Use script_server config of ubergeek42

Author: vmcj

Diff for: provision-contest/ansible/roles/script_server/defaults/main.yml

@@ -0,0 +1,43 @@
+---
+script_server_url: https://github.com/bugy/script-server/releases/download/1.18.0/script-server.zip
+script_server_port: 5000
+
+script_server_admin_users: &admin_users
+  # hostnames or ips
+  - backup
+  - 127.0.0.1
+
+# ansible hostgroups to ignore
+script_server_ignored_groups:
+  - 'all'
+  - 'ungrouped'
+  - 'contestants'
+  - 'contestants_wf46'
+  - 'contestants_wf47'
+
+
+script_server_commands:
+  - name: run-lastminute
+    description: Runs the ansible playbook lastminute.yml
+    group: ansible # for organization in script-server
+    allowed_users:
+      - backup # or 10.3.3.210 (the ansible template will resolve names to IPs)
+    content: |
+      #!/usr/bin/bash
+      echo "hello world $HOSTPATTERN"
+    parameters:
+      - name: host_pattern
+        # pass_as: env_variable # this is default
+        # env_var: host_pattern # default is same as name
+        type: list
+        values:
+          - all
+          - backup
+          - packages
+          - scoreboard
+          - cds
+
+script_server_command_defaults:
+  output_format: terminal
+  # scheduling: # Don't allow scheduling, the ui for it is not good...
+    # enabled: false

Diff for: provision-contest/ansible/roles/script_server/files/script-server.zip

@@ -0,0 +1,5 @@
+---
+- name: Restart script-server
+  ansible.builtin.service:
+    name: script-server
+    state: restarted

Diff for: provision-contest/ansible/roles/script_server/handlers/main.yml

@@ -0,0 +1,25 @@
+import ansible.utils as utils
+import ansible.errors as errors
+from ansible.plugins.lookup import LookupBase
+import socket
+import ipaddress
+
+class LookupModule(LookupBase):
+
+    def __init__(self, basedir=None, **kwargs):
+        self.basedir = basedir
+
+    def run(self, terms, variables=None, **kwargs):
+        hostname = terms[0]
+
+        try:
+          # If it's a valid ip address already, just return it directly
+          ipaddress.ip_address(hostname)
+          return [hostname]
+        except Exception:
+          pass
+
+        if not isinstance(hostname, str):
+            raise errors.AnsibleError("ip lookup expects a string (hostname)")
+
+        return [socket.gethostbyname(hostname)]

Diff for: provision-contest/ansible/roles/script_server/lookup_plugins/ip.py

@@ -0,0 +1,78 @@
+---
+- name: Install script-server dependencies
+  ansible.builtin.package:
+    pkg: "{{ item }}"
+    state: present
+  loop:
+    - python3-tornado
+    - apache2-utils # for htpasswd auth
+
+- name: Create directory for script-server to live
+  ansible.builtin.file:
+    path: /opt/script-server
+    mode: "0755"
+    owner: root
+    group: root
+    state: directory
+
+- name: Download script-server
+  ansible.builtin.unarchive:
+    src: "{{ script_server_url }}"
+    dest: /opt/script-server
+    remote_src: "{{ true if script_server_url.startswith('http') else false }}"
+    creates: /opt/script-server/launcher.py
+
+- name: Configure the server
+  ansible.builtin.template:
+    src: conf.json.j2
+    dest: /opt/script-server/conf/conf.json
+    mode: "0644"
+
+- name: Create systemd service for script-server
+  ansible.builtin.copy:
+    mode: "0644"
+    dest: /etc/systemd/system/script-server.service
+    content: |
+      [Unit]
+      Description=Script Server
+      After=network.target
+      StartLimitIntervalSec=0
+
+      [Service]
+      Type=simple
+      Restart=always
+      RestartSec=1
+      ExecStart=/usr/bin/python3 /opt/script-server/launcher.py
+
+      [Install]
+      WantedBy=multi-user.target
+  notify: Restart script-server
+
+- name: Start + enable script-server
+  ansible.builtin.service:
+    name: script-server
+    state: started
+    enabled: true
+
+- name: Ensure required directories exist
+  ansible.builtin.file:
+    state: directory
+    mode: "0755"
+    path: /opt/script-server/conf/{{ item }}
+  loop:
+    - scripts
+    - runners
+
+- name: Create scripts
+  ansible.builtin.copy:
+    content: "{{ item.content }}"
+    dest: /opt/script-server/conf/scripts/{{ item.name }}
+    mode: "0755"
+  with_items: "{{ script_server_commands }}"
+
+- name: Create script config definitions
+  ansible.builtin.template:
+    src: command_template.yaml.j2
+    dest: /opt/script-server/conf/runners/{{ item.name }}.yaml
+    mode: "0644"
+  with_items: "{{ script_server_commands }}"

Diff for: provision-contest/ansible/roles/script_server/tasks/main.yml

@@ -0,0 +1,42 @@
+---
+{% set _unused_content = item.pop('content') %}
+{% set parameters = item.pop('parameters') %}
+{% set admin_users = item.pop('admin_users', []) + script_server_admin_users %}
+{% set allowed_users = item.pop('allowed_users', []) %}
+{# set admin_users = (admin_users if ( admin_users | type_debug == "list" ) else [admin_users]) #}
+{# set allowed_users = (allowed_users if ( allowed_users | type_debug == "list" ) else [allowed_users]) #}
+{{
+  script_server_command_defaults |
+  combine(item) |
+  to_nice_yaml
+}}
+{% if admin_users %}
+admin_users:
+{% for u in admin_users %}
+  - {{ lookup('ip', u) }}
+{% endfor %}
+{% endif %}
+{% if allowed_users %}
+allowed_users:
+{% for u in (allowed_users + admin_users) %}
+  - {{ lookup('ip', u) }}
+{% endfor %}
+{% endif %}
+
+{% if parameters %}
+parameters:
+{% for param in parameters %}
+  - name: {{ param.name }}
+    pass_as: {{ param.pass_as | default('env_variable') }}
+{% if param.pass_as|default('env_variable') == 'env_variable' %}
+    env_var: {{ param.env_var | default(param.name) }}
+{% endif %}
+{% for k,v in param.items() if k not in ['pass_as','env_var','name'] %}
+    {{ k}}: {{ v|to_json }}
+{% endfor %}
+{% endfor %}
+{% endif %}
+
+
+# assume default path for the script file
+script_path: conf/scripts/{{ item.name }}

Diff for: provision-contest/ansible/roles/script_server/templates/command_template.yaml.j2

@@ -0,0 +1,46 @@
+{
+    "title": "sysops script server",
+    "port": {{ script_server_port }},
+    "access": {
+        "trusted_ips": [
+            {% for group in groups if group not in script_server_ignored_groups %}
+            {%- for host in groups[group] -%}
+            "{{ hostvars[host].ansible_host}}",
+            {% endfor %}
+            {%- endfor -%}
+
+            {% for u in script_server_admin_users %}"{{ lookup('ip', u)}}", {% endfor %}"127.0.0.1"
+        ],
+        "allowed_users": [
+            {% for group in groups if group not in script_server_ignored_groups %}
+            {%- for host in groups[group] -%}
+            "{{ hostvars[host].ansible_host}}",
+            {% endfor -%}
+            {%- endfor -%}
+            "127.0.0.1"
+        ],
+        "admin_users": [{% for u in script_server_admin_users %}"{{ lookup('ip', u)}}", {% endfor %}"127.0.0.1"],
+        "groups": {
+            {% for group in groups if group not in script_server_ignored_groups -%}
+            "{{group}}": [
+                {% for host in groups[group] -%}
+                "{{ hostvars[host].ansible_host}}" {{ ", " if not loop.last else "" }}
+                {% endfor -%}
+            ],
+            {% endfor -%}
+            "all": [
+                {% for group in groups if group not in script_server_ignored_groups -%}
+                "{{ group }}",
+                {% endfor -%}
+                "@admin_users"
+            ]
+        }
+    },
+    "logging": {
+        "execution_file": "$DATE-$ID.log",
+        "execution_date_format": "%y-%m-%d_%H-%M"
+    },
+    "security": {
+        "xsrf_protection": "token"
+    }
+}