from icpc-wf/ansible/files/.gitignore rename to provision-contest/ansible/files/.gitignore diff --git a/icpc-wf/ansible/files/admin-machine.css b/provision-contest/ansible/files/admin-machine.css similarity index 100% rename from icpc-wf/ansible/files/admin-machine.css rename to provision-contest/ansible/files/admin-machine.css diff --git a/icpc-wf/ansible/files/collectd-mysql.py b/provision-contest/ansible/files/collectd-mysql.py similarity index 100% rename from icpc-wf/ansible/files/collectd-mysql.py rename to provision-contest/ansible/files/collectd-mysql.py diff --git a/icpc-wf/ansible/files/collectd.conf.j2 b/provision-contest/ansible/files/collectd.conf.j2 similarity index 100% rename from icpc-wf/ansible/files/collectd.conf.j2 rename to provision-contest/ansible/files/collectd.conf.j2 diff --git a/icpc-wf/ansible/files/docs.yaml b/provision-contest/ansible/files/docs.yaml similarity index 100% rename from icpc-wf/ansible/files/docs.yaml rename to provision-contest/ansible/files/docs.yaml diff --git a/icpc-wf/ansible/files/domjudge-public/.gitignore b/provision-contest/ansible/files/domjudge-public/.gitignore similarity index 100% rename from icpc-wf/ansible/files/domjudge-public/.gitignore rename to provision-contest/ansible/files/domjudge-public/.gitignore diff --git a/icpc-wf/ansible/files/grafana/.gitignore b/provision-contest/ansible/files/grafana/.gitignore similarity index 100% rename from icpc-wf/ansible/files/grafana/.gitignore rename to provision-contest/ansible/files/grafana/.gitignore diff --git a/icpc-wf/ansible/files/grafana/dashboards.yml b/provision-contest/ansible/files/grafana/dashboards.yml similarity index 100% rename from icpc-wf/ansible/files/grafana/dashboards.yml rename to provision-contest/ansible/files/grafana/dashboards.yml diff --git a/icpc-wf/ansible/files/grafana/dashboards/DOMjudge_Dashboard.json b/provision-contest/ansible/files/grafana/dashboards/DOMjudge_Dashboard.json similarity index 100% rename from icpc-wf/ansible/files/grafana/dashboards/DOMjudge_Dashboard.json rename to provision-contest/ansible/files/grafana/dashboards/DOMjudge_Dashboard.json diff --git a/icpc-wf/ansible/files/grafana/dashboards/mysql_14057.json b/provision-contest/ansible/files/grafana/dashboards/mysql_14057.json similarity index 100% rename from icpc-wf/ansible/files/grafana/dashboards/mysql_14057.json rename to provision-contest/ansible/files/grafana/dashboards/mysql_14057.json diff --git a/icpc-wf/ansible/files/grafana/dashboards/nginx.json b/provision-contest/ansible/files/grafana/dashboards/nginx.json similarity index 100% rename from icpc-wf/ansible/files/grafana/dashboards/nginx.json rename to provision-contest/ansible/files/grafana/dashboards/nginx.json diff --git a/icpc-wf/ansible/files/grafana/dashboards/node_exporter_grafana_1860.json b/provision-contest/ansible/files/grafana/dashboards/node_exporter_grafana_1860.json similarity index 100% rename from icpc-wf/ansible/files/grafana/dashboards/node_exporter_grafana_1860.json rename to provision-contest/ansible/files/grafana/dashboards/node_exporter_grafana_1860.json diff --git a/icpc-wf/ansible/files/grafana/dashboards/php_fpm.json b/provision-contest/ansible/files/grafana/dashboards/php_fpm.json similarity index 100% rename from icpc-wf/ansible/files/grafana/dashboards/php_fpm.json rename to provision-contest/ansible/files/grafana/dashboards/php_fpm.json diff --git a/icpc-wf/ansible/files/grafana/datasources.yml b/provision-contest/ansible/files/grafana/datasources.yml similarity index 100% rename from icpc-wf/ansible/files/grafana/datasources.yml rename to provision-contest/ansible/files/grafana/datasources.yml diff --git a/icpc-wf/ansible/files/grafana/environment b/provision-contest/ansible/files/grafana/environment similarity index 100% rename from icpc-wf/ansible/files/grafana/environment rename to provision-contest/ansible/files/grafana/environment diff --git a/icpc-wf/ansible/files/grafana/nginx-status.conf b/provision-contest/ansible/files/grafana/nginx-status.conf similarity index 100% rename from icpc-wf/ansible/files/grafana/nginx-status.conf rename to provision-contest/ansible/files/grafana/nginx-status.conf diff --git a/icpc-wf/ansible/files/grafana/nginx.conf b/provision-contest/ansible/files/grafana/nginx.conf similarity index 100% rename from icpc-wf/ansible/files/grafana/nginx.conf rename to provision-contest/ansible/files/grafana/nginx.conf diff --git a/icpc-wf/ansible/files/grafana/prometheus.yml.j2 b/provision-contest/ansible/files/grafana/prometheus.yml.j2 similarity index 100% rename from icpc-wf/ansible/files/grafana/prometheus.yml.j2 rename to provision-contest/ansible/files/grafana/prometheus.yml.j2 diff --git a/icpc-wf/ansible/files/htop.desktop b/provision-contest/ansible/files/htop.desktop similarity index 100% rename from icpc-wf/ansible/files/htop.desktop rename to provision-contest/ansible/files/htop.desktop diff --git a/icpc-wf/ansible/files/netrc.j2 b/provision-contest/ansible/files/netrc.j2 similarity index 100% rename from icpc-wf/ansible/files/netrc.j2 rename to provision-contest/ansible/files/netrc.j2 diff --git a/icpc-wf/ansible/files/rotate.desktop b/provision-contest/ansible/files/rotate.desktop similarity index 100% rename from icpc-wf/ansible/files/rotate.desktop rename to provision-contest/ansible/files/rotate.desktop diff --git a/icpc-wf/ansible/files/taillog-domserver-nginx-error.desktop b/provision-contest/ansible/files/taillog-domserver-nginx-error.desktop similarity index 100% rename from icpc-wf/ansible/files/taillog-domserver-nginx-error.desktop rename to provision-contest/ansible/files/taillog-domserver-nginx-error.desktop diff --git a/icpc-wf/ansible/files/taillog-domserver-symfony-error.desktop.j2 b/provision-contest/ansible/files/taillog-domserver-symfony-error.desktop.j2 similarity index 100% rename from icpc-wf/ansible/files/taillog-domserver-symfony-error.desktop.j2 rename to provision-contest/ansible/files/taillog-domserver-symfony-error.desktop.j2 diff --git a/icpc-wf/ansible/files/taillog.desktop.j2 b/provision-contest/ansible/files/taillog.desktop.j2 similarity index 100% rename from icpc-wf/ansible/files/taillog.desktop.j2 rename to provision-contest/ansible/files/taillog.desktop.j2 diff --git a/icpc-wf/ansible/grafana.yml b/provision-contest/ansible/grafana.yml similarity index 100% rename from icpc-wf/ansible/grafana.yml rename to provision-contest/ansible/grafana.yml diff --git a/icpc-wf/ansible/group_vars/admin.yml b/provision-contest/ansible/group_vars/admin.yml similarity index 100% rename from icpc-wf/ansible/group_vars/admin.yml rename to provision-contest/ansible/group_vars/admin.yml diff --git a/icpc-wf/ansible/group_vars/all/.gitignore b/provision-contest/ansible/group_vars/all/.gitignore similarity index 100% rename from icpc-wf/ansible/group_vars/all/.gitignore rename to provision-contest/ansible/group_vars/all/.gitignore diff --git a/icpc-wf/ansible/group_vars/all/all.yml b/provision-contest/ansible/group_vars/all/all.yml similarity index 100% rename from icpc-wf/ansible/group_vars/all/all.yml rename to provision-contest/ansible/group_vars/all/all.yml diff --git a/icpc-wf/ansible/group_vars/all/secret.yml.example b/provision-contest/ansible/group_vars/all/secret.yml.example similarity index 100% rename from icpc-wf/ansible/group_vars/all/secret.yml.example rename to provision-contest/ansible/group_vars/all/secret.yml.example diff --git a/icpc-wf/ansible/handlers.yml b/provision-contest/ansible/handlers.yml similarity index 100% rename from icpc-wf/ansible/handlers.yml rename to provision-contest/ansible/handlers.yml diff --git a/icpc-wf/ansible/hosts b/provision-contest/ansible/hosts similarity index 100% rename from icpc-wf/ansible/hosts rename to provision-contest/ansible/hosts diff --git a/icpc-wf/ansible/judgehost.yml b/provision-contest/ansible/judgehost.yml similarity index 100% rename from icpc-wf/ansible/judgehost.yml rename to provision-contest/ansible/judgehost.yml diff --git a/icpc-wf/ansible/mgmt.yml b/provision-contest/ansible/mgmt.yml similarity index 100% rename from icpc-wf/ansible/mgmt.yml rename to provision-contest/ansible/mgmt.yml diff --git a/icpc-wf/ansible/roles/base_packages/files/install-admin/.gitignore b/provision-contest/ansible/roles/base_packages/files/install-admin/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/base_packages/files/install-admin/.gitignore rename to provision-contest/ansible/roles/base_packages/files/install-admin/.gitignore diff --git a/icpc-wf/ansible/roles/base_packages/files/install-admin/README.md b/provision-contest/ansible/roles/base_packages/files/install-admin/README.md similarity index 100% rename from icpc-wf/ansible/roles/base_packages/files/install-admin/README.md rename to provision-contest/ansible/roles/base_packages/files/install-admin/README.md diff --git a/icpc-wf/ansible/roles/base_packages/files/install-domserver/.gitignore b/provision-contest/ansible/roles/base_packages/files/install-domserver/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/base_packages/files/install-domserver/.gitignore rename to provision-contest/ansible/roles/base_packages/files/install-domserver/.gitignore diff --git a/icpc-wf/ansible/roles/base_packages/files/install-domserver/README.md b/provision-contest/ansible/roles/base_packages/files/install-domserver/README.md similarity index 100% rename from icpc-wf/ansible/roles/base_packages/files/install-domserver/README.md rename to provision-contest/ansible/roles/base_packages/files/install-domserver/README.md diff --git a/icpc-wf/ansible/roles/base_packages/files/install-grafana/.gitignore b/provision-contest/ansible/roles/base_packages/files/install-grafana/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/base_packages/files/install-grafana/.gitignore rename to provision-contest/ansible/roles/base_packages/files/install-grafana/.gitignore diff --git a/icpc-wf/ansible/roles/base_packages/files/install-grafana/README.md b/provision-contest/ansible/roles/base_packages/files/install-grafana/README.md similarity index 100% rename from icpc-wf/ansible/roles/base_packages/files/install-grafana/README.md rename to provision-contest/ansible/roles/base_packages/files/install-grafana/README.md diff --git a/icpc-wf/ansible/roles/base_packages/files/install-judgehost/.gitignore b/provision-contest/ansible/roles/base_packages/files/install-judgehost/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/base_packages/files/install-judgehost/.gitignore rename to provision-contest/ansible/roles/base_packages/files/install-judgehost/.gitignore diff --git a/icpc-wf/ansible/roles/base_packages/files/install-judgehost/README.md b/provision-contest/ansible/roles/base_packages/files/install-judgehost/README.md similarity index 100% rename from icpc-wf/ansible/roles/base_packages/files/install-judgehost/README.md rename to provision-contest/ansible/roles/base_packages/files/install-judgehost/README.md diff --git a/icpc-wf/ansible/roles/base_packages/handlers/main.yml b/provision-contest/ansible/roles/base_packages/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/base_packages/handlers/main.yml rename to provision-contest/ansible/roles/base_packages/handlers/main.yml diff --git a/icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml b/provision-contest/ansible/roles/base_packages/tasks/install-local-package.yml similarity index 100% rename from icpc-wf/ansible/roles/base_packages/tasks/install-local-package.yml rename to provision-contest/ansible/roles/base_packages/tasks/install-local-package.yml diff --git a/icpc-wf/ansible/roles/base_packages/tasks/main.yml b/provision-contest/ansible/roles/base_packages/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/base_packages/tasks/main.yml rename to provision-contest/ansible/roles/base_packages/tasks/main.yml diff --git a/icpc-wf/ansible/roles/cds/files/cds.service b/provision-contest/ansible/roles/cds/files/cds.service similarity index 100% rename from icpc-wf/ansible/roles/cds/files/cds.service rename to provision-contest/ansible/roles/cds/files/cds.service diff --git a/icpc-wf/ansible/roles/cds/handlers/main.yml b/provision-contest/ansible/roles/cds/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/cds/handlers/main.yml rename to provision-contest/ansible/roles/cds/handlers/main.yml diff --git a/icpc-wf/ansible/roles/cds/tasks/main.yml b/provision-contest/ansible/roles/cds/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/cds/tasks/main.yml rename to provision-contest/ansible/roles/cds/tasks/main.yml diff --git a/icpc-wf/ansible/roles/cds/templates/accounts.yaml.j2 b/provision-contest/ansible/roles/cds/templates/accounts.yaml.j2 similarity index 100% rename from icpc-wf/ansible/roles/cds/templates/accounts.yaml.j2 rename to provision-contest/ansible/roles/cds/templates/accounts.yaml.j2 diff --git a/icpc-wf/ansible/roles/cds/templates/cds.conf.j2 b/provision-contest/ansible/roles/cds/templates/cds.conf.j2 similarity index 100% rename from icpc-wf/ansible/roles/cds/templates/cds.conf.j2 rename to provision-contest/ansible/roles/cds/templates/cds.conf.j2 diff --git a/icpc-wf/ansible/roles/cds/templates/cdsConfig.xml.j2 b/provision-contest/ansible/roles/cds/templates/cdsConfig.xml.j2 similarity index 100% rename from icpc-wf/ansible/roles/cds/templates/cdsConfig.xml.j2 rename to provision-contest/ansible/roles/cds/templates/cdsConfig.xml.j2 diff --git a/icpc-wf/ansible/roles/clusterssh/tasks/main.yml b/provision-contest/ansible/roles/clusterssh/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/clusterssh/tasks/main.yml rename to provision-contest/ansible/roles/clusterssh/tasks/main.yml diff --git a/icpc-wf/ansible/roles/domjudge_build/files/logrotate.domjudge b/provision-contest/ansible/roles/domjudge_build/files/logrotate.domjudge similarity index 100% rename from icpc-wf/ansible/roles/domjudge_build/files/logrotate.domjudge rename to provision-contest/ansible/roles/domjudge_build/files/logrotate.domjudge diff --git a/icpc-wf/ansible/roles/domjudge_build/files/rsyslog.domjudge.conf b/provision-contest/ansible/roles/domjudge_build/files/rsyslog.domjudge.conf similarity index 100% rename from icpc-wf/ansible/roles/domjudge_build/files/rsyslog.domjudge.conf rename to provision-contest/ansible/roles/domjudge_build/files/rsyslog.domjudge.conf diff --git a/icpc-wf/ansible/roles/domjudge_build/handlers/main.yml b/provision-contest/ansible/roles/domjudge_build/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domjudge_build/handlers/main.yml rename to provision-contest/ansible/roles/domjudge_build/handlers/main.yml diff --git a/icpc-wf/ansible/roles/domjudge_build/meta/main.yml b/provision-contest/ansible/roles/domjudge_build/meta/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domjudge_build/meta/main.yml rename to provision-contest/ansible/roles/domjudge_build/meta/main.yml diff --git a/icpc-wf/ansible/roles/domjudge_build/tasks/main.yml b/provision-contest/ansible/roles/domjudge_build/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domjudge_build/tasks/main.yml rename to provision-contest/ansible/roles/domjudge_build/tasks/main.yml diff --git a/icpc-wf/ansible/roles/domjudge_build/templates/restapi.secret.j2 b/provision-contest/ansible/roles/domjudge_build/templates/restapi.secret.j2 similarity index 100% rename from icpc-wf/ansible/roles/domjudge_build/templates/restapi.secret.j2 rename to provision-contest/ansible/roles/domjudge_build/templates/restapi.secret.j2 diff --git a/icpc-wf/ansible/roles/domjudge_checkout/files/.gitignore b/provision-contest/ansible/roles/domjudge_checkout/files/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/domjudge_checkout/files/.gitignore rename to provision-contest/ansible/roles/domjudge_checkout/files/.gitignore diff --git a/icpc-wf/ansible/roles/domjudge_checkout/files/lib-vendor.tgz b/provision-contest/ansible/roles/domjudge_checkout/files/lib-vendor.tgz similarity index 100% rename from icpc-wf/ansible/roles/domjudge_checkout/files/lib-vendor.tgz rename to provision-contest/ansible/roles/domjudge_checkout/files/lib-vendor.tgz diff --git a/icpc-wf/ansible/roles/domjudge_checkout/meta/main.yml b/provision-contest/ansible/roles/domjudge_checkout/meta/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domjudge_checkout/meta/main.yml rename to provision-contest/ansible/roles/domjudge_checkout/meta/main.yml diff --git a/icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml b/provision-contest/ansible/roles/domjudge_checkout/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domjudge_checkout/tasks/main.yml rename to provision-contest/ansible/roles/domjudge_checkout/tasks/main.yml diff --git a/icpc-wf/ansible/roles/domjudge_user/handlers/main.yml b/provision-contest/ansible/roles/domjudge_user/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domjudge_user/handlers/main.yml rename to provision-contest/ansible/roles/domjudge_user/handlers/main.yml diff --git a/icpc-wf/ansible/roles/domjudge_user/tasks/main.yml b/provision-contest/ansible/roles/domjudge_user/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domjudge_user/tasks/main.yml rename to provision-contest/ansible/roles/domjudge_user/tasks/main.yml diff --git a/icpc-wf/ansible/roles/domlogo/files/domlogo.py b/provision-contest/ansible/roles/domlogo/files/domlogo.py similarity index 100% rename from icpc-wf/ansible/roles/domlogo/files/domlogo.py rename to provision-contest/ansible/roles/domlogo/files/domlogo.py diff --git a/icpc-wf/ansible/roles/domlogo/files/images/logos/.gitignore b/provision-contest/ansible/roles/domlogo/files/images/logos/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/domlogo/files/images/logos/.gitignore rename to provision-contest/ansible/roles/domlogo/files/images/logos/.gitignore diff --git a/icpc-wf/ansible/roles/domlogo/files/images/photos/.gitignore b/provision-contest/ansible/roles/domlogo/files/images/photos/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/domlogo/files/images/photos/.gitignore rename to provision-contest/ansible/roles/domlogo/files/images/photos/.gitignore diff --git a/icpc-wf/ansible/roles/domlogo/files/lib/.gitignore b/provision-contest/ansible/roles/domlogo/files/lib/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/domlogo/files/lib/.gitignore rename to provision-contest/ansible/roles/domlogo/files/lib/.gitignore diff --git a/icpc-wf/ansible/roles/domlogo/tasks/main.yml b/provision-contest/ansible/roles/domlogo/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domlogo/tasks/main.yml rename to provision-contest/ansible/roles/domlogo/tasks/main.yml diff --git a/icpc-wf/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 b/provision-contest/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 similarity index 100% rename from icpc-wf/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 rename to provision-contest/ansible/roles/domlogo/templates/domjudgelogo.desktop.j2 diff --git a/icpc-wf/ansible/roles/domserver/handlers/main.yml b/provision-contest/ansible/roles/domserver/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domserver/handlers/main.yml rename to provision-contest/ansible/roles/domserver/handlers/main.yml diff --git a/icpc-wf/ansible/roles/domserver/meta/main.yml b/provision-contest/ansible/roles/domserver/meta/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domserver/meta/main.yml rename to provision-contest/ansible/roles/domserver/meta/main.yml diff --git a/icpc-wf/ansible/roles/domserver/tasks/main.yml b/provision-contest/ansible/roles/domserver/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/domserver/tasks/main.yml rename to provision-contest/ansible/roles/domserver/tasks/main.yml diff --git a/icpc-wf/ansible/roles/domserver/templates/dbpasswords.secret.j2 b/provision-contest/ansible/roles/domserver/templates/dbpasswords.secret.j2 similarity index 100% rename from icpc-wf/ansible/roles/domserver/templates/dbpasswords.secret.j2 rename to provision-contest/ansible/roles/domserver/templates/dbpasswords.secret.j2 diff --git a/icpc-wf/ansible/roles/domserver/templates/initial_admin_password.secret.j2 b/provision-contest/ansible/roles/domserver/templates/initial_admin_password.secret.j2 similarity index 100% rename from icpc-wf/ansible/roles/domserver/templates/initial_admin_password.secret.j2 rename to provision-contest/ansible/roles/domserver/templates/initial_admin_password.secret.j2 diff --git a/icpc-wf/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 b/provision-contest/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 similarity index 100% rename from icpc-wf/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 rename to provision-contest/ansible/roles/domserver/templates/nginx-domjudge-inner.j2 diff --git a/icpc-wf/ansible/roles/domserver/templates/nginx-domjudge.conf.j2 b/provision-contest/ansible/roles/domserver/templates/nginx-domjudge.conf.j2 similarity index 100% rename from icpc-wf/ansible/roles/domserver/templates/nginx-domjudge.conf.j2 rename to provision-contest/ansible/roles/domserver/templates/nginx-domjudge.conf.j2 diff --git a/icpc-wf/ansible/roles/grafana/defaults/main.yml b/provision-contest/ansible/roles/grafana/defaults/main.yml similarity index 100% rename from icpc-wf/ansible/roles/grafana/defaults/main.yml rename to provision-contest/ansible/roles/grafana/defaults/main.yml diff --git a/icpc-wf/ansible/roles/grafana/files/.gitignore b/provision-contest/ansible/roles/grafana/files/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/.gitignore rename to provision-contest/ansible/roles/grafana/files/.gitignore diff --git a/icpc-wf/ansible/roles/grafana/files/dashboards.yml b/provision-contest/ansible/roles/grafana/files/dashboards.yml similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/dashboards.yml rename to provision-contest/ansible/roles/grafana/files/dashboards.yml diff --git a/icpc-wf/ansible/roles/grafana/files/dashboards/DOMjudge_Dashboard.json b/provision-contest/ansible/roles/grafana/files/dashboards/DOMjudge_Dashboard.json similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/dashboards/DOMjudge_Dashboard.json rename to provision-contest/ansible/roles/grafana/files/dashboards/DOMjudge_Dashboard.json diff --git a/icpc-wf/ansible/roles/grafana/files/dashboards/mysql_14057.json b/provision-contest/ansible/roles/grafana/files/dashboards/mysql_14057.json similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/dashboards/mysql_14057.json rename to provision-contest/ansible/roles/grafana/files/dashboards/mysql_14057.json diff --git a/icpc-wf/ansible/roles/grafana/files/dashboards/nginx.json b/provision-contest/ansible/roles/grafana/files/dashboards/nginx.json similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/dashboards/nginx.json rename to provision-contest/ansible/roles/grafana/files/dashboards/nginx.json diff --git a/icpc-wf/ansible/roles/grafana/files/dashboards/node_exporter_grafana_1860.json b/provision-contest/ansible/roles/grafana/files/dashboards/node_exporter_grafana_1860.json similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/dashboards/node_exporter_grafana_1860.json rename to provision-contest/ansible/roles/grafana/files/dashboards/node_exporter_grafana_1860.json diff --git a/icpc-wf/ansible/roles/grafana/files/dashboards/php_fpm.json b/provision-contest/ansible/roles/grafana/files/dashboards/php_fpm.json similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/dashboards/php_fpm.json rename to provision-contest/ansible/roles/grafana/files/dashboards/php_fpm.json diff --git a/icpc-wf/ansible/roles/grafana/files/datasources.yml b/provision-contest/ansible/roles/grafana/files/datasources.yml similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/datasources.yml rename to provision-contest/ansible/roles/grafana/files/datasources.yml diff --git a/icpc-wf/ansible/roles/grafana/files/environment b/provision-contest/ansible/roles/grafana/files/environment similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/environment rename to provision-contest/ansible/roles/grafana/files/environment diff --git a/icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml b/provision-contest/ansible/roles/grafana/files/loki-local-config.yaml similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/loki-local-config.yaml rename to provision-contest/ansible/roles/grafana/files/loki-local-config.yaml diff --git a/icpc-wf/ansible/roles/grafana/files/loki.service b/provision-contest/ansible/roles/grafana/files/loki.service similarity index 100% rename from icpc-wf/ansible/roles/grafana/files/loki.service rename to provision-contest/ansible/roles/grafana/files/loki.service diff --git a/icpc-wf/ansible/roles/grafana/handlers/main.yml b/provision-contest/ansible/roles/grafana/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/grafana/handlers/main.yml rename to provision-contest/ansible/roles/grafana/handlers/main.yml diff --git a/icpc-wf/ansible/roles/grafana/tasks/main.yml b/provision-contest/ansible/roles/grafana/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/grafana/tasks/main.yml rename to provision-contest/ansible/roles/grafana/tasks/main.yml diff --git a/icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 b/provision-contest/ansible/roles/grafana/templates/nginx.conf.j2 similarity index 100% rename from icpc-wf/ansible/roles/grafana/templates/nginx.conf.j2 rename to provision-contest/ansible/roles/grafana/templates/nginx.conf.j2 diff --git a/icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 b/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 similarity index 100% rename from icpc-wf/ansible/roles/grafana/templates/prometheus.yml.j2 rename to provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 diff --git a/icpc-wf/ansible/roles/grafana/vars/.gitignore b/provision-contest/ansible/roles/grafana/vars/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/grafana/vars/.gitignore rename to provision-contest/ansible/roles/grafana/vars/.gitignore diff --git a/icpc-wf/ansible/roles/hosts/tasks/main.yml b/provision-contest/ansible/roles/hosts/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/hosts/tasks/main.yml rename to provision-contest/ansible/roles/hosts/tasks/main.yml diff --git a/icpc-wf/ansible/roles/icpc_fixes/handlers/main.yml b/provision-contest/ansible/roles/icpc_fixes/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/icpc_fixes/handlers/main.yml rename to provision-contest/ansible/roles/icpc_fixes/handlers/main.yml diff --git a/icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml b/provision-contest/ansible/roles/icpc_fixes/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/icpc_fixes/tasks/main.yml rename to provision-contest/ansible/roles/icpc_fixes/tasks/main.yml diff --git a/icpc-wf/ansible/roles/judgedaemon/files/disable-turboboost_ht b/provision-contest/ansible/roles/judgedaemon/files/disable-turboboost_ht similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/files/disable-turboboost_ht rename to provision-contest/ansible/roles/judgedaemon/files/disable-turboboost_ht diff --git a/icpc-wf/ansible/roles/judgedaemon/files/install-chroot/.gitignore b/provision-contest/ansible/roles/judgedaemon/files/install-chroot/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/files/install-chroot/.gitignore rename to provision-contest/ansible/roles/judgedaemon/files/install-chroot/.gitignore diff --git a/icpc-wf/ansible/roles/judgedaemon/files/install-chroot/README.md b/provision-contest/ansible/roles/judgedaemon/files/install-chroot/README.md similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/files/install-chroot/README.md rename to provision-contest/ansible/roles/judgedaemon/files/install-chroot/README.md diff --git a/icpc-wf/ansible/roles/judgedaemon/files/tune_cpu.service b/provision-contest/ansible/roles/judgedaemon/files/tune_cpu.service similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/files/tune_cpu.service rename to provision-contest/ansible/roles/judgedaemon/files/tune_cpu.service diff --git a/icpc-wf/ansible/roles/judgedaemon/handlers/main.yml b/provision-contest/ansible/roles/judgedaemon/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/handlers/main.yml rename to provision-contest/ansible/roles/judgedaemon/handlers/main.yml diff --git a/icpc-wf/ansible/roles/judgedaemon/meta/main.yml b/provision-contest/ansible/roles/judgedaemon/meta/main.yml similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/meta/main.yml rename to provision-contest/ansible/roles/judgedaemon/meta/main.yml diff --git a/icpc-wf/ansible/roles/judgedaemon/tasks/main.yml b/provision-contest/ansible/roles/judgedaemon/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/tasks/main.yml rename to provision-contest/ansible/roles/judgedaemon/tasks/main.yml diff --git a/icpc-wf/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 b/provision-contest/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 rename to provision-contest/ansible/roles/judgedaemon/templates/domjudge-judgehost.target.j2 diff --git a/icpc-wf/ansible/roles/judgedaemon/vars/main.yml b/provision-contest/ansible/roles/judgedaemon/vars/main.yml similarity index 100% rename from icpc-wf/ansible/roles/judgedaemon/vars/main.yml rename to provision-contest/ansible/roles/judgedaemon/vars/main.yml diff --git a/icpc-wf/ansible/roles/keepalived/files/alerting/.config/autostart/alert_listener.desktop b/provision-contest/ansible/roles/keepalived/files/alerting/.config/autostart/alert_listener.desktop similarity index 100% rename from icpc-wf/ansible/roles/keepalived/files/alerting/.config/autostart/alert_listener.desktop rename to provision-contest/ansible/roles/keepalived/files/alerting/.config/autostart/alert_listener.desktop diff --git a/icpc-wf/ansible/roles/keepalived/files/alerting/bin/alert_listener.sh b/provision-contest/ansible/roles/keepalived/files/alerting/bin/alert_listener.sh similarity index 100% rename from icpc-wf/ansible/roles/keepalived/files/alerting/bin/alert_listener.sh rename to provision-contest/ansible/roles/keepalived/files/alerting/bin/alert_listener.sh diff --git a/icpc-wf/ansible/roles/keepalived/files/alerting/bin/alerting.sh.template b/provision-contest/ansible/roles/keepalived/files/alerting/bin/alerting.sh.template similarity index 100% rename from icpc-wf/ansible/roles/keepalived/files/alerting/bin/alerting.sh.template rename to provision-contest/ansible/roles/keepalived/files/alerting/bin/alerting.sh.template diff --git a/icpc-wf/ansible/roles/keepalived/files/alerting/bin/trigger_alert.sh b/provision-contest/ansible/roles/keepalived/files/alerting/bin/trigger_alert.sh similarity index 100% rename from icpc-wf/ansible/roles/keepalived/files/alerting/bin/trigger_alert.sh rename to provision-contest/ansible/roles/keepalived/files/alerting/bin/trigger_alert.sh diff --git a/icpc-wf/ansible/roles/keepalived/handlers/main.yml b/provision-contest/ansible/roles/keepalived/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/keepalived/handlers/main.yml rename to provision-contest/ansible/roles/keepalived/handlers/main.yml diff --git a/icpc-wf/ansible/roles/keepalived/meta/main.yml b/provision-contest/ansible/roles/keepalived/meta/main.yml similarity index 100% rename from icpc-wf/ansible/roles/keepalived/meta/main.yml rename to provision-contest/ansible/roles/keepalived/meta/main.yml diff --git a/icpc-wf/ansible/roles/keepalived/tasks/main.yml b/provision-contest/ansible/roles/keepalived/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/keepalived/tasks/main.yml rename to provision-contest/ansible/roles/keepalived/tasks/main.yml diff --git a/icpc-wf/ansible/roles/keepalived/templates/keepalived.conf.j2 b/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2 similarity index 100% rename from icpc-wf/ansible/roles/keepalived/templates/keepalived.conf.j2 rename to provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2 diff --git a/icpc-wf/ansible/roles/mysql_replication/meta/main.yml b/provision-contest/ansible/roles/mysql_replication/meta/main.yml similarity index 100% rename from icpc-wf/ansible/roles/mysql_replication/meta/main.yml rename to provision-contest/ansible/roles/mysql_replication/meta/main.yml diff --git a/icpc-wf/ansible/roles/mysql_replication/tasks/main.yml b/provision-contest/ansible/roles/mysql_replication/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/mysql_replication/tasks/main.yml rename to provision-contest/ansible/roles/mysql_replication/tasks/main.yml diff --git a/icpc-wf/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2 b/provision-contest/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2 similarity index 100% rename from icpc-wf/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2 rename to provision-contest/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2 diff --git a/icpc-wf/ansible/roles/mysql_replication/templates/setup-replication.sh.j2 b/provision-contest/ansible/roles/mysql_replication/templates/setup-replication.sh.j2 similarity index 100% rename from icpc-wf/ansible/roles/mysql_replication/templates/setup-replication.sh.j2 rename to provision-contest/ansible/roles/mysql_replication/templates/setup-replication.sh.j2 diff --git a/icpc-wf/ansible/roles/mysql_server/files/dump-db b/provision-contest/ansible/roles/mysql_server/files/dump-db similarity index 100% rename from icpc-wf/ansible/roles/mysql_server/files/dump-db rename to provision-contest/ansible/roles/mysql_server/files/dump-db diff --git a/icpc-wf/ansible/roles/mysql_server/files/load-db b/provision-contest/ansible/roles/mysql_server/files/load-db similarity index 100% rename from icpc-wf/ansible/roles/mysql_server/files/load-db rename to provision-contest/ansible/roles/mysql_server/files/load-db diff --git a/icpc-wf/ansible/roles/mysql_server/files/my.cnf b/provision-contest/ansible/roles/mysql_server/files/my.cnf similarity index 100% rename from icpc-wf/ansible/roles/mysql_server/files/my.cnf rename to provision-contest/ansible/roles/mysql_server/files/my.cnf diff --git a/icpc-wf/ansible/roles/mysql_server/files/mysql.domjudge.cnf b/provision-contest/ansible/roles/mysql_server/files/mysql.domjudge.cnf similarity index 100% rename from icpc-wf/ansible/roles/mysql_server/files/mysql.domjudge.cnf rename to provision-contest/ansible/roles/mysql_server/files/mysql.domjudge.cnf diff --git a/icpc-wf/ansible/roles/mysql_server/files/mysql.override.cnf b/provision-contest/ansible/roles/mysql_server/files/mysql.override.cnf similarity index 100% rename from icpc-wf/ansible/roles/mysql_server/files/mysql.override.cnf rename to provision-contest/ansible/roles/mysql_server/files/mysql.override.cnf diff --git a/icpc-wf/ansible/roles/mysql_server/handlers/main.yml b/provision-contest/ansible/roles/mysql_server/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/mysql_server/handlers/main.yml rename to provision-contest/ansible/roles/mysql_server/handlers/main.yml diff --git a/icpc-wf/ansible/roles/mysql_server/tasks/main.yml b/provision-contest/ansible/roles/mysql_server/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/mysql_server/tasks/main.yml rename to provision-contest/ansible/roles/mysql_server/tasks/main.yml diff --git a/icpc-wf/ansible/roles/phpstorm/files/.gitignore b/provision-contest/ansible/roles/phpstorm/files/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.gitignore rename to provision-contest/ansible/roles/phpstorm/files/.gitignore diff --git a/icpc-wf/ansible/roles/phpstorm/files/.idea/.gitignore b/provision-contest/ansible/roles/phpstorm/files/.idea/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.idea/.gitignore rename to provision-contest/ansible/roles/phpstorm/files/.idea/.gitignore diff --git a/icpc-wf/ansible/roles/phpstorm/files/.idea/domjudge-checkout.iml b/provision-contest/ansible/roles/phpstorm/files/.idea/domjudge-checkout.iml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.idea/domjudge-checkout.iml rename to provision-contest/ansible/roles/phpstorm/files/.idea/domjudge-checkout.iml diff --git a/icpc-wf/ansible/roles/phpstorm/files/.idea/inspectionProfiles/Project_Default.xml b/provision-contest/ansible/roles/phpstorm/files/.idea/inspectionProfiles/Project_Default.xml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.idea/inspectionProfiles/Project_Default.xml rename to provision-contest/ansible/roles/phpstorm/files/.idea/inspectionProfiles/Project_Default.xml diff --git a/icpc-wf/ansible/roles/phpstorm/files/.idea/jsLinters/jshint.xml b/provision-contest/ansible/roles/phpstorm/files/.idea/jsLinters/jshint.xml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.idea/jsLinters/jshint.xml rename to provision-contest/ansible/roles/phpstorm/files/.idea/jsLinters/jshint.xml diff --git a/icpc-wf/ansible/roles/phpstorm/files/.idea/modules.xml b/provision-contest/ansible/roles/phpstorm/files/.idea/modules.xml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.idea/modules.xml rename to provision-contest/ansible/roles/phpstorm/files/.idea/modules.xml diff --git a/icpc-wf/ansible/roles/phpstorm/files/.idea/php.xml b/provision-contest/ansible/roles/phpstorm/files/.idea/php.xml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.idea/php.xml rename to provision-contest/ansible/roles/phpstorm/files/.idea/php.xml diff --git a/icpc-wf/ansible/roles/phpstorm/files/.idea/symfony2.xml b/provision-contest/ansible/roles/phpstorm/files/.idea/symfony2.xml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.idea/symfony2.xml rename to provision-contest/ansible/roles/phpstorm/files/.idea/symfony2.xml diff --git a/icpc-wf/ansible/roles/phpstorm/files/.idea/vcs.xml b/provision-contest/ansible/roles/phpstorm/files/.idea/vcs.xml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/.idea/vcs.xml rename to provision-contest/ansible/roles/phpstorm/files/.idea/vcs.xml diff --git a/icpc-wf/ansible/roles/phpstorm/files/README.md b/provision-contest/ansible/roles/phpstorm/files/README.md similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/README.md rename to provision-contest/ansible/roles/phpstorm/files/README.md diff --git a/icpc-wf/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mariadb-java-client-2.7.3.jar b/provision-contest/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mariadb-java-client-2.7.3.jar similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mariadb-java-client-2.7.3.jar rename to provision-contest/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mariadb-java-client-2.7.3.jar diff --git a/icpc-wf/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mysql-connector-license.txt b/provision-contest/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mysql-connector-license.txt similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mysql-connector-license.txt rename to provision-contest/ansible/roles/phpstorm/files/jdbc-drivers/MariaDB Connector J/2.7.3/mysql-connector-license.txt diff --git a/icpc-wf/ansible/roles/phpstorm/files/jdbc-drivers/jdbc-drivers.xml b/provision-contest/ansible/roles/phpstorm/files/jdbc-drivers/jdbc-drivers.xml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/files/jdbc-drivers/jdbc-drivers.xml rename to provision-contest/ansible/roles/phpstorm/files/jdbc-drivers/jdbc-drivers.xml diff --git a/icpc-wf/ansible/roles/phpstorm/meta/main.yml b/provision-contest/ansible/roles/phpstorm/meta/main.yml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/meta/main.yml rename to provision-contest/ansible/roles/phpstorm/meta/main.yml diff --git a/icpc-wf/ansible/roles/phpstorm/tasks/main.yml b/provision-contest/ansible/roles/phpstorm/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/tasks/main.yml rename to provision-contest/ansible/roles/phpstorm/tasks/main.yml diff --git a/icpc-wf/ansible/roles/phpstorm/templates/jetbrains-phpstorm.desktop.j2 b/provision-contest/ansible/roles/phpstorm/templates/jetbrains-phpstorm.desktop.j2 similarity index 100% rename from icpc-wf/ansible/roles/phpstorm/templates/jetbrains-phpstorm.desktop.j2 rename to provision-contest/ansible/roles/phpstorm/templates/jetbrains-phpstorm.desktop.j2 diff --git a/icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml b/provision-contest/ansible/roles/prometheus_target_all/defaults/main.yml similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_all/defaults/main.yml rename to provision-contest/ansible/roles/prometheus_target_all/defaults/main.yml diff --git a/icpc-wf/ansible/roles/prometheus_target_all/files/promtail.service b/provision-contest/ansible/roles/prometheus_target_all/files/promtail.service similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_all/files/promtail.service rename to provision-contest/ansible/roles/prometheus_target_all/files/promtail.service diff --git a/icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml b/provision-contest/ansible/roles/prometheus_target_all/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_all/handlers/main.yml rename to provision-contest/ansible/roles/prometheus_target_all/handlers/main.yml diff --git a/icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml b/provision-contest/ansible/roles/prometheus_target_all/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_all/tasks/main.yml rename to provision-contest/ansible/roles/prometheus_target_all/tasks/main.yml diff --git a/icpc-wf/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 b/provision-contest/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 rename to provision-contest/ansible/roles/prometheus_target_all/templates/promtail-local-config.yaml.j2 diff --git a/icpc-wf/ansible/roles/prometheus_target_web/files/.gitignore b/provision-contest/ansible/roles/prometheus_target_web/files/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_web/files/.gitignore rename to provision-contest/ansible/roles/prometheus_target_web/files/.gitignore diff --git a/icpc-wf/ansible/roles/prometheus_target_web/files/README.md b/provision-contest/ansible/roles/prometheus_target_web/files/README.md similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_web/files/README.md rename to provision-contest/ansible/roles/prometheus_target_web/files/README.md diff --git a/icpc-wf/ansible/roles/prometheus_target_web/files/nginx-status.conf b/provision-contest/ansible/roles/prometheus_target_web/files/nginx-status.conf similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_web/files/nginx-status.conf rename to provision-contest/ansible/roles/prometheus_target_web/files/nginx-status.conf diff --git a/icpc-wf/ansible/roles/prometheus_target_web/files/php-fpm-exporter.service b/provision-contest/ansible/roles/prometheus_target_web/files/php-fpm-exporter.service similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_web/files/php-fpm-exporter.service rename to provision-contest/ansible/roles/prometheus_target_web/files/php-fpm-exporter.service diff --git a/icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml b/provision-contest/ansible/roles/prometheus_target_web/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_web/handlers/main.yml rename to provision-contest/ansible/roles/prometheus_target_web/handlers/main.yml diff --git a/icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml b/provision-contest/ansible/roles/prometheus_target_web/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_web/tasks/main.yml rename to provision-contest/ansible/roles/prometheus_target_web/tasks/main.yml diff --git a/icpc-wf/ansible/roles/prometheus_target_web/templates/mysqld-exporter-authentication.cnf.j2 b/provision-contest/ansible/roles/prometheus_target_web/templates/mysqld-exporter-authentication.cnf.j2 similarity index 100% rename from icpc-wf/ansible/roles/prometheus_target_web/templates/mysqld-exporter-authentication.cnf.j2 rename to provision-contest/ansible/roles/prometheus_target_web/templates/mysqld-exporter-authentication.cnf.j2 diff --git a/icpc-wf/ansible/roles/scoreboard/handlers/main.yml b/provision-contest/ansible/roles/scoreboard/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/scoreboard/handlers/main.yml rename to provision-contest/ansible/roles/scoreboard/handlers/main.yml diff --git a/icpc-wf/ansible/roles/scoreboard/tasks/main.yml b/provision-contest/ansible/roles/scoreboard/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/scoreboard/tasks/main.yml rename to provision-contest/ansible/roles/scoreboard/tasks/main.yml diff --git a/icpc-wf/ansible/roles/scoreboard/templates/scoreboard.conf.j2 b/provision-contest/ansible/roles/scoreboard/templates/scoreboard.conf.j2 similarity index 100% rename from icpc-wf/ansible/roles/scoreboard/templates/scoreboard.conf.j2 rename to provision-contest/ansible/roles/scoreboard/templates/scoreboard.conf.j2 diff --git a/icpc-wf/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 b/provision-contest/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 similarity index 100% rename from icpc-wf/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 rename to provision-contest/ansible/roles/scoreboard/templates/update-scoreboard.sh.j2 diff --git a/icpc-wf/ansible/roles/ssh/files/.gitignore b/provision-contest/ansible/roles/ssh/files/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/ssh/files/.gitignore rename to provision-contest/ansible/roles/ssh/files/.gitignore diff --git a/icpc-wf/ansible/roles/ssh/files/README.md b/provision-contest/ansible/roles/ssh/files/README.md similarity index 100% rename from icpc-wf/ansible/roles/ssh/files/README.md rename to provision-contest/ansible/roles/ssh/files/README.md diff --git a/icpc-wf/ansible/roles/ssh/files/config b/provision-contest/ansible/roles/ssh/files/config similarity index 100% rename from icpc-wf/ansible/roles/ssh/files/config rename to provision-contest/ansible/roles/ssh/files/config diff --git a/icpc-wf/ansible/roles/ssh/meta/main.yml b/provision-contest/ansible/roles/ssh/meta/main.yml similarity index 100% rename from icpc-wf/ansible/roles/ssh/meta/main.yml rename to provision-contest/ansible/roles/ssh/meta/main.yml diff --git a/icpc-wf/ansible/roles/ssh/tasks/main.yml b/provision-contest/ansible/roles/ssh/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/ssh/tasks/main.yml rename to provision-contest/ansible/roles/ssh/tasks/main.yml diff --git a/icpc-wf/ansible/roles/ssl/files/.gitignore b/provision-contest/ansible/roles/ssl/files/.gitignore similarity index 100% rename from icpc-wf/ansible/roles/ssl/files/.gitignore rename to provision-contest/ansible/roles/ssl/files/.gitignore diff --git a/icpc-wf/ansible/roles/ssl/files/README.md b/provision-contest/ansible/roles/ssl/files/README.md similarity index 100% rename from icpc-wf/ansible/roles/ssl/files/README.md rename to provision-contest/ansible/roles/ssl/files/README.md diff --git a/icpc-wf/ansible/roles/ssl/handlers/main.yml b/provision-contest/ansible/roles/ssl/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/ssl/handlers/main.yml rename to provision-contest/ansible/roles/ssl/handlers/main.yml diff --git a/icpc-wf/ansible/roles/ssl/tasks/main.yml b/provision-contest/ansible/roles/ssl/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/ssl/tasks/main.yml rename to provision-contest/ansible/roles/ssl/tasks/main.yml diff --git a/icpc-wf/ansible/roles/system_fixes/files/dconf/db/local.d/01-alt-tab b/provision-contest/ansible/roles/system_fixes/files/dconf/db/local.d/01-alt-tab similarity index 100% rename from icpc-wf/ansible/roles/system_fixes/files/dconf/db/local.d/01-alt-tab rename to provision-contest/ansible/roles/system_fixes/files/dconf/db/local.d/01-alt-tab diff --git a/icpc-wf/ansible/roles/system_fixes/files/dconf/db/local.d/locks/locks b/provision-contest/ansible/roles/system_fixes/files/dconf/db/local.d/locks/locks similarity index 100% rename from icpc-wf/ansible/roles/system_fixes/files/dconf/db/local.d/locks/locks rename to provision-contest/ansible/roles/system_fixes/files/dconf/db/local.d/locks/locks diff --git a/icpc-wf/ansible/roles/system_fixes/files/dconf/profile/user b/provision-contest/ansible/roles/system_fixes/files/dconf/profile/user similarity index 100% rename from icpc-wf/ansible/roles/system_fixes/files/dconf/profile/user rename to provision-contest/ansible/roles/system_fixes/files/dconf/profile/user diff --git a/icpc-wf/ansible/roles/system_fixes/handlers/main.yml b/provision-contest/ansible/roles/system_fixes/handlers/main.yml similarity index 100% rename from icpc-wf/ansible/roles/system_fixes/handlers/main.yml rename to provision-contest/ansible/roles/system_fixes/handlers/main.yml diff --git a/icpc-wf/ansible/roles/system_fixes/tasks/main.yml b/provision-contest/ansible/roles/system_fixes/tasks/main.yml similarity index 100% rename from icpc-wf/ansible/roles/system_fixes/tasks/main.yml rename to provision-contest/ansible/roles/system_fixes/tasks/main.yml diff --git a/icpc-wf/ansible/scoreboard.yml b/provision-contest/ansible/scoreboard.yml similarity index 100% rename from icpc-wf/ansible/scoreboard.yml rename to provision-contest/ansible/scoreboard.yml diff --git a/icpc-wf/check-turboboost b/provision-contest/check-turboboost similarity index 100% rename from icpc-wf/check-turboboost rename to provision-contest/check-turboboost diff --git a/icpc-wf/comp_config b/provision-contest/comp_config similarity index 100% rename from icpc-wf/comp_config rename to provision-contest/comp_config diff --git a/icpc-wf/comp_scores b/provision-contest/comp_scores similarity index 100% rename from icpc-wf/comp_scores rename to provision-contest/comp_scores diff --git a/icpc-wf/disable-screenlock b/provision-contest/disable-screenlock similarity index 100% rename from icpc-wf/disable-screenlock rename to provision-contest/disable-screenlock diff --git a/icpc-wf/disable-turboboost_ht b/provision-contest/disable-turboboost_ht similarity index 100% rename from icpc-wf/disable-turboboost_ht rename to provision-contest/disable-turboboost_ht diff --git a/icpc-wf/dump-api.sh b/provision-contest/dump-api.sh similarity index 100% rename from icpc-wf/dump-api.sh rename to provision-contest/dump-api.sh diff --git a/icpc-wf/fix-mounts.sh b/provision-contest/fix-mounts.sh similarity index 100% rename from icpc-wf/fix-mounts.sh rename to provision-contest/fix-mounts.sh diff --git a/icpc-wf/prepare-photos b/provision-contest/prepare-photos similarity index 100% rename from icpc-wf/prepare-photos rename to provision-contest/prepare-photos diff --git a/icpc-wf/replay.py b/provision-contest/replay.py similarity index 100% rename from icpc-wf/replay.py rename to provision-contest/replay.py diff --git a/icpc-wf/retrieve-judging.sh b/provision-contest/retrieve-judging.sh similarity index 100% rename from icpc-wf/retrieve-judging.sh rename to provision-contest/retrieve-judging.sh diff --git a/icpc-wf/teams2_organization_images_to_domlogo_naming.php b/provision-contest/teams2_organization_images_to_domlogo_naming.php similarity index 100% rename from icpc-wf/teams2_organization_images_to_domlogo_naming.php rename to provision-contest/teams2_organization_images_to_domlogo_naming.php From 9fe5a802856c6723af5e714a3b0d3d0d6fcc645f Mon Sep 17 00:00:00 2001 From: Jaap Eldering Date: Sat, 21 May 2022 14:04:13 +0200 Subject: [PATCH 48/51] Fix link to ICPC Contest API specification. Just link to the master/development version, as otherwise we'd have to link to the general page https://ccs-specs.icpc.io/. --- website/documentation.shtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/documentation.shtml b/website/documentation.shtml index 4cc75ec5..f37341eb 100644 --- a/website/documentation.shtml +++ b/website/documentation.shtml @@ -18,7 +18,7 @@ state as well as perform certain actions, such as submit solutions and control contest state (with admin role).

The DOMjudge API is an implementation of the ICPC -Contest API +Contest API (except that it does not (yet) implement the optional team-members endpoint). It also has some extensions, see the internal API documentation.

From 5655aff0c21a15a84a312e4c1424a728363a38dd Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 26 May 2022 21:25:29 +0200 Subject: [PATCH 49/51] Only make replication an explicit choice In most cases we dont do replication and this book will let SQL bind to 0.0.0.0 which is less secure and only relevant when making use of the replication. --- provision-contest/ansible/domserver.yml | 1 + provision-contest/ansible/group_vars/all/secret.yml.example | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/provision-contest/ansible/domserver.yml b/provision-contest/ansible/domserver.yml index a578b159..e1c5b75d 100644 --- a/provision-contest/ansible/domserver.yml +++ b/provision-contest/ansible/domserver.yml @@ -34,6 +34,7 @@ tags: domserver - role: mysql_replication tags: mysql_replication + when: REPLICATION_PASSWORD is defined - role: keepalived tags: keepalived when: KEEPALIVED_PRIORITY is defined diff --git a/provision-contest/ansible/group_vars/all/secret.yml.example b/provision-contest/ansible/group_vars/all/secret.yml.example index adbf3e04..b166b42b 100644 --- a/provision-contest/ansible/group_vars/all/secret.yml.example +++ b/provision-contest/ansible/group_vars/all/secret.yml.example @@ -1,6 +1,6 @@ # Password for the MySQL replication user. # Set this to enable master-master replication between two domservers. -REPLICATION_PASSWORD: some-replication-password +#REPLICATION_PASSWORD: some-replication-password # Database user password. DB_PASSWORD: some-database-password From 97b5c7b7051336b002141a76cae2d9693473fdb9 Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 2 Jun 2022 20:05:20 +0200 Subject: [PATCH 50/51] DOMjudge 8.1 is now released --- website/header.shtml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/header.shtml b/website/header.shtml index f0af5894..a77563e2 100644 --- a/website/header.shtml +++ b/website/header.shtml @@ -1,7 +1,7 @@ - From 07bd7db34dd449848e59349347850e44283fa155 Mon Sep 17 00:00:00 2001 From: MCJ Vasseur <14887731+vmcj@users.noreply.github.com> Date: Thu, 9 Jun 2022 08:58:00 +0200 Subject: [PATCH 51/51] Link to example compose file The current documentation at Docker Hub uses the harder to use vanilla docker. Current standard for deploying multiple containers is docker-compose which is now added. I've left judgehosts out of the compose as for these one would use other machines where just running 1 container might actually be easier. --- website/Makefile | 2 +- website/docker-compose.yml | 27 +++++++++++++++++++++++++++ website/download.shtml | 3 +-- 3 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 website/docker-compose.yml diff --git a/website/Makefile b/website/Makefile index c93b77b7..495a435b 100644 --- a/website/Makefile +++ b/website/Makefile @@ -3,7 +3,7 @@ SHELL = /bin/bash WWWDIR = /srv/http/domjudge install: - cp *.shtml *.css *.ico *.svg *.pdf $(WWWDIR)/ + cp *.shtml *.css *.ico *.svg *.pdf *.yml $(WWWDIR)/ # This takes the docs from the latest (by string sorting) release and copies # these to the directory serving files under www.domjudge.org/docs/. diff --git a/website/docker-compose.yml b/website/docker-compose.yml new file mode 100644 index 00000000..dc3975da --- /dev/null +++ b/website/docker-compose.yml @@ -0,0 +1,27 @@ +version: '3' + +services: + mariadb: + image: docker.io/mariadb + hostname: mariadb + environment: + - MYSQL_ROOT_PASSWORD=domjudge + - MYSQL_USER=domjudge + - MYSQL_PASSWORD=djpw + - MYSQL_DATABASE=domjudge + ports: + - 13306:3306 + command: --max-connections=1000 --max-allowed-packet=512M + volumes: + - /var/lib/mysql + domjudge: + image: docker.io/domjudge/domserver + hostname: domserver + environment: + - MYSQL_ROOT_PASSWORD=domjudge + - MYSQL_USER=domjudge + - MYSQL_PASSWORD=djpw + - MYSQL_DATABASE=domjudge + - MYSQL_HOST=mariadb + ports: + - 8080:80 diff --git a/website/download.shtml b/website/download.shtml index 464b5f5c..d207a358 100644 --- a/website/download.shtml +++ b/website/download.shtml @@ -41,8 +41,7 @@ mailing list.

DOMjudge docker images

Official Docker images for both the domserver and judgehost are also available. -See the Docker Hub -repository for the DOMserver to get started. +See the Docker Hub repository for the DOMserver to get started or use the example docker-compose setup.

Debian Packages