add IPA cron playbook

2024-01-22 22:29:18 -07:00 · 2024-01-22 22:29:18 -07:00 · d0e462f97d
commit d0e462f97d
parent a2fe01cb03
2 changed files with 76 additions and 0 deletions
--- a/files/root/cron/ipa
+++ b/files/root/cron/ipa
@ -0,0 +1,29 @@
+#!/bin/bash
+PATH=/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+
+# IPA should be running. If a service is broken or down, status
+# will report at least 3
+ipactl status > /dev/null 2>&1
+ret_val=$?
+
+if [ "$ret_val" -ne 0 ]; then
+  echo "IPA SERVER IS NOT UP"
+  exit 20
+fi
+
+# clean up first
+if [ -d /var/lib/ipa/backup ]; then
+  touch /var/lib/ipa/backup
+  find /var/lib/ipa/backup -type d -name "ipa-full*" -mtime +14 -exec rm -rf {} +
+fi
+
+ipa-backup > /dev/null 2>&1
+backup_val=$?
+
+FROM="FreeIPA Server Node $(hostname -s) <identitymanagement@rockylinux.org>"
+if [ "$backup_val" -ne 0 ]; then
+  echo "IPA Backup Failed on $(hostname)" | mutt -e "set from=\"$FROM\"" \
+    -e 'set envelope_from=yes' \
+    -s "IPA Backup Failed" \
+    infrastructure@rockylinux.org
+fi
--- a/init-rocky-ipa-cron.yml
+++ b/init-rocky-ipa-cron.yml
@ -0,0 +1,47 @@
+---
+- name: Configure IPA Crons
+  hosts: ipaserver:ipareplicas
+  become: true
+
+  handlers:
+    - import_tasks: handlers/main.yml
+
+  pre_tasks:
+    - name: Check if ansible cannot be run here
+      stat:
+        path: /etc/no-ansible
+      register: no_ansible
+
+    - name: Verify if we can run ansible
+      ansible.builtin.assert:
+        that:
+          - "not no_ansible.stat.exists"
+        success_msg: "We are not able to run on this node"
+        fail_msg: "/etc/no-ansible exists - skipping run on this node"
+
+  tasks:
+    - name: Create cron directory
+      ansible.builtin.file:
+        path: /root/cron
+        state: directory
+        mode: '0755'
+
+    - name: Deploy cron scripts
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: "/{{ item }}"
+        owner: root
+        group: root
+        mode: '0755'
+      with_items:
+        - 'root/cron/ipa'
+
+  post_tasks:
+    - name: Touching run file that ansible has ran here
+      ansible.builtin.file:
+        path: /var/log/ansible.run
+        state: touch
+        mode: '0644'
+        owner: root
+        group: root
+...