#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2025 by someone <someone@somenet.org>
#
# automatic/periodic self healing.
#
---
- name: install ansible
apt:
pkg:
- ansible
state: present
policy_rc_d: 101
tags: "online"
ignore_errors: "{{ignore_online_errors | bool}}"
- name: copy ssh config
copy:
src: "{{ansible_setup_autoselfheal_ssh_dir_location}}/.ssh/config"
dest: "/var/ansible/.ssh/config"
mode: 0600
owner: "ansible"
group: "root"
- name: copy somesibleupdater private key
copy:
src: "{{ansible_setup_autoselfheal_ssh_dir_location}}/.ssh/key"
dest: "/var/ansible/.ssh/somesible_autoupdater_key"
mode: 0600
owner: "ansible"
group: "root"
- name: ensure ansible_autoselfheal.log exists
copy:
content: ""
dest: "/var/log/ansible_autoselfheal.log"
force: no
mode: 0640
owner: "ansible"
group: "root"
- name: create logrotate entry for ansible_autoselfheal.log
copy:
src: "{{item}}"
dest: "/etc/logrotate.d/ansible_autoselfheal"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.logrotate"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.logrotate"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.logrotate"
- "default/ansible_autoselfheal.logrotate"
- name: remove "ansible_autoselfheal" workdir to force re-creation.
file:
path: "/var/ansible/ansible"
state: absent
when: ansible_setup_reset | bool
- name: create "ansible_autoselfheal" workdir and set permissions
file:
path: "/var/ansible/ansible"
state: directory
mode: "u+rwX,go-rwx"
owner: "ansible"
group: "root"
- name: copy run_somesible.sh script from "{{lookup('env','PWD')}}"
copy:
src: "{{lookup('env','PWD')}}/run_somesible.sh"
dest: "/var/ansible/ansible/run_somesible.sh"
mode: 0700
owner: "ansible"
group: "root"
- name: create group_vars-dir
file:
path: "/var/ansible/ansible/group_vars"
state: directory
mode: "u+rwX,go-rwx"
owner: "ansible"
group: "root"
tags: "ansible-sync"
- name: copy the group vars of groups the host is in
copy:
src: "{{lookup('env','PWD')}}/group_vars/{{item}}.yml"
dest: "/var/ansible/ansible/group_vars/{{item}}.yml"
mode: 0600
owner: "ansible"
group: "root"
with_items: "{{group_names + ['all']}}"
ignore_errors: yes
tags: "ansible-sync"
- name: list files in /var/ansible/ansible/group_vars
shell: "ls -1 /var/ansible/ansible/group_vars"
register: contents
tags: "ansible-sync"
changed_when: False
- name: remove unmanaged files in /var/ansible/ansible/group_vars
file:
path: "/var/ansible/ansible/group_vars/{{item}}"
state: absent
with_items: "{{contents.stdout_lines}}"
when: item|regex_replace('^(.*)\\.yml$', '\\1') not in (group_names+['all'])
tags: "ansible-sync"
- name: create group_files/all-dir
file:
path: "/var/ansible/ansible/group_files/all"
state: directory
mode: "u+rwX,go-rwx"
owner: "ansible"
group: "root"
tags: "ansible-sync"
- name: synchronize group_files/all-dir
synchronize:
src: "{{lookup('env','PWD')}}/group_files/all/"
dest: "/var/ansible/ansible/group_files/all/"
delete: yes
checksum: yes
recursive: yes
archive: no
ignore_errors: yes
tags: "ansible-sync"
- name: synchronize group_files/{{group_files_group}}-dir
synchronize:
src: "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/"
dest: "/var/ansible/ansible/group_files/{{group_files_group}}/"
delete: yes
checksum: yes
recursive: yes
archive: no
when: group_files_group != "all"
tags: "ansible-sync"
- name: list dirs in /var/ansible/ansible/group_files
shell: "ls -1 /var/ansible/ansible/group_files"
register: contents
tags: "ansible-sync"
changed_when: False
- name: remove unmanaged dirs in /var/ansible/ansible/group_files
file:
path: "/var/ansible/ansible/group_files/{{item}}"
state: absent
with_items: "{{contents.stdout_lines}}"
when: item != "all" and item != group_files_group
tags: "ansible-sync"
- name: create ansible host_files-dir
file:
path: "/var/ansible/ansible/host_files"
state: directory
mode: "u+rwX,go-rwx"
owner: "ansible"
group: "root"
tags: "ansible-sync"
- name: synchronize host's host_files-dir
synchronize:
src: "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/"
dest: "/var/ansible/ansible/host_files/{{inventory_hostname}}/"
delete: yes
checksum: yes
recursive: yes
archive: no
ignore_errors: yes
tags: "ansible-sync"
- name: create ansible host_playbooks-dir
file:
path: "/var/ansible/ansible/host_playbooks"
state: directory
mode: "u+rwX,go-rwx"
owner: "ansible"
group: "root"
tags: "ansible-sync"
- name: copy host's playbook
copy:
src: "{{lookup('env','PWD')}}/host_playbooks/{{inventory_hostname}}.yml"
dest: "/var/ansible/ansible/host_playbooks/{{inventory_hostname}}.yml"
mode: 0600
owner: "ansible"
group: "root"
tags: "ansible-sync"
- name: create ansible host_vars-dir
file:
path: "/var/ansible/ansible/host_vars"
state: directory
mode: "u+rwX,go-rwx"
owner: "ansible"
group: "root"
tags: "ansible-sync"
- name: synchronize host's host_vars dir
synchronize:
src: "{{lookup('env','PWD')}}/host_vars/{{inventory_hostname}}"
dest: "/var/ansible/ansible/host_vars/{{inventory_hostname}}"
delete: yes
checksum: yes
recursive: yes
archive: no
ignore_errors: yes
tags: "ansible-sync"
# Make the site consist of only the host's playbook
- name: ensure ansible.inventory exists
copy:
content: "#AUTOGENERATED\n---\n- import_playbook: host_playbooks/{{inventory_hostname}}.yml\n"
dest: "/var/ansible/ansible/site.yml"
force: yes
mode: 0600
owner: "ansible"
group: "root"
tags: "ansible-sync"
# Make the loopback connection run as "local"
- name: ensure ansible.inventory exists
copy:
content: "#AUTOGENERATED\n\n{% for grp in group_names %}[{{grp}}]\n{{inventory_hostname}} ansible_connection=\"local\" ansible_setup=\"False\" run_is_ansible_autoselfheal=\"True\" group_files_group=\"{{group_files_group}}\"\n\n{% endfor %}"
dest: "/var/ansible/ansible/ansible.inventory"
mode: 0600
owner: "ansible"
group: "root"
tags: "ansible-sync"
- name: fix "ansible_autoselfheal" workdir permissions.
file:
path: "/var/ansible/ansible"
state: directory
recurse: yes
mode: "u+rwX,go-rwx"
owner: "ansible"
group: "root"
tags: "ansible-sync"
- name: copy ansible_autoselfheal.service to /etc/systemd/system/
copy:
src: "{{item}}"
dest: "/etc/systemd/system/ansible_autoselfheal.service"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.service"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.service"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.service"
- "default/ansible_autoselfheal.service"
- name: copy ansible_autoselfheal.timer to /etc/systemd/system/
copy:
src: "{{item}}"
dest: "/etc/systemd/system/ansible_autoselfheal.timer"
mode: 0644
owner: "root"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ansible_autoselfheal.timer"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ansible_autoselfheal.timer"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ansible_autoselfheal.timer"
- "default/ansible_autoselfheal.timer"
- name: enable and start ansible_autoselfheal.timer
include_role: name="base/systemd/enable-and-start"
vars:
service_name: ansible_autoselfheal.timer
#############################################
# update "ansible_autoselfheal" known_hosts #
#############################################
# TODO: maybe useless
- name: copy known_hosts
copy:
src: "{{item}}"
dest: "/var/ansible/.ssh/known_hosts"
mode: 0600
owner: "ansible"
group: "root"
with_first_found:
- "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/known_hosts"
- "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/known_hosts"
- "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/known_hosts"
- "default/known_hosts"
when: ansible_setup_autoselfheal_update_known_hosts | bool