Add Ansible Script to Allow Nodes to Keep Their Own External Data Up-to-date#134
Open
Add Ansible Script to Allow Nodes to Keep Their Own External Data Up-to-date#134
Conversation
idigs
reviewed
Oct 16, 2025
| if [ -z "${RSYNC_PROCESS_IDS}" ]; then | ||
| echo "running rsync..." | ||
| rsync -az --perms -o -g $SERVER_IP:/srv/$FTP_SRV_DIR/ftp/external-data/MD5/ /external-data/MD5/ | ||
| rsync -azvW --perms -o -g $SERVER_IP:/srv/$FTP_SRV_DIR/ftp/external-data/MD5/ /external-data/MD5/ |
Contributor
There was a problem hiding this comment.
--whole-file, -W
This option disables rsync's delta-transfer algorithm, which causes all transferred files to be sent whole. The transfer may be faster if this option is used when
the bandwidth between the source and destination machines is higher than the bandwidth to disk (especially when the "disk" is actually a networked filesystem). This
is the default when both the source and destination are specified as local paths, but only if no batch-writing option is in effect.
Collaborator
Author
There was a problem hiding this comment.
Including the -W flag seemed to reduce some of the flakiness that was happening when trying to rsync data though the load balancer.
warunawickramasingha
moved this from Waiting for Review
to In Review
in ISIS core workstream v6.15.0
warunawickramasingha
requested changes
Feb 9, 2026
| ansible.posix.authorized_key: | ||
| user: "{{ ansible_user_id }}" | ||
| key: "{{ lookup('file','/tmp/{{ ansible_hostname }}-id_rsa.pub')}}" | ||
| remote_user: ubuntu |
Contributor
There was a problem hiding this comment.
When running the ansbile script, for remote_user, I had to use my fedid with with --ask-become-pass option instead, as ubuntu user as it gave below error
fatal: [172.16.111.215 -> 172.16.114.127]: UNREACHABLE! => {"changed": false, "msg": "Task failed: Failed to connect to the host via ssh: ubuntu@172.16.114.127: Permission denied (publickey,password).", "unreachable": true}
| when: connected.stdout != "success" | ||
|
|
||
| - name: Mirror the external data from the main server in a volume (this may take a while). | ||
| ansible.builtin.command: "rsync -azvW --perms -o -g {{ ansible_user_id }}@{{ data_server_hostname }}:/external-data/MD5/ /{{ agent_name }}_external_data/MD5 -v" |
Contributor
There was a problem hiding this comment.
The ssh connection was closed due to long running process. It would be better to run this asynchronously as follows.
Suggested change
| ansible.builtin.command: "rsync -azvW --perms -o -g {{ ansible_user_id }}@{{ data_server_hostname }}:/external-data/MD5/ /{{ agent_name }}_external_data/MD5 -v" | |
| ansible.builtin.command: > | |
| rsync -azvW --perms -o -g | |
| {{ ansible_user_id }}@{{ data_server_hostname }}:/external-data/MD5/ | |
| /{{ agent_name }}_external_data/MD5/ | |
| async: 10800 # allow up to 3h | |
| poll: 30 # check every 30s |
Contributor
There was a problem hiding this comment.
In addition, after deleting some of the files from the mount path of the docker volume in the host machine, I cannot see the missing files are made available even after several cron runs.
Shown below are all the current cron jobs,
crontab -l >>
#Ansible: update_admin_keys
0 7 * * * /usr/local/sbin/update_keys.sh
#Ansible: update_cloud_keys
0 6 * * * /usr/local/sbin/update_cloud_users.sh
#Ansible: Update external data
*/5 * * * * /isis-cloud-linux-b-9_external_data/update-external-data.sh 172.16.114.127 isis-cloud-linux-b-9 kli94267 >> /isis-cloud-linux-b-9_external_data/update-log.txt 2>&1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a new role (that is, by default, set to run
neverin the playbook) to the agent playbook that downloads and then sets up a crontab job to keep the external data store up-to-date. This stops nodes having to wait until a build runs on them to download the data, improving parallelization.The changes also adjust the way the data is stored on the host machine, moving it from a docker volume (which is inaccessible from the host machine) to a mount in the root directory. This allows viewing and manipulation of the contents of the volume to be performed without having to enter into a docker container.
This change was implemented primarily to get around a bug in a packaging script where new data could not be downloaded.
Having the data present on the machine ahead of time was an easier solution.
To Test
/{agent_name}_external_data/MD5directory.update_log.txtsudo crontab -e -u root)ansible-playbook -i inventory.txt jenkins-agent-production.yml -t "mirror, agent" -u {fedID}