diff options
| author | Egor Tensin <Egor.Tensin@gmail.com> | 2023-09-11 18:01:37 +0200 |
|---|---|---|
| committer | Egor Tensin <Egor.Tensin@gmail.com> | 2023-09-12 10:17:24 +0200 |
| commit | 3b7ba8532f31d221c0708e2d6733bccdd3935f91 (patch) | |
| tree | 9ba4be99b8a6589d30f94a9fa029cd8ec56d23ef | |
| parent | fix some ansible-lint warnings (diff) | |
| download | infra-ansible-3b7ba8532f31d221c0708e2d6733bccdd3935f91.tar.gz infra-ansible-3b7ba8532f31d221c0708e2d6733bccdd3935f91.zip | |
etckeeper: manage the ignore list
| -rw-r--r-- | roles/etckeeper/defaults/main.yml | 15 | ||||
| -rw-r--r-- | roles/etckeeper/handlers/commit.yml (renamed from roles/etckeeper/handlers/commit_conf.yml) | 4 | ||||
| -rw-r--r-- | roles/etckeeper/handlers/main.yml | 12 | ||||
| -rw-r--r-- | roles/etckeeper/tasks/ignore.yml | 18 | ||||
| -rw-r--r-- | roles/etckeeper/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/pacman/tasks/main.yml | 70 | ||||
| -rw-r--r-- | roles/rate_mirrors/tasks/main.yml | 52 |
7 files changed, 67 insertions, 116 deletions
diff --git a/roles/etckeeper/defaults/main.yml b/roles/etckeeper/defaults/main.yml index 176453c..e783002 100644 --- a/roles/etckeeper/defaults/main.yml +++ b/roles/etckeeper/defaults/main.yml @@ -3,3 +3,18 @@ git_email: Egor.Tensin@gmail.com etckeeper_remote_name: origin #etckeeper_remote_url: + +etckeeper_ignored_paths: + # My resolv.conf is typically managed, by either systemd or NetworkManager. + - /resolv.conf + # This is just a stupid systemd file. + - /.updated + # I really don't need all the Wi-Fi networks. + - /NetworkManager/system-connections/ + # I'm unsure about this; but it does make pacman upgrades much easier - I + # don't need to account for /etc/pacman.d/gnupg suddenly having changes. + - /pacman.d/gnupg/ + # I run rate-mirrors before every upgrade pretty much. + - /pacman.d/mirrorlist + +etckeeper_extra_ignored_paths: [] diff --git a/roles/etckeeper/handlers/commit_conf.yml b/roles/etckeeper/handlers/commit.yml index 134e264..f48db8f 100644 --- a/roles/etckeeper/handlers/commit_conf.yml +++ b/roles/etckeeper/handlers/commit.yml @@ -4,7 +4,7 @@ set -o pipefail && \ git status --porcelain=v1 \ | cut -c 4- \ - | grep -G -v '^etckeeper/etckeeper.conf' + | grep -G -v '^{{ paths | map("regex_replace", "^/", "") | list | join("\|^") }}' args: chdir: /etc register: git_status @@ -21,4 +21,4 @@ - name: etckeeper commit become: true ansible.builtin.command: | - etckeeper commit 'configure etckeeper' + etckeeper commit '{{ commit_msg }}' diff --git a/roles/etckeeper/handlers/main.yml b/roles/etckeeper/handlers/main.yml index 9993ed5..ca6beaa 100644 --- a/roles/etckeeper/handlers/main.yml +++ b/roles/etckeeper/handlers/main.yml @@ -1,3 +1,13 @@ - name: Commit etckeeper.conf - ansible.builtin.include_tasks: commit_conf.yml + ansible.builtin.include_tasks: commit.yml + vars: + paths: [etckeeper/etckeeper.conf] + commit_msg: configure etckeeper listen: etckeeper_commit_conf + +- name: Commit .gitignore + ansible.builtin.include_tasks: commit.yml + vars: + paths: '{{ [".gitignore"] + etckeeper_ignored_paths + etckeeper_extra_ignored_paths }}' + commit_msg: configure ignored files + listen: etckeeper_commit_gitignore diff --git a/roles/etckeeper/tasks/ignore.yml b/roles/etckeeper/tasks/ignore.yml new file mode 100644 index 0000000..a798368 --- /dev/null +++ b/roles/etckeeper/tasks/ignore.yml @@ -0,0 +1,18 @@ +- name: Add line to .gitignore + become: true + ansible.builtin.lineinfile: + path: /etc/.gitignore + line: '{{ ignore_path }}' + state: present + owner: root + group: root + mode: '644' + register: gitignore + notify: etckeeper_commit_gitignore + +- name: Remove path from cache + when: gitignore.changed + become: true + ansible.builtin.command: # noqa: command-instead-of-module + cmd: git rm -r --ignore-unmatch --cached -- '{{ ignore_path | regex_replace("^/", "") }}' + chdir: /etc diff --git a/roles/etckeeper/tasks/main.yml b/roles/etckeeper/tasks/main.yml index 431a378..f609ce7 100644 --- a/roles/etckeeper/tasks/main.yml +++ b/roles/etckeeper/tasks/main.yml @@ -74,3 +74,15 @@ option: PUSH_REMOTE value: '{{ etckeeper_remote_name }}' notify: etckeeper_commit_conf + +- name: Commit etckeeper.conf if necessary + ansible.builtin.meta: flush_handlers + +- name: Configure ignored paths + ansible.builtin.include_tasks: ignore.yml + loop: '{{ etckeeper_ignored_paths + etckeeper_extra_ignored_paths }}' + loop_control: + loop_var: ignore_path + +- name: Commit .gitignore if necessary + ansible.builtin.meta: flush_handlers diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml index 5ed782f..a235d7d 100644 --- a/roles/pacman/tasks/main.yml +++ b/roles/pacman/tasks/main.yml @@ -1,62 +1,10 @@ -- name: Upgrade packages or fail gracefully +- name: Upgrade packages become: true - block: - - name: Upgrade packages - community.general.pacman: - update_cache: true - upgrade: true - register: pacman_result - notify: pacman_upgraded - - - name: Reboot if necessary - ansible.builtin.meta: flush_handlers - rescue: - - name: Check if /etc is versioned - ansible.builtin.file: - path: /etc/.git/config - state: file - register: etc_versioned - - - name: Fail if /etc is not versioned - ansible.builtin.fail: - msg: Upgrading packages failed for an unknown reason! - when: not etc_versioned - - - name: Check for changes in /etc - ansible.builtin.command: # noqa: command-instead-of-module - cmd: git status --porcelain=v1 - chdir: /etc - register: git_status - changed_when: false - - - name: Fail if there're no uncommitted changes in /etc - ansible.builtin.fail: - msg: Upgrading packages failed for an unknown reason! - when: not git_status.stdout - - - name: All changes in /etc are in pacman.d/gnupg? - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^pacman.d/gnupg/' - args: - chdir: /etc - register: only_gnupg - changed_when: false - failed_when: only_gnupg.rc not in [0, 1] - - - name: Commit changes in /etc/pacman.d/gnupg - ansible.builtin.command: | - etckeeper commit 'pacman: GPG keys' - when: only_gnupg.rc == 1 - - - name: Retry upgrading packages - community.general.pacman: - update_cache: true - upgrade: true - register: pacman_result - notify: pacman_upgraded - - - name: Reboot if necessary - ansible.builtin.meta: flush_handlers + community.general.pacman: + update_cache: true + upgrade: true + register: pacman_result + notify: pacman_upgraded + +- name: Reboot if necessary + ansible.builtin.meta: flush_handlers diff --git a/roles/rate_mirrors/tasks/main.yml b/roles/rate_mirrors/tasks/main.yml index 9d40fa2..4d72a41 100644 --- a/roles/rate_mirrors/tasks/main.yml +++ b/roles/rate_mirrors/tasks/main.yml @@ -1,28 +1,3 @@ -- name: Check if /etc is versioned - become: true - ansible.builtin.file: - path: /etc/.git/config - state: file - register: etc_versioned - -- name: Fail if there're uncommitted changes in /etc - when: etc_versioned - become: true - block: - - name: Check for changes in /etc - ansible.builtin.command: # noqa: command-instead-of-module - cmd: git status --porcelain=v1 - chdir: /etc - register: git_status - changed_when: false - - - name: Fail - ansible.builtin.fail: - msg: | - There are uncommitted changes in /etc: - {{ git_status.stdout }} - when: git_status.stdout - - name: Rate pacman mirrors become: true ansible.builtin.shell: | @@ -31,30 +6,3 @@ --disable-comments \ --save /etc/pacman.d/mirrorlist \ "$ID" - -- name: Commit pacman.d/mirrorlist - when: etc_versioned - become: true - block: - - name: Check for changes in /etc - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^pacman.d/mirrorlist' - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: git_status.rc not in [0, 1] - - - name: Fail if there're other uncommitted changes - ansible.builtin.fail: - msg: | - How did this happen? Other files have been modified: - {{ git_status.stdout }} - when: git_status.rc == 0 - - - name: etckeeper commit - ansible.builtin.command: | - etckeeper commit 'rate-mirrors' |