init mm2 management

.ansible-lint

@@ -0,0 +1,6 @@
+# .ansible-lint
+warn_list:
+  - '204' # Lines should be less than 160 characters
+  - '701' # meta/main.yml should contain relevant info
+skip_list:
+  - '106' # Role name must match ^[a-z][a-z0-9_]+$ pattern

.gitignore

@@ -0,0 +1,7 @@
+inventory
+roles/*
+collections/*
+!roles/README.md
+!roles/requirements.yml
+!collections/README.md
+!collections/requirements.yml

.pre-commit-config.yaml

@@ -0,0 +1,33 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-added-large-files
+      - id: check-case-conflict
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: pretty-format-json
+      - id: detect-private-key
+
+  - repo: local
+    hooks:
+      - id: ansible-lint
+        name: Ansible-lint
+        description: This hook runs ansible-lint.
+        entry: ansible-lint --force-color
+        language: python
+        # do not pass files to ansible-lint, see:
+        # https://github.com/ansible/ansible-lint/issues/611
+        pass_filenames: false
+        always_run: true
+
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.26.0
+    hooks:
+      - id: yamllint
+        files: \.(yaml|yml)$
+        types: [file, yaml]
+        entry: yamllint

.yamllint

@@ -0,0 +1,7 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 140
+    level: warning

README.md

@@ -0,0 +1,32 @@
+# Ansible AWX Template: Mirror List Management
+
+Ansible AWX is the method used for the Rocky Linux infrastructure, as a replacement for using the CLI. This helps manage and maintain the mirror manager instances.
+
+## Provides / Information
+
+This repository is for AWX templates.
+
+```
+.
+├── README.md
+├── defaults
+│   └── main.yml
+├── files
+│   └── README.md
+├── handlers
+│   └── main.yml
+├── tasks
+│   └── main.yml
+├── templates
+│   └── README.md
+├── tests
+│   ├── README.md
+│   ├── inventory
+│   └── test.yml
+└── vars
+    └── main.yml
+```
+
+## Guidelines
+
+These guidelines are on the Core Wiki.

adhoc-refresh-cron.yml

@@ -0,0 +1,35 @@
+---
+# Use this to refresh the cron and logrotate for MM2
+- name: Refresh cron and logrotate
+  hosts: '{{ host }}'
+  become: true
+
+  pre_tasks:
+    - name: Check if ansible cannot be run here
+      ansible.builtin.stat:
+        path: /etc/no-ansible
+      register: no_ansible
+
+    - name: Verify if we can run ansible
+      ansible.builtin.assert:
+        that:
+          - "not no_ansible.stat.exists"
+        success_msg: "We are not able to run on this node"
+        fail_msg: "/etc/no-ansible exists - skipping run on this node"
+
+  tasks:
+    - name: Import tasks: logrotate
+      ansible.builtin.import_tasks: tasks/logrotate.yml
+
+    - name: Import tasks: cron
+      ansible.builtin.import_tasks: tasks/cron.yml
+
+  post_tasks:
+    - name: Touching run file that ansible has ran here
+      ansible.builtin.file:
+        path: /var/log/ansible.run
+        state: touch
+        mode: '0644'
+        owner: root
+        group: root
+...

collections/README.md

@@ -0,0 +1,14 @@
+# Collections
+
+If you are wanting to use a collection specifically for this, you will need to define it in a `requirements.yml`, otherwise AWX will not install what you need to run your tasks.
+
+Example:
+
+```
+---
+# Roles
+collections:
+  - netbox.netbox
+  - community.aws
+  - containers.podman
+```

defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# Defaults

files/README.md

@@ -0,0 +1 @@
+Files come here

files/etc/logrotate.d/mirrorlist_1

@@ -0,0 +1,14 @@
+/var/log/mirrormanager/mirrorlist@1.service.log {
+    daily
+    missingok
+    compress
+    compresscmd /usr/bin/xz
+    uncompresscmd /usr/bin/xz
+    compressext .xz
+    notifempty
+    sharedscripts
+    rotate 30
+    postrotate
+      /bin/systemctl restart mirrorlist@1.service
+    endscript
+}

files/etc/logrotate.d/mirrorlist_2

@@ -0,0 +1,14 @@
+/var/log/mirrormanager/mirrorlist@2.service.log {
+    daily
+    missingok
+    compress
+    compresscmd /usr/bin/xz
+    uncompresscmd /usr/bin/xz
+    compressext .xz
+    notifempty
+    sharedscripts
+    rotate 30
+    postrotate
+      /bin/systemctl restart mirrorlist@2.service
+    endscript
+}

handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# Handlers

roles/README.md

@@ -0,0 +1,14 @@
+# Roles
+
+If you are wanting to use role specifically for this, you will need to define it in a `requirements.yml`, otherwise AWX will not install what you need to run your tasks.
+
+Example:
+
+```
+---
+# Roles
+roles:
+  - rockylinux.ipagetcert
+    src: https://github.com/rocky-linux/ansible-role-ipa-getcert
+    version: main
+```

tasks/cron.yml

@@ -0,0 +1,113 @@
+---
+- name: Ensure mirrorlist cache is generated
+  ansible.builtin.cron:
+    name: "mirrorlist cache generation"
+    minute: "*/15"
+    job: "/usr/local/bin/generate-mirrorlist-cache --debug"
+    user: "mirrormanager"
+
+################################################################################
+# @neil should look at this - is this still necessary?
+- name: Ensure mirrorlist 1 is restarted often
+  ansible.builtin.cron:
+    name: "mirrorlist 1 restart"
+    minute: "*/20"
+    job: "sudo /bin/systemctl restart mirrorlist@1.service"
+    user: "mirrormanager"
+
+- name: Ensure mirrorlist 2 is restarted often
+  ansible.builtin.cron:
+    name: "mirrorlist 2 restart"
+    minute: "*/21"
+    job: "sudo /bin/systemctl restart mirrorlist@2.service"
+    user: "mirrormanager"
+#
+################################################################################
+
+################################################################################
+# Primary mirror scans
+- name: Ensure primary mirrors are scanned
+  ansible.builtin.cron:
+    name: "scan primary mirror for main distribution"
+    minute: "0"
+    hour: "23"
+    job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux'"
+    user: "mirrormanager"
+
+- name: Ensure primary mirrors are scanned for sigs
+  ansible.builtin.cron:
+    name: "scan primary mirror for sig content"
+    minute: "0"
+    hour: "20"
+    job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux SIGs'"
+    user: "mirrormanager"
+
+- name: Ensure primary mirrors are scanned for vault
+  ansible.builtin.cron:
+    name: "scan primary mirror for vault content"
+    minute: "0"
+    hour: "3"
+    job: "nice -n9 /opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux Vault'"
+    user: "mirrormanager"
+#
+################################################################################
+
+- name: Check propagation
+  ansible.builtin.cron:
+    name: "Check propagation"
+    minute: "*/6"
+    hour: "0"
+    job: "nice -n9 /opt/mirrormanager/check_propagation"
+    user: "mirrormanager"
+################################################################################
+# Crawls
+- name: Crawl group 1
+  ansible.builtin.cron:
+    name: "Crawl group 1"
+    minute: "0"
+    hour: "*/8"
+    job: "/opt/mirrormanager/crawl    1:4 > /dev/null 2>&1"
+    user: "mirrormanager"
+
+- name: Crawl group 2
+  ansible.builtin.cron:
+    name: "Crawl group 2"
+    minute: "0"
+    hour: "2-23/8"
+    job: "/opt/mirrormanager/crawl 2:4 > /dev/null 2>&1"
+    user: "mirrormanager"
+
+- name: Crawl group 3
+  ansible.builtin.cron:
+    name: "Crawl group 3"
+    minute: "0"
+    hour: "4-23/8"
+    job: "/opt/mirrormanager/crawl 3:4 > /dev/null 2>&1"
+    user: "mirrormanager"
+
+- name: Crawl group 4
+  ansible.builtin.cron:
+    name: "Crawl group 4"
+    minute: "0"
+    hour: "6-23/8"
+    job: "/opt/mirrormanager/crawl 4:4 > /dev/null 2>&1"
+    user: "mirrormanager"
+#
+################################################################################
+
+- name: Sync netblocks
+  ansible.builtin.cron:
+    name: "Sync netblocks daily"
+    minute: "30"
+    hour: "0"
+    job: "mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_global_netblocks /var/lib/mirrormanager/global_netblocks.txt"
+    user: "mirrormanager"
+
+- name: Sync internet2 blocks
+  ansible.builtin.cron:
+    name: "Sync internet2"
+    minute: "0"
+    hour: "23"
+    job: "mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_internet2_netblocks /var/lib/mirrormanager/i2_netblocks.txt"
+    user: "mirrormanager"
+...

tasks/logrotate.yml

@@ -0,0 +1,12 @@
+---
+# Deploy both logrotates for the mirrorlist services
+- name: Deploy mirrorlist_1
+  ansible.builtin.copy:
+    src: "etc/logrotate.d/mirrorlist_1"
+    dest: "/etc/logrotate.d/mirrorlist_1"
+
+- name: Deploy mirrorlist_2
+  ansible.builtin.copy:
+    src: "etc/logrotate.d/mirrorlist_2"
+    dest: "/etc/logrotate.d/mirrorlist_2"
+...

tasks/main.yml

@@ -0,0 +1,4 @@
+---
+# No tasks
+- debug: msg="No tasks are provided here. Please import the task as needed in your playbook."
+...

templates/README.md

@@ -0,0 +1 @@
+Templates go here

tests/README.md

@@ -0,0 +1,3 @@
+# Tests
+
+Basic tests for the playbooks and tasks come here. Generally you need a `test.yml` and `inventory` file with at least `localhost`

tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  tasks:
+    - import_tasks: example.yml

vars/main.yml

@@ -0,0 +1,2 @@
+---
+# Vars that should not be overridden