Work on switching to ansible in pull mode
This commit is contained in:
parent
2076233acf
commit
27e6cadb9a
7
ansible-pull.cfg
Normal file
7
ansible-pull.cfg
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
[defaults]
|
||||||
|
inventory = inventory
|
||||||
|
deprecation_warnings = false
|
||||||
|
ask_become_pass = false
|
||||||
|
ask_vault_pass = false
|
||||||
|
pipelining = true
|
||||||
|
interpreter_python = python3
|
6
roles/ansible-pull/files/ansiblevaultpass
Normal file
6
roles/ansible-pull/files/ansiblevaultpass
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31383561303637303735386663306631333063623336643030643634333262336664363461613239
|
||||||
|
6230623439393465656161663432393732633662383833640a373433343236353835363130653937
|
||||||
|
31346233663237383666306536633962613534623735366531666561656335393964316230633161
|
||||||
|
3930636537313364380a376432363431346636363565383734613638316161643036623636656532
|
||||||
|
66333038393738663464343534633766643734393165626538633962376161376262
|
27
roles/ansible-pull/tasks/main.yml
Normal file
27
roles/ansible-pull/tasks/main.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/usr/bin/ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
---
|
||||||
|
- name: Set up ansible-pull
|
||||||
|
block:
|
||||||
|
- name: Copy Ansible password file
|
||||||
|
copy:
|
||||||
|
src: ansiblevaultpass
|
||||||
|
dest: ~/ansiblevaultpass
|
||||||
|
mode: "0600"
|
||||||
|
become: yes
|
||||||
|
become_user: ansible
|
||||||
|
- name: Template out services
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
|
loop:
|
||||||
|
- { src: "ansible-pull.service", dest: "/etc/systemd/system/ansible-pull.service", mode: "0644" }
|
||||||
|
- { src: "ansible-pull.timer", dest: "/etc/systemd/system/ansible-pull.timer", mode: "0644" }
|
||||||
|
- name: Enable timer
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
name: ansible-pull.timer
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
become: yes
|
14
roles/ansible-pull/templates/ansible-pull.service
Normal file
14
roles/ansible-pull/templates/ansible-pull.service
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# vim:ft=dosini:
|
||||||
|
[Unit]
|
||||||
|
Description=Ansible pull service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=ansible
|
||||||
|
Group=ansible
|
||||||
|
# Forking and not oneshot here because we don't want it stuck in the Activating state forever
|
||||||
|
Type=forking
|
||||||
|
Environment=ANSIBLE_CONFIG=~/ansible-pull-repo/ansible-pull.cfg
|
||||||
|
ExecStart=ansible-pull --tags pull --accept-host-key -U "https://git.9iron.club/salt/ansible" -d "~/ansible-pull-repo" --vault-password-file "~/ansiblevaultpass" site.yml
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
11
roles/ansible-pull/templates/ansible-pull.timer
Normal file
11
roles/ansible-pull/templates/ansible-pull.timer
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# vim:ft=dosini:
|
||||||
|
[Unit]
|
||||||
|
Description=Ansible pull timer
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
Persistent=true
|
||||||
|
OnBootSec=15min
|
||||||
|
OnUnitActiveSec=4h
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
|
@ -19,4 +19,5 @@
|
||||||
hour: "*/12"
|
hour: "*/12"
|
||||||
name: ansible-pull
|
name: ansible-pull
|
||||||
job: "cd /opt/ansible-repo && ANSIBLE_CONFIG=/opt/ansible-repo/ansiblehost-config.cfg HOME=/root /usr/local/bin/ansible-playbook \"{{ pullplaybook }}\" --vault-password-file /root/ansiblevaultpass > /var/log/ansible-pull.log 2>&1"
|
job: "cd /opt/ansible-repo && ANSIBLE_CONFIG=/opt/ansible-repo/ansiblehost-config.cfg HOME=/root /usr/local/bin/ansible-playbook \"{{ pullplaybook }}\" --vault-password-file /root/ansiblevaultpass > /var/log/ansible-pull.log 2>&1"
|
||||||
|
disabled: yes
|
||||||
become: true
|
become: true
|
||||||
|
|
Loading…
Reference in New Issue
Block a user