Cleanup opensuse mirroring configs entirely

This should cleanup our mirror update server so that we no longer have
configes (cron, scripts, logrotate rules, etc) for mirroring opensuse.
It won't clean up the afs volume, but we can get to that later (and it
will probably require manual intervention). This cleanup is done in a
way that it should be able to be applied to future cleanups too (like
when centos 8 stream goes away and everything is centos stream
specific).

Change-Id: Ib5d15ce800ff0620187345e1cfec0b7b5d65bee5

playbooks/roles/logrotate/tasks/cleanup.yaml

@@ -0,0 +1,9 @@
+# Hash the full path to avoid any conflicts but remain idempotent.
+- name: Create a unique config name
+  set_fact:
+    logrotate_generated_config_file_name:  "{{ (logrotate_file_name | hash('sha1'))[0:6] }}.conf"
+
+- name: Cleanup the indicated file
+  file:
+    state: absent
+    path: '/etc/logrotate.d/{{ logrotate_generated_config_file_name }}'

playbooks/roles/mirror-update/files/opensuse-mirror-update

@@ -1,66 +0,0 @@
-#!/bin/bash -xe
-# Copyright 2017 SUSE Linux GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-source /usr/share/mirror-update/functions.sh
-
-MIRROR_VOLUME=$1
-
-# Runs with timeout under cron
-if [[ ${UNDER_CRON:-0} -eq 0 ]]; then
-    echo_ts "Running interactively"
-    TIMEOUT=""
-    set -x
-else
-    TIMEOUT="timeout -k 2m 90m"
-fi
-
-BASE="/afs/.openstack.org/mirror/opensuse"
-MIRROR="rsync://mirror.clarkson.edu/opensuse/opensuse"
-OBS_MIRROR="rsync://provo-mirror.opensuse.org/opensuse/repositories"
-OBS_REPOS=()
-K5START="k5start -t -f /etc/opensuse.keytab service/opensuse-mirror -- $TIMEOUT"
-
-# NOTE(hwoarang): Ensure old distros are not mirrored aymore
-for REPO in distribution/leap update/leap \
-        repositories/Cloud: \
-        repositories/Virtualization: \
-        repositories/network: ; do
-    if [ -d $BASE/$REPO ]; then
-        $K5START rm -rf $BASE/$REPO
-    fi
-done
-
-date --iso-8601=ns
-for obs_repo in ${OBS_REPOS[@]}; do
-    REPO=repositories/${obs_repo}/
-    if ! [ -f $BASE/$REPO ]; then
-        $K5START mkdir -p $BASE/$REPO
-    fi
-    echo "Running rsync ${obs_repo} ..."
-    $K5START rsync -rltvz \
-        --delete --stats \
-        --delete-excluded \
-        --exclude="src/" \
-        --exclude="nosrc/" \
-        --exclude=".~tmp~" \
-        $OBS_MIRROR/$obs_repo/ $BASE/$REPO
-done
-
-date --iso-8601=ns | $K5START tee $BASE/timestamp.txt
-echo "rsync completed successfully, running vos release."
-vos_release $MIRROR_VOLUME
-
-date --iso-8601=ns
-echo "Done."

playbooks/roles/mirror-update/tasks/rsync.yaml

@@ -19,9 +19,15 @@
       - epel
       - fedora
       - openeuler
-      - opensuse
       - yum-puppetlabs
 
+- name: Cleanup old unused rsync mirroring scripts
+  set_fact:
+    cleanup_rsync_update_scripts:
+      - opensuse
+
+##### Script creation #####
+
 - name: Copy keytab files in place
   shell: 'echo "{{ lookup("vars", "mirror_update_keytab_" + item) }}" | base64 -d > /etc/{{ item }}.keytab'
   args:
@@ -60,3 +66,36 @@
     logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log'
     logrotate_frequency: 'weekly'
   loop: '{{ rsync_update_scripts }}'
+
+##### Script deletion #####
+
+# Remove the cron first to avoid any races with cron execution.
+- name: Delete old mirroring cron jobs
+  cron:
+    name: '{{ item }} mirror sync'
+    state: absent
+    job: 'flock -n /var/run/{{ item }}-mirror.lock {{ item }}-mirror-update mirror.{{ item }} >> /var/log/rsync-mirrors/{{ item }}.log 2>&1'
+    hour: '*/6'
+    minute: '{{ 45 | random(seed=item) }}'
+  loop: '{{ cleanup_rsync_update_scripts }}'
+
+- name: Delete old keytab files
+  file:
+    path: '/etc/{{ item }}.keytab'
+    state: absent
+  loop: '{{ cleanup_rsync_update_scripts }}'
+  no_log: True
+
+- name: Delete old rsync mirror scripts
+  file:
+    path: '/usr/local/bin/{{ item }}-mirror-update'
+    state: absent
+  loop: '{{ cleanup_rsync_update_scripts }}'
+
+- name: Delete old logrotate rules
+  include_role:
+    name: logrotate
+    tasks_from: cleanup
+  vars:
+    logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log'
+  loop: '{{ cleanup_rsync_update_scripts }}'

testinfra/test_mirror-update.py

@@ -32,11 +32,15 @@ def test_rsync_scripts(host):
                    'epel',
                    'fedora',
                    'openeuler',
-                   'opensuse',
                    'yum-puppetlabs']:
         f = host.file('/usr/local/bin/%s-mirror-update' % script)
         assert f.exists
 
+def test_rsync_scripts_removed(host):
+    for script in ['opensuse']:
+        f = host.file('/usr/local/bin/%s-mirror-update' % script)
+        assert not f.exists
+
 def test_publisher_script(host):
     f = host.file('/usr/local/bin/publish-mirror-logs')
     assert f.exists
@@ -49,7 +53,6 @@ def test_keytabs(host):
                    '/etc/epel.keytab',
                    '/etc/fedora.keytab',
                    '/etc/openeuler.keytab',
-                   '/etc/opensuse.keytab',
                    '/etc/yum-puppetlabs.keytab',
                    '/etc/reprepro.keytab']:
 
@@ -58,6 +61,11 @@ def test_keytabs(host):
         assert f.sha256sum == KEYTAB_SHA256
         assert f.mode == 0o400
 
+def test_keytabs_removed(host):
+    for keytab in ['/etc/opensuse.keytab']:
+        f = host.file(keytab)
+        assert not f.exists
+
 def test_afs_release_script(host):
     f = host.file('/opt/afs-release/release-volumes.py')
     assert f.exists