summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSacha Chua <sacha@sachachua.com>2022-10-17 17:44:06 -0400
committerSacha Chua <sacha@sachachua.com>2022-10-17 17:44:06 -0400
commit7671b51616a25fa6cff9c26fe65d5f703ff94e21 (patch)
treeb85c0e39c1ca65cbf2d9fb4d0e534acd6861083b
parent656e440054f43fc09050ba13e29d4eaaf355fcf5 (diff)
downloademacsconf-ansible-7671b51616a25fa6cff9c26fe65d5f703ff94e21.tar.xz
emacsconf-ansible-7671b51616a25fa6cff9c26fe65d5f703ff94e21.zip
Get wiki role to push updates to the right place in docker
Ikiwiki has this three-repo setup with post-update hooks
-rw-r--r--README.org27
-rw-r--r--common-playbook.yml25
-rw-r--r--docker-inventory.yml8
-rw-r--r--docker-playbook.yml13
-rw-r--r--docker-reuse-playbook.yml22
-rw-r--r--inventory.yml4
-rw-r--r--local-playbook.yml16
-rw-r--r--prod-playbook.yml26
-rw-r--r--roles/wiki-publish/defaults/main.yml1
-rw-r--r--roles/wiki-publish/tasks/main.yml22
-rw-r--r--roles/wiki/defaults/main.yml3
-rw-r--r--roles/wiki/tasks/docker.yml66
-rw-r--r--roles/wiki/tasks/main.yml19
-rw-r--r--roles/wiki/templates/emacsconf.setup2
-rwxr-xr-xroles/wiki/templates/htmlscrubber.pm4
-rwxr-xr-xroles/wiki/templates/post-update20
-rwxr-xr-xroles/wiki/templates/post-update.h00-ikiwiki-wrapper6
17 files changed, 202 insertions, 82 deletions
diff --git a/README.org b/README.org
index 66d61ff..76c082f 100644
--- a/README.org
+++ b/README.org
@@ -13,15 +13,42 @@ Docker: needs docker-vars.yml, see docker-vars.yml.sample
When you update htmlscrubber.pm in wiki/templates:
ansible-playbook -i inventory.yml prod-playbook.yml --tags wiki-plugins
+ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml --tags wiki-plugins
*** Docker
+Goal:
+- [X] Load the wiki at http://localhost:28080
+- [X] Add SSH key
+- [X] Add as remote
+- [X] Push to the wiki
+- [ ] Have the changes show up automatically
+- [X] Have ansible copy the SSH key
+
+file:/docker:emacsconf-front:/home/ikiwiki/emacsconf.setup
+
Creating:
ansible-playbook -i docker-inventory.yml docker-playbook.yml --tags wiki
Reusing:
ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml --tags wiki
+Copying your SSH key:
+set the docker_ssh_key Ansible variable to the path of your public key
+or
+docker cp ~/.ssh/id_rsa.pub emacsconf-front:/home/ikiwiki/.ssh/authorized_keys2
+docker exec emacsconf-front chown ikiwiki:ikiwiki /home/ikiwiki/.ssh/authorized_keys2
+docker exec emacsconf-front chmod 600 /home/ikiwiki/.ssh/authorized_keys2
+
http://localhost:28080/
+ssh localhost -p 2022
+
+docker exec -it emacsconf-front /bin/bash
+
+git remote add docker ssh://ikiwiki@127.0.0.1:2222/var/www/wiki.git
+
+Debugging
+ssh wiki 'cd /var/www/wiki.git; git update-ref refs/heads/master HEAD^' && git push docker 2022-pages
+
** Publishing
*** Prod
To run the playbook and publish the main schedule:
diff --git a/common-playbook.yml b/common-playbook.yml
new file mode 100644
index 0000000..06b8d08
--- /dev/null
+++ b/common-playbook.yml
@@ -0,0 +1,25 @@
+- name: Set up wiki
+ hosts: front
+ tags: wiki
+ roles:
+ - wiki
+- name: Set up wiki for publishing
+ hosts: front
+ tags: wiki-publish
+ roles:
+ - wiki-publish
+- name: Set up wiki for interactive editing
+ hosts: front
+ tags: wiki-edit
+ roles:
+ - wiki-edit
+- name: Set up pad
+ hosts: pad
+ tags: pad
+ roles:
+ - pad
+- name: Set up proxy
+ hosts: pad
+ tags: proxy
+ roles:
+ - pad-proxy
diff --git a/docker-inventory.yml b/docker-inventory.yml
index b1be91e..c88593f 100644
--- a/docker-inventory.yml
+++ b/docker-inventory.yml
@@ -1,11 +1,15 @@
-all:
+front:
hosts:
emacsconf-front:
ansible_connection: docker
ansible_python_interpreter: /usr/bin/python3
+pad:
+ hosts:
emacsconf-pad:
ansible_connection: docker
ansible_python_interpreter: /usr/bin/python3
+all:
+ hosts:
localhost:
ansible_connection: local
-
+
diff --git a/docker-playbook.yml b/docker-playbook.yml
index 60f83cf..5fce9fb 100644
--- a/docker-playbook.yml
+++ b/docker-playbook.yml
@@ -38,14 +38,5 @@
- include_vars:
file: docker-vars.yml
-- name: Provision the emacsconf-front container created above
- tags: wiki
- hosts: emacsconf-front
- roles:
- - wiki
-
-- name: Provision the pad container created above
- tags: pad
- hosts: emacsconf-pad
- roles:
- - pad
+- name: Run common tasks
+ import_playbook: common-playbook.yml
diff --git a/docker-reuse-playbook.yml b/docker-reuse-playbook.yml
index fd6eea2..bfcfbd1 100644
--- a/docker-reuse-playbook.yml
+++ b/docker-reuse-playbook.yml
@@ -5,23 +5,5 @@
tasks:
- include_vars:
file: docker-vars.yml
-- name: Load talks
- hosts: localhost
- tags: create-pads
- tasks:
- - include_vars:
- file: talks.json
- name: talks
-
-- name: Set up the emacsconf-front wiki
- hosts: emacsconf-front
- tags: wiki
- roles:
- - wiki
-
-- name: Set up the emacsconf-pad
- hosts: emacsconf-pad
- tags: pad
- roles:
- - pad
-
+- name: Run common tasks
+ import_playbook: common-playbook.yml
diff --git a/inventory.yml b/inventory.yml
index 2c52301..3124fb5 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -18,3 +18,7 @@ prod:
ansible_ssh_user: orga
ansible_python_interpreter: /usr/bin/python3
ansible_become: true
+all:
+ hosts:
+ localhost:
+ ansible_connection: local
diff --git a/local-playbook.yml b/local-playbook.yml
new file mode 100644
index 0000000..37cd294
--- /dev/null
+++ b/local-playbook.yml
@@ -0,0 +1,16 @@
+- name: Load vars
+ hosts: localhost
+ tags: always
+ tasks:
+ - include_vars:
+ file: prod-vars.yml
+- name: Load local vars
+ hosts: localhost
+ tags: always
+ tasks:
+ - include_vars:
+ file: local-vars.yml
+- name: Set up Emacs
+ hosts: localhost
+ roles:
+ - wiki-publish
diff --git a/prod-playbook.yml b/prod-playbook.yml
index ac2f8bb..0fc22c2 100644
--- a/prod-playbook.yml
+++ b/prod-playbook.yml
@@ -4,27 +4,5 @@
tasks:
- include_vars:
file: prod-vars.yml
-- name: Set up wiki
- hosts: front
- roles:
- - wiki
-- name: Set up wiki for publishing
- hosts: front
- tags: wiki-publish
- roles:
- - wiki-publish
-- name: Set up wiki for interactive editing
- hosts: front
- tags: wiki-edit
- roles:
- - wiki-edit
-- name: Set up pad
- hosts: pad
- tags: pad
- roles:
- - pad
-- name: Set up proxy
- hosts: pad
- tags: proxy
- roles:
- - pad-proxy
+- name: Run common tasks
+ import_playbook: common-playbook.yml
diff --git a/roles/wiki-publish/defaults/main.yml b/roles/wiki-publish/defaults/main.yml
index c6ca568..863003f 100644
--- a/roles/wiki-publish/defaults/main.yml
+++ b/roles/wiki-publish/defaults/main.yml
@@ -5,3 +5,4 @@ emacsconf_el_dir: ~/emacsconf-el
emacsconf_edit_wiki_dir: ~/emacsconf-wiki
emacsconf_private_dir: ~/emacsconf-2022-private
emacs_config_dir: ~/.emacs.d
+emacs_package: emacs-snapshot-nox
diff --git a/roles/wiki-publish/tasks/main.yml b/roles/wiki-publish/tasks/main.yml
index 897cecc..960aa01 100644
--- a/roles/wiki-publish/tasks/main.yml
+++ b/roles/wiki-publish/tasks/main.yml
@@ -1,17 +1,18 @@
---
- name: Set up SSH directory
ansible.builtin.file:
- path: /home/ikiwiki/.ssh
+ path: "/home/{{ emacsconf_publish_user }}/.ssh"
state: directory
mode: '0700'
- name: Install SSH key for EmacsConf wiki
ansible.builtin.get_url:
url: https://emacsconf.org/id_rsa_anon_git_emacsconf
- dest: /home/ikiwiki/.ssh/id_rsa_anon_git_emacsconf
+ dest: "/home/{{ emacsconf_publish_user }}/.ssh/id_rsa_anon_git_emacsconf"
mode: '0600'
- owner: 'ikiwiki'
+ owner: "{{ emacsconf_publish_user }}"
- name: Set up packages
become: yes
+ when: emacs_package and emacs_package != "emacs"
block:
# This repository is currently not working
# - name: Add snapshot repository
@@ -23,7 +24,7 @@
state: absent
- name: Install Emacs snapshot
ansible.builtin.apt:
- name: emacs-snapshot-nox
+ name: "{{ emacs_package }}"
state: present
- name: Set up Emacs configuration for non-interactive publishing
become: true
@@ -47,16 +48,29 @@
ansible.builtin.git:
repo: git://git.emacsconf.org/emacsconf-wiki
dest: "{{ emacsconf_edit_wiki_dir }}"
+ register: wiki_clone
+ failed_when:
+ - wiki_clone.failed
+ - not 'Local modifications exist in repository' in wiki_clone.msg
+ - not 'Failed to checkout branch' in wiki_clone.msg
- name: Check out emacsconf-el
ansible.builtin.git:
repo: git@git.emacsconf.org:pub/emacsconf-el
dest: "{{ emacsconf_el_dir }}"
register: elisp
+ failed_when:
+ - elisp.failed
+ - not 'Local modifications exist in repository' in elisp.msg
+ - not 'Failed to checkout branch' in elisp.msg
- name: Check out emacsconf-2022-private
ansible.builtin.git:
repo: git@git.emacsconf.org:emacsconf-2022-private
dest: "{{ emacsconf_private_dir }}"
register: private
+ failed_when:
+ - private.failed
+ - not 'Local modifications exist in repository' in private.msg
+ - not 'Failed to checkout branch' in private.msg
- name: Publish
tags: publish
block:
diff --git a/roles/wiki/defaults/main.yml b/roles/wiki/defaults/main.yml
index 421427c..3b890b0 100644
--- a/roles/wiki/defaults/main.yml
+++ b/roles/wiki/defaults/main.yml
@@ -2,7 +2,7 @@
ikiwiki_git_branch: master
ikiwiki_path: /home/ikiwiki
ikiwiki_src_dir: "{{ ikiwiki_path }}/emacsconf"
-ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/IkiWiki/Plugin
+ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/
ikiwiki_admin: bandali@gnu.org
ikiwiki_dest: /var/www/emacsconf.org
ikiwiki_url: https://emacsconf.org
@@ -18,4 +18,5 @@ ikiwiki_cookie_jar: "{{ ikiwiki_path }}/.ikiwiki/cookies"
ikiwiki_git_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf"
ikiwiki_git_test_receive_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf-pre"
ikiwiki_git_base_url: //git.emacsconf.org/emacsconf-wiki
+ikiwiki_cgi_wrapper: "{{ ikiwiki_path }}/ikiwiki.cgi"
diff --git a/roles/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml
index 1a759a4..be6591c 100644
--- a/roles/wiki/tasks/docker.yml
+++ b/roles/wiki/tasks/docker.yml
@@ -2,10 +2,13 @@
apt:
pkg:
- lighttpd
- - supervisord
+ - supervisor
+ - sudo
- name: Create the anon user
user:
name: anon
+ state: present
+ when: docker
- name: Set up Ikiwiki setup
template:
src: emacsconf.setup
@@ -14,27 +17,52 @@
group: www-data
- name: Set up the ikiwiki directories
file:
- dest: /var/www/html
+ dest: "{{ ikiwiki_dest }}"
state: directory
- owner: www-data
+ owner: ikiwiki
group: www-data
+ recurse: true
- name: Clone the bare git repo
git:
bare: true
repo: "{{ ikiwiki_git_source_mount }}"
dest: "{{ ikiwiki_bare_git_dir }}"
version: "{{ ikiwiki_git_branch }}"
+- name: Set up post-update hook
+ tags: wip
+ template:
+ src: post-update
+ dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update"
+ mode: 0755
+- name: Remove sample
+ tags: wip
+ file:
+ path: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.sample"
+ state: absent
+- name: Set up ikiwiki post-update hook
+ tags: wip
+ template:
+ src: post-update.h00-ikiwiki-wrapper
+ dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.h00-ikiwiki-wrapper"
+ mode: 0755
- name: Change owner
+ tags: wip
file:
dest: "{{ ikiwiki_bare_git_dir }}"
recurse: true
- owner: www-data
+ owner: ikiwiki
group: www-data
- name: Clone the working git repo
git:
repo: "{{ ikiwiki_bare_git_dir }}"
dest: "{{ ikiwiki_src_dir }}"
version: "{{ ikiwiki_git_branch }}"
+- name: Chown all the files to ikiwiki
+ file:
+ dest: "{{ ikiwiki_src_dir }}"
+ owner: ikiwiki
+ group: ikiwiki
+ recurse: true
- name: Copy supervisor config
template:
src: supervisord.conf
@@ -43,7 +71,31 @@
service:
name: lighttpd
state: started
-- name: Start supervisord
+- name: Start ssh
+ tags: ssh
service:
- name: supervisor
- state: restarted
+ name: ssh
+ state: started
+- name: Set up SSH directory
+ tags: ssh
+ file:
+ path: /home/ikiwiki/.ssh
+ owner: ikiwiki
+ group: ikiwiki
+ state: directory
+ mode: 0700
+- name: Set up SSH authentication
+ tags: ssh
+ block:
+ - name: Copy key
+ template:
+ src: "{{ docker_ssh_key }}"
+ dest: "/home/ikiwiki/.ssh/authorized_keys2"
+ mode: 0600
+ - name: Change ownership
+ file:
+ path: "/home/ikiwiki/.ssh"
+ owner: ikiwiki
+ group: ikiwiki
+ recurse: true
+ when: docker_ssh_key is defined
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 35c297d..cd7cbdc 100644
--- a/roles/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
@@ -22,29 +22,26 @@
name: ikiwiki
group: ikiwiki
state: present
-- debug:
- var: docker
-- name: Set up or update repositories
- ansible.builtin.git:
- repo: git://git.emacsconf.org/emacsconf-wiki
- dest: "{{ ikiwiki_src_dir }}"
- when: not docker|d(false)
- name: Template the config
ansible.builtin.template:
src: emacsconf.setup
dest: "{{ ikiwiki_path }}/emacsconf.setup"
owner: ikiwiki
+- name: Create the plugin directory
+ file:
+ path: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin"
+ state: directory
- name: Copy Ikiwiki plugins
tags: wiki-plugins
template:
src: "{{ item }}"
- dest: "{{ ikiwiki_plugin_path }}/{{ item }}"
+ dest: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin/{{ item }}"
loop:
- copyright.pm
- htmlscrubber.pm
- license.pm
- include: docker.yml
- when: docker is true
+ when: docker
- name: Chown all the files to ikiwiki
tags: wiki-plugins
file:
@@ -54,7 +51,9 @@
recurse: true
- name: Regenerate all the files
tags: wiki-regenerate, wiki-plugins
- shell: ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers
+ become: true
+ become_user: ikiwiki
+ shell: cd ~ikiwiki; ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers
register: output
- debug:
var: output
diff --git a/roles/wiki/templates/emacsconf.setup b/roles/wiki/templates/emacsconf.setup
index ea9c4c8..81b089b 100644
--- a/roles/wiki/templates/emacsconf.setup
+++ b/roles/wiki/templates/emacsconf.setup
@@ -30,7 +30,7 @@ url: {{ ikiwiki_url }}
reverse_proxy: 0
# filename of cgi wrapper to generate
#cgi_wrapper: /home/ikiwiki/public_html/emacsconf/ikiwiki.cgi
-cgi_wrapper: {{ ikiwiki_path }}/ikiwiki.cgi
+cgi_wrapper: {{ ikiwiki_cgi_wrapper }}
# mode for cgi_wrapper (can safely be made suid)
cgi_wrappermode: 06755
# number of seconds to delay CGI requests when overloaded
diff --git a/roles/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm
index 1ce95b2..caf78a1 100755
--- a/roles/wiki/templates/htmlscrubber.pm
+++ b/roles/wiki/templates/htmlscrubber.pm
@@ -93,8 +93,8 @@ sub scrubber {
}],
default => [undef, { (
map { $_ => 1 } qw{
- version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform
- data-start data-end data-video data-target data-tracks data-track
+ version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform opacity
+ data-start data-end data-video data-target data-tracks data-track
kind label srclang default
abbr accept accept-charset accesskey
align alt axis border cellpadding cellspacing
diff --git a/roles/wiki/templates/post-update b/roles/wiki/templates/post-update
new file mode 100755
index 0000000..523b8de
--- /dev/null
+++ b/roles/wiki/templates/post-update
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Determine what input the hook needs
+# post-update takes args, pre/post-receive take stdin
+type=args
+stdin=''
+[ $0 != hooks/post-update ] && {
+ type=stdin
+ stdin=`cat`
+}
+
+for h in $0.*; do
+ [ -x $h ] || continue
+ if [ $type = args ]
+ then
+ $h $@ || { [ $0 = hooks/pre-receive ] && exit 1; }
+ else
+ echo "$stdin" | $h || { [ $0 = hooks/pre-receive ] && exit 1; }
+ fi
+done
diff --git a/roles/wiki/templates/post-update.h00-ikiwiki-wrapper b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper
new file mode 100755
index 0000000..684ac28
--- /dev/null
+++ b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# bring the mirror up to date with this repo
+cd "{{ ikiwiki_src_dir }}"
+git fetch --prune
+exec {{ ikiwiki_path }}/hooks/emacsconf