system-config/playbooks/roles/mirror-update/tasks/rsync.yaml

# Mirror scripts that use rsync

- name: Create rsync log output directory
  file:
    path: /var/log/rsync-mirrors
    state: directory
    owner: root
    group: root
    mode: '0755'

# Note that this assuems the volume name "mirror.<name>" below; since
# OpenAFS volumes have a 22 character limit, make sure below isn't
# greater than 22-7 = 15 chars long.
- name: Set update script names
  set_fact:
    rsync_update_scripts:
      - centos
      - centos-stream
      - epel
      - fedora
      - openeuler
      - opensuse
      - yum-puppetlabs

- name: Copy keytab files in place
  shell: 'echo "{{ lookup("vars", "mirror_update_keytab_" + item) }}" | base64 -d > /etc/{{ item }}.keytab'
  args:
    creates: '/etc/{{ item }}.keytab'
  loop: '{{ rsync_update_scripts }}'
  no_log: True

- name: Ensure keytab permissions
  file:
    path: '/etc/{{ item }}.keytab'
    owner: root
    group: root
    mode: '0400'
  loop: '{{ rsync_update_scripts }}'

- name: Copy rsync mirror scripts in place
  copy:
    src: '{{ item }}-mirror-update'
    dest: '/usr/local/bin/{{ item }}-mirror-update'
    mode: '0755'
  loop: '{{ rsync_update_scripts }}'

- name: Install update cron jobs
  cron:
    name: '{{ item }} mirror sync'
    state: present
    job: 'flock -n /var/run/{{ item }}-mirror.lock {{ item }}-mirror-update mirror.{{ item }} >> /var/log/rsync-mirrors/{{ item }}.log 2>&1'
    hour: '*/6'
    minute: '{{ 45 | random(seed=item) }}'
  loop: '{{ rsync_update_scripts }}'

- name: Install logrotate rules
  include_role:
    name: logrotate
  vars:
    logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log'
    logrotate_frequency: 'weekly'
  loop: '{{ rsync_update_scripts }}'