Add role for mirroring archlinux32

e5b461e3 · Bartłomiej Piotrowski · 6136bd2b · e5b461e3 · e5b461e3 · e5b461e3
Commit e5b461e3 authored 7 years ago by Bartłomiej Piotrowski
--- a/host_vars/ind.mirror.pkgbuild.com
+++ b/host_vars/ind.mirror.pkgbuild.com
 ---
 mirror_domain: ind.mirror.pkgbuild.com
 archweb_mirrorcheck_locations: [10]
+arch32_mirror_domain: ind.mirror.archlinux32.org
--- a/host_vars/jpn.mirror.pkgbuild.com
+++ b/host_vars/jpn.mirror.pkgbuild.com
 ---
 mirror_domain: jpn.mirror.pkgbuild.com
 archweb_mirrorcheck_locations: [8]
+arch32_mirror_domain: jpn.mirror.archlinux32.org
--- a/host_vars/mex.mirror.pkgbuild.com
+++ b/host_vars/mex.mirror.pkgbuild.com
 ---
 mirror_domain: mex.mirror.pkgbuild.com
 archweb_mirrorcheck_locations: [7]
+arch32_mirror_domain: mex.mirror.archlinux32.org
--- a/host_vars/sgp.pkgbuild.com
+++ b/host_vars/sgp.pkgbuild.com
@@ -3,3 +3,4 @@ mirror_domain: sgp.mirror.pkgbuild.com
 public_domain: sgp.pkgbuild.com
 archweb_mirrorcheck_locations: [9]
 archbuild_fs: 'btrfs'
+arch32_mirror_domain: sgp.mirror.archlinux32.org
--- a/playbooks/mirrors.yml
+++ b/playbooks/mirrors.yml
@@ -11,3 +11,4 @@
    - { role: syncrepo, tags: ['syncrepo', 'nginx'] }
    - { role: archweb, archweb_site: false, archweb_services: false, archweb_mirrorcheck: true, tags: ['archweb'] }
    - { role: zabbix-agent, tags: ["zabbix", "zabbix-agent"] }
+    - { role: arch32_mirror, tags: ['arch32_mirror', 'nginx'] }
--- a/roles/arch32_mirror/defaults/main.yml
+++ b/roles/arch32_mirror/defaults/main.yml
+---
+arch32_mirror_dir: /srv/archlinux32
+arch32_mirror_source: rsync://mirror.archlinux32.org/archlinux32
+arch32_mirror_lastupdate: https://mirror.archlinux32.org/lastupdate
--- a/roles/arch32_mirror/handlers/main.yml
+++ b/roles/arch32_mirror/handlers/main.yml
+---
+
+- name: daemon reload
+  command: systemctl daemon-reload
--- a/roles/arch32_mirror/tasks/main.yml
+++ b/roles/arch32_mirror/tasks/main.yml
+---
+
+- name: create ssl cert
+  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
+  when: 'arch32_mirror_domain is defined'
+
+- name: install rsync
+  pacman: name=rsync state=present
+
+- name: install syncrepo script
+  template: src=syncrepo_arch32 dest=/usr/local/bin/syncrepo_arch32 owner=root group=root mode=0755
+
+- name: install syncrepo units
+  template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
+  with_items:
+    - syncrepo_arch32.timer
+    - syncrepo_arch32.service
+  notify:
+    - daemon reload
+
+- name: start and enable syncrepo unit
+  service: name={{ item }} enabled=yes state=started
+  with_items:
+    - syncrepo_arch32.timer
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ arch32_mirror_domain }} state=directory owner=root group=root mode=0755
+
+- name: set up nginx
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/syncrepo_arch32.conf owner=root group=root mode=0644
+  notify:
+    - reload nginx
+  when: 'arch32_mirror_domain is defined'
--- a/roles/arch32_mirror/templates/nginx.d.conf.j2
+++ b/roles/arch32_mirror/templates/nginx.d.conf.j2
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ arch32_mirror_domain }};
+    root         {{ arch32_mirror_dir }};
+
+    access_log   /var/log/nginx/{{ arch32_mirror_domain }}/access.log;
+    error_log    /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    autoindex on;
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ arch32_mirror_domain }};
+    root         {{ arch32_mirror_dir }};
+
+    access_log   /var/log/nginx/{{ arch32_mirror_domain }}/access.log;
+    error_log    /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ arch32_mirror_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ arch32_mirror_domain }}/chain.pem;
+
+    autoindex on;
+}
--- a/roles/arch32_mirror/templates/syncrepo_arch32
+++ b/roles/arch32_mirror/templates/syncrepo_arch32
+#!/bin/bash
+
+# This is a simple mirroring script. To save bandwidth it first checks a
+# timestamp via HTTP and only runs rsync when the timestamp differs from the
+# local copy. As of 2016, a single rsync run without changes transfers roughly
+# 6MiB of data which adds up to roughly 250GiB of traffic per month when rsync
+# is run every minute. Performing a simple check via HTTP first can thus save a
+# lot of traffic.
+
+target="{{ arch32_mirror_dir }}"
+tmp="/srv/syncrepo_arch32-tmp"
+lock="/var/lock/syncrepo_arch32.lck"
+
+# NOTE: You'll probably want to change this or set it to 0 to disable the limit
+# The default unit is KiB (see man rsync /--bwlimit for more)
+bwlimit=0
+
+# NOTE: Most people reading this very likely need to change this since
+# rsync.archlinux.org requires you to be a tier 1 mirror
+source='{{ arch32_mirror_source }}'
+lastupdate_url='{{ arch32_mirror_lastupdate }}'
+
+#### END CONFIG
+
+[ ! -d "${target}" ] && mkdir -p "${target}"
+[ ! -d "${tmp}" ] && mkdir -p "${tmp}"
+
+exec 9>"${lock}"
+flock -n 9 || exit
+
+rsync_cmd() {
+	local -a cmd=(rsync -rtlH --safe-links --delete-after ${VERBOSE} "--timeout=600" "--contimeout=60" -p \
+		--delay-updates --no-motd "--temp-dir=${tmp}")
+
+	if stty &>/dev/null; then
+		cmd+=(-h -v --progress)
+	else
+		cmd+=("--info=name1")
+	fi
+
+	if ((bwlimit>0)); then
+		cmd+=("--bwlimit=$bwlimit")
+	fi
+
+	"${cmd[@]}" "$@"
+}
+
+
+# if we are called without a tty (cronjob) only run when there are changes
+if ! tty -s && [[ -f "$target/lastupdate" ]] && diff -b <(curl -s "$lastupdate_url") "$target/lastupdate" >/dev/null; then
+	# keep lastsync file in sync for statistics generated by the Arch Linux website
+	rsync_cmd "$source/lastsync" "$target/lastsync"
+	exit 0
+fi
+
+rsync_cmd \
+	--exclude='*.links.tar.gz*' \
+	--exclude='/other' \
+	--exclude='/sources' \
+	"${source}" \
+	"${target}"
+
+#echo "Last sync was $(date -d @$(cat ${target}/lastsync))"
--- a/roles/arch32_mirror/templates/syncrepo_arch32.service
+++ b/roles/arch32_mirror/templates/syncrepo_arch32.service
+[Unit]
+Description=Synchronize archlinux32 package repository mirror
+RequiresMountsFor={{ arch32_mirror_dir }}
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/syncrepo_arch32
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
--- a/roles/arch32_mirror/templates/syncrepo_arch32.timer
+++ b/roles/arch32_mirror/templates/syncrepo_arch32.timer
+[Unit]
+Description=Minutely archlinux32 repository sync
+
+[Timer]
+OnCalendar=minutely
+AccuracySec=1m
+Persistent=true
+
+[Install]
+WantedBy=timers.target