From f85945c8f783b3c0eb031be319e33a29b9fbfc49 Mon Sep 17 00:00:00 2001 From: ilia Date: Tue, 2 Sep 2025 11:32:16 -0400 Subject: [PATCH] Update inventory and playbook configurations to reflect new host addresses and user settings. Modify the Makefile for improved maintenance task execution, including unified command options for maintenance operations. Enhance README.md with updated usage instructions for the maintenance system and clarify host group definitions. Adjust group_vars for maintenance settings, ensuring proper handling of reboot conditions and cache management. --- Makefile | 188 +++++++++++++++++++++++++--- README.md | 69 +++++++--- group_vars/all.yml | 5 + host_vars/giteaVM.yml | 6 + host_vars/homepageVM.yml | 6 + host_vars/portainerVM.yml | 6 + hosts | 10 +- maintenance-playbook.yml | 58 +++++++++ roles/maintenance/README.md | 129 +++++++++++++++---- roles/maintenance/defaults/main.yml | 13 ++ roles/maintenance/tasks/main.yml | 2 + 11 files changed, 431 insertions(+), 61 deletions(-) create mode 100644 host_vars/giteaVM.yml create mode 100644 host_vars/homepageVM.yml create mode 100644 host_vars/portainerVM.yml create mode 100644 maintenance-playbook.yml diff --git a/Makefile b/Makefile index 9bc446d..e762e21 100644 --- a/Makefile +++ b/Makefile @@ -16,11 +16,15 @@ help: ## Show this help message @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf " $(BLUE)%-15s$(RESET) %s\n", $$1, $$2}' @echo "" @echo "$(BOLD)Examples:$(RESET)" - @echo " make bootstrap # Set up dependencies" - @echo " make check # Dry run all hosts" - @echo " make apply # Run on all dev hosts" - @echo " make dev HOST=devVM # Run on specific host" - @echo " make local # Run local playbook" + @echo " make bootstrap # Set up dependencies" + @echo " make check # Dry run all hosts" + @echo " make apply # Run on all dev hosts" + @echo " make dev HOST=dev01 # Run on specific host" + @echo " make local # Run local playbook" + @echo " make maintenance # Run maintenance on all hosts" + @echo " make maintenance GROUP=dev # Run maintenance on dev group" + @echo " make maintenance HOST=dev01 # Run maintenance on specific host" + @echo " make maintenance CHECK=true # Dry-run maintenance on all hosts" @echo "" bootstrap: ## Install required collections and dependencies @@ -37,6 +41,7 @@ test: lint ## Run all tests (lint + syntax check) @echo "$(YELLOW)Testing playbook syntax...$(RESET)" ansible-playbook dev-playbook.yml --syntax-check ansible-playbook local-playbook.yml --syntax-check + ansible-playbook maintenance-playbook.yml --syntax-check @echo "$(GREEN)✓ Syntax check passed$(RESET)" check: ## Dry-run the development playbook (--check mode) @@ -56,10 +61,10 @@ local: ## Run the local playbook on localhost ansible-playbook local-playbook.yml -K # Host-specific targets -dev: ## Run on specific host (usage: make dev HOST=devVM) +dev: ## Run on specific host (usage: make dev HOST=dev01) ifndef HOST @echo "$(RED)Error: HOST parameter required$(RESET)" - @echo "Usage: make dev HOST=devVM" + @echo "Usage: make dev HOST=dev01" @exit 1 endif @echo "$(YELLOW)Running on host: $(HOST)$(RESET)" @@ -70,9 +75,62 @@ security: ## Run only security-related roles @echo "$(YELLOW)Running security roles...$(RESET)" ansible-playbook dev-playbook.yml --tags security -maintenance: ## Run only maintenance tasks - @echo "$(YELLOW)Running maintenance...$(RESET)" - ansible-playbook dev-playbook.yml --tags maintenance +# Unified maintenance target with intelligent parameter detection +maintenance: ## Run maintenance (usage: make maintenance [GROUP=dev] [HOST=dev01] [SERIAL=1] [CHECK=true]) + @$(MAKE) _maintenance-run + +_maintenance-run: + @# Determine target and build command + @TARGET="all"; \ + ANSIBLE_CMD="ansible-playbook maintenance-playbook.yml"; \ + DESCRIPTION="all hosts"; \ + NEED_SUDO=""; \ + \ + if [ -n "$(HOST)" ]; then \ + TARGET="host $(HOST)"; \ + ANSIBLE_CMD="$$ANSIBLE_CMD --limit $(HOST)"; \ + DESCRIPTION="host $(HOST)"; \ + if [ "$(HOST)" = "localhost" ]; then \ + NEED_SUDO="-K"; \ + fi; \ + elif [ -n "$(GROUP)" ]; then \ + TARGET="$(GROUP) group"; \ + ANSIBLE_CMD="$$ANSIBLE_CMD -e target_group=$(GROUP)"; \ + DESCRIPTION="$(GROUP) group"; \ + if [ "$(GROUP)" = "local" ]; then \ + NEED_SUDO="-K"; \ + fi; \ + else \ + NEED_SUDO="-K"; \ + fi; \ + \ + if [ -n "$(SERIAL)" ]; then \ + ANSIBLE_CMD="$$ANSIBLE_CMD -e maintenance_serial=$(SERIAL)"; \ + DESCRIPTION="$$DESCRIPTION (serial=$(SERIAL))"; \ + fi; \ + \ + if [ "$(CHECK)" = "true" ]; then \ + ANSIBLE_CMD="$$ANSIBLE_CMD --check --diff"; \ + echo "$(YELLOW)Dry-run maintenance on $$DESCRIPTION...$(RESET)"; \ + else \ + echo "$(YELLOW)Running maintenance on $$DESCRIPTION...$(RESET)"; \ + fi; \ + \ + if [ -n "$(GROUP)" ] && [ "$(GROUP)" != "dev" ] && [ "$(GROUP)" != "local" ]; then \ + echo "$(BLUE)Available groups: dev, gitea, portainer, homepage, ansible, local$(RESET)"; \ + fi; \ + \ + $$ANSIBLE_CMD $$NEED_SUDO + +# Legacy/convenience aliases +maintenance-dev: ## Run maintenance on dev group (legacy alias) + @$(MAKE) maintenance GROUP=dev + +maintenance-all: ## Run maintenance on all hosts (legacy alias) + @$(MAKE) maintenance + +maintenance-check: ## Dry-run maintenance (legacy alias, usage: make maintenance-check [GROUP=dev]) + @$(MAKE) maintenance CHECK=true GROUP=$(GROUP) docker: ## Install/configure Docker only @echo "$(YELLOW)Running Docker setup...$(RESET)" @@ -86,10 +144,42 @@ apps: ## Install applications only @echo "$(YELLOW)Installing applications...$(RESET)" ansible-playbook dev-playbook.yml --tags apps -# Utility targets -status: ## Check connectivity to all hosts - @echo "$(YELLOW)Checking host connectivity...$(RESET)" - ansible all -m ping +# Connectivity targets +ping: ## Ping hosts with colored output (usage: make ping [GROUP=dev] [HOST=dev01]) +ifdef HOST + @echo "$(YELLOW)Pinging host: $(HOST)$(RESET)" + @ansible $(HOST) -m ping --one-line | while read line; do \ + if echo "$$line" | grep -q "SUCCESS"; then \ + echo "$(GREEN)✓ $$line$(RESET)"; \ + elif echo "$$line" | grep -q "UNREACHABLE"; then \ + echo "$(RED)✗ $$line$(RESET)"; \ + else \ + echo "$(YELLOW)? $$line$(RESET)"; \ + fi; \ + done +else ifdef GROUP + @echo "$(YELLOW)Pinging $(GROUP) group...$(RESET)" + @ansible $(GROUP) -m ping --one-line | while read line; do \ + if echo "$$line" | grep -q "SUCCESS"; then \ + echo "$(GREEN)✓ $$line$(RESET)"; \ + elif echo "$$line" | grep -q "UNREACHABLE"; then \ + echo "$(RED)✗ $$line$(RESET)"; \ + else \ + echo "$(YELLOW)? $$line$(RESET)"; \ + fi; \ + done +else + @echo "$(YELLOW)Pinging all hosts...$(RESET)" + @ansible all -m ping --one-line | while read line; do \ + if echo "$$line" | grep -q "SUCCESS"; then \ + echo "$(GREEN)✓ $$line$(RESET)"; \ + elif echo "$$line" | grep -q "UNREACHABLE"; then \ + echo "$(RED)✗ $$line$(RESET)"; \ + else \ + echo "$(YELLOW)? $$line$(RESET)"; \ + fi; \ + done +endif facts: ## Gather facts from all hosts @echo "$(YELLOW)Gathering facts...$(RESET)" @@ -115,10 +205,74 @@ quick: test check ## Quick test and check before applying @echo "$(GREEN)✓ Ready to apply changes$(RESET)" # Vault management -edit-vault: ## Edit encrypted host vars (usage: make edit-vault HOST=devVM) +edit-vault: ## Edit encrypted host vars (usage: make edit-vault HOST=dev01) ifndef HOST @echo "$(RED)Error: HOST parameter required$(RESET)" - @echo "Usage: make edit-vault HOST=devVM" + @echo "Usage: make edit-vault HOST=dev01" @exit 1 endif - ansible-vault edit host_vars/$(HOST).yml \ No newline at end of file + ansible-vault edit host_vars/$(HOST).yml + + + +test-connectivity: ## Test network connectivity and SSH access to all hosts + @echo "$(BOLD)Testing Connectivity to All Hosts$(RESET)" + @echo "" + @echo "$(YELLOW)1. Testing network connectivity (ping)...$(RESET)" + @for host in giteaVM portainerVM homepageVM dev01 bottom debianDesktopVM; do \ + ip=$$(ansible-inventory --list | jq -r ".$$host.ansible_host // empty" 2>/dev/null || echo "unknown"); \ + if [ "$$ip" != "unknown" ] && [ "$$ip" != "null" ] && [ "$$ip" != "" ]; then \ + echo -n " $$host ($$ip): "; \ + if ping -c 1 -W 2 $$ip >/dev/null 2>&1; then \ + echo "$(GREEN)✓ Network OK$(RESET)"; \ + else \ + echo "$(RED)✗ Network FAIL$(RESET)"; \ + fi; \ + else \ + echo " $$host: $(YELLOW)? IP not found in inventory$(RESET)"; \ + fi; \ + done + @echo "" + @echo "$(YELLOW)2. Testing SSH connectivity...$(RESET)" + @ansible all -m ping --one-line 2>/dev/null | while read line; do \ + if echo "$$line" | grep -q "SUCCESS"; then \ + echo " $(GREEN)✓ $$line$(RESET)"; \ + elif echo "$$line" | grep -q "UNREACHABLE"; then \ + echo " $(RED)✗ $$line$(RESET)"; \ + else \ + echo " $(YELLOW)? $$line$(RESET)"; \ + fi; \ + done || true + @echo "" + @echo "$(YELLOW)3. SSH key status...$(RESET)" + @if [ -f ~/.ssh/id_rsa.pub ]; then \ + echo " $(GREEN)✓ SSH public key found: ~/.ssh/id_rsa.pub$(RESET)"; \ + elif [ -f ~/.ssh/id_ed25519.pub ]; then \ + echo " $(GREEN)✓ SSH public key found: ~/.ssh/id_ed25519.pub$(RESET)"; \ + else \ + echo " $(RED)✗ No SSH public key found$(RESET)"; \ + echo " $(YELLOW) Run: ssh-keygen -t ed25519 -C 'your_email@example.com'$(RESET)"; \ + fi + @echo "" + @echo "$(BOLD)Troubleshooting Tips:$(RESET)" + @echo " • For network failures: Check if VMs are running and IPs are correct" + @echo " • For SSH failures: Copy your SSH key to the target hosts" + @echo " • Run: ssh-copy-id user@host (for each failing host)" + @echo " • Or: make copy-ssh-key HOST=hostname" + +copy-ssh-key: ## Copy SSH key to specific host (usage: make copy-ssh-key HOST=giteaVM) +ifndef HOST + @echo "$(RED)Error: HOST parameter required$(RESET)" + @echo "Usage: make copy-ssh-key HOST=giteaVM" + @exit 1 +endif + @echo "$(YELLOW)Copying SSH key to $(HOST)...$(RESET)" + @ip=$$(ansible-inventory --list | jq -r "._meta.hostvars.$(HOST).ansible_host // empty" 2>/dev/null); \ + user=$$(ansible-inventory --list | jq -r "._meta.hostvars.$(HOST).ansible_user // empty" 2>/dev/null); \ + if [ -n "$$ip" ] && [ "$$ip" != "null" ] && [ -n "$$user" ] && [ "$$user" != "null" ]; then \ + echo "Target: $$user@$$ip"; \ + ssh-copy-id $$user@$$ip; \ + else \ + echo "$(RED)Could not determine IP or user for $(HOST)$(RESET)"; \ + echo "Check your inventory and host_vars"; \ + fi \ No newline at end of file diff --git a/README.md b/README.md index c8decba..79f680d 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ This Ansible playbook automates the setup of development environments across mul ## 🏗️ Architecture ### Host Groups -- `dev`: Development machines (devVM, bottom, debianDesktopVM) +- `dev`: Development machines (dev01, bottom, debianDesktopVM) - `gitea`: Gitea server - `portainer`: Portainer container management - `homepage`: Homepage dashboard @@ -43,7 +43,7 @@ make check make apply # Run on specific host -make dev HOST=devVM +make dev HOST=dev01 # Run locally make local @@ -78,7 +78,7 @@ ansible-playbook dev-playbook.yml ansible-playbook dev-playbook.yml --ask-vault-pass # Run on specific host -ansible-playbook dev-playbook.yml --limit devVM +ansible-playbook dev-playbook.yml --limit dev01 # Skip reboots for specific host ansible-playbook dev-playbook.yml --limit bottom @@ -98,8 +98,12 @@ make shell # Applications only make apps -# Maintenance only -make maintenance +# Maintenance (unified system) +make maintenance # All hosts +make maintenance GROUP=dev # Specific group +make maintenance HOST=dev01 # Specific host +make maintenance CHECK=true # Dry-run all hosts +make maintenance GROUP=dev SERIAL=1 # Serial execution # Check connectivity make status @@ -135,10 +139,10 @@ Control debug information display with the `ansible_debug_output` variable: ```bash # Default: No debug output (clean, production-ready output) -ansible-playbook dev-playbook.yml --limit devVM +ansible-playbook dev-playbook.yml --limit dev01 # Enable debug output (shows detailed status information) -ansible-playbook dev-playbook.yml --limit devVM -e "ansible_debug_output=true" +ansible-playbook dev-playbook.yml --limit dev01 -e "ansible_debug_output=true" # Set permanently in group_vars/all.yml ansible_debug_output: true @@ -271,19 +275,51 @@ fd "main.yml" roles/ -x cat ## 🔄 Maintenance -### Automatic Updates +### Unified Maintenance System +The maintenance system provides a single, intelligent command for all maintenance operations: + +```bash +# Basic usage +make maintenance # Run on all hosts +make maintenance GROUP=dev # Run on specific group +make maintenance HOST=dev01 # Run on specific host + +# Advanced options +make maintenance CHECK=true # Dry-run (safe testing) +make maintenance GROUP=dev SERIAL=1 # One host at a time +make maintenance GROUP=local # Local machine (auto-sudo) + +# Legacy support (still works) +make maintenance-all # Same as: make maintenance +make maintenance-check GROUP=dev # Same as: make maintenance GROUP=dev CHECK=true +``` + +### Available Host Groups +- `dev`: Development machines (dev01, bottom, debianDesktopVM) +- `gitea`: Gitea server +- `portainer`: Portainer container management +- `homepage`: Homepage dashboard +- `ansible`: Ansible control node +- `local`: Localhost (with automatic sudo handling) + +### Maintenance Features The maintenance role handles: - Package updates (`apt upgrade`) - Unused package removal (`apt autoremove`) - Cache cleanup (`apt autoclean`) -- Conditional reboots +- Conditional reboots (respects `skip_reboot` setting) +- System information reporting +- Intelligent sudo password handling -### Manual Maintenance +### Direct Ansible Commands ```bash -# Update only maintenance role -ansible-playbook dev-playbook.yml --tags maintenance +# Using the dedicated maintenance playbook +ansible-playbook maintenance-playbook.yml -e "target_group=dev" +ansible-playbook maintenance-playbook.yml --limit "dev01" +ansible-playbook maintenance-playbook.yml --check --diff # Dry-run -# Skip maintenance +# Using tags with development playbook +ansible-playbook dev-playbook.yml --tags maintenance ansible-playbook dev-playbook.yml --skip-tags maintenance ``` @@ -348,8 +384,8 @@ make apply # Deploy to all hosts ### Host-Specific Operations ```bash -make dev HOST=devVM # Deploy to specific host -make edit-vault HOST=devVM # Edit encrypted host variables +make dev HOST=dev01 # Deploy to specific host +make edit-vault HOST=dev01 # Edit encrypted host variables ``` ### Maintenance and Utilities @@ -365,10 +401,11 @@ Run `make help` for the complete list of available commands. ``` ansible/ ├── ansible.cfg # Enhanced Ansible configuration -├── Makefile # Workflow automation +├── Makefile # Workflow automation with unified maintenance ├── hosts # Inventory file ├── dev-playbook.yml # Main development playbook ├── local-playbook.yml # Local machine setup +├── maintenance-playbook.yml # Dedicated maintenance playbook ├── collections/ │ └── requirements.yml # Required Ansible collections ├── group_vars/ diff --git a/group_vars/all.yml b/group_vars/all.yml index a94dad8..62917cf 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -11,3 +11,8 @@ ansible_debug_output: false fail2ban_bantime: 3600 fail2ban_findtime: 600 fail2ban_maxretry: 3 + +# Maintenance settings +maintenance_default_serial: "100%" # Default serial execution for maintenance +maintenance_reboot_timeout: 300 # Reboot timeout in seconds +maintenance_pre_reboot_delay: 5 # Delay before reboot in seconds diff --git a/host_vars/giteaVM.yml b/host_vars/giteaVM.yml new file mode 100644 index 0000000..59e8e8c --- /dev/null +++ b/host_vars/giteaVM.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +35613535653633616433383235306131326139313335323039393662313066613966633934333864 +6465656334383738393565613033653230323264363933370a623036393963393833376333383635 +62636466383165383439623736613831663761336662383138386666336365636166373338666232 +6164616262383764340a326530393662383632623538333535353962313138633639653933303564 +3939 diff --git a/host_vars/homepageVM.yml b/host_vars/homepageVM.yml new file mode 100644 index 0000000..a037b56 --- /dev/null +++ b/host_vars/homepageVM.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +32353034343864393663363666306566396464626335363133316432633832616561336234323138 +6535373836623837323266376539633937326365393730300a303963663165353536656133636663 +63323966353039663531626434303939313137383734363538616564646638353030643130613632 +3131353132336261650a653361333235643130333330346366656637303332666361386461616331 +3132 diff --git a/host_vars/portainerVM.yml b/host_vars/portainerVM.yml new file mode 100644 index 0000000..138702e --- /dev/null +++ b/host_vars/portainerVM.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +35386435346434313638656334393931363832396538626361633237653134303639323662353165 +3131653934353233626136386236363565363835373535320a373932343630303363656363346138 +33366161623833366666326161383964396463636633323361333066383066633838636438633364 +3131306263323038370a616432303966323065646466646430356365653334316564333364376535 +3364 diff --git a/hosts b/hosts index a106925..1b26331 100644 --- a/hosts +++ b/hosts @@ -1,19 +1,19 @@ [gitea] -giteaVM ansible_host=10.0.10.10 +giteaVM ansible_host=10.0.30.169 ansible_user=gitea [portainer] -portainerVM ansible_host=10.0.10.20 +portainerVM ansible_host=10.0.30.69 ansible_user=ladmin [homepage] -homepageVM ansible_host=10.0.10.30 +homepageVM ansible_host=10.0.30.12 ansible_user=homepage [dev] -devVM ansible_host=10.0.30.105 ansible_user=ladmin +dev01 ansible_host=10.0.30.105 ansible_user=ladmin bottom ansible_host=10.0.10.156 ansible_user=beast debianDesktopVM ansible_host=10.0.10.206 ansible_user=user skip_reboot=true [ansible] -ansible-controlVM ansible_host=localhost ansible_user=master +ansible-controlVM ansible_host=10.0.10.157 ansible_user=master [local] localhost ansible_connection=local diff --git a/maintenance-playbook.yml b/maintenance-playbook.yml new file mode 100644 index 0000000..4eeaf94 --- /dev/null +++ b/maintenance-playbook.yml @@ -0,0 +1,58 @@ +--- +- name: Run system maintenance + hosts: "{{ target_group | default('all') }}" + become: true + gather_facts: true + serial: "{{ maintenance_serial | default(maintenance_default_serial | default('100%')) }}" + + vars: + # Default maintenance options + maintenance_update_cache: true + maintenance_upgrade_packages: true + maintenance_autoremove: true + maintenance_autoclean: true + maintenance_check_reboot: true + maintenance_allow_reboot: true + + pre_tasks: + - name: Display maintenance target information + ansible.builtin.debug: + msg: | + Starting maintenance on: {{ inventory_hostname }} + Group: {{ group_names | join(', ') }} + Skip reboot: {{ skip_reboot | default(false) | bool }} + + - name: Update apt cache + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + when: maintenance_update_cache | bool + + roles: + - { role: maintenance, tags: ['maintenance'] } + + post_tasks: + - name: Display maintenance completion + ansible.builtin.debug: + msg: | + Maintenance completed for: {{ inventory_hostname }} + Reboot required: {{ maintenance_reboot_required.stat.exists | default(false) }} + {% if maintenance_reboot_required.stat.exists | default(false) and not (skip_reboot | default(false) | bool) %} + System will reboot automatically. + {% elif maintenance_reboot_required.stat.exists | default(false) and (skip_reboot | default(false) | bool) %} + System requires reboot but skip_reboot is set to true. + {% else %} + No reboot required. + {% endif %} + + - name: Gather package facts after maintenance + ansible.builtin.package_facts: + manager: auto + + - name: Display system information + ansible.builtin.debug: + msg: | + System: {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_version'] }} + Kernel: {{ ansible_facts['kernel'] }} + Architecture: {{ ansible_facts['architecture'] }} + Uptime: {{ ansible_facts['uptime_seconds'] | int // 3600 }}h {{ (ansible_facts['uptime_seconds'] | int % 3600) // 60 }}m diff --git a/roles/maintenance/README.md b/roles/maintenance/README.md index 225dd44..56176f3 100644 --- a/roles/maintenance/README.md +++ b/roles/maintenance/README.md @@ -1,38 +1,121 @@ -Role Name -========= +# Maintenance Role -A brief description of the role goes here. +Handles system maintenance tasks including package updates, cleanup, and conditional reboots. -Requirements ------------- +## Requirements -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. +- Debian/Ubuntu-based systems with `apt` package manager +- `sudo` privileges for package management and system operations -Role Variables --------------- +## Role Variables -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. +### Default Variables (`defaults/main.yml`) -Dependencies ------------- +```yaml +# Package management +maintenance_update_cache: true # Update apt cache before operations +maintenance_upgrade_packages: true # Perform dist-upgrade +maintenance_autoremove: true # Remove unused packages +maintenance_autoclean: true # Clean apt cache -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. +# Reboot handling +maintenance_check_reboot: true # Check if reboot is required +maintenance_allow_reboot: true # Allow automatic reboots +``` -Example Playbook ----------------- +### Host Variables -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: +```yaml +skip_reboot: true # Skip reboots for this host (optional) +``` - - hosts: servers - roles: - - { role: username.rolename, x: 42 } +### Playbook Variables -License -------- +```yaml +maintenance_serial: "100%" # Serial execution (e.g., "1" for one-at-a-time) +target_group: "all" # Target host group +``` + +## Dependencies + +None. + +## Example Playbook + +### Basic Usage +```yaml +- hosts: servers + become: true + roles: + - maintenance +``` + +### With Custom Variables +```yaml +- hosts: servers + become: true + vars: + maintenance_allow_reboot: false # Disable automatic reboots + roles: + - maintenance +``` + +### Using the Dedicated Maintenance Playbook +```bash +# Run on all hosts +ansible-playbook maintenance-playbook.yml + +# Run on specific group +ansible-playbook maintenance-playbook.yml -e "target_group=dev" + +# Run with serial execution +ansible-playbook maintenance-playbook.yml -e "target_group=dev" -e "maintenance_serial=1" + +# Dry-run +ansible-playbook maintenance-playbook.yml --check --diff +``` + +### Using Makefile (Recommended) +```bash +# Basic usage +make maintenance # All hosts +make maintenance GROUP=dev # Specific group +make maintenance HOST=dev01 # Specific host +make maintenance CHECK=true # Dry-run + +# Advanced options +make maintenance GROUP=dev SERIAL=1 # Serial execution +make maintenance GROUP=local # Local machine (auto-sudo) +``` + +## Tasks Performed + +1. **Package Updates**: Performs `apt dist-upgrade` to update all packages +2. **Cleanup**: Removes unused packages (`apt autoremove`) and cleans cache (`apt autoclean`) +3. **Reboot Check**: Checks if `/var/run/reboot-required` exists +4. **Conditional Reboot**: Reboots system if required (unless `skip_reboot=true`) + +## Reboot Behavior + +The role respects the following reboot conditions: +- Only reboots if `/var/run/reboot-required` exists +- Only on `apt`-based systems (`ansible_facts['pkg_mgr'] == "apt"`) +- Skips reboot if `skip_reboot` is set to `true` in host variables +- Provides informative reboot message + +## Integration with Maintenance Playbook + +This role is designed to work with the dedicated `maintenance-playbook.yml` which provides: +- Flexible host targeting +- Serial execution support +- Detailed progress reporting +- System information display +- Intelligent sudo handling + +## License BSD -Author Information ------------------- +## Author Information -An optional section for the role authors to include contact information, or a website (HTML is not allowed). +Part of the Ansible Development Environment Setup project. \ No newline at end of file diff --git a/roles/maintenance/defaults/main.yml b/roles/maintenance/defaults/main.yml index dbeeaad..4c75e41 100644 --- a/roles/maintenance/defaults/main.yml +++ b/roles/maintenance/defaults/main.yml @@ -1,2 +1,15 @@ --- # defaults file for maintenance + +# Package management settings +maintenance_update_cache: true # Update apt cache before operations +maintenance_upgrade_packages: true # Perform dist-upgrade +maintenance_autoremove: true # Remove unused packages +maintenance_autoclean: true # Clean apt cache + +# Reboot handling settings +maintenance_check_reboot: true # Check if reboot is required +maintenance_allow_reboot: true # Allow automatic reboots + +# Cache settings +maintenance_cache_valid_time: 3600 # Cache valid time in seconds (1 hour) diff --git a/roles/maintenance/tasks/main.yml b/roles/maintenance/tasks/main.yml index c4c13e1..4066136 100644 --- a/roles/maintenance/tasks/main.yml +++ b/roles/maintenance/tasks/main.yml @@ -19,6 +19,8 @@ - name: Reboot if required ansible.builtin.reboot: msg: "Reboot triggered by Ansible after system changes." + reboot_timeout: "{{ maintenance_reboot_timeout | default(300) }}" + pre_reboot_delay: "{{ maintenance_pre_reboot_delay | default(5) }}" when: - ansible_facts['pkg_mgr'] == "apt" - maintenance_reboot_required.stat.exists