Work on switching to ansible in pull mode

2020-06-17 08:52:28 -05:00 · 2020-06-17 08:52:28 -05:00 · 27e6cadb9a
commit 27e6cadb9a
parent 2076233acf
7 changed files with 68 additions and 0 deletions
--- a/ansible-pull.cfg
+++ b/ansible-pull.cfg
@ -0,0 +1,7 @@
+[defaults]
+inventory = inventory
+deprecation_warnings = false
+ask_become_pass = false
+ask_vault_pass = false
+pipelining = true
+interpreter_python = python3
--- a/roles/ansible-pull/files/ansiblevaultpass
+++ b/roles/ansible-pull/files/ansiblevaultpass
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+31383561303637303735386663306631333063623336643030643634333262336664363461613239
+6230623439393465656161663432393732633662383833640a373433343236353835363130653937
+31346233663237383666306536633962613534623735366531666561656335393964316230633161
+3930636537313364380a376432363431346636363565383734613638316161643036623636656532
+66333038393738663464343534633766643734393165626538633962376161376262
--- a/roles/ansible-pull/tasks/main.yml
+++ b/roles/ansible-pull/tasks/main.yml
@ -0,0 +1,27 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Set up ansible-pull
+  block:
+    - name: Copy Ansible password file
+      copy:
+        src: ansiblevaultpass
+        dest: ~/ansiblevaultpass
+        mode: "0600"
+      become: yes
+      become_user: ansible
+    - name: Template out services
+      template:
+        src: "{{ item.src }}"
+        dest: "{{ item.dest }}"
+        mode: "{{ item.mode }}"
+      loop:
+        - { src: "ansible-pull.service", dest: "/etc/systemd/system/ansible-pull.service", mode: "0644" }
+        - { src: "ansible-pull.timer", dest: "/etc/systemd/system/ansible-pull.timer", mode: "0644" }
+    - name: Enable timer
+      systemd:
+        daemon_reload: yes
+        name: ansible-pull.timer
+        enabled: yes
+        state: started
+  become: yes
--- a/roles/ansible-pull/templates/ansible-pull.service
+++ b/roles/ansible-pull/templates/ansible-pull.service
@ -0,0 +1,14 @@
+# vim:ft=dosini:
+[Unit]
+Description=Ansible pull service
+
+[Service]
+User=ansible
+Group=ansible
+# Forking and not oneshot here because we don't want it stuck in the Activating state forever
+Type=forking
+Environment=ANSIBLE_CONFIG=~/ansible-pull-repo/ansible-pull.cfg
+ExecStart=ansible-pull --tags pull --accept-host-key -U "https://git.9iron.club/salt/ansible" -d "~/ansible-pull-repo" --vault-password-file "~/ansiblevaultpass" site.yml
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/ansible-pull/templates/ansible-pull.timer
+++ b/roles/ansible-pull/templates/ansible-pull.timer
@ -0,0 +1,11 @@
+# vim:ft=dosini:
+[Unit]
+Description=Ansible pull timer
+
+[Timer]
+Persistent=true
+OnBootSec=15min
+OnUnitActiveSec=4h
+
+[Install]
+WantedBy=timers.target
--- a/roles/ansiblehost/tasks/main.yml
+++ b/roles/ansiblehost/tasks/main.yml
@ -19,4 +19,5 @@
      hour: "*/12"
      name: ansible-pull
      job: "cd /opt/ansible-repo && ANSIBLE_CONFIG=/opt/ansible-repo/ansiblehost-config.cfg HOME=/root /usr/local/bin/ansible-playbook \"{{ pullplaybook }}\" --vault-password-file /root/ansiblevaultpass > /var/log/ansible-pull.log 2>&1"
+      disabled: yes
  become: true
--- a/site.yml
+++ b/site.yml
@ -3,6 +3,8 @@
 ---
 - hosts: all
  roles:
+    - role: ansible-pull
+      tags: [ common ]
    - role: common
      tags: [ common ]
    - role: zerotier