From 515abdec64868c8eae30616840795deb0bdb3c6b Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Fri, 15 Mar 2024 15:46:10 -0700
Subject: [PATCH] Cleanup opensuse mirroring configs entirely

This should cleanup our mirror update server so that we no longer have
configes (cron, scripts, logrotate rules, etc) for mirroring opensuse.
It won't clean up the afs volume, but we can get to that later (and it
will probably require manual intervention). This cleanup is done in a
way that it should be able to be applied to future cleanups too (like
when centos 8 stream goes away and everything is centos stream
specific).

Change-Id: Ib5d15ce800ff0620187345e1cfec0b7b5d65bee5
---
 playbooks/roles/logrotate/tasks/cleanup.yaml  |  9 +++
 .../files/opensuse-mirror-update              | 66 -------------------
 .../roles/mirror-update/tasks/rsync.yaml      | 41 +++++++++++-
 testinfra/test_mirror-update.py               | 12 +++-
 4 files changed, 59 insertions(+), 69 deletions(-)
 create mode 100644 playbooks/roles/logrotate/tasks/cleanup.yaml
 delete mode 100755 playbooks/roles/mirror-update/files/opensuse-mirror-update

diff --git a/playbooks/roles/logrotate/tasks/cleanup.yaml b/playbooks/roles/logrotate/tasks/cleanup.yaml
new file mode 100644
index 0000000000..3190c79ca9
--- /dev/null
+++ b/playbooks/roles/logrotate/tasks/cleanup.yaml
@@ -0,0 +1,9 @@
+# Hash the full path to avoid any conflicts but remain idempotent.
+- name: Create a unique config name
+  set_fact:
+    logrotate_generated_config_file_name:  "{{ (logrotate_file_name | hash('sha1'))[0:6] }}.conf"
+
+- name: Cleanup the indicated file
+  file:
+    state: absent
+    path: '/etc/logrotate.d/{{ logrotate_generated_config_file_name }}'
diff --git a/playbooks/roles/mirror-update/files/opensuse-mirror-update b/playbooks/roles/mirror-update/files/opensuse-mirror-update
deleted file mode 100755
index e7384bb379..0000000000
--- a/playbooks/roles/mirror-update/files/opensuse-mirror-update
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/bash -xe
-# Copyright 2017 SUSE Linux GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-source /usr/share/mirror-update/functions.sh
-
-MIRROR_VOLUME=$1
-
-# Runs with timeout under cron
-if [[ ${UNDER_CRON:-0} -eq 0 ]]; then
-    echo_ts "Running interactively"
-    TIMEOUT=""
-    set -x
-else
-    TIMEOUT="timeout -k 2m 90m"
-fi
-
-BASE="/afs/.openstack.org/mirror/opensuse"
-MIRROR="rsync://mirror.clarkson.edu/opensuse/opensuse"
-OBS_MIRROR="rsync://provo-mirror.opensuse.org/opensuse/repositories"
-OBS_REPOS=()
-K5START="k5start -t -f /etc/opensuse.keytab service/opensuse-mirror -- $TIMEOUT"
-
-# NOTE(hwoarang): Ensure old distros are not mirrored aymore
-for REPO in distribution/leap update/leap \
-        repositories/Cloud: \
-        repositories/Virtualization: \
-        repositories/network: ; do
-    if [ -d $BASE/$REPO ]; then
-        $K5START rm -rf $BASE/$REPO
-    fi
-done
-
-date --iso-8601=ns
-for obs_repo in ${OBS_REPOS[@]}; do
-    REPO=repositories/${obs_repo}/
-    if ! [ -f $BASE/$REPO ]; then
-        $K5START mkdir -p $BASE/$REPO
-    fi
-    echo "Running rsync ${obs_repo} ..."
-    $K5START rsync -rltvz \
-        --delete --stats \
-        --delete-excluded \
-        --exclude="src/" \
-        --exclude="nosrc/" \
-        --exclude=".~tmp~" \
-        $OBS_MIRROR/$obs_repo/ $BASE/$REPO
-done
-
-date --iso-8601=ns | $K5START tee $BASE/timestamp.txt
-echo "rsync completed successfully, running vos release."
-vos_release $MIRROR_VOLUME
-
-date --iso-8601=ns
-echo "Done."
diff --git a/playbooks/roles/mirror-update/tasks/rsync.yaml b/playbooks/roles/mirror-update/tasks/rsync.yaml
index 3307828fd6..0e9bffeb49 100644
--- a/playbooks/roles/mirror-update/tasks/rsync.yaml
+++ b/playbooks/roles/mirror-update/tasks/rsync.yaml
@@ -19,9 +19,15 @@
       - epel
       - fedora
       - openeuler
-      - opensuse
       - yum-puppetlabs
 
+- name: Cleanup old unused rsync mirroring scripts
+  set_fact:
+    cleanup_rsync_update_scripts:
+      - opensuse
+
+##### Script creation #####
+
 - name: Copy keytab files in place
   shell: 'echo "{{ lookup("vars", "mirror_update_keytab_" + item) }}" | base64 -d > /etc/{{ item }}.keytab'
   args:
@@ -60,3 +66,36 @@
     logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log'
     logrotate_frequency: 'weekly'
   loop: '{{ rsync_update_scripts }}'
+
+##### Script deletion #####
+
+# Remove the cron first to avoid any races with cron execution.
+- name: Delete old mirroring cron jobs
+  cron:
+    name: '{{ item }} mirror sync'
+    state: absent
+    job: 'flock -n /var/run/{{ item }}-mirror.lock {{ item }}-mirror-update mirror.{{ item }} >> /var/log/rsync-mirrors/{{ item }}.log 2>&1'
+    hour: '*/6'
+    minute: '{{ 45 | random(seed=item) }}'
+  loop: '{{ cleanup_rsync_update_scripts }}'
+
+- name: Delete old keytab files
+  file:
+    path: '/etc/{{ item }}.keytab'
+    state: absent
+  loop: '{{ cleanup_rsync_update_scripts }}'
+  no_log: True
+
+- name: Delete old rsync mirror scripts
+  file:
+    path: '/usr/local/bin/{{ item }}-mirror-update'
+    state: absent
+  loop: '{{ cleanup_rsync_update_scripts }}'
+
+- name: Delete old logrotate rules
+  include_role:
+    name: logrotate
+    tasks_from: cleanup
+  vars:
+    logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log'
+  loop: '{{ cleanup_rsync_update_scripts }}'
diff --git a/testinfra/test_mirror-update.py b/testinfra/test_mirror-update.py
index 7c17acc38f..cdbb592fb0 100644
--- a/testinfra/test_mirror-update.py
+++ b/testinfra/test_mirror-update.py
@@ -32,11 +32,15 @@ def test_rsync_scripts(host):
                    'epel',
                    'fedora',
                    'openeuler',
-                   'opensuse',
                    'yum-puppetlabs']:
         f = host.file('/usr/local/bin/%s-mirror-update' % script)
         assert f.exists
 
+def test_rsync_scripts_removed(host):
+    for script in ['opensuse']:
+        f = host.file('/usr/local/bin/%s-mirror-update' % script)
+        assert not f.exists
+
 def test_publisher_script(host):
     f = host.file('/usr/local/bin/publish-mirror-logs')
     assert f.exists
@@ -49,7 +53,6 @@ def test_keytabs(host):
                    '/etc/epel.keytab',
                    '/etc/fedora.keytab',
                    '/etc/openeuler.keytab',
-                   '/etc/opensuse.keytab',
                    '/etc/yum-puppetlabs.keytab',
                    '/etc/reprepro.keytab']:
 
@@ -58,6 +61,11 @@ def test_keytabs(host):
         assert f.sha256sum == KEYTAB_SHA256
         assert f.mode == 0o400
 
+def test_keytabs_removed(host):
+    for keytab in ['/etc/opensuse.keytab']:
+        f = host.file(keytab)
+        assert not f.exists
+
 def test_afs_release_script(host):
     f = host.file('/opt/afs-release/release-volumes.py')
     assert f.exists