Update to 2020-05-18 19:00

roles/backup/tasks/main.yml

@@ -47,7 +47,7 @@
   copy:
     content: "{{ item.content }}"
     dest: /etc/backup/{{ item.type }}.d/default
-    mode: 755
+    mode: 0755
   loop:
     - type: pre
       content: "{{ backup_pre_script }}"

roles/timers/README.md

@@ -0,0 +1,21 @@
+# timers
+
+This roles manage systemd timers, to execute commands at regular interval.
+Just define the timers you want at the host, or group level, like :
+
+```
+system_timers:
+  - id: db-janitor     # Just an identifier for the task
+    calendar: '*:0/30' # See man systemd.timer for examples
+    max_duration: 1h   # Max duration of the task. Will be terminated if it takes longer
+    command: |
+      #!/bin/bash
+      psql -U postgres -d reports -w << _EOF
+        delete from audit where time < now()-'7 day'::interval;
+      _EOF
+  - id: logrotate
+    calendar: daily
+    command: logrotate -f /etc/logrotate.d/myservice.conf
+```
+
+Look at the defaults/main.yml file for more info

roles/timers/defaults/main.yml

@@ -0,0 +1,37 @@
+---
+
+system_timers_base: []
+system_timers_extra: []
+system_timers: "{{ system_timers_base + system_timers_extra }}"
+
+# Default settings, if not specified for a timer
+system_timer_defaults:
+  description: System timer managed by ansible
+  calendar: daily
+  persistent: False
+  enabled: True
+  user: root
+  max_duration: infinity
+
+# Define systemd timers
+# system_timers:
+#   - id: vaccuum-db
+#     calendar: weekly
+#     enabled: True
+#     user: postgres
+#     command: |
+#       #!/bin/bash -e
+#       start=`date +%s`
+#       echo "Start purging data older than ${RETENTION_TIME_IN_DAYS} days"
+#       psql -U postgres -d exchangeStatusDB << EOF
+#         delete
+#         from tracking
+#         where timestamp < now()-'${RETENTION_TIME_IN_DAYS} day'::interval;
+#       EOF
+#       end=`date +%s`
+#       echo Purge ended and take `expr $end - $start` seconds.
+#
+#   - id: dump
+#     calendar: daily
+#     command: |
+#       mysqldump --all-databases > /opt/backup/mysql.sql

roles/timers/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: mkdir

roles/timers/tasks/facts.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Merge timer settings with defaults
+  set_fact: system_timers_conf={{ system_timers_conf | default([]) + [ system_timer_defaults | combine(item, recursive=True) ] }}
+  loop: "{{ system_timers }}"
+  tags: system,cron
+- set_fact: system_timers={{ system_timers_conf | default([]) }}
+  tags: system,cron
+
+- name: Build a list of managed timers
+  set_fact: system_timers_managed={{ system_timers | map(attribute='id') | list }}
+  tags: system,cron

roles/timers/tasks/install.yml

@@ -0,0 +1,94 @@
+---
+
+- name: Create script dir
+  file: path=/opt/ansible/timers state=directory
+  tags: system,cron
+
+- name: List unmanaged scripts
+  shell: find /opt/ansible/timers -maxdepth 1 -mindepth 1 -type f -exec basename "{}" \;
+  changed_when: False
+  register: system_timers_current_scripts
+  tags: system,cron
+
+- name: Remove unmanaged timer's scripts
+  file: path=/opt/ansible/timers/{{ item }} state=absent
+  when: item not in system_timers_managed
+  loop: "{{ system_timers_current_scripts.stdout_lines }}"
+  tags: system,cron
+
+- name: List unmanaged timers service unit
+  shell: find /etc/systemd/system -maxdepth 1 -mindepth 1 -type f -name timer-ansible-*.service -exec basename "{}" \; | perl -pe 's/timer\-ansible\-([\w\-_]+)\.service/$1/g'
+  changed_when: False
+  register: system_timers_current_service
+  tags: system,cron
+
+- name: Disable unmanaged timers
+  systemd: name=timer-ansible-{{ item }}.timer state=stopped enabled=False
+  when: item not in system_timers_managed
+  loop: "{{ system_timers_current_service.stdout_lines }}"
+  tags: system,cron
+
+- name: Remove unmanaged timers service unit
+  file: path=/etc/systemd/system/timer-ansible-{{ item.0 }}.{{ item.1 }} state=absent
+  when: item.0 not in system_timers_managed
+  with_nested:
+    - "{{ system_timers_current_service.stdout_lines }}"
+    - - service
+      - timer
+  tags: system,cron
+
+- name: Deploy scripts
+  copy:
+    content: |
+      {% if not item.command is search('^#!') %}
+      #!/bin/bash -e
+      {% endif %}
+      {{ item.command }}
+    dest: /opt/ansible/timers/{{ item.id }}
+    mode: 0700
+    owner: "{{ item.user }}"
+  loop: "{{ system_timers }}"
+  tags: system,cron
+
+- name: Deploy service units
+  copy:
+    content: |
+      [Unit]
+      Description={{ item.description }}
+
+      [Service]
+      Type=oneshot
+      PrivateTmp=yes
+      ExecStart=/opt/ansible/timers/{{ item.id }}
+      User={{ item.user }}
+      TimeoutSec={{ item.max_duration }}
+      StandardOutput=journal
+      StandardError=journal
+    dest: /etc/systemd/system/timer-ansible-{{ item.id }}.service
+  loop: "{{ system_timers }}"
+  tags: system,cron
+
+- name: Deploy timer units
+  copy:
+    content: |
+      [Unit]
+      Description={{ item.description }}
+
+      [Timer]
+      OnCalendar={{ item.calendar }}
+      Persistent={{ item.persistent | ternary('True','False') }}
+
+      [Install]
+      WantedBy=timers.target
+    dest: /etc/systemd/system/timer-ansible-{{ item.id }}.timer
+  loop: "{{ system_timers }}"
+  tags: system,cron
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  tags: system,cron
+
+- name: Enable timers
+  systemd: name=timer-ansible-{{ item.id }}.timer state={{ item.enabled | ternary('started','stopped') }} enabled={{ item.enabled }}
+  loop: "{{ system_timers }}"
+  tags: system,cron

roles/timers/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+
+- include: facts.yml
+- include: install.yml