From 1f07862c843aecce2ccaa85ca1e9377f54f9f740 Mon Sep 17 00:00:00 2001
From: Jeremy Dubois <jdubois@evolix.fr>
Date: Tue, 3 May 2022 15:55:45 +0200
Subject: [PATCH] etc-git: use "ansible-commit" to efficiently commit all
 available repositories from Ansible

Using ansible-commit script from ansible-roles
---
 CHANGELOG                            |   1 +
 roles/etc-git/defaults/main.yml      |   1 +
 roles/etc-git/files/ansible-commit   | 182 +++++++++++++++++++++++++++
 roles/etc-git/tasks/commit.yml       |  39 +-----
 roles/etc-git/tasks/main.yml         | 138 +-------------------
 roles/etc-git/tasks/repositories.yml |  23 ++++
 roles/etc-git/tasks/utils.yml        | 134 ++++++++++++++++++++
 7 files changed, 352 insertions(+), 166 deletions(-)
 create mode 100644 roles/etc-git/files/ansible-commit
 create mode 100644 roles/etc-git/tasks/repositories.yml
 create mode 100644 roles/etc-git/tasks/utils.yml

diff --git a/CHANGELOG b/CHANGELOG
index c323395..ceb3d73 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -22,6 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - evocheck: imported version 22.03
 - base: zzz_evobackup upstream release 22.03
 - etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
+- etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible
 - etc-git: add versioning for /usr/share/scripts
 - nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state
 - evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file
diff --git a/roles/etc-git/defaults/main.yml b/roles/etc-git/defaults/main.yml
index f160858..eeaef18 100644
--- a/roles/etc-git/defaults/main.yml
+++ b/roles/etc-git/defaults/main.yml
@@ -2,3 +2,4 @@
 commit_message: Ansible run
 
 etc_git_monitor_status: true
+etc_git_config_repositories: true
diff --git a/roles/etc-git/files/ansible-commit b/roles/etc-git/files/ansible-commit
new file mode 100644
index 0000000..20ab3a9
--- /dev/null
+++ b/roles/etc-git/files/ansible-commit
@@ -0,0 +1,182 @@
+#!/bin/sh
+
+set -u
+
+VERSION="22.04.1"
+
+show_version() {
+    cat <<END
+ansible-commit version ${VERSION}
+
+Copyright 2022 Evolix <info@evolix.fr>,
+               Jérémy Lecour <jlecour@evolix.fr>
+               and others.
+
+ansible-commit comes with ABSOLUTELY NO WARRANTY. This is free software,
+and you are welcome to redistribute it under certain conditions.
+See the GNU General Public Licence for details.
+END
+}
+
+show_help() {
+    cat <<END
+ansible-commit is a wrapper for evocommit, to be used with Ansible
+
+END
+    show_usage
+}
+show_usage() {
+    cat <<END
+Usage: ansible-commit --message "add new host"
+
+Options
+     --message MESSAGE   set the commit message
+ -V, --version           print version number
+ -v, --verbose           increase verbosity
+ -n, --dry-run           actions are not executed
+ -h, --help              print this message and exit
+END
+}
+
+is_dry_run() {
+    test "${DRY_RUN}" = "1"
+}
+is_verbose() {
+    test "${VERBOSE}" = "1"
+}
+main() {
+    rc=0
+    common_args="--ansible"
+    if is_verbose; then
+        common_args="${common_args} --verbose"
+    fi
+    if is_dry_run; then
+        common_args="${common_args} --dry-run"
+    fi
+
+    if [ -d "/etc/.git" ]; then
+        # shellcheck disable=SC2086,SC2090
+        ${evocommit_bin} ${common_args} --repository /etc --message "${MESSAGE}"
+        last_rc=$?
+        if [ ${last_rc} -ne 0 ]; then
+            rc=${last_rc}
+        fi
+    fi
+
+    if [ -d "/etc/bind/.git" ]; then
+        # shellcheck disable=SC2086,SC2090
+        ${evocommit_bin} ${common_args} --repository /etc/bind --message "${MESSAGE}"
+        last_rc=$?
+        if [ ${last_rc} -ne 0 ]; then
+            rc=${last_rc}
+        fi
+    fi
+
+    if [ -d "/usr/share/scripts/.git" ]; then
+        # shellcheck disable=SC2086,SC2090
+        ${evocommit_bin} ${common_args} --repository /usr/share/scripts --message "${MESSAGE}"
+        last_rc=$?
+        if [ ${last_rc} -ne 0 ]; then
+            rc=${last_rc}
+        fi
+    fi
+
+    if [ -n "${lxc_ls_bin}" ]; then
+        for container in $(${lxc_ls_bin} -1); do
+            if [ -n "${lxc_config_bin}" ]; then
+                # discovered path
+                etc_path="$(${lxc_config_bin} lxc.lxcpath)/${container}/rootfs/etc"
+            else
+                # fallback to default path
+                etc_path="/var/lib/lxc/${container}/rootfs/etc"
+            fi
+
+            if [ -d "${etc_path}/.git" ]; then
+                # shellcheck disable=SC2086,SC2090
+                ${evocommit_bin} ${common_args} --repository "${etc_path}" --message "${MESSAGE}"
+                last_rc=$?
+                if [ ${last_rc} -ne 0 ]; then
+                    rc=${last_rc}
+                fi
+            fi
+        done
+    fi
+
+    exit ${rc}
+}
+
+# Parse options
+# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
+while :; do
+    case ${1:-''} in
+        -h|-\?|--help)
+            show_help
+            exit 0
+            ;;
+        -V|--version)
+            show_version
+            exit 0
+            ;;
+        --message)
+            # message options, with value speparated by space
+            if [ -n "$2" ]; then
+                MESSAGE=$2
+                shift
+            else
+                printf 'FAILED: "--message" requires a non-empty option argument.\n' >&2
+                exit 1
+            fi
+            ;;
+        --message=?*)
+            # message options, with value speparated by =
+            MESSAGE=${1#*=}
+            ;;
+        --message=)
+            # message options, without value
+            printf 'FAILED: "--message" requires a non-empty option argument.\n' >&2
+            exit 1
+            ;;
+        -n|--dry-run)
+            # disable actual commands
+            DRY_RUN=1
+            ;;
+        -v|--verbose)
+            # print verbose information
+            VERBOSE=1
+            ;;
+        --)
+            # End of all options.
+            shift
+            break
+            ;;
+        -?*|[[:alnum:]]*)
+            # ignore unknown options
+            printf 'FAILED: Unknown option (ignored): %s\n' "$1" >&2
+            ;;
+        *)
+            # Default case: If no more options then break out of the loop.
+            break
+            ;;
+    esac
+
+    shift
+done
+
+if [ -z "${MESSAGE}" ]; then
+    echo "FAILED: missing message parameter" >&2
+    show_usage
+    exit 1
+fi
+DRY_RUN=${DRY_RUN:-0}
+VERBOSE=${VERBOSE:-0}
+
+evocommit_bin=$(command -v evocommit)
+if [ -z "${evocommit_bin}" ]; then
+    echo "FAILED: evocommit not found" >&2
+    exit 1
+fi
+
+lxc_ls_bin=$(command -v lxc-ls)
+lxc_config_bin=$(command -v lxc-config)
+
+main
\ No newline at end of file
diff --git a/roles/etc-git/tasks/commit.yml b/roles/etc-git/tasks/commit.yml
index b388d5e..fe07380 100644
--- a/roles/etc-git/tasks/commit.yml
+++ b/roles/etc-git/tasks/commit.yml
@@ -1,36 +1,9 @@
 ---
 
-# /etc
-- name: Is /etc a git repository
-  stat:
-    path: /etc/.git
-  register: _etc_git
-
-- name: "evocommit /etc"
-  command: "/usr/local/bin/evocommit --ansible --repository /etc --message \"{{ commit_message | mandatory }}\""
+- name: "Execute ansible-commit"
+  command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
   changed_when:
-    - _etc_git_commit.stdout
-    - "'CHANGED:' in _etc_git_commit.stdout"
-  ignore_errors: true
-  register: _etc_git_commit
-  when:
-    - _etc_git.stat.exists
-    - _etc_git.stat.isdir
-
-# /usr/share/scripts
-- name: Is /usr/share/scripts a git repository
-  stat:
-    path: /usr/share/scripts/.git
-  register: _usr_share_scripts_git
-
-- name: "evocommit /usr/share/scripts"
-  command: "/usr/local/bin/evocommit --ansible --repository /usr/share/scripts --message \"{{ commit_message | mandatory }}\""
-  changed_when:
-    - _usr_share_scripts_git_commit.stdout
-    - "'CHANGED:' in _usr_share_scripts_git_commit.stdout"
-  ignore_errors: true
-  register: _usr_share_scripts_git_commit
-  when:
-    - _usr_share_scripts_git.stat.exists
-    - _usr_share_scripts_git.stat.isdir
-
+    - _ansible_commit.stdout
+    - "'CHANGED:' in _ansible_commit.stdout"
+  ignore_errors: True
+  register: _ansible_commit
diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml
index 941f45d..7f5e118 100644
--- a/roles/etc-git/tasks/main.yml
+++ b/roles/etc-git/tasks/main.yml
@@ -7,141 +7,13 @@
   tags:
     - etc-git
 
-- name: evocommit script is installed
-  copy:
-    src: evocommit
-    dest: /usr/local/bin/evocommit
-    mode: "0755"
-    force: true
+- name: Install and configure utilities
+  include: utils.yml
   tags:
     - etc-git
 
-- include: repository.yml
-  vars:
-    repository_path: "/etc"
-
-- name: verify /usr/share/scripts presence
-  stat:
-    path: /usr/share/scripts
-  register: _usr_share_scripts
-
-- include: repository.yml
-  vars:
-    repository_path: "/usr/share/scripts"
-  when:
-    - _usr_share_scripts.stat.exists and _usr_share_scripts.stat.isdir
-
-- name: etc-git-optimize script is installed
-  copy:
-    src: etc-git-optimize
-    dest: /usr/share/scripts/etc-git-optimize
-    mode: "0755"
-    force: true
-  tags:
-    - etc-git
-
-- name: etc-git-status script is installed
-  copy:
-    src: etc-git-status
-    dest: /usr/share/scripts/etc-git-status
-    mode: "0755"
-    force: true
-  tags:
-    - etc-git
-
-- name: Legacy monthly cron job for /etc/.git optimization is absent
-  lineinfile:
-    path: /etc/monthly.local
-    line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
-    state: absent
-  tags:
-    - etc-git
-
-- name: Legacy hourly cron job for /etc/.git status is absent
-  cron:
-    name: git status
-    minute: "42"
-    job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
-    state: absent
-  tags:
-    - etc-git
-
-- name: Legacy daily cron jobs for /etc/.git status are absent
-  lineinfile:
-    path: /etc/daily.local
-    line: "{{ item }}"
-    owner: root
-    mode: "0644"
-    state: absent
-  with_items:
-    - 'next_part "Checking /etc git status:"'
-    - '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
-  tags:
-    - etc-git
-
-- name: Cron job for monthly git optimization
-  lineinfile:
-    path: /etc/monthly.local
-    line: "/usr/share/scripts/etc-git-optimize"
-    owner: root
-    mode: "0644"
-    create: true
-  tags:
-    - etc-git
-
-- name: Cron job for monthly git optimization - next_part
-  lineinfile:
-    path: /etc/monthly.local
-    line: 'next_part "Monthly optimization:"'
-    insertbefore: "/usr/share/scripts/etc-git-optimize"
-    owner: root
-    mode: "0644"
-    create: true
-  tags:
-    - etc-git
-
-- name: Cron job for hourly git status
-  lineinfile:
-    path: /etc/hourly.local
-    line: "who > /dev/null || /usr/share/scripts/etc-git-status"
-    owner: root
-    mode: "0644"
-    create: true
-    state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
-  tags:
-    - etc-git
-
-- name: Cron job for hourly git status - next_part
-  lineinfile:
-    path: /etc/hourly.local
-    line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
-    insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
-    owner: root
-    mode: "0644"
-    create: true
-    state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
-  tags:
-    - etc-git
-
-- name: Cron job for daily git status
-  lineinfile:
-    path: /etc/daily.local
-    line: "/usr/share/scripts/etc-git-status"
-    owner: root
-    mode: "0644"
-    create: true
-    state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
-  tags:
-    - etc-git
-
-- name: Cron job for daily git status - next_part
-  lineinfile:
-    path: /etc/daily.local
-    line: 'next_part "Daily warning for unclean Git repository:"'
-    insertbefore: "/usr/share/scripts/etc-git-status"
-    owner: root
-    mode: "0644"
-    create: true
-    state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
+- name: Configure repositories
+  include: repositories.yml
   tags:
     - etc-git
+  when: etc_git_config_repositories | bool
diff --git a/roles/etc-git/tasks/repositories.yml b/roles/etc-git/tasks/repositories.yml
new file mode 100644
index 0000000..47e2557
--- /dev/null
+++ b/roles/etc-git/tasks/repositories.yml
@@ -0,0 +1,23 @@
+---
+
+- include: repository.yml
+  vars:
+    repository_path: "/etc"
+  tags:
+    - etc-git
+
+- name: verify /usr/share/scripts presence
+  stat:
+    path: /usr/share/scripts
+  register: _usr_share_scripts
+  tags:
+    - etc-git
+
+- include: repository.yml
+  vars:
+    repository_path: "/usr/share/scripts"
+  when:
+    - _usr_share_scripts.stat.exists
+    - _usr_share_scripts.stat.isdir
+  tags:
+    - etc-git
diff --git a/roles/etc-git/tasks/utils.yml b/roles/etc-git/tasks/utils.yml
new file mode 100644
index 0000000..f2d5e29
--- /dev/null
+++ b/roles/etc-git/tasks/utils.yml
@@ -0,0 +1,134 @@
+---
+
+- name: evocommit script is installed
+  copy:
+    src: evocommit
+    dest: /usr/local/bin/evocommit
+    mode: "0755"
+    force: true
+  tags:
+    - etc-git
+
+- name: "ansible-commit script is installed"
+  copy:
+    src: ansible-commit
+    dest: /usr/local/bin/ansible-commit
+    mode: "0755"
+    force: true
+  tags:
+    - etc-git
+
+- name: etc-git-optimize script is installed
+  copy:
+    src: etc-git-optimize
+    dest: /usr/share/scripts/etc-git-optimize
+    mode: "0755"
+    force: true
+  tags:
+    - etc-git
+
+- name: etc-git-status script is installed
+  copy:
+    src: etc-git-status
+    dest: /usr/share/scripts/etc-git-status
+    mode: "0755"
+    force: true
+  tags:
+    - etc-git
+
+- name: Legacy monthly cron job for /etc/.git optimization is absent
+  lineinfile:
+    path: /etc/monthly.local
+    line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
+    state: absent
+  tags:
+    - etc-git
+
+- name: Legacy hourly cron job for /etc/.git status is absent
+  cron:
+    name: git status
+    minute: "42"
+    job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
+    state: absent
+  tags:
+    - etc-git
+
+- name: Legacy daily cron jobs for /etc/.git status are absent
+  lineinfile:
+    path: /etc/daily.local
+    line: "{{ item }}"
+    owner: root
+    mode: "0644"
+    state: absent
+  with_items:
+    - 'next_part "Checking /etc git status:"'
+    - '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
+  tags:
+    - etc-git
+
+- name: Cron job for monthly git optimization
+  lineinfile:
+    path: /etc/monthly.local
+    line: "/usr/share/scripts/etc-git-optimize"
+    owner: root
+    mode: "0644"
+    create: true
+  tags:
+    - etc-git
+
+- name: Cron job for monthly git optimization - next_part
+  lineinfile:
+    path: /etc/monthly.local
+    line: 'next_part "Monthly optimization:"'
+    insertbefore: "/usr/share/scripts/etc-git-optimize"
+    owner: root
+    mode: "0644"
+    create: true
+  tags:
+    - etc-git
+
+- name: Cron job for hourly git status
+  lineinfile:
+    path: /etc/hourly.local
+    line: "who > /dev/null || /usr/share/scripts/etc-git-status"
+    owner: root
+    mode: "0644"
+    create: true
+    state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
+  tags:
+    - etc-git
+
+- name: Cron job for hourly git status - next_part
+  lineinfile:
+    path: /etc/hourly.local
+    line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
+    insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
+    owner: root
+    mode: "0644"
+    create: true
+    state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
+  tags:
+    - etc-git
+
+- name: Cron job for daily git status
+  lineinfile:
+    path: /etc/daily.local
+    line: "/usr/share/scripts/etc-git-status"
+    owner: root
+    mode: "0644"
+    create: true
+    state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
+  tags:
+    - etc-git
+
+- name: Cron job for daily git status - next_part
+  lineinfile:
+    path: /etc/daily.local
+    line: 'next_part "Daily warning for unclean Git repository:"'
+    insertbefore: "/usr/share/scripts/etc-git-status"
+    owner: root
+    mode: "0644"
+    create: true
+    state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
+  tags:
+    - etc-git