From aa47662fdea6a75e2ac955108a1ba2b60ce5a04f Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Sun, 1 Sep 2024 22:40:00 +0200 Subject: [PATCH] Split for WF setups --- provision-contest/ansible/domserver.yml | 2 +- .../group_vars/{all => online}/.gitignore | 0 .../{all => online}/all.yml.example | 0 .../{all => online}/secret.yml.example | 0 .../ansible/group_vars/onprem/.gitignore | 2 + .../ansible/group_vars/onprem/all.yml.example | 99 +++++++++++++++++++ .../group_vars/onprem/secret.yml.example | 71 +++++++++++++ provision-contest/ansible/hosts.example | 22 +++++ provision-contest/ansible/judgehost.yml | 2 +- .../roles/grafana/templates/prometheus.yml.j2 | 74 ++++++++++++++ 10 files changed, 270 insertions(+), 2 deletions(-) rename provision-contest/ansible/group_vars/{all => online}/.gitignore (100%) rename provision-contest/ansible/group_vars/{all => online}/all.yml.example (100%) rename provision-contest/ansible/group_vars/{all => online}/secret.yml.example (100%) create mode 100644 provision-contest/ansible/group_vars/onprem/.gitignore create mode 100644 provision-contest/ansible/group_vars/onprem/all.yml.example create mode 100644 provision-contest/ansible/group_vars/onprem/secret.yml.example diff --git a/provision-contest/ansible/domserver.yml b/provision-contest/ansible/domserver.yml index deadce15..923cdc6a 100644 --- a/provision-contest/ansible/domserver.yml +++ b/provision-contest/ansible/domserver.yml @@ -13,7 +13,7 @@ - python3-netaddr - name: Setup domserver - hosts: domserver + hosts: domserver,online-domserver vars: host_type: domserver become: true diff --git a/provision-contest/ansible/group_vars/all/.gitignore b/provision-contest/ansible/group_vars/online/.gitignore similarity index 100% rename from provision-contest/ansible/group_vars/all/.gitignore rename to provision-contest/ansible/group_vars/online/.gitignore diff --git a/provision-contest/ansible/group_vars/all/all.yml.example b/provision-contest/ansible/group_vars/online/all.yml.example similarity index 100% rename from provision-contest/ansible/group_vars/all/all.yml.example rename to provision-contest/ansible/group_vars/online/all.yml.example diff --git a/provision-contest/ansible/group_vars/all/secret.yml.example b/provision-contest/ansible/group_vars/online/secret.yml.example similarity index 100% rename from provision-contest/ansible/group_vars/all/secret.yml.example rename to provision-contest/ansible/group_vars/online/secret.yml.example diff --git a/provision-contest/ansible/group_vars/onprem/.gitignore b/provision-contest/ansible/group_vars/onprem/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/onprem/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/onprem/all.yml.example b/provision-contest/ansible/group_vars/onprem/all.yml.example new file mode 100644 index 00000000..790b227c --- /dev/null +++ b/provision-contest/ansible/group_vars/onprem/all.yml.example @@ -0,0 +1,99 @@ +# Directory of the domjudge repository checkout. +DJ_DIR: /opt/domjudge + +# Branch to checkout and use. +DJ_BRANCH: main + +# Whether to force-pull changes to the checkout, overwriting any local changes. +DJ_FORCE_UPDATE: true + +# Server VLAN IP prefix. +SERVER_IP_PREFIX: 10.3.3 + +# IP address of the git server. +LOCAL_GIT_IP: "{{SERVER_IP_PREFIX}}.207" + +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domjudge +DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.215" +DOMSERVER_URL: "{{DOMSERVER}}" +DOMSERVER_SSL_CERT: /etc/ssl/certs/domserver.crt +DOMSERVER_SSL_KEY: /etc/ssl/private/domserver.key + +# Set this to true when you are using the ICPC World Finals Contest Image +ICPC_IMAGE: false + +# Set this to true when you are using a graphical desktop +GRAPHICAL: false + +# Set this to true when you use an (ICPC) AWS machine +AWS: true + +# Set this when on the blue network at the World Finals where no +# internet access is available and "packages" must be used as APT repo +# server. +WF_RESTRICTED_NETWORK: false +WF_GREEN: false + +# Static IP address configuration. Uses the ansible_host variable as the static +# IP address. Only configured if STATIC_IP_ENABLED is true. +STATIC_IP_ENABLED: false +STATIC_IP_NETMASK: 255.255.252.0 +STATIC_IP_GATEWAY: 172.29.0.1 +STATIC_IP_INTERFACE: enp1s0 + +# Additional entries for the /etc/hosts file. +HOSTS: + cds: 10.3.3.207 + packages: 10.3.3.209 + ntp1: 10.3.3.208 + ntp2: 10.3.3.209 + nisprint: 10.3.3.211 + nismaster: 10.3.3.211 + printsrv: 10.3.3.211 + domjudge-laptop: 10.3.3.200 + pc2: 10.3.3.241 + +TIMEZONE: "Europe/Amsterdam" + +PHP_FPM_MAX_CHILDREN: 400 +PHP_FPM_MAX_REQUESTS: 500 +PHP_MEMORY_LIMIT: 1024M +PHP_UPLOAD_MAX_FILESIZE: 512M +PHP_POST_MAX_SIZE: 512M +PHP_MAX_FILE_UPLOADS: 101 + +# Git repo URL +DJ_GIT_HOST: "{{LOCAL_GIT_IP}}" +DJ_GIT_REPO: "https://github.com/domjudge/domjudge.git" +DJ_GIT_REPO_RESTRICTED: "domjudge@{{DJ_GIT_HOST}}:domjudge" +DJ_GIT_REPO_SCRIPTS: "https://github.com/domjudge/domjudge-scripts.git" +DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{DJ_GIT_HOST}}:domjudge-scripts-bare" +CONTEST_REPO: "wf2021" + +PHPSTORM_VERSION: 2022.2 +PHPSTORM_FULL_VERSION: 222.4345.15 + +GRAFANA_MONITORING: false + +# Hostname of the CDS. If set, will add an nginx in front of the CDS +# If not set, will only expose CDS directly +CDS_HOSTNAME: cds +CDS_PORT: 80 +CDS_PORT_SECURE: 443 + +# CDS SSL cert and key. Only needed when CDS_HOSTNAME is set +CDS_SSL_CERT: /etc/ssl/certs/cds.crt +CDS_SSL_KEY: /etc/ssl/private/cds.key + +# Hostname of the static scoreboard +STATIC_SCOREBOARD_HOSTNAME: scoreboard + +STATIC_SCOREBOARD_SSL_CERT: /etc/ssl/certs/scoreboard.crt +STATIC_SCOREBOARD_SSL_KEY: /etc/ssl/private/scoreboard.key + +# Block access to the CDS for IPs other than these +#CDS_IP_FILTER: +# - 127.0.0.1-127.0.0.1 +# - 192.168.0.0-192.168.255.255 diff --git a/provision-contest/ansible/group_vars/onprem/secret.yml.example b/provision-contest/ansible/group_vars/onprem/secret.yml.example new file mode 100644 index 00000000..8e86e0ef --- /dev/null +++ b/provision-contest/ansible/group_vars/onprem/secret.yml.example @@ -0,0 +1,71 @@ +# Templated passwords as `{some-strong-password}` are written to make sure our +# script detects those, if you manually change those the `{}` are not required and +# would become part of the password. +# Adding `strong` in the template will create longer passwords and is used for the +# passwords which almost never need to be manually typed. + +# Password for the MySQL replication user. +# Set this to enable master-master replication between two domservers. +#REPLICATION_PASSWORD: {some-strong-replication-password} + +# Database user password. +DB_PASSWORD: {some-strong-database-password} + +# Credentials for the judgehost. +JUDGEHOST_USER: judgehost +JUDGEHOST_PASSWORD: {some-strong-judgehost-password} + +# Username and password to be used in .netrc files on admin machines +ADMIN_USER: admin +ADMIN_PASSWORD: {some-admin-password} + +# Password for domjudge shell user +# Set this to enable a password on the 'domjudge' shell accounts +# created on the domserver and judgehosts. +#DJ_SHELL_USER_PW: {some-hashed-password} + +# Accounts to create when setting up the CDS +CDS_ACCOUNTS: + - username: admin + password: {some-adm1n-password} + type: admin + - username: presAdmin + password: {some-presentation-adm1n-password} + type: admin + - username: presentation + password: {some-public-presentation-password} + type: public + #- username: blue + # password: blu3 + # type: staff + #- username: balloon + # password: balloonPr1nter + # type: balloon + #- username: public + # password: publ1c + # type: public + #- username: myicpc + # password: my1cpc + # type: spectator + #- username: live + # password: l1ve + # type: analyst + #- username: team1 + # password: t3am + # type: team + # team_id: 1 + +# Contest(s) to configure in the CDS +CDS_CONTESTS: + - path: nwerc18 # Path in the contest directory + ccs: + id: nwerc18 # ID of the contest if hosted at DOMJUDGE_URL + # Or provide a absolute URL + # url: https://www.domjudge.org/demoweb/api/contests/nwerc18 + username: admin + password: admin + +PRESCLIENT_CONTEST: nwerc18 + +# Sentry DSN URL +# SENTRY_DSN: diff --git a/provision-contest/ansible/hosts.example b/provision-contest/ansible/hosts.example index 72409204..b0f9cddb 100644 --- a/provision-contest/ansible/hosts.example +++ b/provision-contest/ansible/hosts.example @@ -5,6 +5,22 @@ ansible_python_interpreter=/usr/bin/python3 # When moving clients for ad-hoc actions: # move them to their own group to keep hosts files on deployed machines in sync. +[onprem:children] +domserver +judgehost +cds +grafana +admin +presclient +presadmin +scoreboard +mgmt +autoanalyst + +[online:children] +online-domserver +online-judgehost + [domserver] domjudge-primary ansible_host=10.3.3.216 KEEPALIVED_PRIORITY=100 EFI_ORDER='0\,1\,3\,4' domjudge-backup ansible_host=10.3.3.217 KEEPALIVED_PRIORITY=99 EFI_ORDER='0\,1\,3\,4' @@ -63,3 +79,9 @@ domjudge-scoreboard ansible_host=10.2.2.229 domjudge-mgmg ansible_host=10.3.3.223 [autoanalyst] + +[online-domserver] +online-domserver ansible_host=192.168.255.255 + +[online-judgehost] +online-judgehost1 ansible_host=192.168.255.255 diff --git a/provision-contest/ansible/judgehost.yml b/provision-contest/ansible/judgehost.yml index 9ead6eaa..ae3e9c98 100644 --- a/provision-contest/ansible/judgehost.yml +++ b/provision-contest/ansible/judgehost.yml @@ -2,7 +2,7 @@ # This playbook installs the DOMjudge judgehosts - name: Setup judgehost - hosts: judgehost + hosts: judgehost,online-judgehost strategy: free vars: host_type: judgehost diff --git a/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 b/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 index 8246bf75..a28be1ca 100644 --- a/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 +++ b/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 @@ -154,3 +154,77 @@ scrape_configs: {% for host in groups["domserver"] %} - {{ hostvars[host].ansible_host }}:9253 {% endfor %} + - job_name: 'online-db' + basic_auth: + username: "prometheus" + password: "{{ PROMETHEUS_PASS }}" + tls_config: + insecure_skip_verify: true + scheme: https + static_configs: + - targets: +{% for host in groups["online-domserver"] %} + - {{ hostvars[host].ansible_host }}:9104 +{% endfor %} + - job_name: node_domserver_online + basic_auth: + username: "prometheus" + password: "{{ PROMETHEUS_PASS }}" + tls_config: + insecure_skip_verify: true + scheme: https + static_configs: + - targets: +{% for host in groups["online-domserver"] %} + - {{ hostvars[host].ansible_host }}:9100 +{% endfor %} + - job_name: online-domjudge + basic_auth: + username: admin + password: {{ ADMIN_PASSWORD }} + metrics_path: /api/v4/metrics/prometheus + scheme: https + tls_config: + insecure_skip_verify: true + static_configs: + - targets: +{% for host in groups["online-domserver"] %} + - {{ hostvars[host].ansible_host }} +{% endfor %} + - job_name: 'web_nginx_domserver_online' + basic_auth: + username: "prometheus" + password: "{{ PROMETHEUS_PASS }}" + tls_config: + insecure_skip_verify: true + scheme: https + static_configs: + - targets: +{% for host in groups["online-domserver"] %} + - {{ hostvars[host].ansible_host }}:9113 +{% endfor %} + - job_name: 'web_fpm_domserver_online' + basic_auth: + username: "prometheus" + password: "{{ PROMETHEUS_PASS }}" + tls_config: + insecure_skip_verify: true + scheme: https + static_configs: + - targets: +{% for host in groups["online-domserver"] %} + - {{ hostvars[host].ansible_host }}:9253 +{% endfor %} + - job_name: node_judgehost_online + basic_auth: + username: "prometheus" + password: "{{ PROMETHEUS_PASS }}" + tls_config: + insecure_skip_verify: true + scheme: https + static_configs: + - targets: +{% for host in groups["online-judgehost"] %} + - {{ hostvars[host].ansible_host }}:9100 +{% endfor %} +