[roles/base/ansible/autoselfheal] Setup automatic/periodic selfhealing

[root/pub/somesible.git] / roles / base / ansible / autoselfheal / tasks / main.yml

#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2025 by someone <someone@somenet.org>
#
# automatic/periodic self healing.
#
---
- name: install ansible
  apt:
    pkg:
    - ansible
    state: present
    policy_rc_d: 101
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


- name: copy ssh config
  copy:
    src: "{{ansible_setup_autoselfheal_ssh_dir_location}}/.ssh/config"
    dest: "/var/ansible/.ssh/config"
    mode: 0600
    owner: "ansible"
    group: "root"


- name: copy somesibleupdater private key
  copy:
    src: "{{ansible_setup_autoselfheal_ssh_dir_location}}/.ssh/key"
    dest: "/var/ansible/.ssh/somesible_autoupdater_key"
    mode: 0600
    owner: "ansible"
    group: "root"


- name: ensure ansible_autoselfheal.log exists
  copy:
    content: ""
    dest: "/var/log/ansible_autoselfheal.log"
    force: no
    mode: 0640
    owner: "ansible"
    group: "root"


- name: create logrotate entry for ansible_autoselfheal.log
  copy:
    src: "{{item}}"
    dest: "/etc/logrotate.d/ansible_autoselfheal"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.logrotate"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.logrotate"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.logrotate"
    - "default/ansible_autoselfheal.logrotate"


- name: remove "ansible_autoselfheal" workdir to force re-creation.
  file:
    path: "/var/ansible/ansible"
    state: absent
  when: ansible_setup_reset | bool


- name: create "ansible_autoselfheal" workdir and set permissions
  file:
    path: "/var/ansible/ansible"
    state: directory
    mode: "u+rwX,go-rwx"
    owner: "ansible"
    group: "root"


- name: copy run_somesible.sh script from "{{lookup('env','PWD')}}"
  copy:
    src: "{{lookup('env','PWD')}}/run_somesible.sh"
    dest: "/var/ansible/ansible/run_somesible.sh"
    mode: 0700
    owner: "ansible"
    group: "root"


- name: create group_vars-dir
  file:
    path: "/var/ansible/ansible/group_vars"
    state: directory
    mode: "u+rwX,go-rwx"
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


- name: copy the group vars of groups the host is in
  copy:
    src: "{{lookup('env','PWD')}}/group_vars/{{item}}.yml"
    dest: "/var/ansible/ansible/group_vars/{{item}}.yml"
    mode: 0600
    owner: "ansible"
    group: "root"
  with_items: "{{group_names + ['all']}}"
  ignore_errors: yes
  tags: "ansible-sync"


- name: list files in /var/ansible/ansible/group_vars
  shell: "ls -1 /var/ansible/ansible/group_vars"
  register: contents
  tags: "ansible-sync"
  changed_when: False


- name: remove unmanaged files in /var/ansible/ansible/group_vars
  file:
    path: "/var/ansible/ansible/group_vars/{{item}}"
    state: absent
  with_items: "{{contents.stdout_lines}}"
  when: item|regex_replace('^(.*)\\.yml$', '\\1') not in (group_names+['all'])
  tags: "ansible-sync"


- name: create group_files/all-dir
  file:
    path: "/var/ansible/ansible/group_files/all"
    state: directory
    mode: "u+rwX,go-rwx"
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


- name: synchronize group_files/all-dir
  synchronize:
    src: "{{lookup('env','PWD')}}/group_files/all/"
    dest: "/var/ansible/ansible/group_files/all/"
    delete: yes
    checksum: yes
    recursive: yes
    archive: no
  ignore_errors: yes
  tags: "ansible-sync"


- name: synchronize group_files/{{group_files_group}}-dir
  synchronize:
    src: "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/"
    dest: "/var/ansible/ansible/group_files/{{group_files_group}}/"
    delete: yes
    checksum: yes
    recursive: yes
    archive: no
  when: group_files_group != "all"
  ignore_errors: yes
  tags: "ansible-sync"


- name: list dirs in /var/ansible/ansible/group_files
  shell: "ls -1 /var/ansible/ansible/group_files"
  register: contents
  tags: "ansible-sync"
  changed_when: False


- name: remove unmanaged dirs in /var/ansible/ansible/group_files
  file:
    path: "/var/ansible/ansible/group_files/{{item}}"
    state: absent
  with_items: "{{contents.stdout_lines}}"
  when: item != "all" and item != group_files_group
  tags: "ansible-sync"


- name: create ansible host_files-dir
  file:
    path: "/var/ansible/ansible/host_files"
    state: directory
    mode: "u+rwX,go-rwx"
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


- name: synchronize host's host_files-dir
  synchronize:
    src: "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/"
    dest: "/var/ansible/ansible/host_files/{{inventory_hostname}}/"
    delete: yes
    checksum: yes
    recursive: yes
    archive: no
  ignore_errors: yes
  tags: "ansible-sync"


- name: create ansible host_playbooks-dir
  file:
    path: "/var/ansible/ansible/host_playbooks"
    state: directory
    mode: "u+rwX,go-rwx"
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


- name: copy host's playbook
  copy:
    src: "{{lookup('env','PWD')}}/host_playbooks/{{inventory_hostname}}.yml"
    dest: "/var/ansible/ansible/host_playbooks/{{inventory_hostname}}.yml"
    mode: 0600
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


- name: create ansible host_vars-dir
  file:
    path: "/var/ansible/ansible/host_vars"
    state: directory
    mode: "u+rwX,go-rwx"
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


- name: synchronize host's host_vars dir
  synchronize:
    src: "{{lookup('env','PWD')}}/host_vars/{{inventory_hostname}}"
    dest: "/var/ansible/ansible/host_vars/{{inventory_hostname}}"
    delete: yes
    checksum: yes
    recursive: yes
    archive: no
  ignore_errors: yes
  tags: "ansible-sync"


# Make the site consist of only the host's playbook
- name: ensure ansible.inventory exists
  copy:
    content: "#AUTOGENERATED\n---\n- import_playbook: host_playbooks/{{inventory_hostname}}.yml\n"
    dest: "/var/ansible/ansible/site.yml"
    force: yes
    mode: 0600
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


# Make the loopback connection run as "local"
- name: ensure ansible.inventory exists
  copy:
    content: "#AUTOGENERATED\n\n{% for grp in group_names %}[{{grp}}]\n{{inventory_hostname}} ansible_connection=\"local\" ansible_setup=\"False\" run_is_ansible_autoselfheal=\"True\" group_files_group=\"{{group_files_group}}\"\n\n{% endfor %}"
    dest: "/var/ansible/ansible/ansible.inventory"
    mode: 0600
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


- name: fix "ansible_autoselfheal" workdir permissions.
  file:
    path: "/var/ansible/ansible"
    state: directory
    recurse: yes
    mode: "u+rwX,go-rwx"
    owner: "ansible"
    group: "root"
  tags: "ansible-sync"


- name: copy ansible_autoselfheal.service to /etc/systemd/system/
  copy:
    src: "{{item}}"
    dest: "/etc/systemd/system/ansible_autoselfheal.service"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.service"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.service"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.service"
    - "default/ansible_autoselfheal.service"


- name: copy ansible_autoselfheal.timer to /etc/systemd/system/
  copy:
    src: "{{item}}"
    dest: "/etc/systemd/system/ansible_autoselfheal.timer"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.timer"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.timer"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.timer"
    - "default/ansible_autoselfheal.timer"


- name: enable and start ansible_autoselfheal.timer
  include_role: name="base/systemd/enable-and-start"
  vars:
    service_name: ansible_autoselfheal.timer



#############################################
# update "ansible_autoselfheal" known_hosts #
#############################################
# TODO: maybe useless
- name: copy known_hosts
  copy:
    src: "{{item}}"
    dest: "/var/ansible/.ssh/known_hosts"
    mode: 0600
    owner: "ansible"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/known_hosts"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/known_hosts"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/known_hosts"
    - "default/known_hosts"
  when: ansible_setup_autoselfheal_update_known_hosts | bool