]> git.somenet.org - root/pub/somesible.git/blob - roles/base/ansible/autoselfheal/tasks/main.yml
roles/base/backup/files
[root/pub/somesible.git] / roles / base / ansible / autoselfheal / tasks / main.yml
1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2024 by someone <someone@somenet.org>
6 #
7 # automatic/periodic self healing.
8 #
9 ---
10 - name: install ansible
11   apt:
12     pkg:
13     - ansible
14     state: present
15     policy_rc_d: 101
16   tags: "online"
17   ignore_errors: "{{ignore_online_errors | bool}}"
18
19
20 - name: copy ssh config
21   copy:
22     src: "{{ansible_setup_autoselfheal_ssh_dir_location}}/.ssh/config"
23     dest: "/var/ansible/.ssh/config"
24     mode: 0600
25     owner: "ansible"
26     group: "root"
27
28
29 - name: copy somesibleupdater private key
30   copy:
31     src: "{{ansible_setup_autoselfheal_ssh_dir_location}}/.ssh/key"
32     dest: "/var/ansible/.ssh/somesible_autoupdater_key"
33     mode: 0600
34     owner: "ansible"
35     group: "root"
36
37
38 - name: ensure ansible_autoselfheal.log exists
39   copy:
40     content: ""
41     dest: "/var/log/ansible_autoselfheal.log"
42     force: no
43     mode: 0640
44     owner: "ansible"
45     group: "root"
46
47
48 - name: create logrotate entry for ansible_autoselfheal.log
49   copy:
50     src: "{{item}}"
51     dest: "/etc/logrotate.d/ansible_autoselfheal"
52     mode: 0644
53     owner: "root"
54     group: "root"
55   with_first_found:
56     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.logrotate"
57     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.logrotate"
58     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.logrotate"
59     - "default/ansible_autoselfheal.logrotate"
60
61
62 - name: remove "ansible_autoselfheal" workdir to force re-creation.
63   file:
64     path: "/var/ansible/ansible"
65     state: absent
66   when: ansible_setup_reset | bool
67
68
69 - name: create "ansible_autoselfheal" workdir and set permissions
70   file:
71     path: "/var/ansible/ansible"
72     state: directory
73     mode: "u+rwX,go-rwx"
74     owner: "ansible"
75     group: "root"
76
77
78 - name: copy run_somesible.sh script from "{{lookup('env','PWD')}}"
79   copy:
80     src: "{{lookup('env','PWD')}}/run_somesible.sh"
81     dest: "/var/ansible/ansible/run_somesible.sh"
82     mode: 0700
83     owner: "ansible"
84     group: "root"
85
86
87 - name: create group_vars-dir
88   file:
89     path: "/var/ansible/ansible/group_vars"
90     state: directory
91     mode: "u+rwX,go-rwx"
92     owner: "ansible"
93     group: "root"
94   tags: "ansible-sync"
95
96
97 - name: copy the group vars of groups the host is in
98   copy:
99     src: "{{lookup('env','PWD')}}/group_vars/{{item}}.yml"
100     dest: "/var/ansible/ansible/group_vars/{{item}}.yml"
101     mode: 0600
102     owner: "ansible"
103     group: "root"
104   with_items: "{{group_names + ['all']}}"
105   ignore_errors: yes
106   tags: "ansible-sync"
107
108
109 - name: list files in /var/ansible/ansible/group_vars
110   shell: "ls -1 /var/ansible/ansible/group_vars"
111   register: contents
112   tags: "ansible-sync"
113   changed_when: False
114
115
116 - name: remove unmanaged files in /var/ansible/ansible/group_vars
117   file:
118     path: "/var/ansible/ansible/group_vars/{{item}}"
119     state: absent
120   with_items: "{{contents.stdout_lines}}"
121   when: item|regex_replace('^(.*)\\.yml$', '\\1') not in (group_names+['all'])
122   tags: "ansible-sync"
123
124
125 - name: create group_files/all-dir
126   file:
127     path: "/var/ansible/ansible/group_files/all"
128     state: directory
129     mode: "u+rwX,go-rwx"
130     owner: "ansible"
131     group: "root"
132   tags: "ansible-sync"
133
134
135 - name: synchronize group_files/all-dir
136   synchronize:
137     src: "{{lookup('env','PWD')}}/group_files/all/"
138     dest: "/var/ansible/ansible/group_files/all/"
139     delete: yes
140     checksum: yes
141     recursive: yes
142     archive: no
143   ignore_errors: yes
144   tags: "ansible-sync"
145
146
147 - name: synchronize group_files/{{group_files_group}}-dir
148   synchronize:
149     src: "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/"
150     dest: "/var/ansible/ansible/group_files/{{group_files_group}}/"
151     delete: yes
152     checksum: yes
153     recursive: yes
154     archive: no
155   when: group_files_group != "all"
156   tags: "ansible-sync"
157
158
159 - name: list dirs in /var/ansible/ansible/group_files
160   shell: "ls -1 /var/ansible/ansible/group_files"
161   register: contents
162   tags: "ansible-sync"
163   changed_when: False
164
165
166 - name: remove unmanaged dirs in /var/ansible/ansible/group_files
167   file:
168     path: "/var/ansible/ansible/group_files/{{item}}"
169     state: absent
170   with_items: "{{contents.stdout_lines}}"
171   when: item != "all" and item != group_files_group
172   tags: "ansible-sync"
173
174
175 - name: create ansible host_files-dir
176   file:
177     path: "/var/ansible/ansible/host_files"
178     state: directory
179     mode: "u+rwX,go-rwx"
180     owner: "ansible"
181     group: "root"
182   tags: "ansible-sync"
183
184
185 - name: synchronize host's host_files-dir
186   synchronize:
187     src: "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/"
188     dest: "/var/ansible/ansible/host_files/{{inventory_hostname}}/"
189     delete: yes
190     checksum: yes
191     recursive: yes
192     archive: no
193   ignore_errors: yes
194   tags: "ansible-sync"
195
196
197 - name: create ansible host_playbooks-dir
198   file:
199     path: "/var/ansible/ansible/host_playbooks"
200     state: directory
201     mode: "u+rwX,go-rwx"
202     owner: "ansible"
203     group: "root"
204   tags: "ansible-sync"
205
206
207 - name: copy host's playbook
208   copy:
209     src: "{{lookup('env','PWD')}}/host_playbooks/{{inventory_hostname}}.yml"
210     dest: "/var/ansible/ansible/host_playbooks/{{inventory_hostname}}.yml"
211     mode: 0600
212     owner: "ansible"
213     group: "root"
214   tags: "ansible-sync"
215
216
217 - name: create ansible host_vars-dir
218   file:
219     path: "/var/ansible/ansible/host_vars"
220     state: directory
221     mode: "u+rwX,go-rwx"
222     owner: "ansible"
223     group: "root"
224   tags: "ansible-sync"
225
226
227 - name: synchronize host's host_vars dir
228   synchronize:
229     src: "{{lookup('env','PWD')}}/host_vars/{{inventory_hostname}}"
230     dest: "/var/ansible/ansible/host_vars/{{inventory_hostname}}"
231     delete: yes
232     checksum: yes
233     recursive: yes
234     archive: no
235   ignore_errors: yes
236   tags: "ansible-sync"
237
238
239 # Make the site consist of only the host's playbook
240 - name: ensure ansible.inventory exists
241   copy:
242     content: "#AUTOGENERATED\n---\n- import_playbook: host_playbooks/{{inventory_hostname}}.yml\n"
243     dest: "/var/ansible/ansible/site.yml"
244     force: yes
245     mode: 0600
246     owner: "ansible"
247     group: "root"
248   tags: "ansible-sync"
249
250
251 # Make the loopback connection run as "local"
252 - name: ensure ansible.inventory exists
253   copy:
254     content: "#AUTOGENERATED\n\n{% for grp in group_names %}[{{grp}}]\n{{inventory_hostname}} ansible_connection=\"local\" ansible_setup=\"False\" run_is_ansible_autoselfheal=\"True\" group_files_group=\"{{group_files_group}}\"\n\n{% endfor %}"
255     dest: "/var/ansible/ansible/ansible.inventory"
256     mode: 0600
257     owner: "ansible"
258     group: "root"
259   tags: "ansible-sync"
260
261
262 - name: fix "ansible_autoselfheal" workdir permissions.
263   file:
264     path: "/var/ansible/ansible"
265     state: directory
266     recurse: yes
267     mode: "u+rwX,go-rwx"
268     owner: "ansible"
269     group: "root"
270   tags: "ansible-sync"
271
272
273 - name: copy ansible_autoselfheal.service to /etc/systemd/system/
274   copy:
275     src: "{{item}}"
276     dest: "/etc/systemd/system/ansible_autoselfheal.service"
277     mode: 0644
278     owner: "root"
279     group: "root"
280   with_first_found:
281     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.service"
282     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.service"
283     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.service"
284     - "default/ansible_autoselfheal.service"
285
286
287 - name: copy ansible_autoselfheal.timer to /etc/systemd/system/
288   copy:
289     src: "{{item}}"
290     dest: "/etc/systemd/system/ansible_autoselfheal.timer"
291     mode: 0644
292     owner: "root"
293     group: "root"
294   with_first_found:
295     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.timer"
296     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.timer"
297     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.timer"
298     - "default/ansible_autoselfheal.timer"
299
300
301 - name: enable and start ansible_autoselfheal.timer
302   include_role: name="base/systemd/enable-and-start"
303   vars:
304     service_name: ansible_autoselfheal.timer
305
306
307
308 #############################################
309 # update "ansible_autoselfheal" known_hosts #
310 #############################################
311 # TODO: maybe useless
312 - name: copy known_hosts
313   copy:
314     src: "{{item}}"
315     dest: "/var/ansible/.ssh/known_hosts"
316     mode: 0600
317     owner: "ansible"
318     group: "root"
319   with_first_found:
320     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/known_hosts"
321     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/known_hosts"
322     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/known_hosts"
323     - "default/known_hosts"
324   when: ansible_setup_autoselfheal_update_known_hosts | bool