From 1688987c162af451ec7e23523178e0392738d542 Mon Sep 17 00:00:00 2001
From: Louis Abel <tucklesepk@gmail.com>
Date: Sat, 4 Feb 2023 16:35:05 -0700
Subject: [PATCH] init mm2 management

---
 .ansible-lint                      |   6 ++
 .gitignore                         |   7 ++
 .pre-commit-config.yaml            |  33 +++++++++
 .yamllint                          |   7 ++
 README.md                          |  32 ++++++++
 adhoc-refresh-cron.yml             |  35 +++++++++
 collections/README.md              |  14 ++++
 defaults/main.yml                  |   2 +
 files/README.md                    |   1 +
 files/etc/logrotate.d/mirrorlist_1 |  14 ++++
 files/etc/logrotate.d/mirrorlist_2 |  14 ++++
 handlers/main.yml                  |   2 +
 roles/README.md                    |  14 ++++
 tasks/cron.yml                     | 113 +++++++++++++++++++++++++++++
 tasks/logrotate.yml                |  12 +++
 tasks/main.yml                     |   4 +
 templates/README.md                |   1 +
 tests/README.md                    |   3 +
 tests/test.yml                     |   5 ++
 vars/main.yml                      |   2 +
 20 files changed, 321 insertions(+)
 create mode 100644 .ansible-lint
 create mode 100644 .gitignore
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 .yamllint
 create mode 100644 README.md
 create mode 100644 adhoc-refresh-cron.yml
 create mode 100644 collections/README.md
 create mode 100644 defaults/main.yml
 create mode 100644 files/README.md
 create mode 100644 files/etc/logrotate.d/mirrorlist_1
 create mode 100644 files/etc/logrotate.d/mirrorlist_2
 create mode 100644 handlers/main.yml
 create mode 100644 roles/README.md
 create mode 100644 tasks/cron.yml
 create mode 100644 tasks/logrotate.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/README.md
 create mode 100644 tests/README.md
 create mode 100644 tests/test.yml
 create mode 100644 vars/main.yml

diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..2394b2a
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,6 @@
+# .ansible-lint
+warn_list:
+  - '204' # Lines should be less than 160 characters
+  - '701' # meta/main.yml should contain relevant info
+skip_list:
+  - '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..cdc6381
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+inventory
+roles/*
+collections/*
+!roles/README.md
+!roles/requirements.yml
+!collections/README.md
+!collections/requirements.yml
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..5f5065c
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,33 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-added-large-files
+      - id: check-case-conflict
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: pretty-format-json
+      - id: detect-private-key
+
+  - repo: local
+    hooks:
+      - id: ansible-lint
+        name: Ansible-lint
+        description: This hook runs ansible-lint.
+        entry: ansible-lint --force-color
+        language: python
+        # do not pass files to ansible-lint, see:
+        # https://github.com/ansible/ansible-lint/issues/611
+        pass_filenames: false
+        always_run: true
+
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.26.0
+    hooks:
+      - id: yamllint
+        files: \.(yaml|yml)$
+        types: [file, yaml]
+        entry: yamllint
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..04c5633
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,7 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 140
+    level: warning
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f9200b3
--- /dev/null
+++ b/README.md
@@ -0,0 +1,32 @@
+# Ansible AWX Template: Mirror List Management
+
+Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This helps manage and maintain the mirror manager instances.
+
+## Provides / Information
+
+This repository is for AWX templates.
+
+```
+.
+├── README.md
+├── defaults
+│   └── main.yml
+├── files
+│   └── README.md
+├── handlers
+│   └── main.yml
+├── tasks
+│   └── main.yml
+├── templates
+│   └── README.md
+├── tests
+│   ├── README.md
+│   ├── inventory
+│   └── test.yml
+└── vars
+    └── main.yml
+```
+
+## Guidelines
+
+These guidelines are on the Core Wiki.
diff --git a/adhoc-refresh-cron.yml b/adhoc-refresh-cron.yml
new file mode 100644
index 0000000..59de248
--- /dev/null
+++ b/adhoc-refresh-cron.yml
@@ -0,0 +1,35 @@
+---
+# Use this to refresh the cron and logrotate for MM2
+- name: Refresh cron and logrotate
+  hosts: '{{ host }}'
+  become: true
+
+  pre_tasks:
+    - name: Check if ansible cannot be run here
+      ansible.builtin.stat:
+        path: /etc/no-ansible
+      register: no_ansible
+
+    - name: Verify if we can run ansible
+      ansible.builtin.assert:
+        that:
+          - "not no_ansible.stat.exists"
+        success_msg: "We are not able to run on this node"
+        fail_msg: "/etc/no-ansible exists - skipping run on this node"
+
+  tasks:
+    - name: Import tasks: logrotate
+      ansible.builtin.import_tasks: tasks/logrotate.yml
+
+    - name: Import tasks: cron
+      ansible.builtin.import_tasks: tasks/cron.yml
+
+  post_tasks:
+    - name: Touching run file that ansible has ran here
+      ansible.builtin.file:
+        path: /var/log/ansible.run
+        state: touch
+        mode: '0644'
+        owner: root
+        group: root
+...
diff --git a/collections/README.md b/collections/README.md
new file mode 100644
index 0000000..a70c7ef
--- /dev/null
+++ b/collections/README.md
@@ -0,0 +1,14 @@
+# Collections
+
+If you are wanting to use a collection specifically for this, you will need to define it in a `requirements.yml`, otherwise AWX will not install what you need to run your tasks.
+
+Example:
+
+```
+---
+# Roles
+collections:
+  - netbox.netbox
+  - community.aws
+  - containers.podman
+```
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..858c8da
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# Defaults
diff --git a/files/README.md b/files/README.md
new file mode 100644
index 0000000..f154f20
--- /dev/null
+++ b/files/README.md
@@ -0,0 +1 @@
+Files come here
diff --git a/files/etc/logrotate.d/mirrorlist_1 b/files/etc/logrotate.d/mirrorlist_1
new file mode 100644
index 0000000..d003daa
--- /dev/null
+++ b/files/etc/logrotate.d/mirrorlist_1
@@ -0,0 +1,14 @@
+/var/log/mirrormanager/mirrorlist@1.service.log {
+    daily
+    missingok
+    compress
+    compresscmd /usr/bin/xz
+    uncompresscmd /usr/bin/xz
+    compressext .xz
+    notifempty
+    sharedscripts
+    rotate 30
+    postrotate
+      /bin/systemctl restart mirrorlist@1.service
+    endscript
+}
diff --git a/files/etc/logrotate.d/mirrorlist_2 b/files/etc/logrotate.d/mirrorlist_2
new file mode 100644
index 0000000..d5b28c6
--- /dev/null
+++ b/files/etc/logrotate.d/mirrorlist_2
@@ -0,0 +1,14 @@
+/var/log/mirrormanager/mirrorlist@2.service.log {
+    daily
+    missingok
+    compress
+    compresscmd /usr/bin/xz
+    uncompresscmd /usr/bin/xz
+    compressext .xz
+    notifempty
+    sharedscripts
+    rotate 30
+    postrotate
+      /bin/systemctl restart mirrorlist@2.service
+    endscript
+}
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..03692d8
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# Handlers
diff --git a/roles/README.md b/roles/README.md
new file mode 100644
index 0000000..169dbf3
--- /dev/null
+++ b/roles/README.md
@@ -0,0 +1,14 @@
+# Roles
+
+If you are wanting to use role specifically for this, you will need to define it in a `requirements.yml`, otherwise AWX will not install what you need to run your tasks.
+
+Example:
+
+```
+---
+# Roles
+roles:
+  - rockylinux.ipagetcert
+    src: https://github.com/rocky-linux/ansible-role-ipa-getcert
+    version: main
+```
diff --git a/tasks/cron.yml b/tasks/cron.yml
new file mode 100644
index 0000000..0a4f6f5
--- /dev/null
+++ b/tasks/cron.yml
@@ -0,0 +1,113 @@
+---
+- name: Ensure mirrorlist cache is generated
+  ansible.builtin.cron:
+    name: "mirrorlist cache generation"
+    minute: "*/15"
+    job: "/usr/local/bin/generate-mirrorlist-cache --debug"
+    user: "mirrormanager"
+
+################################################################################
+# @neil should look at this - is this still necessary?
+- name: Ensure mirrorlist 1 is restarted often
+  ansible.builtin.cron:
+    name: "mirrorlist 1 restart"
+    minute: "*/20"
+    job: "sudo /bin/systemctl restart mirrorlist@1.service"
+    user: "mirrormanager"
+
+- name: Ensure mirrorlist 2 is restarted often
+  ansible.builtin.cron:
+    name: "mirrorlist 2 restart"
+    minute: "*/21"
+    job: "sudo /bin/systemctl restart mirrorlist@2.service"
+    user: "mirrormanager"
+#
+################################################################################
+
+################################################################################
+# Primary mirror scans
+- name: Ensure primary mirrors are scanned
+  ansible.builtin.cron:
+    name: "scan primary mirror for main distribution"
+    minute: "0"
+    hour: "23"
+    job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux'"
+    user: "mirrormanager"
+
+- name: Ensure primary mirrors are scanned for sigs
+  ansible.builtin.cron:
+    name: "scan primary mirror for sig content"
+    minute: "0"
+    hour: "20"
+    job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux SIGs'"
+    user: "mirrormanager"
+
+- name: Ensure primary mirrors are scanned for vault
+  ansible.builtin.cron:
+    name: "scan primary mirror for vault content"
+    minute: "0"
+    hour: "3"
+    job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux Vault'"
+    user: "mirrormanager"
+#
+################################################################################
+
+- name: Check propagation
+  ansible.builtin.cron:
+    name: "Check propagation"
+    minute: "*/6"
+    hour: "0"
+    job: "nice -n9 /opt/mirrormanager/check_propagation"
+    user: "mirrormanager"
+################################################################################
+# Crawls
+- name: Crawl group 1
+  ansible.builtin.cron:
+    name: "Crawl group 1"
+    minute: "0"
+    hour: "*/8"
+    job: "/opt/mirrormanager/crawl    1:4 > /dev/null 2>&1"
+    user: "mirrormanager"
+
+- name: Crawl group 2
+  ansible.builtin.cron:
+    name: "Crawl group 2"
+    minute: "0"
+    hour: "2-23/8"
+    job: "/opt/mirrormanager/crawl 2:4 > /dev/null 2>&1"
+    user: "mirrormanager"
+
+- name: Crawl group 3
+  ansible.builtin.cron:
+    name: "Crawl group 3"
+    minute: "0"
+    hour: "4-23/8"
+    job: "/opt/mirrormanager/crawl 3:4 > /dev/null 2>&1"
+    user: "mirrormanager"
+
+- name: Crawl group 4
+  ansible.builtin.cron:
+    name: "Crawl group 4"
+    minute: "0"
+    hour: "6-23/8"
+    job: "/opt/mirrormanager/crawl 4:4 > /dev/null 2>&1"
+    user: "mirrormanager"
+#
+################################################################################
+
+- name: Sync netblocks
+  ansible.builtin.cron:
+    name: "Sync netblocks daily"
+    minute: "30"
+    hour: "0"
+    job: "mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_global_netblocks /var/lib/mirrormanager/global_netblocks.txt"
+    user: "mirrormanager"
+
+- name: Sync internet2 blocks
+  ansible.builtin.cron:
+    name: "Sync internet2"
+    minute: "0"
+    hour: "23"
+    job: "mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_internet2_netblocks /var/lib/mirrormanager/i2_netblocks.txt"
+    user: "mirrormanager"
+...
diff --git a/tasks/logrotate.yml b/tasks/logrotate.yml
new file mode 100644
index 0000000..2b32777
--- /dev/null
+++ b/tasks/logrotate.yml
@@ -0,0 +1,12 @@
+---
+# Deploy both logrotates for the mirrorlist services
+- name: Deploy mirrorlist_1
+  ansible.builtin.copy:
+    src: "etc/logrotate.d/mirrorlist_1"
+    dest: "/etc/logrotate.d/mirrorlist_1"
+
+- name: Deploy mirrorlist_2
+  ansible.builtin.copy:
+    src: "etc/logrotate.d/mirrorlist_2"
+    dest: "/etc/logrotate.d/mirrorlist_2"
+...
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..68a6567
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+# No tasks
+- debug: msg="No tasks are provided here. Please import the task as needed in your playbook."
+...
diff --git a/templates/README.md b/templates/README.md
new file mode 100644
index 0000000..25a2632
--- /dev/null
+++ b/templates/README.md
@@ -0,0 +1 @@
+Templates go here
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..9876b7a
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,3 @@
+# Tests
+
+Basic tests for the playbooks and tasks come here. Generally you need a `test.yml` and `inventory` file with at least `localhost`
diff --git a/tests/test.yml b/tests/test.yml
new file mode 100644
index 0000000..27fe873
--- /dev/null
+++ b/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  tasks:
+    - import_tasks: example.yml
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..7af2db9
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# Vars that should not be overridden