diff --git a/README.md b/README.md index 58a8d49..b4f6742 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ To achieve that we run the [`/etc/tinc/status.im/tinc-refresh`](/files/tinc-refr 5. Generates the files in `hosts` dir with public and VIP IP addresses and public key. 6. Updates the `/etc/hosts` file with hostnames with the `.tinc` sufix. -This process is configured to be repeated every 30 minutes via cron. +This process is configured to be repeated hourly via a [systemd timer](https://www.freedesktop.org/software/systemd/man/systemd.timer.html). # Usage diff --git a/defaults/main.yml b/defaults/main.yml index 48e721a..e94a221 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,3 +6,9 @@ tinc_config_path: '/etc/tinc' tinc_network_path: '{{ tinc_config_path }}/{{ tinc_network_name | mandatory }}' tinc_host_filename: '{{ hostname | regex_replace("[.-]", "_") }}' tinc_consul_service_path: '/etc/consul/service_tinc.json' + +# Timer for refreshing config +tinc_timer_service_name: 'tinc-refresh' +tinc_timer_frequency: 'hourly' +tinc_timer_timeout: 120 +tinc_timer_user: 'root' diff --git a/tasks/config.yml b/tasks/config.yml index e1ea8a6..7a14ced 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -30,14 +30,6 @@ command: '{{ tinc_network_path }}/tinc-refresh' register: generation -- name: Configure a cron job to refresh Tinc peers - tags: ['role::tinc', 'role::tinc:config'] - cron: - name: Tinc Peer Refresh - minute: '*/30' - user: root - job: '{{ tinc_network_path }}/tinc-refresh' - - name: Read public key file tags: ['role::tinc', 'role::tinc:config'] slurp: diff --git a/tasks/main.yml b/tasks/main.yml index 9a5f883..d475782 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,6 +3,8 @@ tags: ['role::tinc', 'role::tinc:install'] - include_tasks: config.yml tags: ['role::tinc', 'role::tinc:config'] +- include_tasks: timer.yml + tags: ['role::tinc', 'role::tinc:timer'] - include_tasks: service.yml tags: ['role::tinc', 'role::tinc:service'] - include_tasks: health.yml diff --git a/tasks/timer.yml b/tasks/timer.yml new file mode 100644 index 0000000..b606426 --- /dev/null +++ b/tasks/timer.yml @@ -0,0 +1,33 @@ +--- +- name: Drop old cron job for refreshing Tinc peers + tags: ['role::tinc', 'role::tinc:config'] + cron: + name: 'Tinc Peer Refresh' + minute: '*/30' + state: 'absent' + +- name: Create tinc-refresh.service file + template: + src: 'tinc-refresh.service.j2' + dest: '/lib/systemd/system/{{ tinc_timer_service_name }}.service' + mode: 0644 + +- name: Create tinc-refresh.timer file + template: + src: 'tinc-refresh.timer.j2' + dest: '/lib/systemd/system/{{ tinc_timer_service_name }}.timer' + mode: 0644 + +- name: Reload systemctl + command: systemctl daemon-reload + +- name: (Re)start service + service: + name: '{{ tinc_timer_service_name }}.service' + enabled: true + +- name: Enable the timer + systemd: + name: '{{ tinc_timer_service_name }}.timer' + state: 'started' + enabled: true diff --git a/templates/tinc-refresh.service.j2 b/templates/tinc-refresh.service.j2 new file mode 100644 index 0000000..6e88dae --- /dev/null +++ b/templates/tinc-refresh.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description={{ tinc_timer_service_name }} +Documentation=https://github.com/status-im/infra-role-tinc +Requires=network.target +After=network.target + +[Service] +User={{ tinc_timer_user }} +Type=oneshot +ExecStart={{ tinc_network_path }}/tinc-refresh +TimeoutStartSec={{ tinc_timer_timeout }} +WorkingDirectory={{ tinc_network_path }} diff --git a/templates/tinc-refresh.timer.j2 b/templates/tinc-refresh.timer.j2 new file mode 100644 index 0000000..8ce2046 --- /dev/null +++ b/templates/tinc-refresh.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +After=multi-user.target + +[Timer] +OnCalendar={{ tinc_timer_frequency }} +Persistent=yes + +[Install] +WantedBy=default.target