515abdec64
This should cleanup our mirror update server so that we no longer have configes (cron, scripts, logrotate rules, etc) for mirroring opensuse. It won't clean up the afs volume, but we can get to that later (and it will probably require manual intervention). This cleanup is done in a way that it should be able to be applied to future cleanups too (like when centos 8 stream goes away and everything is centos stream specific). Change-Id: Ib5d15ce800ff0620187345e1cfec0b7b5d65bee5
102 lines
2.7 KiB
YAML
102 lines
2.7 KiB
YAML
# Mirror scripts that use rsync
|
|
|
|
- name: Create rsync log output directory
|
|
file:
|
|
path: /var/log/rsync-mirrors
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
|
|
# Note that this assuems the volume name "mirror.<name>" below; since
|
|
# OpenAFS volumes have a 22 character limit, make sure below isn't
|
|
# greater than 22-7 = 15 chars long.
|
|
- name: Set update script names
|
|
set_fact:
|
|
rsync_update_scripts:
|
|
- centos
|
|
- centos-stream
|
|
- epel
|
|
- fedora
|
|
- openeuler
|
|
- yum-puppetlabs
|
|
|
|
- name: Cleanup old unused rsync mirroring scripts
|
|
set_fact:
|
|
cleanup_rsync_update_scripts:
|
|
- opensuse
|
|
|
|
##### Script creation #####
|
|
|
|
- name: Copy keytab files in place
|
|
shell: 'echo "{{ lookup("vars", "mirror_update_keytab_" + item) }}" | base64 -d > /etc/{{ item }}.keytab'
|
|
args:
|
|
creates: '/etc/{{ item }}.keytab'
|
|
loop: '{{ rsync_update_scripts }}'
|
|
no_log: True
|
|
|
|
- name: Ensure keytab permissions
|
|
file:
|
|
path: '/etc/{{ item }}.keytab'
|
|
owner: root
|
|
group: root
|
|
mode: '0400'
|
|
loop: '{{ rsync_update_scripts }}'
|
|
|
|
- name: Copy rsync mirror scripts in place
|
|
copy:
|
|
src: '{{ item }}-mirror-update'
|
|
dest: '/usr/local/bin/{{ item }}-mirror-update'
|
|
mode: '0755'
|
|
loop: '{{ rsync_update_scripts }}'
|
|
|
|
- name: Install update cron jobs
|
|
cron:
|
|
name: '{{ item }} mirror sync'
|
|
state: present
|
|
job: 'flock -n /var/run/{{ item }}-mirror.lock {{ item }}-mirror-update mirror.{{ item }} >> /var/log/rsync-mirrors/{{ item }}.log 2>&1'
|
|
hour: '*/6'
|
|
minute: '{{ 45 | random(seed=item) }}'
|
|
loop: '{{ rsync_update_scripts }}'
|
|
|
|
- name: Install logrotate rules
|
|
include_role:
|
|
name: logrotate
|
|
vars:
|
|
logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log'
|
|
logrotate_frequency: 'weekly'
|
|
loop: '{{ rsync_update_scripts }}'
|
|
|
|
##### Script deletion #####
|
|
|
|
# Remove the cron first to avoid any races with cron execution.
|
|
- name: Delete old mirroring cron jobs
|
|
cron:
|
|
name: '{{ item }} mirror sync'
|
|
state: absent
|
|
job: 'flock -n /var/run/{{ item }}-mirror.lock {{ item }}-mirror-update mirror.{{ item }} >> /var/log/rsync-mirrors/{{ item }}.log 2>&1'
|
|
hour: '*/6'
|
|
minute: '{{ 45 | random(seed=item) }}'
|
|
loop: '{{ cleanup_rsync_update_scripts }}'
|
|
|
|
- name: Delete old keytab files
|
|
file:
|
|
path: '/etc/{{ item }}.keytab'
|
|
state: absent
|
|
loop: '{{ cleanup_rsync_update_scripts }}'
|
|
no_log: True
|
|
|
|
- name: Delete old rsync mirror scripts
|
|
file:
|
|
path: '/usr/local/bin/{{ item }}-mirror-update'
|
|
state: absent
|
|
loop: '{{ cleanup_rsync_update_scripts }}'
|
|
|
|
- name: Delete old logrotate rules
|
|
include_role:
|
|
name: logrotate
|
|
tasks_from: cleanup
|
|
vars:
|
|
logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log'
|
|
loop: '{{ cleanup_rsync_update_scripts }}'
|