Add syncarchive role

This is a new role for syncing the archive. Currently only ger.mirror.pkgbuild.com is capable of this due to disk space requirements. It can probably be extended fairly easily to other hosts.

Add syncarchive role
This is a new role for syncing the archive. Currently only ger.mirror.pkgbuild.com is capable of this due to disk space requirements. It can probably be extended fairly easily to other hosts.
8e33fb5a · Sven-Hendrik Haase · 9e0bbfa3 · 8e33fb5a · 8e33fb5a · 8e33fb5a
Verified Commit 8e33fb5a authored Oct 25, 2019 by Sven-Hendrik Haase
--- a/hosts
+++ b/hosts
@@ -21,6 +21,9 @@ mex.mirror.pkgbuild.com
 sgp.mirror.pkgbuild.com
 ger.mirror.pkgbuild.com

+[archive-mirrors]
+ger.mirror.pkgbuild.com
+
 [borg-clients]
 orion.archlinux.org
 apollo.archlinux.org

--- a/playbooks/archive-mirrors.yml
+++ b/playbooks/archive-mirrors.yml
+---
+- name: common playbook for archive-mirrors
+  hosts: archive-mirrors
+  remote_user: root
+  roles:
+    - { role: common }
+    - { role: tools }
+    - { role: sshd }
+    - { role: root_ssh }
+    - { role: certbot }
+    - { role: nginx }
+    - { role: unbound }
+    - { role: syncarchive, tags: ['nginx'] }
+    - { role: zabbix-agent, tags: ["zabbix"] }
--- a/roles/dbscripts/templates/rsyncd.conf.proto.j2
+++ b/roles/dbscripts/templates/rsyncd.conf.proto.j2
@@ -20,6 +20,11 @@ hosts allow = 127.0.0.1
 # DENY THE REST
 hosts deny = *

+[archive]
+	path = /srv/archive
+	comment = archive
+	hosts allow = {{ hostvars['ger.mirror.pkgbuild.com']['ipv4_address'] }}
+
 [temp-archive]
 	path = /srv/archive
 	comment = temporary endpoint for the archive

--- a/roles/syncarchive/files/syncarchive
+++ b/roles/syncarchive/files/syncarchive
+#!/bin/bash
+
+target="/srv/archive"
+tmp="/srv/syncarchive-tmp"
+lock="/var/lock/syncarchive.lck"
+source_url='rsync://rsync.archlinux.org/archive'
+lastupdate_url='https://archive.archlinux.org/repos/last/lastupdate'
+
+[ ! -d "${target}" ] && mkdir -p "${target}"
+[ ! -d "${tmp}" ] && mkdir -p "${tmp}"
+
+exec 9>"${lock}"
+flock -n 9 || exit
+
+rsync_cmd() {
+	local -a cmd=(rsync -rtlH --safe-links --delete-after ${VERBOSE} "--timeout=600" "--contimeout=60" -p \
+		--delay-updates --no-motd "--temp-dir=${tmp}")
+
+	if stty &>/dev/null; then
+		cmd+=(-h -v --progress)
+	else
+		cmd+=("--info=name1")
+	fi
+
+	"${cmd[@]}" "$@"
+}
+
+# if we are called without a tty (cronjob) only run when there are changes
+if ! tty -s && [[ -f "$target/lastupdate" ]] && diff -b <(curl -Ls "$lastupdate_url") "$target/lastupdate" >/dev/null; then
+	exit 0
+fi
+
+rsync_cmd \
+    --exclude=".well-known" \
+	"${source_url}" \
+	"${target}"
--- a/roles/syncarchive/files/syncarchive.service
+++ b/roles/syncarchive/files/syncarchive.service
+[Unit]
+Description=Synchronize package archive mirror
+RequiresMountsFor=/srv/archive
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/syncarchive
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
--- a/roles/syncarchive/files/syncarchive.timer
+++ b/roles/syncarchive/files/syncarchive.timer
+[Unit]
+Description=Minutely archive sync
+
+[Timer]
+OnCalendar=minutely
+AccuracySec=1m
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/roles/syncarchive/handlers/main.yml
+++ b/roles/syncarchive/handlers/main.yml
+---
+
+- name: daemon reload
+  command: systemctl daemon-reload
--- a/roles/syncarchive/tasks/main.yml
+++ b/roles/syncarchive/tasks/main.yml
+---
+- name: install rsync
+  pacman: name=rsync state=present
+
+- name: install syncarchive script
+  copy: src=syncarchive dest=/usr/local/bin/syncarchive owner=root group=root mode=0755
+
+- name: install syncarchive units
+  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
+  with_items:
+    - syncarchive.timer
+    - syncarchive.service
+  notify:
+    - daemon reload
+
+- name: start and enable syncarchive units
+  service: name={{ item }} enabled=yes state=started
+  with_items:
+    - syncarchive.timer