Drive/sunetdrive
7
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'main' into stable

Browse source
This commit is contained in:
Micke Nordin 2023-09-02 14:16:48 +02:00
parent 99c88c0c3b 22f5dfac62
commit 234d19b652
Signed by untrusted user: Micke
GPG key ID: 0DA0A7A5708FE257
7 changed files with 221 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
manifests/script.pp
View file

@ -18,7 +18,8 @@ class sunetdrive::script (
$backup_server = $config['backup_server'] $backup_server = $config['backup_server']
$rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb'
$local_path = '/tmp/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb'
$singlenodes = hiera('singlenodes') $singlenodes = lookup('singlenodes')
$multinodes = keys(lookup('multinode_mapping'))
if $customer == 'mdu' { if $customer == 'mdu' {
$eppn_suffix = 'mdh.se' $eppn_suffix = 'mdh.se'
@ -297,6 +298,16 @@ class sunetdrive::script (
} }
} }
if $customer == 'common' { if $customer == 'common' {
$multinode_passwords = $multinodes.map | $index, $customer | {
safe_hiera("${customer}_admin_app_password")
}
file { '/root/tasks/announce.sh':
ensure => file,
content => template('sunetdrive/script/multinodeannounce.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/backupmultinodedb.sh': file { '/root/tasks/backupmultinodedb.sh':
ensure => file, ensure => file,
content => template('sunetdrive/script/backupmultinodedb.erb.sh'), content => template('sunetdrive/script/backupmultinodedb.erb.sh'),
@ -326,7 +337,7 @@ class sunetdrive::script (
ok_criteria => ['exit_status=0','max_age=2d'], ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'], warn_criteria => ['exit_status=1','max_age=3d'],
} }
} }
$singlenodes.each | $singlenode| { $singlenodes.each | $singlenode| {
$multinode = hiera_hash('multinode_mapping')[$singlenode]['server'] $multinode = hiera_hash('multinode_mapping')[$singlenode]['server']
$multinodeserver = "${multinode}.${site_name}" $multinodeserver = "${multinode}.${site_name}"
@ -377,6 +388,14 @@ class sunetdrive::script (
warn_criteria => ['exit_status=1','max_age=3d'], warn_criteria => ['exit_status=1','max_age=3d'],
} }
} else { } else {
$admin_app_password = safe_hiera('admin_app_password')
file { '/root/tasks/announce.sh':
ensure => file,
content => template('sunetdrive/script/announce.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/backupmultinodedb.sh': file { '/root/tasks/backupmultinodedb.sh':
ensure => absent, ensure => absent,
} }

2
templates/application/docker-compose_nextcloud.yml.erb
View file

@ -5,6 +5,8 @@ services:
app: app:
image: docker.sunet.se/drive/nextcloud-custom:<%= @nextcloud_version %> image: docker.sunet.se/drive/nextcloud-custom:<%= @nextcloud_version %>
restart: always restart: always
environment:
- NC_PASS=<%= @admin_password%>
volumes: volumes:
- /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf - /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf
- /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf

2
templates/multinode/docker-compose_nextcloud.yml.erb
View file

@ -14,6 +14,8 @@ services:
- <%= @config_php_path %>:/var/www/html/config/config.php - <%= @config_php_path %>:/var/www/html/config/config.php
- <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log
- <%= @rclone_conf_path %>:/rclone.conf - <%= @rclone_conf_path %>:/rclone.conf
environment:
- NC_PASS=<%= @admin_password%>
networks: networks:
- default - default
- proxysql_proxysql - proxysql_proxysql

75
templates/script/announce.erb.sh Executable file
View file

@ -0,0 +1,75 @@
#!/bin/bash
VALID_ARGS=$(getopt -o cdghi:m:s: --long create,delete,get,help,id:,message:,subject: -- "$@")
# shellcheck disable=SC2181
if [[ ${?} -ne 0 ]]; then
exit 1;
fi
usage () {
echo "${0}: -c|--create -m|--message <'Your announcement goes here'> -s|--subject <Your subject goes here>"
echo "${0}: -d|--delete -i|--id <announcement_id>"
echo "${0}: -g|--get"
exit 1
}
eval set -- "${VALID_ARGS}"
# shellcheck disable=SC2078
while [ : ]; do
case "$1" in
-c | --create)
method='POST'
shift
;;
-d | --delete)
method='DELETE'
shift
;;
-g | --get)
method='GET'
shift
;;
-h | --help)
usage
;;
-i | --id)
argument="${2}"
shift 2
;;
-m | --message)
message="${2}"
shift 2
;;
-s | --subject)
subject="${2}"
shift 2
;;
*)
break
;;
esac
done
if [[ ${method} == 'DELETE' ]] && [[ -z ${argument} ]]; then
usage
fi
if [[ ${method} == 'POST' ]]; then
if [[ -z ${message} ]] || [[ -z ${subject} ]]; then
usage
fi
argument='{"subject":"'${subject}'","message":"'${message}'", "plainMessage":"'${message}'", "groups": [], "userId": "admin", "activities": false, "notifications": true, "emails": false, "comments": false }'
fi
curl_cmd(){
local method="${1}"
if [[ ${method} == 'POST' ]] && [[ -n ${2} ]]; then
local payload=(-d "${2}" -H "Content-Type: application/json")
elif [[ ${method} == 'DELETE' ]] && [[ -n ${2} ]]; then
local id="/${2}"
fi
local admin_app_password="<%= @admin_app_password %>"
domain="$(hostname -d)"
curl -X "${method}" -u "admin:${admin_app_password}" "${payload[@]}" -H 'OCS-APIRequest: true' "https://${domain}/ocs/v2.php/apps/announcementcenter/api/v1/announcements${id}"
}
curl_cmd "${method}" "${argument}"

81
templates/script/multinodeannounce.erb.sh Executable file
View file

@ -0,0 +1,81 @@
#!/bin/bash
VALID_ARGS=$(getopt -o cdghi:m:s: --long create,delete,get,help,id:,message:,subject: -- "$@")
# shellcheck disable=SC2181
if [[ ${?} -ne 0 ]]; then
exit 1;
fi
usage () {
echo "${0}: -c|--create -m|--message <'Your announcement goes here'> -s|--subject <Your subject goes here>"
echo "${0}: -d|--delete -i|--id <announcement_id>"
echo "${0}: -g|--get"
exit 1
}
eval set -- "${VALID_ARGS}"
# shellcheck disable=SC2078
while [ : ]; do
case "$1" in
-c | --create)
method='POST'
shift
;;
-d | --delete)
method='DELETE'
shift
;;
-g | --get)
method='GET'
shift
;;
-h | --help)
usage
;;
-i | --id)
argument="${2}"
shift 2
;;
-m | --message)
message="${2}"
shift 2
;;
-s | --subject)
subject="${2}"
shift 2
;;
*)
break
;;
esac
done
if [[ ${method} == 'DELETE' ]] && [[ -z ${argument} ]]; then
usage
fi
if [[ ${method} == 'POST' ]]; then
if [[ -z ${message} ]] || [[ -z ${subject} ]]; then
usage
fi
argument='{"subject":"'${subject}'","message":"'${message}'", "plainMessage":"'${message}'", "groups": [], "userId": "admin", "activities": false, "notifications": true, "emails": false, "comments": false }'
fi
curl_cmd(){
local admin_app_password="${1}"
local customer="${2}"
local method="${3}"
if [[ ${method} == 'POST' ]] && [[ -n ${4} ]]; then
local payload=(-d "${4}" -H "Content-Type: application/json")
elif [[ ${method} == 'DELETE' ]] && [[ -n ${4} ]]; then
local id="/${4}"
fi
domain="$(hostname -d)"
curl -X "${method}" -u "admin:${admin_app_password}" "${payload[@]}" -H 'OCS-APIRequest: true' "https://${customer}.${domain}/ocs/v2.php/apps/announcementcenter/api/v1/announcements${id}"
}
#<%- index = 0 %>
#<%- @multinodes.each do |customer| %>
curl_cmd "<%= @multinode_passwords[index] %>" "<%= customer %>" "${method}" "${argument}"
#<%- index += 1 %>
#<%- end %>

39
templates/script/restart-db-cluster.erb
View file

@ -1,12 +1,12 @@
#!/usr/bin/env python3.9 #!/usr/bin/env python3.9
# vim: set filetype=python: # vim: set filetype=python:
import subprocess
import sys import sys
import time import time
import urllib.parse import urllib.parse
import requests import requests
from drive_utils import (build_fqdn, get_ips_for_hostname, run_remote_command, from drive_utils import (build_fqdn, get_ips_for_hostname, run_remote_command,
smoketest_db_node) smoketest_db_node)
@ -57,39 +57,60 @@ def main() -> int:
apikey_prod = "<%= @apikey_prod %>" apikey_prod = "<%= @apikey_prod %>"
user = "script" user = "script"
backup_command = ['sudo /home/script/bin/backup_db.sh']
reboot_command = ['sudo /usr/local/bin/safer_reboot'] reboot_command = ['sudo /usr/local/bin/safer_reboot']
if customers[0] == "common": if customers[0] == "common":
customers = ["gss", "lookup", "multinode"] customers = ["gss", "lookup", "multinode"]
for customer in customers: for customer in customers:
backup_type = "backup"
if customer == "gss":
backup_type = "gssbackup"
elif customer == "lookup":
backup_type = "lookupbackup"
elif customer == "multinode":
backup_command = ['sudo /home/script/bin/backup_multinode_db.sh']
backup_type = "multinode-db"
backup = build_fqdn(customer, environment, 1, backup_type)
print("\tRunning backup command at {}".format(backup))
run_remote_command(backup,
backup_command,
user="script",
output=subprocess.DEVNULL)
for number in reversed(range(1, 4)): for number in reversed(range(1, 4)):
fqdn = build_fqdn(customer, environment, number) fqdn = build_fqdn(customer, environment, number)
ipv4, _ = get_ips_for_hostname(fqdn) ipv4, _ = get_ips_for_hostname(fqdn)
ip = ipv4[0] ip = ipv4[0]
print("Upgrading: {} with ip: {}".format(fqdn, ip)) print("Upgrading: {} with ip: {}".format(fqdn, ip))
add_downtime(fqdn, apikey_test) add_downtime(fqdn, apikey_test)
add_downtime(fqdn, apikey_prod, monitor_host="monitor.drive.sunet.se") add_downtime(fqdn,
apikey_prod,
monitor_host="monitor.drive.sunet.se")
run_remote_command(fqdn, reboot_command, user = user) run_remote_command(fqdn, reboot_command, user=user)
success = False success = False
for testnumber in reversed(range(1, 32, 2)): for testnumber in reversed(range(1, 32, 2)):
print("\tSleeping for {} seconds before smoketest on {}".format( print(
testnumber, fqdn)) "\tSleeping for {} seconds before smoketest on {}".format(
testnumber, fqdn))
time.sleep(testnumber) time.sleep(testnumber)
if smoketest_db_node(fqdn, user = user): if smoketest_db_node(fqdn, user=user):
success = True success = True
break break
remove_downtime(fqdn, apikey_test) remove_downtime(fqdn, apikey_test)
remove_downtime(fqdn, apikey_prod, monitor_host="monitor.drive.sunet.se") remove_downtime(fqdn,
apikey_prod,
monitor_host="monitor.drive.sunet.se")
if success: if success:
print("Upgrade cycle succeeded on {} ".format(fqdn)) print("Upgrade cycle succeeded on {} ".format(fqdn))
else: else:
print("Smoketest failed on {} after server reboot command".format( print("Smoketest failed on {} after server reboot command".
fqdn)) format(fqdn))
return 5 return 5
print("All {}-servers successfully upgraded for {}".format( print("All {}-servers successfully upgraded for {}".format(

10
templates/script/restart-nextcloud-farm.erb
View file

@ -68,6 +68,7 @@ def main() -> int:
apikey_test = "<%= @apikey_test %>" apikey_test = "<%= @apikey_test %>"
apikey_prod = "<%= @apikey_prod %>" apikey_prod = "<%= @apikey_prod %>"
backup_command = ['sudo /home/script/bin/backup_db.sh']
cosmos_command = ['sudo run-cosmos'] cosmos_command = ['sudo run-cosmos']
nc_upgrade_command = 'sudo /usr/local/bin/occ config:editable --on ' nc_upgrade_command = 'sudo /usr/local/bin/occ config:editable --on '
nc_upgrade_command += '&& sudo /usr/local/bin/occ upgrade ' nc_upgrade_command += '&& sudo /usr/local/bin/occ upgrade '
@ -80,9 +81,18 @@ def main() -> int:
repair_command += '&& sudo /usr/local/bin/occ db:add-missing-primary-keys' repair_command += '&& sudo /usr/local/bin/occ db:add-missing-primary-keys'
reboot_command = ['sudo /usr/local/bin/safer_reboot'] reboot_command = ['sudo /usr/local/bin/safer_reboot']
server_type = "node" server_type = "node"
backup_type = "backup"
if customer == "common": if customer == "common":
customer = "gss" customer = "gss"
server_type = "gss" server_type = "gss"
backup_type = "gssbackup"
backup = build_fqdn(customer, environment, 1, backup_type)
print("\tRunning backup command at {}".format(backup))
run_remote_command(backup,
backup_command,
user="script",
output=subprocess.DEVNULL)
for number in reversed(range(1, 4)): for number in reversed(range(1, 4)):
fqdn = build_fqdn(customer, environment, number, server_type) fqdn = build_fqdn(customer, environment, number, server_type)