##################################### ### someone's ansible provisioner ### ##################################### # Part of: https://git.somenet.org/root/pub/somesible.git # 2017-2025 by someone # # automatic/periodic self healing. # --- - name: install ansible apt: pkg: - ansible state: present policy_rc_d: 101 tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" - name: copy ssh config copy: src: "{{ansible_setup_autoselfheal_ssh_dir_location}}/.ssh/config" dest: "/var/ansible/.ssh/config" mode: 0600 owner: "ansible" group: "root" - name: copy somesibleupdater private key copy: src: "{{ansible_setup_autoselfheal_ssh_dir_location}}/.ssh/key" dest: "/var/ansible/.ssh/somesible_autoupdater_key" mode: 0600 owner: "ansible" group: "root" - name: ensure ansible_autoselfheal.log exists copy: content: "" dest: "/var/log/ansible_autoselfheal.log" force: no mode: 0640 owner: "ansible" group: "root" - name: create logrotate entry for ansible_autoselfheal.log copy: src: "{{item}}" dest: "/etc/logrotate.d/ansible_autoselfheal" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.logrotate" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.logrotate" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.logrotate" - "default/ansible_autoselfheal.logrotate" - name: remove "ansible_autoselfheal" workdir to force re-creation. file: path: "/var/ansible/ansible" state: absent when: ansible_setup_reset | bool - name: create "ansible_autoselfheal" workdir and set permissions file: path: "/var/ansible/ansible" state: directory mode: "u+rwX,go-rwx" owner: "ansible" group: "root" - name: copy run_somesible.sh script from "{{lookup('env','PWD')}}" copy: src: "{{lookup('env','PWD')}}/run_somesible.sh" dest: "/var/ansible/ansible/run_somesible.sh" mode: 0700 owner: "ansible" group: "root" - name: create group_vars-dir file: path: "/var/ansible/ansible/group_vars" state: directory mode: "u+rwX,go-rwx" owner: "ansible" group: "root" tags: "ansible-sync" - name: copy the group vars of groups the host is in copy: src: "{{lookup('env','PWD')}}/group_vars/{{item}}.yml" dest: "/var/ansible/ansible/group_vars/{{item}}.yml" mode: 0600 owner: "ansible" group: "root" with_items: "{{group_names + ['all']}}" ignore_errors: yes tags: "ansible-sync" - name: list files in /var/ansible/ansible/group_vars shell: "ls -1 /var/ansible/ansible/group_vars" register: contents tags: "ansible-sync" changed_when: False - name: remove unmanaged files in /var/ansible/ansible/group_vars file: path: "/var/ansible/ansible/group_vars/{{item}}" state: absent with_items: "{{contents.stdout_lines}}" when: item|regex_replace('^(.*)\\.yml$', '\\1') not in (group_names+['all']) tags: "ansible-sync" - name: create group_files/all-dir file: path: "/var/ansible/ansible/group_files/all" state: directory mode: "u+rwX,go-rwx" owner: "ansible" group: "root" tags: "ansible-sync" - name: synchronize group_files/all-dir synchronize: src: "{{lookup('env','PWD')}}/group_files/all/" dest: "/var/ansible/ansible/group_files/all/" delete: yes checksum: yes recursive: yes archive: no ignore_errors: yes tags: "ansible-sync" - name: synchronize group_files/{{group_files_group}}-dir synchronize: src: "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/" dest: "/var/ansible/ansible/group_files/{{group_files_group}}/" delete: yes checksum: yes recursive: yes archive: no when: group_files_group != "all" tags: "ansible-sync" - name: list dirs in /var/ansible/ansible/group_files shell: "ls -1 /var/ansible/ansible/group_files" register: contents tags: "ansible-sync" changed_when: False - name: remove unmanaged dirs in /var/ansible/ansible/group_files file: path: "/var/ansible/ansible/group_files/{{item}}" state: absent with_items: "{{contents.stdout_lines}}" when: item != "all" and item != group_files_group tags: "ansible-sync" - name: create ansible host_files-dir file: path: "/var/ansible/ansible/host_files" state: directory mode: "u+rwX,go-rwx" owner: "ansible" group: "root" tags: "ansible-sync" - name: synchronize host's host_files-dir synchronize: src: "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/" dest: "/var/ansible/ansible/host_files/{{inventory_hostname}}/" delete: yes checksum: yes recursive: yes archive: no ignore_errors: yes tags: "ansible-sync" - name: create ansible host_playbooks-dir file: path: "/var/ansible/ansible/host_playbooks" state: directory mode: "u+rwX,go-rwx" owner: "ansible" group: "root" tags: "ansible-sync" - name: copy host's playbook copy: src: "{{lookup('env','PWD')}}/host_playbooks/{{inventory_hostname}}.yml" dest: "/var/ansible/ansible/host_playbooks/{{inventory_hostname}}.yml" mode: 0600 owner: "ansible" group: "root" tags: "ansible-sync" - name: create ansible host_vars-dir file: path: "/var/ansible/ansible/host_vars" state: directory mode: "u+rwX,go-rwx" owner: "ansible" group: "root" tags: "ansible-sync" - name: synchronize host's host_vars dir synchronize: src: "{{lookup('env','PWD')}}/host_vars/{{inventory_hostname}}" dest: "/var/ansible/ansible/host_vars/{{inventory_hostname}}" delete: yes checksum: yes recursive: yes archive: no ignore_errors: yes tags: "ansible-sync" # Make the site consist of only the host's playbook - name: ensure ansible.inventory exists copy: content: "#AUTOGENERATED\n---\n- import_playbook: host_playbooks/{{inventory_hostname}}.yml\n" dest: "/var/ansible/ansible/site.yml" force: yes mode: 0600 owner: "ansible" group: "root" tags: "ansible-sync" # Make the loopback connection run as "local" - name: ensure ansible.inventory exists copy: content: "#AUTOGENERATED\n\n{% for grp in group_names %}[{{grp}}]\n{{inventory_hostname}} ansible_connection=\"local\" ansible_setup=\"False\" run_is_ansible_autoselfheal=\"True\" group_files_group=\"{{group_files_group}}\"\n\n{% endfor %}" dest: "/var/ansible/ansible/ansible.inventory" mode: 0600 owner: "ansible" group: "root" tags: "ansible-sync" - name: fix "ansible_autoselfheal" workdir permissions. file: path: "/var/ansible/ansible" state: directory recurse: yes mode: "u+rwX,go-rwx" owner: "ansible" group: "root" tags: "ansible-sync" - name: copy ansible_autoselfheal.service to /etc/systemd/system/ copy: src: "{{item}}" dest: "/etc/systemd/system/ansible_autoselfheal.service" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.service" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.service" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.service" - "default/ansible_autoselfheal.service" - name: copy ansible_autoselfheal.timer to /etc/systemd/system/ copy: src: "{{item}}" dest: "/etc/systemd/system/ansible_autoselfheal.timer" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.timer" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.timer" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.timer" - "default/ansible_autoselfheal.timer" - name: enable and start ansible_autoselfheal.timer include_role: name="base/systemd/enable-and-start" vars: service_name: ansible_autoselfheal.timer ############################################# # update "ansible_autoselfheal" known_hosts # ############################################# # TODO: maybe useless - name: copy known_hosts copy: src: "{{item}}" dest: "/var/ansible/.ssh/known_hosts" mode: 0600 owner: "ansible" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/known_hosts" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/known_hosts" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/known_hosts" - "default/known_hosts" when: ansible_setup_autoselfheal_update_known_hosts | bool