init mm2 management
This commit is contained in:
commit
1688987c16
20 changed files with 321 additions and 0 deletions
6
.ansible-lint
Normal file
6
.ansible-lint
Normal file
|
@ -0,0 +1,6 @@
|
|||
# .ansible-lint
|
||||
warn_list:
|
||||
- '204' # Lines should be less than 160 characters
|
||||
- '701' # meta/main.yml should contain relevant info
|
||||
skip_list:
|
||||
- '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern
|
7
.gitignore
vendored
Normal file
7
.gitignore
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
inventory
|
||||
roles/*
|
||||
collections/*
|
||||
!roles/README.md
|
||||
!roles/requirements.yml
|
||||
!collections/README.md
|
||||
!collections/requirements.yml
|
33
.pre-commit-config.yaml
Normal file
33
.pre-commit-config.yaml
Normal file
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v3.4.0
|
||||
hooks:
|
||||
- id: trailing-whitespace
|
||||
- id: end-of-file-fixer
|
||||
- id: check-added-large-files
|
||||
- id: check-case-conflict
|
||||
- id: check-executables-have-shebangs
|
||||
- id: check-json
|
||||
- id: pretty-format-json
|
||||
- id: detect-private-key
|
||||
|
||||
- repo: local
|
||||
hooks:
|
||||
- id: ansible-lint
|
||||
name: Ansible-lint
|
||||
description: This hook runs ansible-lint.
|
||||
entry: ansible-lint --force-color
|
||||
language: python
|
||||
# do not pass files to ansible-lint, see:
|
||||
# https://github.com/ansible/ansible-lint/issues/611
|
||||
pass_filenames: false
|
||||
always_run: true
|
||||
|
||||
- repo: https://github.com/adrienverge/yamllint.git
|
||||
rev: v1.26.0
|
||||
hooks:
|
||||
- id: yamllint
|
||||
files: \.(yaml|yml)$
|
||||
types: [file, yaml]
|
||||
entry: yamllint
|
7
.yamllint
Normal file
7
.yamllint
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
line-length:
|
||||
max: 140
|
||||
level: warning
|
32
README.md
Normal file
32
README.md
Normal file
|
@ -0,0 +1,32 @@
|
|||
# Ansible AWX Template: Mirror List Management
|
||||
|
||||
Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This helps manage and maintain the mirror manager instances.
|
||||
|
||||
## Provides / Information
|
||||
|
||||
This repository is for AWX templates.
|
||||
|
||||
```
|
||||
.
|
||||
├── README.md
|
||||
├── defaults
|
||||
│ └── main.yml
|
||||
├── files
|
||||
│ └── README.md
|
||||
├── handlers
|
||||
│ └── main.yml
|
||||
├── tasks
|
||||
│ └── main.yml
|
||||
├── templates
|
||||
│ └── README.md
|
||||
├── tests
|
||||
│ ├── README.md
|
||||
│ ├── inventory
|
||||
│ └── test.yml
|
||||
└── vars
|
||||
└── main.yml
|
||||
```
|
||||
|
||||
## Guidelines
|
||||
|
||||
These guidelines are on the Core Wiki.
|
35
adhoc-refresh-cron.yml
Normal file
35
adhoc-refresh-cron.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
# Use this to refresh the cron and logrotate for MM2
|
||||
- name: Refresh cron and logrotate
|
||||
hosts: '{{ host }}'
|
||||
become: true
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
ansible.builtin.stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are not able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
tasks:
|
||||
- name: Import tasks: logrotate
|
||||
ansible.builtin.import_tasks: tasks/logrotate.yml
|
||||
|
||||
- name: Import tasks: cron
|
||||
ansible.builtin.import_tasks: tasks/cron.yml
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
ansible.builtin.file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
14
collections/README.md
Normal file
14
collections/README.md
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Collections
|
||||
|
||||
If you are wanting to use a collection specifically for this, you will need to define it in a `requirements.yml`, otherwise AWX will not install what you need to run your tasks.
|
||||
|
||||
Example:
|
||||
|
||||
```
|
||||
---
|
||||
# Roles
|
||||
collections:
|
||||
- netbox.netbox
|
||||
- community.aws
|
||||
- containers.podman
|
||||
```
|
2
defaults/main.yml
Normal file
2
defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# Defaults
|
1
files/README.md
Normal file
1
files/README.md
Normal file
|
@ -0,0 +1 @@
|
|||
Files come here
|
14
files/etc/logrotate.d/mirrorlist_1
Normal file
14
files/etc/logrotate.d/mirrorlist_1
Normal file
|
@ -0,0 +1,14 @@
|
|||
/var/log/mirrormanager/mirrorlist@1.service.log {
|
||||
daily
|
||||
missingok
|
||||
compress
|
||||
compresscmd /usr/bin/xz
|
||||
uncompresscmd /usr/bin/xz
|
||||
compressext .xz
|
||||
notifempty
|
||||
sharedscripts
|
||||
rotate 30
|
||||
postrotate
|
||||
/bin/systemctl restart mirrorlist@1.service
|
||||
endscript
|
||||
}
|
14
files/etc/logrotate.d/mirrorlist_2
Normal file
14
files/etc/logrotate.d/mirrorlist_2
Normal file
|
@ -0,0 +1,14 @@
|
|||
/var/log/mirrormanager/mirrorlist@2.service.log {
|
||||
daily
|
||||
missingok
|
||||
compress
|
||||
compresscmd /usr/bin/xz
|
||||
uncompresscmd /usr/bin/xz
|
||||
compressext .xz
|
||||
notifempty
|
||||
sharedscripts
|
||||
rotate 30
|
||||
postrotate
|
||||
/bin/systemctl restart mirrorlist@2.service
|
||||
endscript
|
||||
}
|
2
handlers/main.yml
Normal file
2
handlers/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# Handlers
|
14
roles/README.md
Normal file
14
roles/README.md
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Roles
|
||||
|
||||
If you are wanting to use role specifically for this, you will need to define it in a `requirements.yml`, otherwise AWX will not install what you need to run your tasks.
|
||||
|
||||
Example:
|
||||
|
||||
```
|
||||
---
|
||||
# Roles
|
||||
roles:
|
||||
- rockylinux.ipagetcert
|
||||
src: https://github.com/rocky-linux/ansible-role-ipa-getcert
|
||||
version: main
|
||||
```
|
113
tasks/cron.yml
Normal file
113
tasks/cron.yml
Normal file
|
@ -0,0 +1,113 @@
|
|||
---
|
||||
- name: Ensure mirrorlist cache is generated
|
||||
ansible.builtin.cron:
|
||||
name: "mirrorlist cache generation"
|
||||
minute: "*/15"
|
||||
job: "/usr/local/bin/generate-mirrorlist-cache --debug"
|
||||
user: "mirrormanager"
|
||||
|
||||
################################################################################
|
||||
# @neil should look at this - is this still necessary?
|
||||
- name: Ensure mirrorlist 1 is restarted often
|
||||
ansible.builtin.cron:
|
||||
name: "mirrorlist 1 restart"
|
||||
minute: "*/20"
|
||||
job: "sudo /bin/systemctl restart mirrorlist@1.service"
|
||||
user: "mirrormanager"
|
||||
|
||||
- name: Ensure mirrorlist 2 is restarted often
|
||||
ansible.builtin.cron:
|
||||
name: "mirrorlist 2 restart"
|
||||
minute: "*/21"
|
||||
job: "sudo /bin/systemctl restart mirrorlist@2.service"
|
||||
user: "mirrormanager"
|
||||
#
|
||||
################################################################################
|
||||
|
||||
################################################################################
|
||||
# Primary mirror scans
|
||||
- name: Ensure primary mirrors are scanned
|
||||
ansible.builtin.cron:
|
||||
name: "scan primary mirror for main distribution"
|
||||
minute: "0"
|
||||
hour: "23"
|
||||
job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux'"
|
||||
user: "mirrormanager"
|
||||
|
||||
- name: Ensure primary mirrors are scanned for sigs
|
||||
ansible.builtin.cron:
|
||||
name: "scan primary mirror for sig content"
|
||||
minute: "0"
|
||||
hour: "20"
|
||||
job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux SIGs'"
|
||||
user: "mirrormanager"
|
||||
|
||||
- name: Ensure primary mirrors are scanned for vault
|
||||
ansible.builtin.cron:
|
||||
name: "scan primary mirror for vault content"
|
||||
minute: "0"
|
||||
hour: "3"
|
||||
job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux Vault'"
|
||||
user: "mirrormanager"
|
||||
#
|
||||
################################################################################
|
||||
|
||||
- name: Check propagation
|
||||
ansible.builtin.cron:
|
||||
name: "Check propagation"
|
||||
minute: "*/6"
|
||||
hour: "0"
|
||||
job: "nice -n9 /opt/mirrormanager/check_propagation"
|
||||
user: "mirrormanager"
|
||||
################################################################################
|
||||
# Crawls
|
||||
- name: Crawl group 1
|
||||
ansible.builtin.cron:
|
||||
name: "Crawl group 1"
|
||||
minute: "0"
|
||||
hour: "*/8"
|
||||
job: "/opt/mirrormanager/crawl 1:4 > /dev/null 2>&1"
|
||||
user: "mirrormanager"
|
||||
|
||||
- name: Crawl group 2
|
||||
ansible.builtin.cron:
|
||||
name: "Crawl group 2"
|
||||
minute: "0"
|
||||
hour: "2-23/8"
|
||||
job: "/opt/mirrormanager/crawl 2:4 > /dev/null 2>&1"
|
||||
user: "mirrormanager"
|
||||
|
||||
- name: Crawl group 3
|
||||
ansible.builtin.cron:
|
||||
name: "Crawl group 3"
|
||||
minute: "0"
|
||||
hour: "4-23/8"
|
||||
job: "/opt/mirrormanager/crawl 3:4 > /dev/null 2>&1"
|
||||
user: "mirrormanager"
|
||||
|
||||
- name: Crawl group 4
|
||||
ansible.builtin.cron:
|
||||
name: "Crawl group 4"
|
||||
minute: "0"
|
||||
hour: "6-23/8"
|
||||
job: "/opt/mirrormanager/crawl 4:4 > /dev/null 2>&1"
|
||||
user: "mirrormanager"
|
||||
#
|
||||
################################################################################
|
||||
|
||||
- name: Sync netblocks
|
||||
ansible.builtin.cron:
|
||||
name: "Sync netblocks daily"
|
||||
minute: "30"
|
||||
hour: "0"
|
||||
job: "mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_global_netblocks /var/lib/mirrormanager/global_netblocks.txt"
|
||||
user: "mirrormanager"
|
||||
|
||||
- name: Sync internet2 blocks
|
||||
ansible.builtin.cron:
|
||||
name: "Sync internet2"
|
||||
minute: "0"
|
||||
hour: "23"
|
||||
job: "mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_internet2_netblocks /var/lib/mirrormanager/i2_netblocks.txt"
|
||||
user: "mirrormanager"
|
||||
...
|
12
tasks/logrotate.yml
Normal file
12
tasks/logrotate.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
# Deploy both logrotates for the mirrorlist services
|
||||
- name: Deploy mirrorlist_1
|
||||
ansible.builtin.copy:
|
||||
src: "etc/logrotate.d/mirrorlist_1"
|
||||
dest: "/etc/logrotate.d/mirrorlist_1"
|
||||
|
||||
- name: Deploy mirrorlist_2
|
||||
ansible.builtin.copy:
|
||||
src: "etc/logrotate.d/mirrorlist_2"
|
||||
dest: "/etc/logrotate.d/mirrorlist_2"
|
||||
...
|
4
tasks/main.yml
Normal file
4
tasks/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
# No tasks
|
||||
- debug: msg="No tasks are provided here. Please import the task as needed in your playbook."
|
||||
...
|
1
templates/README.md
Normal file
1
templates/README.md
Normal file
|
@ -0,0 +1 @@
|
|||
Templates go here
|
3
tests/README.md
Normal file
3
tests/README.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
# Tests
|
||||
|
||||
Basic tests for the playbooks and tasks come here. Generally you need a `test.yml` and `inventory` file with at least `localhost`
|
5
tests/test.yml
Normal file
5
tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
tasks:
|
||||
- import_tasks: example.yml
|
2
vars/main.yml
Normal file
2
vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# Vars that should not be overridden
|
Loading…
Reference in a new issue