Ansible Role For Local Repo

Table of Contents

I need a local install source and system I can serve kickstart files from. I wrote an Ansible role to accomplish this. The kickstart process will be covered in the next article.

Here is the relevant git commit

Structure

files/            # Static files
  centos7.repo    # Sync source
  local.repo      # Repo file for download

tasks/            
  configure_repo.yml      # Set up repo in container
  prepare_host_node.yml   # Prepare Proxmox node

main.yml                 # Main script

main.yml

This basically sets the lone variable I need, and calls the other two scripts

---
- name: set up mass storage
  hosts: proxmox

- import_playbook: tasks/prepare_host_node.yml
- import_playbook: tasks/configure_repo.yml

prepare_host_node.yml

Since I’m using a bind mount point, I need to set that up on my host.

---
- name: Prepare host node
  hosts: bronze.lan.nathancurry.com

  vars:
    vmid: 203

  tasks:
    - name:  Make sure mount directory exists
      file:
        state: 'directory'
        path: /mnt/external
        owner: root
        group: root
        mode: 0755

    - name: Mount up device by UUID
      mount:
        path: /mnt/external
        src: UUID=22d8ad98-9571-40ef-b816-9e05f7e20152
        fstype: ext4
        opts: relatime
        state: mounted

    - name: Load secrets
      include_vars: "~/0/vault/proxmox.yml"
      no_log: true

      # A bit of a hack, since the proxmox module can't add a
      # mount point after the container is created.

    - name: Add bind Mount
      command: "pct set {{ vmid }} -mp0 /mnt/external,mp=/data"
      nofity: restart container

    - name: restart container
      proxmox:
        api_host: 'bronze'
        api_user: 'root@pam'
        api_password: '{{api_password}}'
        vmid: '{{ vmid }}'
        state: restarted

configure_repo.yml

This connects to the server itself and configures all the services

---
- name: configure repo host
  hosts: 'repo.lan.nathancurry.com'

  vars:
    packages: [ 'httpd', 'createrepo', 'yum-utils']

  tasks:
  - name: Link /var/www/ to data
    file:
      src: /data/www
      dest: /var/www
      owner: root
      group: root
      state: link

  - name: Install packages
    yum:
      name: '{{ packages }}'
      state: 'present'
      update_cache: 'yes'

  - name: Turn on web server
    service:
      name: httpd
      state: started

  - name: make repo directory
    file:
      dest: '/data/www/html/repo/centos7'
      state: 'directory'
      owner: 'root'
      group: 'apache'
      mode: '0750'

  - name: make metadata dir
    file:
      dest: '/data/www/html/repo/meta'
      state: 'directory'
      owner: 'root'
      group: 'apache'
      mode: '0750'

  - name: install centos7.repo
    copy:
      src: '../files/centos7.repo'
      dest: '/data/www/html/repo/meta/centos7.repo'
      owner: 'root'
      group: 'root'
      mode: '0600'

  - name: Set reposync cron file
    cron:
      name: 'reposync centos7'
      weekday: '*'
      minute: 0
      hour: 1
      user: root
      job: "reposync -n -d -a x86_64 -p /data/www/html/repo/centos7 -c /data/www/html/repo/meta/centos7.repo"
      cron_file: 'ansible_reposync-centos7'

  - name: Make local repo available on server
    copy:
      src: '../files/local.repo'
      dest: '/data/www/html/repo/centos7-local.repo'
      owner: 'root'
      group: 'root'
      mode: '0644'

files

centos7.repo is just the default CentOS 7 enabled repos, with EPEL added.

local.repo is the repo file for the clients. I will be generating the file on client deployment, but I wanted to make it available for download.

I disable centos-release, since I don’t want it updating and reenabling repos.

[base-local]
name=Local CentOS-$releasever - Base
baseurl=http://repo.lan.nathancurry.com/repo/centos7/base/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
enabled=1
exclude=centos-release*

#released updates
[updates-local]
name=Local CentOS-$releasever - Updates
baseurl=http://repo.lan.nathancurry.com/repo/centos7/updates/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
enabled=1

#additional packages that may be useful
[extras-local]
name=Local CentOS-$releasever - Extras
baseurl=http://repo.lan.nathancurry.com/repo/centos7/extras/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
enabled=1

#epel
[epel-local]
name=Local CentOS-$releasever - Extras
baseurl=http://repo.lan.nathancurry.com/repo/centos7/epel/
gpgcheck=1
gpgkey=http://mirror.grid.uchicago.edu/pub/linux/epel/RPM-GPG-KEY-EPEL-7
enabled=1

Conclusion

I still have some things left to do. I would like to switch to another available proxmox provider that allows greater flexibility in managing Proxmox instances, but that can come later.

I also want to make this script a bit more dynamic, but it’s a good start.