2023-02-13 09:44:56 +00:00
|
|
|
#Class for SUNET-Drive-Script-receiver
|
|
|
|
class sunetdrive::scriptreceiver()
|
|
|
|
{
|
2023-04-24 12:51:51 +00:00
|
|
|
include sunet::packages::yq
|
2023-02-13 09:44:56 +00:00
|
|
|
sunet::system_user {'script': username => 'script', group => 'script', managehome => true, shell => '/bin/bash' }
|
|
|
|
|
|
|
|
# These tasks correspond to a ${task}.erb.sh template
|
2023-03-22 07:01:18 +00:00
|
|
|
$tasks = ['list_users', 'list_files_for_user', 'create_bucket', 'backup_db', 'purge_backups', 'maintenancemode', 'restart_sunet_service', 'start_sentinel', 'stop_sentinel', 'removeswap', 'backup_multinode_db']
|
2023-02-13 09:44:56 +00:00
|
|
|
|
|
|
|
$environment = sunetdrive::get_environment()
|
|
|
|
$config = hiera_hash($environment)
|
|
|
|
$script_server = $config['script_server']
|
|
|
|
$script_ipv4 = $config['script']
|
|
|
|
$script_ipv6 = $config['script_v6']
|
|
|
|
$script_pub_key = $config['script_pub_key']
|
|
|
|
file { '/etc/sudoers.d/99-script-user':
|
|
|
|
ensure => absent,
|
|
|
|
}
|
|
|
|
|
|
|
|
file { '/home/script/bin':
|
|
|
|
ensure => directory,
|
|
|
|
mode => '0750',
|
|
|
|
owner => 'script',
|
|
|
|
group => 'script',
|
|
|
|
}
|
|
|
|
$kano_shell = ['89.46.21.246','2001:6b0:6c::1bc']
|
|
|
|
sunet::misc::ufw_allow { 'script_port':
|
|
|
|
from => $script_ipv4 + $script_ipv6 + $kano_shell,
|
|
|
|
port => 22,
|
|
|
|
}
|
|
|
|
|
|
|
|
ssh_authorized_key { "script@${script_server}":
|
|
|
|
ensure => present,
|
|
|
|
user => 'script',
|
|
|
|
type => 'ssh-ed25519',
|
|
|
|
key => $script_pub_key,
|
|
|
|
}
|
|
|
|
|
|
|
|
file { '/opt/rotate':
|
|
|
|
ensure => directory,
|
|
|
|
mode => '0750',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
|
|
|
-> file { '/opt/rotate/conf.d':
|
|
|
|
ensure => directory,
|
|
|
|
mode => '0750',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
2023-08-16 10:53:08 +00:00
|
|
|
file { '/usr/local/bin/get_drive_customers':
|
|
|
|
ensure => file,
|
|
|
|
content => template('sunetdrive/scriptreceiver/get_drive_customers.erb.sh'),
|
|
|
|
mode => '0744',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
2023-06-15 10:00:47 +00:00
|
|
|
file { '/usr/local/bin/safer_reboot':
|
|
|
|
ensure => file,
|
|
|
|
content => template('sunetdrive/scriptreceiver/safer_reboot.erb'),
|
|
|
|
mode => '0744',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
2023-06-13 12:15:53 +00:00
|
|
|
file { '/root/.bashrc':
|
2023-02-13 09:44:56 +00:00
|
|
|
ensure => file,
|
2024-06-05 09:17:12 +00:00
|
|
|
content => template('sunetdrive/scriptreceiver/bashrc.erb.sh'),
|
2023-06-13 12:15:53 +00:00
|
|
|
mode => '0644',
|
2023-02-13 09:44:56 +00:00
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
|
|
|
file { "/etc/sudoers.d/99-safer_reboot":
|
|
|
|
ensure => file,
|
|
|
|
content => "script ALL=(root) NOPASSWD: /usr/local/bin/safer_reboot\n",
|
|
|
|
mode => '0440',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
|
|
|
file { '/usr/local/bin/rotatefiles':
|
|
|
|
ensure => file,
|
|
|
|
content => template('sunetdrive/scriptreceiver/rotatefiles.erb'),
|
|
|
|
mode => '0740',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
|
|
|
file { '/usr/local/bin/ini2json':
|
|
|
|
ensure => file,
|
|
|
|
content => template('sunetdrive/scriptreceiver/ini2json.py'),
|
|
|
|
mode => '0740',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
|
|
|
-> file { '/etc/scriptherder/check/rotatefiles.ini':
|
|
|
|
ensure => file,
|
|
|
|
content => "[check]\nok = exit_status=0, max_age=35m\nwarning = exit_status=0, max_age=1h\n",
|
|
|
|
mode => '0644',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
|
|
|
cron { 'rotate_logs':
|
|
|
|
command => ' /usr/local/bin/scriptherder --mode wrap --syslog --name rotatefiles -- /usr/local/bin/rotatefiles',
|
|
|
|
require => File['/usr/local/bin/rotatefiles'],
|
|
|
|
user => 'root',
|
|
|
|
minute => '*',
|
|
|
|
hour => '*',
|
|
|
|
}
|
2023-03-22 07:28:28 +00:00
|
|
|
file { '/usr/local/bin/clear_scriptherder':
|
|
|
|
ensure => file,
|
|
|
|
content => template('sunetdrive/scriptreceiver/clear_scriptherder.erb.sh'),
|
|
|
|
mode => '0740',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
2023-03-22 07:01:18 +00:00
|
|
|
file { '/home/script/bin/makeswap.sh':
|
|
|
|
ensure => absent,
|
|
|
|
}
|
|
|
|
file { '/etc/sudoers.d/99-makeswap':
|
|
|
|
ensure => absent,
|
|
|
|
}
|
2023-02-13 09:44:56 +00:00
|
|
|
$tasks.each |String $task| {
|
|
|
|
file { "/home/script/bin/${task}.sh":
|
|
|
|
ensure => file,
|
|
|
|
content => template("sunetdrive/scriptreceiver/${task}.erb.sh"),
|
|
|
|
mode => '0740',
|
|
|
|
owner => 'script',
|
|
|
|
group => 'script',
|
|
|
|
}
|
|
|
|
file { "/etc/sudoers.d/99-${task}":
|
|
|
|
ensure => file,
|
|
|
|
content => "script ALL=(root) NOPASSWD: /home/script/bin/${task}.sh\n",
|
|
|
|
mode => '0440',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|