-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathansible-pull.yml
36 lines (31 loc) · 1.21 KB
/
ansible-pull.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# ansible-pull setup
#
# on remote hosts, set up ansible to run periodically using the latest code
# from a particular checkout, in pull based fashion, inverting Ansible's
# usual push-based operating mode.
#
# This particular pull based mode is ideal for:
#
# (A) massive scale out
# (B) continual system remediation
#
# DO NOT RUN THIS AGAINST YOUR HOSTS WITHOUT CHANGING THE repo_url
# TO SOMETHING YOU HAVE PERSONALLY VERIFIED
#
#
---
- hosts: localhost
remote_user: root
vars:
schedule: '0 0 * * *'
cron_user: root
logfile: /var/log/ansible-pull.log
workdir: /opt/ansible
repo_url: [email protected]:spectrumx/ansible.git
options: --accept-host-key --private-key=/opt/radiohound/.ssh/id_rsa /opt/ansible/master_playbook.yml -e actual_hostname=$(/bin/hostname) -i inventory/inventory.ini
playbook: /opt/ansible/master_playbook.yml
tasks:
- name: Create crontab entry to clone/pull git repository
template: src=templates/etc_cron.d_ansible-pull.j2 dest=/etc/cron.d/ansible-pull owner=root group=root mode=0644
- name: Create logrotate entry for ansible-pull.log
template: src=templates/etc_logrotate.d_ansible-pull.j2 dest=/etc/logrotate.d/ansible-pull owner=root group=root mode=0644