init mm2 management

This commit is contained in:
Louis Abel 2023-02-04 16:35:05 -07:00
commit 1688987c16
Signed by: label
GPG key ID: 6735C0E1BD65D048
20 changed files with 321 additions and 0 deletions

6
.ansible-lint Normal file
View file

@ -0,0 +1,6 @@
# .ansible-lint
warn_list:
- '204' # Lines should be less than 160 characters
- '701' # meta/main.yml should contain relevant info
skip_list:
- '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern

7
.gitignore vendored Normal file
View file

@ -0,0 +1,7 @@
inventory
roles/*
collections/*
!roles/README.md
!roles/requirements.yml
!collections/README.md
!collections/requirements.yml

33
.pre-commit-config.yaml Normal file
View file

@ -0,0 +1,33 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.4.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-added-large-files
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-json
- id: pretty-format-json
- id: detect-private-key
- repo: local
hooks:
- id: ansible-lint
name: Ansible-lint
description: This hook runs ansible-lint.
entry: ansible-lint --force-color
language: python
# do not pass files to ansible-lint, see:
# https://github.com/ansible/ansible-lint/issues/611
pass_filenames: false
always_run: true
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.26.0
hooks:
- id: yamllint
files: \.(yaml|yml)$
types: [file, yaml]
entry: yamllint

7
.yamllint Normal file
View file

@ -0,0 +1,7 @@
---
extends: default
rules:
line-length:
max: 140
level: warning

32
README.md Normal file
View file

@ -0,0 +1,32 @@
# Ansible AWX Template: Mirror List Management
Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This helps manage and maintain the mirror manager instances.
## Provides / Information
This repository is for AWX templates.
```
.
├── README.md
├── defaults
│   └── main.yml
├── files
│   └── README.md
├── handlers
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
│   └── README.md
├── tests
│   ├── README.md
│   ├── inventory
│   └── test.yml
└── vars
└── main.yml
```
## Guidelines
These guidelines are on the Core Wiki.

35
adhoc-refresh-cron.yml Normal file
View file

@ -0,0 +1,35 @@
---
# Use this to refresh the cron and logrotate for MM2
- name: Refresh cron and logrotate
hosts: '{{ host }}'
become: true
pre_tasks:
- name: Check if ansible cannot be run here
ansible.builtin.stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
ansible.builtin.assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are not able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Import tasks: logrotate
ansible.builtin.import_tasks: tasks/logrotate.yml
- name: Import tasks: cron
ansible.builtin.import_tasks: tasks/cron.yml
post_tasks:
- name: Touching run file that ansible has ran here
ansible.builtin.file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

14
collections/README.md Normal file
View file

@ -0,0 +1,14 @@
# Collections
If you are wanting to use a collection specifically for this, you will need to define it in a `requirements.yml`, otherwise AWX will not install what you need to run your tasks.
Example:
```
---
# Roles
collections:
- netbox.netbox
- community.aws
- containers.podman
```

2
defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
# Defaults

1
files/README.md Normal file
View file

@ -0,0 +1 @@
Files come here

View file

@ -0,0 +1,14 @@
/var/log/mirrormanager/mirrorlist@1.service.log {
daily
missingok
compress
compresscmd /usr/bin/xz
uncompresscmd /usr/bin/xz
compressext .xz
notifempty
sharedscripts
rotate 30
postrotate
/bin/systemctl restart mirrorlist@1.service
endscript
}

View file

@ -0,0 +1,14 @@
/var/log/mirrormanager/mirrorlist@2.service.log {
daily
missingok
compress
compresscmd /usr/bin/xz
uncompresscmd /usr/bin/xz
compressext .xz
notifempty
sharedscripts
rotate 30
postrotate
/bin/systemctl restart mirrorlist@2.service
endscript
}

2
handlers/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
# Handlers

14
roles/README.md Normal file
View file

@ -0,0 +1,14 @@
# Roles
If you are wanting to use role specifically for this, you will need to define it in a `requirements.yml`, otherwise AWX will not install what you need to run your tasks.
Example:
```
---
# Roles
roles:
- rockylinux.ipagetcert
src: https://github.com/rocky-linux/ansible-role-ipa-getcert
version: main
```

113
tasks/cron.yml Normal file
View file

@ -0,0 +1,113 @@
---
- name: Ensure mirrorlist cache is generated
ansible.builtin.cron:
name: "mirrorlist cache generation"
minute: "*/15"
job: "/usr/local/bin/generate-mirrorlist-cache --debug"
user: "mirrormanager"
################################################################################
# @neil should look at this - is this still necessary?
- name: Ensure mirrorlist 1 is restarted often
ansible.builtin.cron:
name: "mirrorlist 1 restart"
minute: "*/20"
job: "sudo /bin/systemctl restart mirrorlist@1.service"
user: "mirrormanager"
- name: Ensure mirrorlist 2 is restarted often
ansible.builtin.cron:
name: "mirrorlist 2 restart"
minute: "*/21"
job: "sudo /bin/systemctl restart mirrorlist@2.service"
user: "mirrormanager"
#
################################################################################
################################################################################
# Primary mirror scans
- name: Ensure primary mirrors are scanned
ansible.builtin.cron:
name: "scan primary mirror for main distribution"
minute: "0"
hour: "23"
job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux'"
user: "mirrormanager"
- name: Ensure primary mirrors are scanned for sigs
ansible.builtin.cron:
name: "scan primary mirror for sig content"
minute: "0"
hour: "20"
job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux SIGs'"
user: "mirrormanager"
- name: Ensure primary mirrors are scanned for vault
ansible.builtin.cron:
name: "scan primary mirror for vault content"
minute: "0"
hour: "3"
job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux Vault'"
user: "mirrormanager"
#
################################################################################
- name: Check propagation
ansible.builtin.cron:
name: "Check propagation"
minute: "*/6"
hour: "0"
job: "nice -n9 /opt/mirrormanager/check_propagation"
user: "mirrormanager"
################################################################################
# Crawls
- name: Crawl group 1
ansible.builtin.cron:
name: "Crawl group 1"
minute: "0"
hour: "*/8"
job: "/opt/mirrormanager/crawl 1:4 > /dev/null 2>&1"
user: "mirrormanager"
- name: Crawl group 2
ansible.builtin.cron:
name: "Crawl group 2"
minute: "0"
hour: "2-23/8"
job: "/opt/mirrormanager/crawl 2:4 > /dev/null 2>&1"
user: "mirrormanager"
- name: Crawl group 3
ansible.builtin.cron:
name: "Crawl group 3"
minute: "0"
hour: "4-23/8"
job: "/opt/mirrormanager/crawl 3:4 > /dev/null 2>&1"
user: "mirrormanager"
- name: Crawl group 4
ansible.builtin.cron:
name: "Crawl group 4"
minute: "0"
hour: "6-23/8"
job: "/opt/mirrormanager/crawl 4:4 > /dev/null 2>&1"
user: "mirrormanager"
#
################################################################################
- name: Sync netblocks
ansible.builtin.cron:
name: "Sync netblocks daily"
minute: "30"
hour: "0"
job: "mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_global_netblocks /var/lib/mirrormanager/global_netblocks.txt"
user: "mirrormanager"
- name: Sync internet2 blocks
ansible.builtin.cron:
name: "Sync internet2"
minute: "0"
hour: "23"
job: "mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_internet2_netblocks /var/lib/mirrormanager/i2_netblocks.txt"
user: "mirrormanager"
...

12
tasks/logrotate.yml Normal file
View file

@ -0,0 +1,12 @@
---
# Deploy both logrotates for the mirrorlist services
- name: Deploy mirrorlist_1
ansible.builtin.copy:
src: "etc/logrotate.d/mirrorlist_1"
dest: "/etc/logrotate.d/mirrorlist_1"
- name: Deploy mirrorlist_2
ansible.builtin.copy:
src: "etc/logrotate.d/mirrorlist_2"
dest: "/etc/logrotate.d/mirrorlist_2"
...

4
tasks/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
# No tasks
- debug: msg="No tasks are provided here. Please import the task as needed in your playbook."
...

1
templates/README.md Normal file
View file

@ -0,0 +1 @@
Templates go here

3
tests/README.md Normal file
View file

@ -0,0 +1,3 @@
# Tests
Basic tests for the playbooks and tasks come here. Generally you need a `test.yml` and `inventory` file with at least `localhost`

5
tests/test.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
tasks:
- import_tasks: example.yml

2
vars/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
# Vars that should not be overridden