From 7671b51616a25fa6cff9c26fe65d5f703ff94e21 Mon Sep 17 00:00:00 2001 From: Sacha Chua Date: Mon, 17 Oct 2022 17:44:06 -0400 Subject: Get wiki role to push updates to the right place in docker Ikiwiki has this three-repo setup with post-update hooks --- README.org | 27 +++++++++ common-playbook.yml | 25 ++++++++ docker-inventory.yml | 8 ++- docker-playbook.yml | 13 +---- docker-reuse-playbook.yml | 22 +------- inventory.yml | 4 ++ local-playbook.yml | 16 ++++++ prod-playbook.yml | 26 +-------- roles/wiki-publish/defaults/main.yml | 1 + roles/wiki-publish/tasks/main.yml | 22 ++++++-- roles/wiki/defaults/main.yml | 3 +- roles/wiki/tasks/docker.yml | 66 +++++++++++++++++++--- roles/wiki/tasks/main.yml | 19 +++---- roles/wiki/templates/emacsconf.setup | 2 +- roles/wiki/templates/htmlscrubber.pm | 4 +- roles/wiki/templates/post-update | 20 +++++++ .../wiki/templates/post-update.h00-ikiwiki-wrapper | 6 ++ 17 files changed, 202 insertions(+), 82 deletions(-) create mode 100644 common-playbook.yml create mode 100644 local-playbook.yml create mode 100755 roles/wiki/templates/post-update create mode 100755 roles/wiki/templates/post-update.h00-ikiwiki-wrapper diff --git a/README.org b/README.org index 66d61ff..76c082f 100644 --- a/README.org +++ b/README.org @@ -13,15 +13,42 @@ Docker: needs docker-vars.yml, see docker-vars.yml.sample When you update htmlscrubber.pm in wiki/templates: ansible-playbook -i inventory.yml prod-playbook.yml --tags wiki-plugins +ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml --tags wiki-plugins *** Docker +Goal: +- [X] Load the wiki at http://localhost:28080 +- [X] Add SSH key +- [X] Add as remote +- [X] Push to the wiki +- [ ] Have the changes show up automatically +- [X] Have ansible copy the SSH key + +file:/docker:emacsconf-front:/home/ikiwiki/emacsconf.setup + Creating: ansible-playbook -i docker-inventory.yml docker-playbook.yml --tags wiki Reusing: ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml --tags wiki +Copying your SSH key: +set the docker_ssh_key Ansible variable to the path of your public key +or +docker cp ~/.ssh/id_rsa.pub emacsconf-front:/home/ikiwiki/.ssh/authorized_keys2 +docker exec emacsconf-front chown ikiwiki:ikiwiki /home/ikiwiki/.ssh/authorized_keys2 +docker exec emacsconf-front chmod 600 /home/ikiwiki/.ssh/authorized_keys2 + http://localhost:28080/ +ssh localhost -p 2022 + +docker exec -it emacsconf-front /bin/bash + +git remote add docker ssh://ikiwiki@127.0.0.1:2222/var/www/wiki.git + +Debugging +ssh wiki 'cd /var/www/wiki.git; git update-ref refs/heads/master HEAD^' && git push docker 2022-pages + ** Publishing *** Prod To run the playbook and publish the main schedule: diff --git a/common-playbook.yml b/common-playbook.yml new file mode 100644 index 0000000..06b8d08 --- /dev/null +++ b/common-playbook.yml @@ -0,0 +1,25 @@ +- name: Set up wiki + hosts: front + tags: wiki + roles: + - wiki +- name: Set up wiki for publishing + hosts: front + tags: wiki-publish + roles: + - wiki-publish +- name: Set up wiki for interactive editing + hosts: front + tags: wiki-edit + roles: + - wiki-edit +- name: Set up pad + hosts: pad + tags: pad + roles: + - pad +- name: Set up proxy + hosts: pad + tags: proxy + roles: + - pad-proxy diff --git a/docker-inventory.yml b/docker-inventory.yml index b1be91e..c88593f 100644 --- a/docker-inventory.yml +++ b/docker-inventory.yml @@ -1,11 +1,15 @@ -all: +front: hosts: emacsconf-front: ansible_connection: docker ansible_python_interpreter: /usr/bin/python3 +pad: + hosts: emacsconf-pad: ansible_connection: docker ansible_python_interpreter: /usr/bin/python3 +all: + hosts: localhost: ansible_connection: local - + diff --git a/docker-playbook.yml b/docker-playbook.yml index 60f83cf..5fce9fb 100644 --- a/docker-playbook.yml +++ b/docker-playbook.yml @@ -38,14 +38,5 @@ - include_vars: file: docker-vars.yml -- name: Provision the emacsconf-front container created above - tags: wiki - hosts: emacsconf-front - roles: - - wiki - -- name: Provision the pad container created above - tags: pad - hosts: emacsconf-pad - roles: - - pad +- name: Run common tasks + import_playbook: common-playbook.yml diff --git a/docker-reuse-playbook.yml b/docker-reuse-playbook.yml index fd6eea2..bfcfbd1 100644 --- a/docker-reuse-playbook.yml +++ b/docker-reuse-playbook.yml @@ -5,23 +5,5 @@ tasks: - include_vars: file: docker-vars.yml -- name: Load talks - hosts: localhost - tags: create-pads - tasks: - - include_vars: - file: talks.json - name: talks - -- name: Set up the emacsconf-front wiki - hosts: emacsconf-front - tags: wiki - roles: - - wiki - -- name: Set up the emacsconf-pad - hosts: emacsconf-pad - tags: pad - roles: - - pad - +- name: Run common tasks + import_playbook: common-playbook.yml diff --git a/inventory.yml b/inventory.yml index 2c52301..3124fb5 100644 --- a/inventory.yml +++ b/inventory.yml @@ -18,3 +18,7 @@ prod: ansible_ssh_user: orga ansible_python_interpreter: /usr/bin/python3 ansible_become: true +all: + hosts: + localhost: + ansible_connection: local diff --git a/local-playbook.yml b/local-playbook.yml new file mode 100644 index 0000000..37cd294 --- /dev/null +++ b/local-playbook.yml @@ -0,0 +1,16 @@ +- name: Load vars + hosts: localhost + tags: always + tasks: + - include_vars: + file: prod-vars.yml +- name: Load local vars + hosts: localhost + tags: always + tasks: + - include_vars: + file: local-vars.yml +- name: Set up Emacs + hosts: localhost + roles: + - wiki-publish diff --git a/prod-playbook.yml b/prod-playbook.yml index ac2f8bb..0fc22c2 100644 --- a/prod-playbook.yml +++ b/prod-playbook.yml @@ -4,27 +4,5 @@ tasks: - include_vars: file: prod-vars.yml -- name: Set up wiki - hosts: front - roles: - - wiki -- name: Set up wiki for publishing - hosts: front - tags: wiki-publish - roles: - - wiki-publish -- name: Set up wiki for interactive editing - hosts: front - tags: wiki-edit - roles: - - wiki-edit -- name: Set up pad - hosts: pad - tags: pad - roles: - - pad -- name: Set up proxy - hosts: pad - tags: proxy - roles: - - pad-proxy +- name: Run common tasks + import_playbook: common-playbook.yml diff --git a/roles/wiki-publish/defaults/main.yml b/roles/wiki-publish/defaults/main.yml index c6ca568..863003f 100644 --- a/roles/wiki-publish/defaults/main.yml +++ b/roles/wiki-publish/defaults/main.yml @@ -5,3 +5,4 @@ emacsconf_el_dir: ~/emacsconf-el emacsconf_edit_wiki_dir: ~/emacsconf-wiki emacsconf_private_dir: ~/emacsconf-2022-private emacs_config_dir: ~/.emacs.d +emacs_package: emacs-snapshot-nox diff --git a/roles/wiki-publish/tasks/main.yml b/roles/wiki-publish/tasks/main.yml index 897cecc..960aa01 100644 --- a/roles/wiki-publish/tasks/main.yml +++ b/roles/wiki-publish/tasks/main.yml @@ -1,17 +1,18 @@ --- - name: Set up SSH directory ansible.builtin.file: - path: /home/ikiwiki/.ssh + path: "/home/{{ emacsconf_publish_user }}/.ssh" state: directory mode: '0700' - name: Install SSH key for EmacsConf wiki ansible.builtin.get_url: url: https://emacsconf.org/id_rsa_anon_git_emacsconf - dest: /home/ikiwiki/.ssh/id_rsa_anon_git_emacsconf + dest: "/home/{{ emacsconf_publish_user }}/.ssh/id_rsa_anon_git_emacsconf" mode: '0600' - owner: 'ikiwiki' + owner: "{{ emacsconf_publish_user }}" - name: Set up packages become: yes + when: emacs_package and emacs_package != "emacs" block: # This repository is currently not working # - name: Add snapshot repository @@ -23,7 +24,7 @@ state: absent - name: Install Emacs snapshot ansible.builtin.apt: - name: emacs-snapshot-nox + name: "{{ emacs_package }}" state: present - name: Set up Emacs configuration for non-interactive publishing become: true @@ -47,16 +48,29 @@ ansible.builtin.git: repo: git://git.emacsconf.org/emacsconf-wiki dest: "{{ emacsconf_edit_wiki_dir }}" + register: wiki_clone + failed_when: + - wiki_clone.failed + - not 'Local modifications exist in repository' in wiki_clone.msg + - not 'Failed to checkout branch' in wiki_clone.msg - name: Check out emacsconf-el ansible.builtin.git: repo: git@git.emacsconf.org:pub/emacsconf-el dest: "{{ emacsconf_el_dir }}" register: elisp + failed_when: + - elisp.failed + - not 'Local modifications exist in repository' in elisp.msg + - not 'Failed to checkout branch' in elisp.msg - name: Check out emacsconf-2022-private ansible.builtin.git: repo: git@git.emacsconf.org:emacsconf-2022-private dest: "{{ emacsconf_private_dir }}" register: private + failed_when: + - private.failed + - not 'Local modifications exist in repository' in private.msg + - not 'Failed to checkout branch' in private.msg - name: Publish tags: publish block: diff --git a/roles/wiki/defaults/main.yml b/roles/wiki/defaults/main.yml index 421427c..3b890b0 100644 --- a/roles/wiki/defaults/main.yml +++ b/roles/wiki/defaults/main.yml @@ -2,7 +2,7 @@ ikiwiki_git_branch: master ikiwiki_path: /home/ikiwiki ikiwiki_src_dir: "{{ ikiwiki_path }}/emacsconf" -ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/IkiWiki/Plugin +ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/ ikiwiki_admin: bandali@gnu.org ikiwiki_dest: /var/www/emacsconf.org ikiwiki_url: https://emacsconf.org @@ -18,4 +18,5 @@ ikiwiki_cookie_jar: "{{ ikiwiki_path }}/.ikiwiki/cookies" ikiwiki_git_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf" ikiwiki_git_test_receive_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf-pre" ikiwiki_git_base_url: //git.emacsconf.org/emacsconf-wiki +ikiwiki_cgi_wrapper: "{{ ikiwiki_path }}/ikiwiki.cgi" diff --git a/roles/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml index 1a759a4..be6591c 100644 --- a/roles/wiki/tasks/docker.yml +++ b/roles/wiki/tasks/docker.yml @@ -2,10 +2,13 @@ apt: pkg: - lighttpd - - supervisord + - supervisor + - sudo - name: Create the anon user user: name: anon + state: present + when: docker - name: Set up Ikiwiki setup template: src: emacsconf.setup @@ -14,27 +17,52 @@ group: www-data - name: Set up the ikiwiki directories file: - dest: /var/www/html + dest: "{{ ikiwiki_dest }}" state: directory - owner: www-data + owner: ikiwiki group: www-data + recurse: true - name: Clone the bare git repo git: bare: true repo: "{{ ikiwiki_git_source_mount }}" dest: "{{ ikiwiki_bare_git_dir }}" version: "{{ ikiwiki_git_branch }}" +- name: Set up post-update hook + tags: wip + template: + src: post-update + dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update" + mode: 0755 +- name: Remove sample + tags: wip + file: + path: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.sample" + state: absent +- name: Set up ikiwiki post-update hook + tags: wip + template: + src: post-update.h00-ikiwiki-wrapper + dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.h00-ikiwiki-wrapper" + mode: 0755 - name: Change owner + tags: wip file: dest: "{{ ikiwiki_bare_git_dir }}" recurse: true - owner: www-data + owner: ikiwiki group: www-data - name: Clone the working git repo git: repo: "{{ ikiwiki_bare_git_dir }}" dest: "{{ ikiwiki_src_dir }}" version: "{{ ikiwiki_git_branch }}" +- name: Chown all the files to ikiwiki + file: + dest: "{{ ikiwiki_src_dir }}" + owner: ikiwiki + group: ikiwiki + recurse: true - name: Copy supervisor config template: src: supervisord.conf @@ -43,7 +71,31 @@ service: name: lighttpd state: started -- name: Start supervisord +- name: Start ssh + tags: ssh service: - name: supervisor - state: restarted + name: ssh + state: started +- name: Set up SSH directory + tags: ssh + file: + path: /home/ikiwiki/.ssh + owner: ikiwiki + group: ikiwiki + state: directory + mode: 0700 +- name: Set up SSH authentication + tags: ssh + block: + - name: Copy key + template: + src: "{{ docker_ssh_key }}" + dest: "/home/ikiwiki/.ssh/authorized_keys2" + mode: 0600 + - name: Change ownership + file: + path: "/home/ikiwiki/.ssh" + owner: ikiwiki + group: ikiwiki + recurse: true + when: docker_ssh_key is defined diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml index 35c297d..cd7cbdc 100644 --- a/roles/wiki/tasks/main.yml +++ b/roles/wiki/tasks/main.yml @@ -22,29 +22,26 @@ name: ikiwiki group: ikiwiki state: present -- debug: - var: docker -- name: Set up or update repositories - ansible.builtin.git: - repo: git://git.emacsconf.org/emacsconf-wiki - dest: "{{ ikiwiki_src_dir }}" - when: not docker|d(false) - name: Template the config ansible.builtin.template: src: emacsconf.setup dest: "{{ ikiwiki_path }}/emacsconf.setup" owner: ikiwiki +- name: Create the plugin directory + file: + path: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin" + state: directory - name: Copy Ikiwiki plugins tags: wiki-plugins template: src: "{{ item }}" - dest: "{{ ikiwiki_plugin_path }}/{{ item }}" + dest: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin/{{ item }}" loop: - copyright.pm - htmlscrubber.pm - license.pm - include: docker.yml - when: docker is true + when: docker - name: Chown all the files to ikiwiki tags: wiki-plugins file: @@ -54,7 +51,9 @@ recurse: true - name: Regenerate all the files tags: wiki-regenerate, wiki-plugins - shell: ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers + become: true + become_user: ikiwiki + shell: cd ~ikiwiki; ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers register: output - debug: var: output diff --git a/roles/wiki/templates/emacsconf.setup b/roles/wiki/templates/emacsconf.setup index ea9c4c8..81b089b 100644 --- a/roles/wiki/templates/emacsconf.setup +++ b/roles/wiki/templates/emacsconf.setup @@ -30,7 +30,7 @@ url: {{ ikiwiki_url }} reverse_proxy: 0 # filename of cgi wrapper to generate #cgi_wrapper: /home/ikiwiki/public_html/emacsconf/ikiwiki.cgi -cgi_wrapper: {{ ikiwiki_path }}/ikiwiki.cgi +cgi_wrapper: {{ ikiwiki_cgi_wrapper }} # mode for cgi_wrapper (can safely be made suid) cgi_wrappermode: 06755 # number of seconds to delay CGI requests when overloaded diff --git a/roles/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm index 1ce95b2..caf78a1 100755 --- a/roles/wiki/templates/htmlscrubber.pm +++ b/roles/wiki/templates/htmlscrubber.pm @@ -93,8 +93,8 @@ sub scrubber { }], default => [undef, { ( map { $_ => 1 } qw{ - version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform - data-start data-end data-video data-target data-tracks data-track + version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform opacity + data-start data-end data-video data-target data-tracks data-track kind label srclang default abbr accept accept-charset accesskey align alt axis border cellpadding cellspacing diff --git a/roles/wiki/templates/post-update b/roles/wiki/templates/post-update new file mode 100755 index 0000000..523b8de --- /dev/null +++ b/roles/wiki/templates/post-update @@ -0,0 +1,20 @@ +#!/bin/sh + +# Determine what input the hook needs +# post-update takes args, pre/post-receive take stdin +type=args +stdin='' +[ $0 != hooks/post-update ] && { + type=stdin + stdin=`cat` +} + +for h in $0.*; do + [ -x $h ] || continue + if [ $type = args ] + then + $h $@ || { [ $0 = hooks/pre-receive ] && exit 1; } + else + echo "$stdin" | $h || { [ $0 = hooks/pre-receive ] && exit 1; } + fi +done diff --git a/roles/wiki/templates/post-update.h00-ikiwiki-wrapper b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper new file mode 100755 index 0000000..684ac28 --- /dev/null +++ b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper @@ -0,0 +1,6 @@ +#!/bin/sh + +# bring the mirror up to date with this repo +cd "{{ ikiwiki_src_dir }}" +git fetch --prune +exec {{ ikiwiki_path }}/hooks/emacsconf -- cgit v1.2.3