-
Notifications
You must be signed in to change notification settings - Fork 20
/
adhoc-convert-from-puppet.yml
100 lines (87 loc) · 3.23 KB
/
adhoc-convert-from-puppet.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
---
- import_playbook: adhoc-sshd_sign_host_key.yml
- import_playbook: adhoc-host-getvars.yml
- hosts: all
become: True
tasks:
- name: Stopping puppet
service:
name: puppet
state: stopped
enabled: no
- name: Clearing puppet classes.txt (was checked by Zabbix in default template)
file:
path: /var/lib/puppet/classes.txt
state: absent
- name: Deleting old wrapper scripts used by puppet
file:
path: "/usr/local/bin/{{ item }}"
state: absent
with_items:
- areca-cli
- centos-updates
- build_firewall
- build_firewall6
- zabbix-check-cloud-status.sh
- zabbix-check-debuginfo-status.sh
- zabbix-check-eth-settings.sh
- zabbix-check-iptables.sh
- zabbix-check-msync-status.sh
- zabbix-check-ro.sh
- zabbix-check-vault-status.sh
- zabbix-hw-raid-check.sh
- zabbix-mdstat-check.sh
- zabbix-mirmon-check.sh
- zabbix-os-stats.sh
- zabbix-pdns-stats.sh
- zabbix-raid-areca-check.sh
- name: Deleting old iptables setup from puppet
file:
path: "/etc/sysconfig/{{ item }}"
state: absent
with_items:
- iptables.d
- ip6tables.d
- name: Distributing cron compare script
template:
src: puppet-cron-compare.j2
dest: /var/tmp/puppet-cron-compare
mode: 0750
owner: root
- name: Merging cron users list if needed
set_fact:
puppet_cron_users: "{{ puppet_cron_users + [ 'centos' ] }}"
when: "'msync-nodes' in group_names or 'cloud-nodes' in group_names or 'vault-nodes' in group_names or 'debuginfo-nodes' in group_names or 'buildlogs-nodes' in group_names"
- name: Saving previous users crontab
shell: "egrep -v '^#' /var/spool/cron/{{ item }} > /root/backup-crontab-{{ item }}"
args:
creates: "/root/backup-crontab-{{ item }}"
with_items: "{{ puppet_cron_users }}"
- name: Clearing now puppet cron jobs
shell: "test -e /var/spool/cron/{{ item }} && su -c 'crontab -r' - {{ item }} || /bin/true"
with_items: "{{ puppet_cron_users }}"
# Just the new baseline everywhere
- import_playbook: role-baseline.yml
# And now the roles based on inventory match / group membership
- import_playbook: role-all.yml
# Now that Ansible ran, let's verify if we have a diff in cron jobs removed/applied back (in case of manual undocumented jobs)
- hosts: all
become: True
tasks:
- name: Verifying if we have same number of cron jobs
shell: "/var/tmp/puppet-cron-compare {{ item }}"
with_items:
- root
- centos
register: "cron_output"
- name: Sending mail report if issues
mail:
from: "{{ ansible_mail_from }}"
to: "{{ ansible_mail_to }}"
subject: "[CentOS Ansible] Issues found when converting {{ inventory_hostname }}"
body: "Cron jobs number is different for user {{ item.item }}. Please check backup files (/root/backup-crontab-{{ item.item }})"
delegate_to: "{{ ansible_mail_srv }}"
with_items: "{{ cron_output.results }}"
when: "'Difference' in item.stdout"
loop_control:
label: "{{ item.item }}"