From 52f0e5b35d2a1910e74725574e17768f9346d806 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 18 May 2020 19:00:05 +0200 Subject: [PATCH] Update to 2020-05-18 19:00 --- roles/backup/tasks/main.yml | 2 +- roles/timers/README.md | 21 ++++++++++ roles/timers/defaults/main.yml | 37 +++++++++++++++++ roles/timers/meta/main.yml | 4 ++ roles/timers/tasks/facts.yml | 12 ++++++ roles/timers/tasks/install.yml | 94 ++++++++++++++++++++++++++++++++++++++++++ roles/timers/tasks/main.yml | 4 ++ 7 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 roles/timers/README.md create mode 100644 roles/timers/defaults/main.yml create mode 100644 roles/timers/meta/main.yml create mode 100644 roles/timers/tasks/facts.yml create mode 100644 roles/timers/tasks/install.yml create mode 100644 roles/timers/tasks/main.yml diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index a50e8ae..4111ff6 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -47,7 +47,7 @@ copy: content: "{{ item.content }}" dest: /etc/backup/{{ item.type }}.d/default - mode: 755 + mode: 0755 loop: - type: pre content: "{{ backup_pre_script }}" diff --git a/roles/timers/README.md b/roles/timers/README.md new file mode 100644 index 0000000..ebc2c41 --- /dev/null +++ b/roles/timers/README.md @@ -0,0 +1,21 @@ +# timers + +This roles manage systemd timers, to execute commands at regular interval. +Just define the timers you want at the host, or group level, like : + +``` +system_timers: + - id: db-janitor # Just an identifier for the task + calendar: '*:0/30' # See man systemd.timer for examples + max_duration: 1h # Max duration of the task. Will be terminated if it takes longer + command: | + #!/bin/bash + psql -U postgres -d reports -w << _EOF + delete from audit where time < now()-'7 day'::interval; + _EOF + - id: logrotate + calendar: daily + command: logrotate -f /etc/logrotate.d/myservice.conf +``` + +Look at the defaults/main.yml file for more info diff --git a/roles/timers/defaults/main.yml b/roles/timers/defaults/main.yml new file mode 100644 index 0000000..e286eaf --- /dev/null +++ b/roles/timers/defaults/main.yml @@ -0,0 +1,37 @@ +--- + +system_timers_base: [] +system_timers_extra: [] +system_timers: "{{ system_timers_base + system_timers_extra }}" + +# Default settings, if not specified for a timer +system_timer_defaults: + description: System timer managed by ansible + calendar: daily + persistent: False + enabled: True + user: root + max_duration: infinity + +# Define systemd timers +# system_timers: +# - id: vaccuum-db +# calendar: weekly +# enabled: True +# user: postgres +# command: | +# #!/bin/bash -e +# start=`date +%s` +# echo "Start purging data older than ${RETENTION_TIME_IN_DAYS} days" +# psql -U postgres -d exchangeStatusDB << EOF +#   delete +#   from tracking +#   where timestamp < now()-'${RETENTION_TIME_IN_DAYS} day'::interval; +# EOF +# end=`date +%s` +# echo Purge ended and take `expr $end - $start` seconds. +# +# - id: dump +# calendar: daily +# command: | +# mysqldump --all-databases > /opt/backup/mysql.sql diff --git a/roles/timers/meta/main.yml b/roles/timers/meta/main.yml new file mode 100644 index 0000000..dc58dfa --- /dev/null +++ b/roles/timers/meta/main.yml @@ -0,0 +1,4 @@ +--- + +dependencies: + - role: mkdir diff --git a/roles/timers/tasks/facts.yml b/roles/timers/tasks/facts.yml new file mode 100644 index 0000000..eedeadd --- /dev/null +++ b/roles/timers/tasks/facts.yml @@ -0,0 +1,12 @@ +--- + +- name: Merge timer settings with defaults + set_fact: system_timers_conf={{ system_timers_conf | default([]) + [ system_timer_defaults | combine(item, recursive=True) ] }} + loop: "{{ system_timers }}" + tags: system,cron +- set_fact: system_timers={{ system_timers_conf | default([]) }} + tags: system,cron + +- name: Build a list of managed timers + set_fact: system_timers_managed={{ system_timers | map(attribute='id') | list }} + tags: system,cron diff --git a/roles/timers/tasks/install.yml b/roles/timers/tasks/install.yml new file mode 100644 index 0000000..804a9c8 --- /dev/null +++ b/roles/timers/tasks/install.yml @@ -0,0 +1,94 @@ +--- + +- name: Create script dir + file: path=/opt/ansible/timers state=directory + tags: system,cron + +- name: List unmanaged scripts + shell: find /opt/ansible/timers -maxdepth 1 -mindepth 1 -type f -exec basename "{}" \; + changed_when: False + register: system_timers_current_scripts + tags: system,cron + +- name: Remove unmanaged timer's scripts + file: path=/opt/ansible/timers/{{ item }} state=absent + when: item not in system_timers_managed + loop: "{{ system_timers_current_scripts.stdout_lines }}" + tags: system,cron + +- name: List unmanaged timers service unit + shell: find /etc/systemd/system -maxdepth 1 -mindepth 1 -type f -name timer-ansible-*.service -exec basename "{}" \; | perl -pe 's/timer\-ansible\-([\w\-_]+)\.service/$1/g' + changed_when: False + register: system_timers_current_service + tags: system,cron + +- name: Disable unmanaged timers + systemd: name=timer-ansible-{{ item }}.timer state=stopped enabled=False + when: item not in system_timers_managed + loop: "{{ system_timers_current_service.stdout_lines }}" + tags: system,cron + +- name: Remove unmanaged timers service unit + file: path=/etc/systemd/system/timer-ansible-{{ item.0 }}.{{ item.1 }} state=absent + when: item.0 not in system_timers_managed + with_nested: + - "{{ system_timers_current_service.stdout_lines }}" + - - service + - timer + tags: system,cron + +- name: Deploy scripts + copy: + content: | + {% if not item.command is search('^#!') %} + #!/bin/bash -e + {% endif %} + {{ item.command }} + dest: /opt/ansible/timers/{{ item.id }} + mode: 0700 + owner: "{{ item.user }}" + loop: "{{ system_timers }}" + tags: system,cron + +- name: Deploy service units + copy: + content: | + [Unit] + Description={{ item.description }} + + [Service] + Type=oneshot + PrivateTmp=yes + ExecStart=/opt/ansible/timers/{{ item.id }} + User={{ item.user }} + TimeoutSec={{ item.max_duration }} + StandardOutput=journal + StandardError=journal + dest: /etc/systemd/system/timer-ansible-{{ item.id }}.service + loop: "{{ system_timers }}" + tags: system,cron + +- name: Deploy timer units + copy: + content: | + [Unit] + Description={{ item.description }} + + [Timer] + OnCalendar={{ item.calendar }} + Persistent={{ item.persistent | ternary('True','False') }} + + [Install] + WantedBy=timers.target + dest: /etc/systemd/system/timer-ansible-{{ item.id }}.timer + loop: "{{ system_timers }}" + tags: system,cron + +- name: Reload systemd + systemd: daemon_reload=True + tags: system,cron + +- name: Enable timers + systemd: name=timer-ansible-{{ item.id }}.timer state={{ item.enabled | ternary('started','stopped') }} enabled={{ item.enabled }} + loop: "{{ system_timers }}" + tags: system,cron diff --git a/roles/timers/tasks/main.yml b/roles/timers/tasks/main.yml new file mode 100644 index 0000000..fc2f03d --- /dev/null +++ b/roles/timers/tasks/main.yml @@ -0,0 +1,4 @@ +--- + +- include: facts.yml +- include: install.yml