# Mirror scripts that use rsync - name: Create rsync log output directory file: path: /var/log/rsync-mirrors state: directory owner: root group: root mode: '0755' # Note that this assuems the volume name "mirror." below; since # OpenAFS volumes have a 22 character limit, make sure below isn't # greater than 22-7 = 15 chars long. - name: Set update script names set_fact: rsync_update_scripts: - centos-stream - epel - fedora - openeuler - yum-puppetlabs - name: Cleanup old unused rsync mirroring scripts set_fact: cleanup_rsync_update_scripts: - opensuse - centos ##### Script creation ##### - name: Copy keytab files in place shell: 'echo "{{ lookup("vars", "mirror_update_keytab_" + item) }}" | base64 -d > /etc/{{ item }}.keytab' args: creates: '/etc/{{ item }}.keytab' loop: '{{ rsync_update_scripts }}' no_log: True - name: Ensure keytab permissions file: path: '/etc/{{ item }}.keytab' owner: root group: root mode: '0400' loop: '{{ rsync_update_scripts }}' - name: Copy rsync mirror scripts in place copy: src: '{{ item }}-mirror-update' dest: '/usr/local/bin/{{ item }}-mirror-update' mode: '0755' loop: '{{ rsync_update_scripts }}' - name: Install update cron jobs cron: name: '{{ item }} mirror sync' state: present job: 'flock -n /var/run/{{ item }}-mirror.lock {{ item }}-mirror-update mirror.{{ item }} >> /var/log/rsync-mirrors/{{ item }}.log 2>&1' hour: '*/6' minute: '{{ 45 | random(seed=item) }}' loop: '{{ rsync_update_scripts }}' - name: Install logrotate rules include_role: name: logrotate vars: logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log' logrotate_frequency: 'weekly' loop: '{{ rsync_update_scripts }}' ##### Script deletion ##### # Remove the cron first to avoid any races with cron execution. - name: Delete old mirroring cron jobs cron: name: '{{ item }} mirror sync' state: absent job: 'flock -n /var/run/{{ item }}-mirror.lock {{ item }}-mirror-update mirror.{{ item }} >> /var/log/rsync-mirrors/{{ item }}.log 2>&1' hour: '*/6' minute: '{{ 45 | random(seed=item) }}' loop: '{{ cleanup_rsync_update_scripts }}' - name: Delete old keytab files file: path: '/etc/{{ item }}.keytab' state: absent loop: '{{ cleanup_rsync_update_scripts }}' no_log: True - name: Delete old rsync mirror scripts file: path: '/usr/local/bin/{{ item }}-mirror-update' state: absent loop: '{{ cleanup_rsync_update_scripts }}' - name: Delete old logrotate rules include_role: name: logrotate tasks_from: cleanup vars: logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log' loop: '{{ cleanup_rsync_update_scripts }}'