diff options
author | Egor Tensin <Egor.Tensin@gmail.com> | 2023-09-04 21:31:18 +0200 |
---|---|---|
committer | Egor Tensin <Egor.Tensin@gmail.com> | 2023-09-04 21:31:45 +0200 |
commit | e2d23269a1847107bda7918eeb24cf66b376c9ba (patch) | |
tree | ddeb9ab58df45cf0a975e554c7ee08c829b0ac8d | |
parent | v0.0.25 (diff) | |
download | infra-ansible-e2d23269a1847107bda7918eeb24cf66b376c9ba.tar.gz infra-ansible-e2d23269a1847107bda7918eeb24cf66b376c9ba.zip |
import roles etckeeper, pacman, rate_mirrors
-rw-r--r-- | roles/etckeeper/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/etckeeper/tasks/main.yml | 33 | ||||
-rw-r--r-- | roles/pacman/handlers/main.yml | 11 | ||||
-rw-r--r-- | roles/pacman/meta/main.yml | 2 | ||||
-rw-r--r-- | roles/pacman/tasks/main.yml | 55 | ||||
-rw-r--r-- | roles/rate_mirrors/meta/main.yml | 2 | ||||
-rw-r--r-- | roles/rate_mirrors/tasks/main.yml | 43 |
7 files changed, 148 insertions, 0 deletions
diff --git a/roles/etckeeper/defaults/main.yml b/roles/etckeeper/defaults/main.yml new file mode 100644 index 0000000..077855f --- /dev/null +++ b/roles/etckeeper/defaults/main.yml @@ -0,0 +1,2 @@ +git_name: Egor Tensin +git_email: Egor.Tensin@gmail.com diff --git a/roles/etckeeper/tasks/main.yml b/roles/etckeeper/tasks/main.yml new file mode 100644 index 0000000..cbf245c --- /dev/null +++ b/roles/etckeeper/tasks/main.yml @@ -0,0 +1,33 @@ +- name: Check if /etc is versioned + become: true + ansible.builtin.file: + path: /etc/.git/config + state: file + register: etc_versioned + ignore_errors: true + +- when: etc_versioned + block: + - name: Check etckeeper is available + ansible.builtin.command: etckeeper --version + register: etckeeper_installed + changed_when: false + failed_when: false + + - name: Fail if /etc is versioned, but not by etckeeper + ansible.builtin.fail: + msg: /etc is versioned, but etckeeper doesn't seem to be installed. + when: not etckeeper_installed + + - name: Configure /etc repository + become: true + community.general.git_config: + scope: local + repo: /etc + name: '{{ item.name }}' + value: '{{ item.value }}' + loop: + - name: user.name + value: '{{ git_name }}' + - name: user.email + value: '{{ git_email }}' diff --git a/roles/pacman/handlers/main.yml b/roles/pacman/handlers/main.yml new file mode 100644 index 0000000..ca9108b --- /dev/null +++ b/roles/pacman/handlers/main.yml @@ -0,0 +1,11 @@ +- name: Show upgraded packages + ansible.builtin.debug: + var: pacman_result.packages + listen: pacman_upgraded + +- name: Reboot + become: true + ansible.builtin.reboot: + # 3 minutes is plenty. + reboot_timeout: 180 + listen: pacman_upgraded diff --git a/roles/pacman/meta/main.yml b/roles/pacman/meta/main.yml new file mode 100644 index 0000000..cc61eb8 --- /dev/null +++ b/roles/pacman/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - role: etckeeper diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml new file mode 100644 index 0000000..df7fac7 --- /dev/null +++ b/roles/pacman/tasks/main.yml @@ -0,0 +1,55 @@ +- name: Upgrade packages or fail gracefully + become: true + block: + - name: Upgrade packages + community.general.pacman: + update_cache: true + upgrade: true + register: pacman_result + notify: pacman_upgraded + + - name: Reboot if necessary + ansible.builtin.meta: flush_handlers + rescue: + - name: Fail if /etc is not versioned + ansible.builtin.fail: + msg: Upgrading packages failed for an unknown reason! + when: not etc_versioned + + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + + - name: Fail if there're no unstaged changes in /etc + ansible.builtin.fail: + msg: Upgrading packages failed for an unknown reason! + when: not git_status.stdout + + - name: All changes in /etc are in pacman.d/gnupg? + ansible.builtin.shell: | + set -o pipefail && \ + git status --porcelain=v1 \ + | cut -c 4- \ + | grep -G -v '^pacman.d/gnupg/' + args: + chdir: /etc + register: only_gnupg + changed_when: false + + - name: Commit changes in /etc + ansible.builtin.command: | + etckeeper commit 'pacman: GPG keys' + when: git_status.stdout and only_gnupg.rc != 0 + + - name: Retry upgrading packages + community.general.pacman: + update_cache: true + upgrade: true + register: pacman_result + notify: pacman_upgraded + + - name: Reboot if necessary + ansible.builtin.meta: flush_handlers diff --git a/roles/rate_mirrors/meta/main.yml b/roles/rate_mirrors/meta/main.yml new file mode 100644 index 0000000..cc61eb8 --- /dev/null +++ b/roles/rate_mirrors/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - role: etckeeper diff --git a/roles/rate_mirrors/tasks/main.yml b/roles/rate_mirrors/tasks/main.yml new file mode 100644 index 0000000..6fb57e4 --- /dev/null +++ b/roles/rate_mirrors/tasks/main.yml @@ -0,0 +1,43 @@ +- name: As root user + become: true + block: + - name: Fail if there're uncommitted changes in /etc + when: etc_versioned + block: + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + + - ansible.builtin.fail: + msg: There are uncommitted changes in /etc + when: git_status.stdout + + - name: Rate pacman mirrors + ansible.builtin.shell: | + . /etc/os-release && rate-mirrors \ + --allow-root \ + --disable-comments \ + --save /etc/pacman.d/mirrorlist \ + "$ID" + + - name: Commit pacman.d/mirrorlist + when: etc_versioned + block: + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + + - name: Fail if there're other uncommitted changes + ansible.builtin.fail: + msg: How did this happen? + when: git_status.stdout != ' M pacman.d/mirrorlist' + + - name: Commit changes in /etc/pacman.d/mirrorlist + ansible.builtin.command: | + etckeeper commit 'rate-mirrors' |