roles/whawty/auth/store/tasks/sync-client.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

---
- name: install rsync
  apt:
    name: rsync
    state: present

- name: make sure sync client config directory exists
  file:
    path: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync"
    state: directory

- name: generate ssh config for whawty-auth store sync client
  copy:
    content: |
      Host whawty-auth-server
      Hostname {{ whawty_auth_store.sync.hostname }}
      {% if 'port' in whawty_auth_store.sync %}
      Port {{ whawty_auth_store.sync.port }}
      {% endif %}
      User {{ whawty_auth_store.sync.user }}
      IdentityFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519
      IdentitiesOnly yes
      UserKnownHostsFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts
      ControlMaster auto
      ControlPath /run/ssh-master.whawty-auth-store-sync-{{ whawty_auth_store.name }}
      ControlPersist 300
    dest: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/ssh_config"

- name: generate ssh keypair for sync client
  openssh_keypair:
    path: /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519
    type: ed25519
    comment: "whawty-auth-sync-{{ whawty_auth_store.name }}@{{ inventory_hostname }}"

- name: generate sync script
  copy:
    content: |
      #!/bin/bash
      {% set rsync_args = [] %}
      {% if 'permissions' in whawty_auth_store %}
      {%   if 'file-mode' in whawty_auth_store.permissions %}
      {%     set _dummy = rsync_args.append(" --chmod=F"~whawty_auth_store.permissions['file-mode']) %}
      {%   endif %}
      {%   if 'owner' in whawty_auth_store.permissions %}
      {%     set _dummy = rsync_args.append(" --chown="~whawty_auth_store.permissions.owner~":"~whawty_auth_store.permissions.group) %}
      {%   endif %}
      {% endif %}
      while true; do
        /usr/bin/rsync -rtW --delete --delete-delay --delay-updates --partial-dir=.tmp{{ rsync_args | join('') }} -e 'ssh -F "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/ssh_config"' 'rsync://whawty-auth-server/store' '{{ whawty_auth_store.config.basedir }}'
        sleep 60
      done
    dest: /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/run.sh
    mode: 0755

- name: generate known_hosts file
  shell: "ssh-keyscan{% if 'port' in whawty_auth_store.sync %} -p {{ whawty_auth_store.sync.port }}{% endif %} {{ whawty_auth_store.sync.hostname }} > /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts"
  args:
    creates: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts"

- name: install systemd units for whawty-auth store sync client
  template:
    src: "systemd.service.j2"
    dest: "/etc/systemd/system/whawty-auth-store-sync-{{ whawty_auth_store.name }}.service"

- name: make sure whawty-auth store sync client is enabled and started
  systemd:
    daemon_reload: yes
    name: "whawty-auth-store-sync-{{ whawty_auth_store.name }}.service"
    state: started
    enabled: yes