diff --git a/playbooks/roles/logrotate/tasks/cleanup.yaml b/playbooks/roles/logrotate/tasks/cleanup.yaml new file mode 100644 index 0000000000..3190c79ca9 --- /dev/null +++ b/playbooks/roles/logrotate/tasks/cleanup.yaml @@ -0,0 +1,9 @@ +# Hash the full path to avoid any conflicts but remain idempotent. +- name: Create a unique config name + set_fact: + logrotate_generated_config_file_name: "{{ (logrotate_file_name | hash('sha1'))[0:6] }}.conf" + +- name: Cleanup the indicated file + file: + state: absent + path: '/etc/logrotate.d/{{ logrotate_generated_config_file_name }}' diff --git a/playbooks/roles/mirror-update/files/opensuse-mirror-update b/playbooks/roles/mirror-update/files/opensuse-mirror-update deleted file mode 100755 index e7384bb379..0000000000 --- a/playbooks/roles/mirror-update/files/opensuse-mirror-update +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -xe -# Copyright 2017 SUSE Linux GmbH -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -source /usr/share/mirror-update/functions.sh - -MIRROR_VOLUME=$1 - -# Runs with timeout under cron -if [[ ${UNDER_CRON:-0} -eq 0 ]]; then - echo_ts "Running interactively" - TIMEOUT="" - set -x -else - TIMEOUT="timeout -k 2m 90m" -fi - -BASE="/afs/.openstack.org/mirror/opensuse" -MIRROR="rsync://mirror.clarkson.edu/opensuse/opensuse" -OBS_MIRROR="rsync://provo-mirror.opensuse.org/opensuse/repositories" -OBS_REPOS=() -K5START="k5start -t -f /etc/opensuse.keytab service/opensuse-mirror -- $TIMEOUT" - -# NOTE(hwoarang): Ensure old distros are not mirrored aymore -for REPO in distribution/leap update/leap \ - repositories/Cloud: \ - repositories/Virtualization: \ - repositories/network: ; do - if [ -d $BASE/$REPO ]; then - $K5START rm -rf $BASE/$REPO - fi -done - -date --iso-8601=ns -for obs_repo in ${OBS_REPOS[@]}; do - REPO=repositories/${obs_repo}/ - if ! [ -f $BASE/$REPO ]; then - $K5START mkdir -p $BASE/$REPO - fi - echo "Running rsync ${obs_repo} ..." - $K5START rsync -rltvz \ - --delete --stats \ - --delete-excluded \ - --exclude="src/" \ - --exclude="nosrc/" \ - --exclude=".~tmp~" \ - $OBS_MIRROR/$obs_repo/ $BASE/$REPO -done - -date --iso-8601=ns | $K5START tee $BASE/timestamp.txt -echo "rsync completed successfully, running vos release." -vos_release $MIRROR_VOLUME - -date --iso-8601=ns -echo "Done." diff --git a/playbooks/roles/mirror-update/tasks/rsync.yaml b/playbooks/roles/mirror-update/tasks/rsync.yaml index 3307828fd6..0e9bffeb49 100644 --- a/playbooks/roles/mirror-update/tasks/rsync.yaml +++ b/playbooks/roles/mirror-update/tasks/rsync.yaml @@ -19,9 +19,15 @@ - epel - fedora - openeuler - - opensuse - yum-puppetlabs +- name: Cleanup old unused rsync mirroring scripts + set_fact: + cleanup_rsync_update_scripts: + - opensuse + +##### Script creation ##### + - name: Copy keytab files in place shell: 'echo "{{ lookup("vars", "mirror_update_keytab_" + item) }}" | base64 -d > /etc/{{ item }}.keytab' args: @@ -60,3 +66,36 @@ logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log' logrotate_frequency: 'weekly' loop: '{{ rsync_update_scripts }}' + +##### Script deletion ##### + +# Remove the cron first to avoid any races with cron execution. +- name: Delete old mirroring cron jobs + cron: + name: '{{ item }} mirror sync' + state: absent + job: 'flock -n /var/run/{{ item }}-mirror.lock {{ item }}-mirror-update mirror.{{ item }} >> /var/log/rsync-mirrors/{{ item }}.log 2>&1' + hour: '*/6' + minute: '{{ 45 | random(seed=item) }}' + loop: '{{ cleanup_rsync_update_scripts }}' + +- name: Delete old keytab files + file: + path: '/etc/{{ item }}.keytab' + state: absent + loop: '{{ cleanup_rsync_update_scripts }}' + no_log: True + +- name: Delete old rsync mirror scripts + file: + path: '/usr/local/bin/{{ item }}-mirror-update' + state: absent + loop: '{{ cleanup_rsync_update_scripts }}' + +- name: Delete old logrotate rules + include_role: + name: logrotate + tasks_from: cleanup + vars: + logrotate_file_name: '/var/log/rsync-mirrors/{{ item }}.log' + loop: '{{ cleanup_rsync_update_scripts }}' diff --git a/testinfra/test_mirror-update.py b/testinfra/test_mirror-update.py index 7c17acc38f..cdbb592fb0 100644 --- a/testinfra/test_mirror-update.py +++ b/testinfra/test_mirror-update.py @@ -32,11 +32,15 @@ def test_rsync_scripts(host): 'epel', 'fedora', 'openeuler', - 'opensuse', 'yum-puppetlabs']: f = host.file('/usr/local/bin/%s-mirror-update' % script) assert f.exists +def test_rsync_scripts_removed(host): + for script in ['opensuse']: + f = host.file('/usr/local/bin/%s-mirror-update' % script) + assert not f.exists + def test_publisher_script(host): f = host.file('/usr/local/bin/publish-mirror-logs') assert f.exists @@ -49,7 +53,6 @@ def test_keytabs(host): '/etc/epel.keytab', '/etc/fedora.keytab', '/etc/openeuler.keytab', - '/etc/opensuse.keytab', '/etc/yum-puppetlabs.keytab', '/etc/reprepro.keytab']: @@ -58,6 +61,11 @@ def test_keytabs(host): assert f.sha256sum == KEYTAB_SHA256 assert f.mode == 0o400 +def test_keytabs_removed(host): + for keytab in ['/etc/opensuse.keytab']: + f = host.file(keytab) + assert not f.exists + def test_afs_release_script(host): f = host.file('/opt/afs-release/release-volumes.py') assert f.exists