system-config/playbooks/roles/mirror-update/tasks/main.yaml

# NOTE(ianw) : this does not feel like a a great way to write out
# binary data.  But you can't do what you'd logically think at first
# with like
#
#  copy:
#   content: {{ string | b64decode }}
#
# because jinja treats the content as utf-8, and ends up mangling
# "real" binary data like a keytab.  See issues like:
#  https://github.com/ansible/ansible/issues/20150
- name: Install afsadmin keytab
  shell: 'echo "{{ mirror_update_keytab_afsadmin }}" | base64 -d > /etc/afsadmin.keytab'
  args:
    creates: /etc/afsadmin.keytab
  no_log: True

- name: Ensure permissions on afsadmin keytab
  file:
    path: '/etc/afsadmin.keytab'
    owner: root
    group: root
    mode: '0400'

- name: Set PATH for cron
  cron:
    name: PATH
    env: yes
    value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

- name: Setup log publisher script
  include_tasks: log_publish.yaml

- name: Setup rsync mirror scripts
  include_tasks: rsync.yaml

- name: Setup reprepro
  include_role:
    name: reprepro

- name: Setup periodic AFS release script
  include_role:
    name: afs-release

- name: Setup AFS monitoring script
  include_role:
    name: afsmon