evolix
/
EvoBSD
16
0
Fork 0
Code Issues 2 Pull Requests Releases 3 Wiki Activity

etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible 

Using ansible-commit script from ansible-roles
This commit is contained in:
Jérémy Dubois 2022-05-03 15:55:45 +02:00
parent 6ef04839c4
commit 1f07862c84
7 changed files with 352 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -22,6 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- evocheck: imported version 22.03
- base: zzz_evobackup upstream release 22.03
- etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
- etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible
- etc-git: add versioning for /usr/share/scripts
- nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state
- evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file

1
roles/etc-git/defaults/main.yml
View File

@ -2,3 +2,4 @@
commit_message: Ansible run
etc_git_monitor_status: true
etc_git_config_repositories: true

182
roles/etc-git/files/ansible-commit Normal file
View File

@ -0,0 +1,182 @@
#!/bin/sh
set -u
VERSION="22.04.1"
show_version() {
cat <<END
ansible-commit version ${VERSION}
Copyright 2022 Evolix <info@evolix.fr>,
Jérémy Lecour <jlecour@evolix.fr>
and others.
ansible-commit comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under certain conditions.
See the GNU General Public Licence for details.
END
}
show_help() {
cat <<END
ansible-commit is a wrapper for evocommit, to be used with Ansible
END
show_usage
}
show_usage() {
cat <<END
Usage: ansible-commit --message "add new host"
Options
--message MESSAGE set the commit message
-V, --version print version number
-v, --verbose increase verbosity
-n, --dry-run actions are not executed
-h, --help print this message and exit
END
}
is_dry_run() {
test "${DRY_RUN}" = "1"
}
is_verbose() {
test "${VERBOSE}" = "1"
}
main() {
rc=0
common_args="--ansible"
if is_verbose; then
common_args="${common_args} --verbose"
fi
if is_dry_run; then
common_args="${common_args} --dry-run"
fi
if [ -d "/etc/.git" ]; then
# shellcheck disable=SC2086,SC2090
${evocommit_bin} ${common_args} --repository /etc --message "${MESSAGE}"
last_rc=$?
if [ ${last_rc} -ne 0 ]; then
rc=${last_rc}
fi
fi
if [ -d "/etc/bind/.git" ]; then
# shellcheck disable=SC2086,SC2090
${evocommit_bin} ${common_args} --repository /etc/bind --message "${MESSAGE}"
last_rc=$?
if [ ${last_rc} -ne 0 ]; then
rc=${last_rc}
fi
fi
if [ -d "/usr/share/scripts/.git" ]; then
# shellcheck disable=SC2086,SC2090
${evocommit_bin} ${common_args} --repository /usr/share/scripts --message "${MESSAGE}"
last_rc=$?
if [ ${last_rc} -ne 0 ]; then
rc=${last_rc}
fi
fi
if [ -n "${lxc_ls_bin}" ]; then
for container in $(${lxc_ls_bin} -1); do
if [ -n "${lxc_config_bin}" ]; then
# discovered path
etc_path="$(${lxc_config_bin} lxc.lxcpath)/${container}/rootfs/etc"
else
# fallback to default path
etc_path="/var/lib/lxc/${container}/rootfs/etc"
fi
if [ -d "${etc_path}/.git" ]; then
# shellcheck disable=SC2086,SC2090
${evocommit_bin} ${common_args} --repository "${etc_path}" --message "${MESSAGE}"
last_rc=$?
if [ ${last_rc} -ne 0 ]; then
rc=${last_rc}
fi
fi
done
fi
exit ${rc}
}
# Parse options
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
while :; do
case ${1:-''} in
-h|-\?|--help)
show_help
exit 0
;;
-V|--version)
show_version
exit 0
;;
--message)
# message options, with value speparated by space
if [ -n "$2" ]; then
MESSAGE=$2
shift
else
printf 'FAILED: "--message" requires a non-empty option argument.\n' >&2
exit 1
fi
;;
--message=?*)
# message options, with value speparated by =
MESSAGE=${1#*=}
;;
--message=)
# message options, without value
printf 'FAILED: "--message" requires a non-empty option argument.\n' >&2
exit 1
;;
-n|--dry-run)
# disable actual commands
DRY_RUN=1
;;
-v|--verbose)
# print verbose information
VERBOSE=1
;;
--)
# End of all options.
shift
break
;;
-?*|[[:alnum:]]*)
# ignore unknown options
printf 'FAILED: Unknown option (ignored): %s\n' "$1" >&2
;;
*)
# Default case: If no more options then break out of the loop.
break
;;
esac
shift
done
if [ -z "${MESSAGE}" ]; then
echo "FAILED: missing message parameter" >&2
show_usage
exit 1
fi
DRY_RUN=${DRY_RUN:-0}
VERBOSE=${VERBOSE:-0}
evocommit_bin=$(command -v evocommit)
if [ -z "${evocommit_bin}" ]; then
echo "FAILED: evocommit not found" >&2
exit 1
fi
lxc_ls_bin=$(command -v lxc-ls)
lxc_config_bin=$(command -v lxc-config)
main

39
roles/etc-git/tasks/commit.yml
View File

@ -1,36 +1,9 @@
---
# /etc
- name: Is /etc a git repository
stat:
path: /etc/.git
register: _etc_git
- name: "evocommit /etc"
command: "/usr/local/bin/evocommit --ansible --repository /etc --message \"{{ commit_message | mandatory }}\""
- name: "Execute ansible-commit"
command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
changed_when:
- _etc_git_commit.stdout
- "'CHANGED:' in _etc_git_commit.stdout"
ignore_errors: true
register: _etc_git_commit
when:
- _etc_git.stat.exists
- _etc_git.stat.isdir
# /usr/share/scripts
- name: Is /usr/share/scripts a git repository
stat:
path: /usr/share/scripts/.git
register: _usr_share_scripts_git
- name: "evocommit /usr/share/scripts"
command: "/usr/local/bin/evocommit --ansible --repository /usr/share/scripts --message \"{{ commit_message | mandatory }}\""
changed_when:
- _usr_share_scripts_git_commit.stdout
- "'CHANGED:' in _usr_share_scripts_git_commit.stdout"
ignore_errors: true
register: _usr_share_scripts_git_commit
when:
- _usr_share_scripts_git.stat.exists
- _usr_share_scripts_git.stat.isdir
- _ansible_commit.stdout
- "'CHANGED:' in _ansible_commit.stdout"
ignore_errors: True
register: _ansible_commit

138
roles/etc-git/tasks/main.yml
View File

@ -7,141 +7,13 @@
tags:
- etc-git
- name: evocommit script is installed
copy:
src: evocommit
dest: /usr/local/bin/evocommit
mode: "0755"
force: true
- name: Install and configure utilities
include: utils.yml
tags:
- etc-git
- include: repository.yml
vars:
repository_path: "/etc"
- name: verify /usr/share/scripts presence
stat:
path: /usr/share/scripts
register: _usr_share_scripts
- include: repository.yml
vars:
repository_path: "/usr/share/scripts"
when:
- _usr_share_scripts.stat.exists and _usr_share_scripts.stat.isdir
- name: etc-git-optimize script is installed
copy:
src: etc-git-optimize
dest: /usr/share/scripts/etc-git-optimize
mode: "0755"
force: true
tags:
- etc-git
- name: etc-git-status script is installed
copy:
src: etc-git-status
dest: /usr/share/scripts/etc-git-status
mode: "0755"
force: true
tags:
- etc-git
- name: Legacy monthly cron job for /etc/.git optimization is absent
lineinfile:
path: /etc/monthly.local
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
state: absent
tags:
- etc-git
- name: Legacy hourly cron job for /etc/.git status is absent
cron:
name: git status
minute: "42"
job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
state: absent
tags:
- etc-git
- name: Legacy daily cron jobs for /etc/.git status are absent
lineinfile:
path: /etc/daily.local
line: "{{ item }}"
owner: root
mode: "0644"
state: absent
with_items:
- 'next_part "Checking /etc git status:"'
- '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
tags:
- etc-git
- name: Cron job for monthly git optimization
lineinfile:
path: /etc/monthly.local
line: "/usr/share/scripts/etc-git-optimize"
owner: root
mode: "0644"
create: true
tags:
- etc-git
- name: Cron job for monthly git optimization - next_part
lineinfile:
path: /etc/monthly.local
line: 'next_part "Monthly optimization:"'
insertbefore: "/usr/share/scripts/etc-git-optimize"
owner: root
mode: "0644"
create: true
tags:
- etc-git
- name: Cron job for hourly git status
lineinfile:
path: /etc/hourly.local
line: "who > /dev/null || /usr/share/scripts/etc-git-status"
owner: root
mode: "0644"
create: true
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
tags:
- etc-git
- name: Cron job for hourly git status - next_part
lineinfile:
path: /etc/hourly.local
line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
owner: root
mode: "0644"
create: true
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
tags:
- etc-git
- name: Cron job for daily git status
lineinfile:
path: /etc/daily.local
line: "/usr/share/scripts/etc-git-status"
owner: root
mode: "0644"
create: true
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
tags:
- etc-git
- name: Cron job for daily git status - next_part
lineinfile:
path: /etc/daily.local
line: 'next_part "Daily warning for unclean Git repository:"'
insertbefore: "/usr/share/scripts/etc-git-status"
owner: root
mode: "0644"
create: true
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
- name: Configure repositories
include: repositories.yml
tags:
- etc-git
when: etc_git_config_repositories | bool

23
roles/etc-git/tasks/repositories.yml Normal file
View File

@ -0,0 +1,23 @@
---
- include: repository.yml
vars:
repository_path: "/etc"
tags:
- etc-git
- name: verify /usr/share/scripts presence
stat:
path: /usr/share/scripts
register: _usr_share_scripts
tags:
- etc-git
- include: repository.yml
vars:
repository_path: "/usr/share/scripts"
when:
- _usr_share_scripts.stat.exists
- _usr_share_scripts.stat.isdir
tags:
- etc-git

134
roles/etc-git/tasks/utils.yml Normal file
View File

@ -0,0 +1,134 @@
---
- name: evocommit script is installed
copy:
src: evocommit
dest: /usr/local/bin/evocommit
mode: "0755"
force: true
tags:
- etc-git
- name: "ansible-commit script is installed"
copy:
src: ansible-commit
dest: /usr/local/bin/ansible-commit
mode: "0755"
force: true
tags:
- etc-git
- name: etc-git-optimize script is installed
copy:
src: etc-git-optimize
dest: /usr/share/scripts/etc-git-optimize
mode: "0755"
force: true
tags:
- etc-git
- name: etc-git-status script is installed
copy:
src: etc-git-status
dest: /usr/share/scripts/etc-git-status
mode: "0755"
force: true
tags:
- etc-git
- name: Legacy monthly cron job for /etc/.git optimization is absent
lineinfile:
path: /etc/monthly.local
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
state: absent
tags:
- etc-git
- name: Legacy hourly cron job for /etc/.git status is absent
cron:
name: git status
minute: "42"
job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
state: absent
tags:
- etc-git
- name: Legacy daily cron jobs for /etc/.git status are absent
lineinfile:
path: /etc/daily.local
line: "{{ item }}"
owner: root
mode: "0644"
state: absent
with_items:
- 'next_part "Checking /etc git status:"'
- '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
tags:
- etc-git
- name: Cron job for monthly git optimization
lineinfile:
path: /etc/monthly.local
line: "/usr/share/scripts/etc-git-optimize"
owner: root
mode: "0644"
create: true
tags:
- etc-git
- name: Cron job for monthly git optimization - next_part
lineinfile:
path: /etc/monthly.local
line: 'next_part "Monthly optimization:"'
insertbefore: "/usr/share/scripts/etc-git-optimize"
owner: root
mode: "0644"
create: true
tags:
- etc-git
- name: Cron job for hourly git status
lineinfile:
path: /etc/hourly.local
line: "who > /dev/null || /usr/share/scripts/etc-git-status"
owner: root
mode: "0644"
create: true
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
tags:
- etc-git
- name: Cron job for hourly git status - next_part
lineinfile:
path: /etc/hourly.local
line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
owner: root
mode: "0644"
create: true
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
tags:
- etc-git
- name: Cron job for daily git status
lineinfile:
path: /etc/daily.local
line: "/usr/share/scripts/etc-git-status"
owner: root
mode: "0644"
create: true
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
tags:
- etc-git
- name: Cron job for daily git status - next_part
lineinfile:
path: /etc/daily.local
line: 'next_part "Daily warning for unclean Git repository:"'
insertbefore: "/usr/share/scripts/etc-git-status"
owner: root
mode: "0644"
create: true
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
tags:
- etc-git