From 65a236dcaa7bb956492e2accd360d2531c091160 Mon Sep 17 00:00:00 2001 From: Rikard Danielsson Date: Tue, 14 Jan 2025 11:08:48 +0100 Subject: [PATCH 01/21] convert config to use newer docker_compose class --- manifests/satosa.pp | 31 ++++++++++++------------- templates/satosa/docker-compose.yml.erb | 25 ++++++++++++++++++++ 2 files changed, 40 insertions(+), 16 deletions(-) create mode 100644 templates/satosa/docker-compose.yml.erb diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 10f6c1f..8e72497 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -29,13 +29,22 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', } } } + $dehydrated_status = $dehydrated_name ? { + undef => 'absent', + default => 'present' + } + sunet::docker_run {'alwayshttps': + ensure => 'absent' + } sunet::docker_run {'satosa': - image => $image, - imagetag => $tag, - dns => ['89.32.32.32'], - volumes => ['/etc/satosa:/etc/satosa','/etc/dehydrated:/etc/dehydrated'], - ports => ['443:8000'], - env => ['METADATA_DIR=/etc/satosa/metadata', 'WORKER_TIMEOUT=120'] + ensure => 'absent' + } + sunet::docker_compose { 'satosa': + content => template('satosa/docker-compose.yml.erb'), + service_name => 'satosa', + compose_dir => '/opt/', + compose_filename => 'docker-compose.yml', + description => 'Satosa', } file {'/etc/satosa/proxy_conf.yaml': content => inline_template("<%= @merged_conf.to_yaml %>\n"), @@ -54,16 +63,6 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', from => 'any', port => '443' } - $dehydrated_status = $dehydrated_name ? { - undef => 'absent', - default => 'present' - } - sunet::docker_run {'alwayshttps': - ensure => $dehydrated_status, - image => 'docker.sunet.se/always-https', - ports => ['80:80'], - env => ['ACME_URL=http://acme-c.sunet.se'] - } sunet::misc::ufw_allow { 'satosa-allow-http': ensure => $dehydrated_status, from => 'any', diff --git a/templates/satosa/docker-compose.yml.erb b/templates/satosa/docker-compose.yml.erb new file mode 100644 index 0000000..4a237f2 --- /dev/null +++ b/templates/satosa/docker-compose.yml.erb @@ -0,0 +1,25 @@ +services: + satosa: + environment: + - "METADATA_DIR=/etc/satosa/metadata" + - "WORKER_TIMEOUT=120" + dns: + - "89.32.32.32" + image: "<%= @image %><% if @tag %>:<%= @tag %><% end %>" + pull_policy: "always" + ports: + - "443:8000" + volumes: + - "/etc/satosa:/etc/satosa" + - "/etc/dehydrated:/etc/dehydrated" +<% if @dehydrated_status == "present" -%> + alwayshttps: + environment: + - "ACME_URL=http://acme-c.sunet.se" + dns: + - "89.32.32.32" + image: "docker.sunet.se/always-https" + pull_policy: "always" + ports: + - "80:80" +<% end -%> From e0c4ddcd6eb16afbc12968004d65f805bcb5c5b0 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 12:36:12 +0100 Subject: [PATCH 02/21] Fix path --- manifests/satosa.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 8e72497..404a398 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -40,7 +40,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', ensure => 'absent' } sunet::docker_compose { 'satosa': - content => template('satosa/docker-compose.yml.erb'), + content => template('sunetdrive/satosa/docker-compose.yml.erb'), service_name => 'satosa', compose_dir => '/opt/', compose_filename => 'docker-compose.yml', From c4f95af173cdb48e9079e33885f1d7645d7f3579 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 12:43:52 +0100 Subject: [PATCH 03/21] add back image --- manifests/satosa.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 404a398..9832a90 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -34,10 +34,12 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', default => 'present' } sunet::docker_run {'alwayshttps': - ensure => 'absent' + ensure => 'absent', + image => 'docker.sunet.se/always-https', } sunet::docker_run {'satosa': - ensure => 'absent' + ensure => 'absent', + image => $image, } sunet::docker_compose { 'satosa': content => template('sunetdrive/satosa/docker-compose.yml.erb'), From d4fae267777b2874a200ab889b8b82a28559d4c3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 12:49:18 +0100 Subject: [PATCH 04/21] Can not redeclare class --- manifests/satosa.pp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 9832a90..76b1a14 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -33,13 +33,8 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', undef => 'absent', default => 'present' } - sunet::docker_run {'alwayshttps': + file {'/opt/docker_run': ensure => 'absent', - image => 'docker.sunet.se/always-https', - } - sunet::docker_run {'satosa': - ensure => 'absent', - image => $image, } sunet::docker_compose { 'satosa': content => template('sunetdrive/satosa/docker-compose.yml.erb'), From 09ee93515c3111268ef420e8ace0db1bf0db7dac Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 12:53:25 +0100 Subject: [PATCH 05/21] Fix notify --- manifests/satosa.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 76b1a14..023937b 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -45,7 +45,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', } file {'/etc/satosa/proxy_conf.yaml': content => inline_template("<%= @merged_conf.to_yaml %>\n"), - notify => Sunet::Docker_run['satosa'] + notify => Sunet::Docker_compose['satosa'] } $plugins = hiera('satosa_config') sort(keys($plugins)).each |$n| { From 571535f5691890ee905e7d3188543e61d7ee2e5e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 12:53:25 +0100 Subject: [PATCH 06/21] Fix notify --- manifests/satosa.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 76b1a14..023937b 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -45,7 +45,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', } file {'/etc/satosa/proxy_conf.yaml': content => inline_template("<%= @merged_conf.to_yaml %>\n"), - notify => Sunet::Docker_run['satosa'] + notify => Sunet::Docker_compose['satosa'] } $plugins = hiera('satosa_config') sort(keys($plugins)).each |$n| { From 0400e89f3653d1248a3248c73bed9aa0b42af011 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 12:58:16 +0100 Subject: [PATCH 07/21] one more --- manifests/satosa.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 023937b..0fcc34f 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -53,7 +53,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', $fn = $plugins[$n] file { $fn: content => inline_template("<%= @conf.to_yaml %>\n"), - notify => Sunet::Docker_run['satosa'] + notify => Sunet::Docker_compose['satosa'] } } sunet::misc::ufw_allow { 'satosa-allow-https': From 53e9a65b9f3aa3b211aeb644234a4fb47d95fb64 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 13:00:59 +0100 Subject: [PATCH 08/21] duplicate --- manifests/satosa.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 0fcc34f..3524f87 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -74,12 +74,6 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', cert_file => '/etc/satosa/https.crt' } } - file { '/opt/satosa': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - } -> file { '/opt/satosa/restart.sh': ensure => file, owner => 'root', From ebdf6f3b4690da8ab9e5bbf177f393c3265d4ac7 Mon Sep 17 00:00:00 2001 From: Rasmus Thorslund Date: Tue, 14 Jan 2025 16:07:18 +0100 Subject: [PATCH 09/21] changed nft rules for proxysql --- manifests/proxysql.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp index c75edeb..57298db 100644 --- a/manifests/proxysql.pp +++ b/manifests/proxysql.pp @@ -79,7 +79,7 @@ class sunetdrive::proxysql ( iif => 'ens3', } sunet::nftables::docker_expose { 'proxysql': - allow_clients => ['any'], + allow_clients => $nextcloud_ip, port => 6032, iif => 'ens3', } From 369492be90b257b87d029b322de6f3a7ea736bcd Mon Sep 17 00:00:00 2001 From: Rasmus Thorslund Date: Tue, 14 Jan 2025 16:30:00 +0100 Subject: [PATCH 10/21] changed nft rules for proxysql - ipv6 --- manifests/proxysql.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp index 57298db..93e16bc 100644 --- a/manifests/proxysql.pp +++ b/manifests/proxysql.pp @@ -12,6 +12,8 @@ class sunetdrive::proxysql ( $config = hiera_hash($environment) $db_ip = $config['db'] $nextcloud_ip = $config['app'] + $nextcloud_ipv6 = $config['app_v6'] + $nextcloud_ip_all = $nextcloud_ip + $nextcloud_ipv6 $proxysql_ok_num = length($nextcloud_ip) $proxysql_warn_num = $proxysql_ok_num - 1 @@ -79,7 +81,7 @@ class sunetdrive::proxysql ( iif => 'ens3', } sunet::nftables::docker_expose { 'proxysql': - allow_clients => $nextcloud_ip, + allow_clients => $nextcloud_ip_all, port => 6032, iif => 'ens3', } From 501ca8edfb4501436323835a73e85c8823cf2519 Mon Sep 17 00:00:00 2001 From: Rikard Danielsson Date: Tue, 17 Dec 2024 08:47:33 +0100 Subject: [PATCH 11/21] added ability to set trashbin_retention_obligation and versions_retention_obligation in config.php --- manifests/app_type.pp | 5 +++++ templates/application/config.php.erb | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 5e8f6a2..3ef7a6c 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -88,9 +88,14 @@ define sunetdrive::app_type ( $drive_email_template_text_left = $config['drive_email_template_text_left'] $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left'] $drive_email_template_url_left = $config['drive_email_template_url_left'] + $full_backup_retention = hiera('full_backup_retention') $lb_servers = hiera_hash($environment)['lb_servers'] $document_servers = hiera_hash($environment)['document_servers'] + # Calculate some values + $expiration_days_min = $full_backup_retention * 31 + $expiration_days_max = $full_backup_retention * 31 + 93 + unless $is_multinode{ user { 'www-data': ensure => present, system => true } diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index ec36ad8..23080bc 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -192,6 +192,9 @@ $CONFIG = array ( 'secret' => '<%= @secret %>', 'skeletondirectory' => '<%= @skeletondirectory %>', 'templatedirectory' => '', +<% if @environment == 'test' -%> + 'trashbin_retention_obligation' => 'auto, 30', +<% end -%> 'trusted_domains' => array ( <%- index = 0 -%> @@ -234,4 +237,7 @@ $CONFIG = array ( ), 'updatechecker' => false, 'version' => '<%= @nextcloud_version_string %>', +<% if @environment == 'test' -%> + 'versions_retention_obligation' => '<%= @expiration_days_min %>,<%= @expiration_days_max %>', +<% end -%> ); From c7de56f73f1109ccb5b4b9310d4a2ed28a0f1df3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 12:58:16 +0100 Subject: [PATCH 12/21] one more --- manifests/satosa.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 023937b..0fcc34f 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -53,7 +53,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', $fn = $plugins[$n] file { $fn: content => inline_template("<%= @conf.to_yaml %>\n"), - notify => Sunet::Docker_run['satosa'] + notify => Sunet::Docker_compose['satosa'] } } sunet::misc::ufw_allow { 'satosa-allow-https': From 977bd84f500d02b6545688d189d3e2a7c0b9051c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 14 Jan 2025 13:00:59 +0100 Subject: [PATCH 13/21] duplicate --- manifests/satosa.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 0fcc34f..3524f87 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -74,12 +74,6 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', cert_file => '/etc/satosa/https.crt' } } - file { '/opt/satosa': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - } -> file { '/opt/satosa/restart.sh': ensure => file, owner => 'root', From 9e6e33e137044780dcad2a812fabace8090d2d86 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 16 Jan 2025 12:41:12 +0100 Subject: [PATCH 14/21] Add full_backup_retention --- manifests/multinode.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/multinode.pp b/manifests/multinode.pp index f1f5987..3913f46 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -291,6 +291,11 @@ MACAddressPolicy=none' if $customer_config['twofactor_enforced_excluded_groups'] { $twofactor_enforced_excluded_groups = $customer_config['twofactor_enforced_excluded_groups'] } + if $customer_config['full_backup_retention'] { + $full_backup_retention = $customer_config['full_backup_retention'] + } else { + $full_backup_retention = hiera('full_backup_retention') + } # Secrets from local.eyaml $admin_password = safe_hiera("${customer}_admin_password") @@ -315,6 +320,7 @@ MACAddressPolicy=none' drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'], drive_email_template_text_left => hiera($environment)['drive_email_template_text_left'], drive_email_template_url_left => hiera($environment)['drive_email_template_url_left'], + full_backup_retention => $full_backup_retention, mariadb_dir => "/opt/multinode/${customer}/mariadb-${customer}", mycnf_path => 'sunetdrive/multinode/my.cnf.erb', mysql_root_password => $mysql_root_password, From 31f4c1eb9bed1e2d8d568987eb0698cfd227c6e5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 16 Jan 2025 12:47:16 +0100 Subject: [PATCH 15/21] Set expiration for multinode --- manifests/app_type.pp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 3ef7a6c..7738499 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -18,6 +18,7 @@ define sunetdrive::app_type ( $dbhost = $config[ 'dbhost' ] $dbname = $config[ 'dbname' ] $dbuser = $config[ 'dbuser' ] + $full_backup_retention = $config[ 'full_backup_retention' ] $instanceid = $config[ 'instanceid' ] $mysql_user_password = $config[ 'mysql_user_password' ] $passwordsalt = $config[ 'passwordsalt' ] @@ -33,6 +34,7 @@ define sunetdrive::app_type ( $dbhost = 'proxysql_proxysql_1' $dbname = 'nextcloud' $dbuser = 'nextcloud' + $full_backup_retention = hiera('full_backup_retention') $instanceid = safe_hiera('instanceid') $mysql_user_password = safe_hiera('mysql_user_password') $passwordsalt = safe_hiera('passwordsalt') @@ -88,13 +90,13 @@ define sunetdrive::app_type ( $drive_email_template_text_left = $config['drive_email_template_text_left'] $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left'] $drive_email_template_url_left = $config['drive_email_template_url_left'] - $full_backup_retention = hiera('full_backup_retention') $lb_servers = hiera_hash($environment)['lb_servers'] $document_servers = hiera_hash($environment)['document_servers'] # Calculate some values - $expiration_days_min = $full_backup_retention * 31 - $expiration_days_max = $full_backup_retention * 31 + 93 + $expiration_months = max(12, $full_backup_retention) + $expiration_days_min = $expiration_months * 31 + $expiration_days_max = $expiration_months * 31 + 93 unless $is_multinode{ user { 'www-data': ensure => present, system => true } From 63b780028ffd4e7fc7665f82489cf9b1851b237f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 16 Jan 2025 13:14:37 +0100 Subject: [PATCH 16/21] Multinode: Double book keeping Unfortunatly we must do the same calcultions for multinode --- manifests/app_type.pp | 1 - manifests/multinode.pp | 5 ++++- templates/application/config.php.erb | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 7738499..7e52592 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -18,7 +18,6 @@ define sunetdrive::app_type ( $dbhost = $config[ 'dbhost' ] $dbname = $config[ 'dbname' ] $dbuser = $config[ 'dbuser' ] - $full_backup_retention = $config[ 'full_backup_retention' ] $instanceid = $config[ 'instanceid' ] $mysql_user_password = $config[ 'mysql_user_password' ] $passwordsalt = $config[ 'passwordsalt' ] diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 3913f46..f973dc9 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -296,6 +296,10 @@ MACAddressPolicy=none' } else { $full_backup_retention = hiera('full_backup_retention') } + # Calculate some values + $expiration_months = max(12, $full_backup_retention) + $expiration_days_min = $expiration_months * 31 + $expiration_days_max = $expiration_months * 31 + 93 # Secrets from local.eyaml $admin_password = safe_hiera("${customer}_admin_password") @@ -320,7 +324,6 @@ MACAddressPolicy=none' drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'], drive_email_template_text_left => hiera($environment)['drive_email_template_text_left'], drive_email_template_url_left => hiera($environment)['drive_email_template_url_left'], - full_backup_retention => $full_backup_retention, mariadb_dir => "/opt/multinode/${customer}/mariadb-${customer}", mycnf_path => 'sunetdrive/multinode/my.cnf.erb', mysql_root_password => $mysql_root_password, diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index 23080bc..cb30831 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -238,6 +238,6 @@ $CONFIG = array ( 'updatechecker' => false, 'version' => '<%= @nextcloud_version_string %>', <% if @environment == 'test' -%> - 'versions_retention_obligation' => '<%= @expiration_days_min %>,<%= @expiration_days_max %>', + 'versions_retention_obligation' => '<%= @expiration_days_min %>, <%= @expiration_days_max %>', <% end -%> ); From 0154a533ce07a482e126cf84f2caeadea4a0c765 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 16 Jan 2025 15:16:33 +0100 Subject: [PATCH 17/21] SATOSA: Always have alwayshttps --- templates/satosa/docker-compose.yml.erb | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/satosa/docker-compose.yml.erb b/templates/satosa/docker-compose.yml.erb index 4a237f2..8728a6b 100644 --- a/templates/satosa/docker-compose.yml.erb +++ b/templates/satosa/docker-compose.yml.erb @@ -12,7 +12,6 @@ services: volumes: - "/etc/satosa:/etc/satosa" - "/etc/dehydrated:/etc/dehydrated" -<% if @dehydrated_status == "present" -%> alwayshttps: environment: - "ACME_URL=http://acme-c.sunet.se" @@ -22,4 +21,3 @@ services: pull_policy: "always" ports: - "80:80" -<% end -%> From ab2d70303f14a7ed9db8200fc233bba20d247cbf Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 20 Jan 2025 08:45:55 +0100 Subject: [PATCH 18/21] Run as root user --- templates/mariadb_backup/listusers.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/listusers.erb.sh b/templates/mariadb_backup/listusers.erb.sh index ec8d794..ad519da 100644 --- a/templates/mariadb_backup/listusers.erb.sh +++ b/templates/mariadb_backup/listusers.erb.sh @@ -13,7 +13,7 @@ dexec="docker exec ${container}" password=$(${dexec} env | grep MYSQL_ROOT_PASSWORD | awk -F '=' '{print $2}') -mysql="${dexec} mysql -p${password}" +mysql="${dexec} mysql -p${password} -u root" if [[ "$(${mysql} -NB -e 'select exists(select * from information_schema.TABLES where TABLE_SCHEMA = "nextcloud" and TABLE_NAME = "oc_global_scale_users")')" == "1" ]] then From 38cd097f71f586bc67d663f31629451903dc4b6a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 20 Jan 2025 09:00:14 +0100 Subject: [PATCH 19/21] Only run this on monitor hosts, as it takes a long time --- facts.d/nc_versions.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/facts.d/nc_versions.sh b/facts.d/nc_versions.sh index 38ce14f..f466f89 100755 --- a/facts.d/nc_versions.sh +++ b/facts.d/nc_versions.sh @@ -1,5 +1,9 @@ #!/bin/bash +if ! [[ $(hostname) =~ monitor ]]; then + exit 0 +fi + repo="/var/cache/cosmos/repo" common="${repo}/global/overlay/etc/hiera/data/common.yaml" From 2625269abae567fed2be02b3cce0f1e009586f37 Mon Sep 17 00:00:00 2001 From: Lars Delhage Date: Mon, 20 Jan 2025 11:53:25 +0100 Subject: [PATCH 20/21] Remove recursive for mysql db dir --- manifests/db_type.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 440a3e9..23e4660 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -18,7 +18,7 @@ define sunetdrive::db_type( $mariadb_dir = '/etc/mariadb' $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb' $server_id = 1000 + Integer($facts['networking']['hostname'][-1]) - ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } ) + ensure_resource('file',$mariadb_dir, { ensure => directory } ) $dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ] $dirs.each |$dir| { ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } ) From def0a0a77b3193588629426dc08048b5468f6e16 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 3 Feb 2025 15:00:28 +0100 Subject: [PATCH 21/21] Allow more inc backups --- templates/script/check_backup.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/script/check_backup.erb.sh b/templates/script/check_backup.erb.sh index 6dd31f0..e54a2fe 100644 --- a/templates/script/check_backup.erb.sh +++ b/templates/script/check_backup.erb.sh @@ -20,7 +20,7 @@ for project in $(ls ${data_dir}); do if [[ "${issixmonths}" == "true" ]]; then number_of_full_to_keep=6 fi - max_num_inc=$((32 * number_of_full_to_keep)) + max_num_inc=$((50 * number_of_full_to_keep)) max_num_full=$((2 * number_of_full_to_keep)) tabular_data=$(cat "${data_dir}/${project}/${bucket}.dat")