Remove the shit out of ansible-pull
This commit is contained in:
parent
99845033f1
commit
b780551d1d
@ -196,13 +196,6 @@
|
||||
command: check_by_ssh!/usr/local/bin/monitoring-scripts/check_systemd_unit pvestatd.service
|
||||
hostgroup: role-hypervisor
|
||||
# Tag-specific checks
|
||||
# ansible-pull
|
||||
- name: Unit ansible-pull.service
|
||||
command: check_by_ssh!/usr/local/bin/monitoring-scripts/check_systemd_unit ansible-pull.service
|
||||
hostgroup: tag-ansible-pull
|
||||
- name: Unit ansible-pull.timer
|
||||
command: check_by_ssh!/usr/local/bin/monitoring-scripts/check_systemd_unit ansible-pull.timer
|
||||
hostgroup: tag-ansible-pull
|
||||
# docker
|
||||
- name: Unit docker.service
|
||||
command: check_by_ssh!/usr/local/bin/monitoring-scripts/check_systemd_unit docker.service
|
||||
|
@ -3,4 +3,3 @@
|
||||
---
|
||||
# Supplementary tags
|
||||
- import_playbook: tags_ansible.yml
|
||||
- import_playbook: tags_ansible-pull.yml
|
||||
|
@ -1,27 +0,0 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
- hosts: tags_ansible-pull
|
||||
gather_facts: no
|
||||
roles:
|
||||
- role: ansible-pull
|
||||
vars:
|
||||
ansible_pull_repo: "https://git.desu.ltd/salt/ansible"
|
||||
ansible_pull_commit: master
|
||||
tags: [ ansible ]
|
||||
- role: git
|
||||
vars:
|
||||
git_repos:
|
||||
- repo: "{{ ansible_pull_repo }}"
|
||||
dest: /etc/ansible
|
||||
tags: [ ansible ]
|
||||
- hosts: all
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: disable ansible-pull when not tagged
|
||||
ansible.builtin.systemd: name={{ item }} state=stopped enabled=no
|
||||
with_items:
|
||||
- ansible-pull.timer
|
||||
- ansible-pull.service
|
||||
when: "'tags_ansible-pull' not in group_names and item in services"
|
||||
tags: [ ansible ]
|
@ -1,3 +0,0 @@
|
||||
# ansible-pull
|
||||
|
||||
This role configures and enables a period `ansible-pull` task through systemd, allowing for machines to ensure proper configuration periodically and of their own volition.
|
@ -1,6 +0,0 @@
|
||||
# vim:ft=ansible:
|
||||
ansible_pull_boot_delay: 15min
|
||||
ansible_pull_commit: master
|
||||
ansible_pull_time: "*-*-* 01:00:00"
|
||||
ansible_pull_playbook: pull.yml
|
||||
ansible_pull_skip_tags: "skip-pull"
|
@ -1,6 +0,0 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31383561303637303735386663306631333063623336643030643634333262336664363461613239
|
||||
6230623439393465656161663432393732633662383833640a373433343236353835363130653937
|
||||
31346233663237383666306536633962613534623735366531666561656335393964316230633161
|
||||
3930636537313364380a376432363431346636363565383734613638316161643036623636656532
|
||||
66333038393738663464343534633766643734393165626538633962376161376262
|
@ -1,5 +0,0 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
- name: restart ansiblepull timer
|
||||
ansible.builtin.systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started
|
||||
become: yes
|
@ -1,5 +0,0 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
dependencies:
|
||||
- role: ansible
|
@ -1,15 +0,0 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
- name: assure vault password file
|
||||
ansible.builtin.copy: src=vaultpass dest="~/ansiblevaultpass" mode="0600"
|
||||
become: yes
|
||||
become_user: ansible
|
||||
- name: install ansible
|
||||
ansible.builtin.pip: name=ansible<5,ansible-lint state=latest
|
||||
- name: configure systemd service
|
||||
ansible.builtin.template: src=ansible-pull.service dest=/etc/systemd/system/ansible-pull.service mode=0644
|
||||
- name: configure systemd timer
|
||||
ansible.builtin.template: src=ansible-pull.timer dest=/etc/systemd/system/ansible-pull.timer mode=0644
|
||||
notify: restart ansiblepull timer
|
||||
- name: enable timer
|
||||
ansible.builtin.systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started
|
@ -1,19 +0,0 @@
|
||||
# vim:ft=dosini:
|
||||
[Unit]
|
||||
Description=Ansible pull service
|
||||
StartLimitIntervalSec=3600
|
||||
StartLimitBurst=5
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
User=ansible
|
||||
Group=ansible
|
||||
Type=oneshot
|
||||
Environment=ANSIBLE_CONFIG=~/ansible-pull-repo/ansible-pull.cfg
|
||||
ExecStart=ansible-pull --accept-host-key -U "{{ ansible_pull_repo }}" -C "{{ ansible_pull_commit }}" -d "~/ansible-pull-repo" --vault-password-file "~/ansiblevaultpass" "{{ ansible_pull_playbook }}" --skip-tags "{{ ansible_pull_skip_tags }}"
|
||||
Restart=on-failure
|
||||
RestartSec=90
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,11 +0,0 @@
|
||||
# vim:ft=dosini:
|
||||
[Unit]
|
||||
Description=Ansible pull timer
|
||||
|
||||
[Timer]
|
||||
Persistent=true
|
||||
OnBootSec={{ ansible_pull_boot_delay }}
|
||||
OnCalendar={{ ansible_pull_time }}
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
@ -21,7 +21,6 @@ motd_remove_extra: []
|
||||
# Services to monitor with our script
|
||||
# Units that can't be found will be skipped
|
||||
motd_watch_services:
|
||||
- ansible-pull
|
||||
- backup
|
||||
motd_watch_services_extra: []
|
||||
# Docker images to look for. Matches a simple glob (*{{ item }}*)
|
||||
|
Loading…
x
Reference in New Issue
Block a user