add roles to get startedHEADmaster

4 files changed, 79 insertions, 0 deletions

diff --git a/roles/ansible-pull/tasks/main.yml b/roles/ansible-pull/tasks/main.yml
new file mode 100644
index 0000000..7414bd9
--- /dev/null
+++ b/roles/ansible-pull/tasks/main.yml
@@ -0,0 +1,33 @@
+- name: Update apt cache
+  apt: update_cache=yes
+
+- name: Install depends
+  apt:
+    name: [python3-pip, ansible]
+    state: present
+
+- name: Ensure /etc/ansible/facts.d exists
+  file:
+    path: /etc/ansible/facts.d
+    state: directory
+    recurse: yes
+
+- name: Make /etc/ansible/facts.d/pull.fact
+  template:
+    src: pull.fact
+    dest: /etc/ansible/facts.d/pull.fact
+
+- name: recollect facts
+  setup:
+
+- name: Install the ansible-pull script
+  template: src=ansible-pull.sh dest=/usr/sbin/run-ansible-pull mode=0755 owner=root group=root
+
+- name: Install cronjob
+  cron: name="Ansible Pull" minute="{{ ansible_local.pull.minute | default(59 | random) }}" job="/usr/sbin/run-ansible-pull"
+
+- name: ensure ansible-pull is run on reboot
+  cron:
+    name: run ansible on reboot
+    job: /usr/sbin/run-ansible-pull
+    special_time: reboot
diff --git a/roles/ansible-pull/templates/ansible-pull.sh b/roles/ansible-pull/templates/ansible-pull.sh
new file mode 100644
index 0000000..56dcb9a
--- /dev/null
+++ b/roles/ansible-pull/templates/ansible-pull.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+if [ "$1" == "nodisown" ]; then
+  # Sometimes the $PATH gets messed up in cron, so lets start by setting the record straight
+  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+  if [[ -d /usr/ansible ]]; then rm -rf /usr/ansible; fi
+  ansible-pull -U {{ ansible_local.pull.repo }} -C {{ ansible_local.pull.branch }} -d /var/run/ansible/basic &> /var/log/ansible.log
+  code=$?
+
+  if [[ "$code" -ne "0" ]]; then
+    # ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] Ansible Pull failed.'  nick=ansible-$RANDOM color=red timeout=60"
+    exit 1
+  fi
+
+{% if ansible_fqdn in additional_playbooks %}
+{% for playbook in additional_playbooks[ansible_fqdn] %}
+  ansible-pull -U {{ playbooks[playbook.name] }} {% if 'branch' in playbook %}-C {{ playbook.branch}} {% endif %} -d /var/run/ansible/{{playbook.name}}&> /var/log/ansible-{{ playbook.name }}.log
+  code=$?
+
+  if [[ "$code" -ne "0" ]]; then
+    # ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] ansible-pull failed with additional playbook {{ playbook.name }}'  nick=ansible-$RANDOM color=red"
+    exit 1
+  fi
+
+{% endfor %}
+{% endif %}
+    # ansible localhost -m irc -a "server=irc.oftc.net use_ssl=yes port=6697 channel=# msg='[$(hostname -f)] Ansible Pull successfully ran'  nick=ansible-$RANDOM color=green"
+
+else
+  $0 nodisown & disown
+fi
diff --git a/roles/ansible-pull/templates/pull.fact b/roles/ansible-pull/templates/pull.fact
new file mode 100644
index 0000000..ac87804
--- /dev/null
+++ b/roles/ansible-pull/templates/pull.fact
@@ -0,0 +1,13 @@
+{
+{% if ansible_local is defined and ansible_local.pull is defined and ansible_local.pull is mapping %}
+  "repo": "{% if ansible_local.pull.repo %}{{ ansible_local.pull.repo }}{% else %}https://git.gnunet.org/ansible-basic.git{% endif %}",
+  "branch": "{% if ansible_local.pull.branch %}{{ ansible_local.pull.branch }}{% else %}master{% endif %}",
+  "minute": {% if ansible_local.pull.minute %}{{ ansible_local.pull.minute }}{% else %}{{ 59 | random }}{% endif %}
+
+{% else %}
+  "repo": "https://git.gnunet.org/ansible-basic.git",
+  "branch": "master",
+  "minute": "{{ 59 | random }}"
+
+{% endif %}
+}
diff --git a/roles/ansible-pull/vars/main.yaml b/roles/ansible-pull/vars/main.yaml
new file mode 100644
index 0000000..8b856a6
--- /dev/null
+++ b/roles/ansible-pull/vars/main.yaml
@@ -0,0 +1,2 @@
+playbooks:
+  gitlab-runner: https://git.gnunet.org/ansible-gitlab-runner.git