-
Notifications
You must be signed in to change notification settings - Fork 0
/
ansible_pull.yml
77 lines (60 loc) · 2.24 KB
/
ansible_pull.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# ansible-pull setup
#
# on remote hosts, set up ansible to run periodically using the latest code
# from a particular checkout, in pull based fashion, inverting Ansible's
# usual push-based operating mode.
#
# This particular pull based mode is ideal for:
#
# (A) massive scale out
# (B) continual system remediation
#
# DO NOT RUN THIS AGAINST YOUR HOSTS WITHOUT CHANGING THE repo_url
# TO SOMETHING YOU HAVE PERSONALLY VERIFIED
#
#
---
- hosts: pull_mode_hosts
remote_user: rvdm
become: yes
become_method: sudo
vars:
# schedule is fed directly to cron
schedule: '*/15 * * * *'
# User to run ansible-pull as from cron
cron_user: root
# File that ansible will use for logs
logfile: /var/log/ansible-pull.log
# Directory to where repository will be cloned
workdir: /var/lib/ansible/local
# Repository to check out -- YOU MUST CHANGE THIS
# repo must contain a local.yml file at top level
#repo_url: git://github.com/sfromm/ansible-playbooks.git
repo_url: https://github.com/rvdm/ansible.git
healthcheck_id: RmCo8idNJAAfJ-bYia-Naw
tasks:
- name: create ansible dir
file: path=/etc/ansible state=directory owner=root group=root mode=0755
- name: Install ansible
apt:
name: ansible
update_cache: yes
- name: Create local directory to work from
file: path={{workdir}} state=directory owner=root group=root mode=0751
- name: Copy ansible inventory file to client
copy: src=~/.ansible/hosts dest=/etc/ansible/hosts
owner=root group=root mode=0644
- name: Create crontab entry to clone/pull git repository
template: src=templates/etc_cron.d_ansible-pull.j2 dest=/etc/cron.d/ansible-pull owner=root group=root mode=0644
- name: Create logrotate entry for ansible-pull.log
template: src=templates/etc_logrotate.d_ansible-pull.j2 dest=/etc/logrotate.d/ansible-pull owner=root group=root mode=0644
- name: Ensure healthcheck script exists
template:
src: 'healthcheck.sh'
dest: '/usr/local/bin/healthcheck.sh'
mode: '0755'
- name: Ensure healthcheck job is added to cron
cron:
name: "healthcheck"
minute: "*/5"
job: "/usr/local/bin/healthcheck.sh > /dev/null"