mgmt/configuration/playbooks/bootstrap/cron-setup.yml

---
- name: Setup Automated Maintenance Cron Jobs
  hosts: localhost
  gather_facts: no
  
  vars:
    # 定时任务配置
    cron_jobs:
      # 每日快速检查
      - name: "Daily system health check"
        job: "cd /root/mgmt && ./scripts/ops-manager.sh toolkit all --check > /var/log/daily-health-check.log 2>&1"
        minute: "0"
        hour: "8"
        day: "*"
        month: "*"
        weekday: "*"
        
      # 每周系统清理
      - name: "Weekly system cleanup"
        job: "cd /root/mgmt && ./scripts/ops-manager.sh cleanup all > /var/log/weekly-cleanup.log 2>&1"
        minute: "0"
        hour: "2"
        day: "*"
        month: "*"
        weekday: "0"  # Sunday
        
      # 每月安全检查
      - name: "Monthly security hardening check"
        job: "cd /root/mgmt && ./scripts/ops-manager.sh security all --check > /var/log/monthly-security-check.log 2>&1"
        minute: "0"
        hour: "3"
        day: "1"
        month: "*"
        weekday: "*"
        
      # 每周证书检查
      - name: "Weekly certificate check"
        job: "cd /root/mgmt && ./scripts/ops-manager.sh cert all > /var/log/weekly-cert-check.log 2>&1"
        minute: "30"
        hour: "4"
        day: "*"
        month: "*"
        weekday: "1"  # Monday
        
      # 每日 Docker 清理 (仅 LXC 组)
      - name: "Daily Docker cleanup for LXC"
        job: "cd /root/mgmt && ansible lxc -i ansible/inventory.ini -m shell -a 'docker system prune -f' --become -e 'ansible_ssh_pass=313131' > /var/log/daily-docker-cleanup.log 2>&1"
        minute: "0"
        hour: "1"
        day: "*"
        month: "*"
        weekday: "*"
        
      # 每周网络连通性检查
      - name: "Weekly network connectivity check"
        job: "cd /root/mgmt && ./scripts/ops-manager.sh network all > /var/log/weekly-network-check.log 2>&1"
        minute: "0"
        hour: "6"
        day: "*"
        month: "*"
        weekday: "2"  # Tuesday
  
  tasks:
    # 创建日志目录
    - name: Create log directory
      file:
        path: /var/log/ansible-automation
        state: directory
        mode: '0755'
      become: yes
      
    # 设置脚本执行权限
    - name: Make ops-manager.sh executable
      file:
        path: /root/mgmt/scripts/ops-manager.sh
        mode: '0755'
        
    # 创建定时任务
    - name: Setup cron jobs for automated maintenance
      cron:
        name: "{{ item.name }}"
        job: "{{ item.job }}"
        minute: "{{ item.minute }}"
        hour: "{{ item.hour }}"
        day: "{{ item.day }}"
        month: "{{ item.month }}"
        weekday: "{{ item.weekday }}"
        user: root
      loop: "{{ cron_jobs }}"
      become: yes
      
    # 创建日志轮转配置
    - name: Setup log rotation for automation logs
      copy:
        content: |
          /var/log/*-health-check.log
          /var/log/*-cleanup.log
          /var/log/*-security-check.log
          /var/log/*-cert-check.log
          /var/log/*-docker-cleanup.log
          /var/log/*-network-check.log {
              daily
              missingok
              rotate 30
              compress
              delaycompress
              notifempty
              copytruncate
          }          
        dest: /etc/logrotate.d/ansible-automation
        mode: '0644'
      become: yes
      
    # 创建监控脚本
    - name: Create monitoring dashboard script
      copy:
        content: |
          #!/bin/bash
          # Automation Monitoring Dashboard
          
          echo "🤖 Ansible Automation Status Dashboard"
          echo "======================================"
          echo ""
          
          echo "📅 Last Execution Times:"
          echo "------------------------"
          for log in /var/log/*-check.log /var/log/*-cleanup.log; do
              if [ -f "$log" ]; then
                  echo "$(basename "$log" .log): $(stat -c %y "$log" | cut -d. -f1)"
              fi
          done
          echo ""
          
          echo "📊 Recent Log Summary:"
          echo "---------------------"
          for log in /var/log/daily-health-check.log /var/log/weekly-cleanup.log; do
              if [ -f "$log" ]; then
                  echo "=== $(basename "$log") ==="
                  tail -5 "$log" | grep -E "(TASK|PLAY RECAP|ERROR|WARNING)" || echo "No recent activity"
                  echo ""
              fi
          done
          
          echo "⏰ Next Scheduled Jobs:"
          echo "----------------------"
          crontab -l | grep -E "(health|cleanup|security|cert|docker|network)" | while read line; do
              echo "$line"
          done
          echo ""
          
          echo "💾 Log File Sizes:"
          echo "-----------------"
          ls -lh /var/log/*-*.log 2>/dev/null | awk '{print $5, $9}' || echo "No log files found"          
        dest: /usr/local/bin/automation-status
        mode: '0755'
      become: yes
      
    # 显示设置完成信息
    - name: Display setup completion info
      debug:
        msg: |
          🎉 自动化定时任务设置完成！
          
          📋 已配置的定时任务:
          • 每日 08:00 - 系统健康检查
          • 每日 01:00 - Docker 清理 (LXC 组)
          • 每周日 02:00 - 系统清理
          • 每周一 04:30 - 证书检查
          • 每周二 06:00 - 网络连通性检查
          • 每月1日 03:00 - 安全检查
          
          📊 监控命令:
          • 查看状态: automation-status
          • 查看定时任务: crontab -l
          • 查看日志: tail -f /var/log/daily-health-check.log
          
          📁 日志位置: /var/log/
          🔄 日志轮转: 30天自动清理
          
          💡 手动执行示例:
          • ./scripts/ops-manager.sh toolkit all
          • ./scripts/ops-manager.sh cleanup lxc
          • ./scripts/ops-manager.sh health proxmox