From 8acd0c40b8a7407f3f7f31977a84e9cc44da48a2 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 001/124] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index dc5aec8..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -14,4 +14,28 @@ class sunetdrive::multinode_db(){ mode => '0744', } } + if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { + notify { 'hostmessage': + message => "We are on multinode-db1. Set up statistics environment.", + } + $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' + $local_path = '/tmp/rclone-current-linux-amd64.deb' + exec { 'rclone_deb': + command => "/usr/bin/wget -q ${rclone_url} -O ${local_path}", + creates => $local_path, + } + package { 'rclone': + ensure => installed, + provider => dpkg, + source => $local_path, + require => Exec['rclone_deb'], + } + file { '/root/.rclone.conf': + ensure => file, + content => template('sunetdrive/mariadb_backup/rclone.conf.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } + } } From c134f0771feb649b9d46333d1dcc7945908e294f Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 002/124] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From 60cb53e631d9a09c76ff423766a661c0dca64107 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 08:57:17 +0200 Subject: [PATCH 003/124] multinode-db1: Add logic and template to create userlists by department. --- manifests/multinode_db.pp | 10 ++++++++++ templates/mariadb/genuserdeplists.sh.erb | 12 ++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 templates/mariadb/genuserdeplists.sh.erb diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..929a885 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -18,6 +18,9 @@ class sunetdrive::multinode_db(){ notify { 'hostmessage': message => "We are on multinode-db1. Set up statistics environment.", } + $custdata=$customers.reduce({}) |$memo, $value| { + $memo + {$value => lookup($value)} + } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': @@ -44,5 +47,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file { '/root/tasks/genusersondepartmentlists.sh': + ensure => file, + content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb new file mode 100644 index 0000000..dc2f5eb --- /dev/null +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -0,0 +1,12 @@ +#!/bin/bash + +<% @custdata.each do |cust,data| -%> +#Customer <%= cust %> has no billing departments. +<% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> +mkdir -p /opt/mariadb/statistics/users/<%= cust %> +chmod '0700' /opt/mariadb/statistics/users/<%= cust %> +<% data[@environment]["billdomains"].each do |dom| -%> + /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +<% end -%> +<% end -%> +<% end -%> From 7402202b9a09fedfab0ef8045cca500dc4802c33 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 15:39:01 +0200 Subject: [PATCH 004/124] multinode-db1: Add initial upload logic of deprtment filtered user lists. --- templates/mariadb/genuserdeplists.sh.erb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index dc2f5eb..36d7d90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,12 +1,19 @@ #!/bin/bash +<% basedir="statistics:drive-server-coms" -%> +<% cupath="/opt/mariadb/statistics/users/" -%> + <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> - /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ +fi <% end -%> <% end -%> <% end -%> From d8eaa122e35ef44ae37e24fb181fd91361c6d79e Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 10:06:05 +0200 Subject: [PATCH 005/124] Lookup statistics secret on multinode-db1 in env test. --- manifests/multinode_db.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 929a885..4c6dd58 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,6 +15,7 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { + $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': message => "We are on multinode-db1. Set up statistics environment.", } From 05bde6adb6c1b81213609f0798331cb2fdc4087c Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 12:43:13 +0200 Subject: [PATCH 006/124] genusersondepartmentlists: Add som logic for error handling --- templates/mariadb/genuserdeplists.sh.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 36d7d90..54d06b4 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +status=0 <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. @@ -13,6 +14,10 @@ chmod '0700' /opt/mariadb/statistics/users/<%= cust %> if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null then timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ + [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } +else + echo "Error in json data" + status=1 fi <% end -%> <% end -%> From eac5b172f28c3142ed00d5d75a9e603a22c3843e Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 13:43:43 +0200 Subject: [PATCH 007/124] genusersondepartmentlists: Make status count --- templates/mariadb/genuserdeplists.sh.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 54d06b4..a02d348 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -22,3 +22,5 @@ fi <% end -%> <% end -%> <% end -%> + +exit ${status} From 75c3a77c6d38004f1800bb501f9f5d78d65a15bc Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 14:33:46 +0200 Subject: [PATCH 008/124] Gen users on department lists by a cronjob. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 4c6dd58..b4bfc6e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,5 +55,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + sunet::scriptherder::cronjob { 'genuserdeplists': + cmd => '/root/tasks/genusersondepartmentlists.sh', + hour => '2', + minute => '5', + ok_criteria => ['exit_status=0','max_age=30h'], + warn_criteria => ['exit_status=1', 'max_age=60h'], + } } } From 2152b5b4a9b45004e84a41f1bde34d5d7eabcfe2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 9 Sep 2024 16:03:30 +0200 Subject: [PATCH 009/124] Don't use incudes like this in newer puppet --- manifests/dockerhost.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/dockerhost.pp b/manifests/dockerhost.pp index 069fac3..e5d13cf 100644 --- a/manifests/dockerhost.pp +++ b/manifests/dockerhost.pp @@ -1,4 +1,3 @@ -include apt # Wrapper for sunet::dockerhost to do thiss specific things class sunetdrive::dockerhost( String $version = safe_hiera('docker_version'), From bff8d8ab22d6979fc64f56abd8652001c44563d9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 9 Sep 2024 16:03:30 +0200 Subject: [PATCH 010/124] Don't use incudes like this in newer puppet --- manifests/dockerhost.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/dockerhost.pp b/manifests/dockerhost.pp index 069fac3..e5d13cf 100644 --- a/manifests/dockerhost.pp +++ b/manifests/dockerhost.pp @@ -1,4 +1,3 @@ -include apt # Wrapper for sunet::dockerhost to do thiss specific things class sunetdrive::dockerhost( String $version = safe_hiera('docker_version'), From 6827c0af7c6b6e9f5f48df1eae31004d168da9dc Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Mon, 9 Sep 2024 16:18:00 +0200 Subject: [PATCH 011/124] Dump customer datastructure for statistics logic to be transferred to script1. --- manifests/multinode_db.pp | 7 +++++++ templates/mariadb/custconfig.json.erb | 1 + templates/mariadb/genuserdeplists.sh.erb | 6 ++++++ 3 files changed, 14 insertions(+) create mode 100644 templates/mariadb/custconfig.json.erb diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index b4bfc6e..6841b75 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,6 +55,13 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file {'/opt/mariadb/statistics/custdata.json': + ensure => file, + content => template('sunetdrive/mariadb/custconfig.json.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } sunet::scriptherder::cronjob { 'genuserdeplists': cmd => '/root/tasks/genusersondepartmentlists.sh', hour => '2', diff --git a/templates/mariadb/custconfig.json.erb b/templates/mariadb/custconfig.json.erb new file mode 100644 index 0000000..2712515 --- /dev/null +++ b/templates/mariadb/custconfig.json.erb @@ -0,0 +1 @@ +<%= @custdata.to_json %> diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index a02d348..78f4c90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +<% custdata="/opt/mariadb/statistics/custdata.json" -%> status=0 <% @custdata.each do |cust,data| -%> @@ -23,4 +24,9 @@ fi <% end -%> <% end -%> +if [[ -f <%= custdata %> ]] +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ +fi + exit ${status} From 589f62fc0ac8f30db92ab977482aeed4495517a5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 012/124] Create parent dir --- manifests/script.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/script.pp b/manifests/script.pp index d940ea1..3d1ace0 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -108,6 +108,10 @@ class sunetdrive::script ( unless => "python3 -m pip list | grep drive-utils | grep ${drive_version}", require => Package['python3'], } + file { '/opt/backups': + ensure => directory, + mode => '0700' + } file { '/opt/backups/scripts': ensure => directory, mode => '0700' From e4ccdde1693aed15db418c13e46675c49cb3bee8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 013/124] Create parent dir --- manifests/script.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/script.pp b/manifests/script.pp index d940ea1..3d1ace0 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -108,6 +108,10 @@ class sunetdrive::script ( unless => "python3 -m pip list | grep drive-utils | grep ${drive_version}", require => Package['python3'], } + file { '/opt/backups': + ensure => directory, + mode => '0700' + } file { '/opt/backups/scripts': ensure => directory, mode => '0700' From d7c724570f6e3d7ca71ddb6b584fb50933b60a87 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 18 Sep 2024 12:37:48 +0200 Subject: [PATCH 014/124] Install netcat on nodes and backup --- manifests/app_type.pp | 1 + manifests/mariadb_backup.pp | 1 + 2 files changed, 2 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 1828bee..5ce6f7f 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -5,6 +5,7 @@ define sunetdrive::app_type ( $override_config = undef, $override_compose = undef ) { + include sunet::packages::netcat_openbsd # Config from group.yaml and customer specific conf $environment = sunetdrive::get_environment() $customer = sunetdrive::get_customer() diff --git a/manifests/mariadb_backup.pp b/manifests/mariadb_backup.pp index 2a9dd6c..bc817f8 100644 --- a/manifests/mariadb_backup.pp +++ b/manifests/mariadb_backup.pp @@ -1,5 +1,6 @@ # This is a asyncronous replica of the Maria DB Cluster for SUNET Drive class sunetdrive::mariadb_backup($tag_mariadb=undef, $location=undef) { + include sunet::packages::netcat_openbsd $dirs = [ 'datadir', 'init', 'conf', 'backups' ] $dirs.each | $dir | { ensure_resource('file',"/opt/mariadb_backup/${dir}", { ensure => directory, recurse => true } ) From 663021dc6156e191b57a7548bf2e145cc1c23ef4 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 015/124] Move hee from cosmos-sites.pp --- manifests/common.pp | 48 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 manifests/common.pp diff --git a/manifests/common.pp b/manifests/common.pp new file mode 100644 index 0000000..d3acb7f --- /dev/null +++ b/manifests/common.pp @@ -0,0 +1,48 @@ + +# Common class +class sunetdrive::common { + include sunet::tools + include sunet::motd + include sunet::ntp + include apt + include apparmor + include sunet::packages::jq + if $::facts['sunet_nftables_enabled'] != 'yes' { + warning('Enabling UFW') + include ufw + } else { + if $facts['networking']['hostname'] =~ /^kube[wc]/ { + warning('Setting nftables to installed but disabled') + ensure_resource ('class','sunet::nftables::init', { enabled => false }) + } else { + warning('Enabling nftables') + ensure_resource ('class','sunet::nftables::init', { }) + } + } + package {'sysstat': ensure => 'latest'} + package {'needrestart': ensure => installed} + service {'sysstat': provider => 'systemd'} + file_line { 'enable_sa': + ensure => 'present', + line => 'ENABLED="true"', + path => '/etc/default/sysstat', + match => 'ENABLED="false"', + require => Package['sysstat'], + } + file_line { 'sa_cron_comment': + ensure => 'present', + line => '# Activity reports every 2 minutes everyday', + path => '/etc/cron.d/sysstat', + match => '^#\ Activity\ reports\ every\ 10\ minutes\ everyday', + require => Package['sysstat'], + notify => Service['sysstat'], + } + file_line { 'sa_cron': + ensure => 'present', + line => '*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1', + path => '/etc/cron.d/sysstat', + match => '^5-55/10', + require => Package['sysstat'], + notify => Service['sysstat'], + } +} From e20e41edf8dbf43b40dfa1481d1a2abc0f032986 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 016/124] Move hee from cosmos-sites.pp --- manifests/common.pp | 48 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 manifests/common.pp diff --git a/manifests/common.pp b/manifests/common.pp new file mode 100644 index 0000000..d3acb7f --- /dev/null +++ b/manifests/common.pp @@ -0,0 +1,48 @@ + +# Common class +class sunetdrive::common { + include sunet::tools + include sunet::motd + include sunet::ntp + include apt + include apparmor + include sunet::packages::jq + if $::facts['sunet_nftables_enabled'] != 'yes' { + warning('Enabling UFW') + include ufw + } else { + if $facts['networking']['hostname'] =~ /^kube[wc]/ { + warning('Setting nftables to installed but disabled') + ensure_resource ('class','sunet::nftables::init', { enabled => false }) + } else { + warning('Enabling nftables') + ensure_resource ('class','sunet::nftables::init', { }) + } + } + package {'sysstat': ensure => 'latest'} + package {'needrestart': ensure => installed} + service {'sysstat': provider => 'systemd'} + file_line { 'enable_sa': + ensure => 'present', + line => 'ENABLED="true"', + path => '/etc/default/sysstat', + match => 'ENABLED="false"', + require => Package['sysstat'], + } + file_line { 'sa_cron_comment': + ensure => 'present', + line => '# Activity reports every 2 minutes everyday', + path => '/etc/cron.d/sysstat', + match => '^#\ Activity\ reports\ every\ 10\ minutes\ everyday', + require => Package['sysstat'], + notify => Service['sysstat'], + } + file_line { 'sa_cron': + ensure => 'present', + line => '*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1', + path => '/etc/cron.d/sysstat', + match => '^5-55/10', + require => Package['sysstat'], + notify => Service['sysstat'], + } +} From 74768985cc4d7fc6cb4aa04f561a45994801fbdd Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 017/124] Add audit log to other logs --- manifests/app_type.pp | 10 +++++++++- manifests/multinode.pp | 8 ++++++++ templates/application/docker-compose_nextcloud.yml.erb | 3 ++- templates/multinode/compress-logs.erb.sh | 2 +- templates/multinode/docker-compose_nextcloud.yml.erb | 3 ++- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 5ce6f7f..493929d 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -148,7 +148,8 @@ define sunetdrive::app_type ( force => true, owner => 'root', group => 'root', - content => "#This file is managed by puppet\n#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n", + content => "#This file is managed by puppet +#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n/opt/nextcloud/audit.log:180:256\n", mode => '0644', } file { '/opt/rotate/conf.d/redis.conf': @@ -199,6 +200,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0644', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', diff --git a/manifests/multinode.pp b/manifests/multinode.pp index eeffdb4..9620cb7 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -264,6 +264,7 @@ MACAddressPolicy=none' $mail_from_address = hiera("mail_from_address_${environment}") $mail_smtphost = hiera("mail_smtphost_${environment}") $nextcloud_log_path ="/opt/multinode/${customer}/nextcloud.log" + $audit_log_path ="/opt/multinode/${customer}/audit.log" if $customer_config['nextcloud_version'] { $nextcloud_version = $customer_config['nextcloud_version'] } else { @@ -384,6 +385,13 @@ MACAddressPolicy=none' group => 'root', mode => '0644', } + file { $audit_log_path: + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { $rclone_conf_path: ensure => present, owner => 'www-data', diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 8c74570..0936df0 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -21,6 +21,7 @@ services: - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh - /opt/nextcloud/config.php:/var/www/html/config/config.php - /opt/nextcloud/nextcloud.log:/var/www/html/data/nextcloud.log + - /opt/nextcloud/audit.log:/var/www/html/data/audit.log - /opt/nextcloud/rclone.conf:/rclone.conf <%- if @skeletondirectory -%> - /opt/nextcloud/skeleton:<%= @skeletondirectory %> @@ -42,7 +43,7 @@ services: ports: - 443:443 <%- end -%> - command: sh -c 'tail -f /var/www/html/data/nextcloud.log | tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' + command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true <%- if !@hostnet -%> diff --git a/templates/multinode/compress-logs.erb.sh b/templates/multinode/compress-logs.erb.sh index 9468c85..5e5e341 100644 --- a/templates/multinode/compress-logs.erb.sh +++ b/templates/multinode/compress-logs.erb.sh @@ -5,7 +5,7 @@ no_files=30 # Keep this many files as an archive, script is run once a week # a specific host, but will differ between hosts sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m -for logfile in $(ls /opt/multinode/*/{nextcloud.log,server/server.log}); do +for logfile in $(ls /opt/multinode/*/{nextcloud.log,audit.log,server/server.log}); do if [[ -f ${logfile}.gz.${no_files} ]]; then rm ${logfile}.gz.${no_files} fi diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index c6f0bb3..8008cb7 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -13,6 +13,7 @@ services: - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini - <%= @config_php_path %>:/var/www/html/config/config.php - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log + - <%= @audit_log_path %>:/var/www/html/data/audit.log - <%= @rclone_conf_path %>:/rclone.conf environment: - NC_PASS=<%= @admin_password%> @@ -25,7 +26,7 @@ services: - 89.32.32.32 ports: - <%= @https_port %>:443 - command: apachectl -D FOREGROUND + command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true networks: From 1822ecd683f268def90dbd120a1e5c6896e04f52 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 018/124] Add audit log to other logs --- manifests/app_type.pp | 10 +++++++++- manifests/multinode.pp | 8 ++++++++ templates/application/docker-compose_nextcloud.yml.erb | 3 ++- templates/multinode/compress-logs.erb.sh | 2 +- templates/multinode/docker-compose_nextcloud.yml.erb | 3 ++- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 5ce6f7f..493929d 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -148,7 +148,8 @@ define sunetdrive::app_type ( force => true, owner => 'root', group => 'root', - content => "#This file is managed by puppet\n#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n", + content => "#This file is managed by puppet +#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n/opt/nextcloud/audit.log:180:256\n", mode => '0644', } file { '/opt/rotate/conf.d/redis.conf': @@ -199,6 +200,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0644', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', diff --git a/manifests/multinode.pp b/manifests/multinode.pp index eeffdb4..9620cb7 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -264,6 +264,7 @@ MACAddressPolicy=none' $mail_from_address = hiera("mail_from_address_${environment}") $mail_smtphost = hiera("mail_smtphost_${environment}") $nextcloud_log_path ="/opt/multinode/${customer}/nextcloud.log" + $audit_log_path ="/opt/multinode/${customer}/audit.log" if $customer_config['nextcloud_version'] { $nextcloud_version = $customer_config['nextcloud_version'] } else { @@ -384,6 +385,13 @@ MACAddressPolicy=none' group => 'root', mode => '0644', } + file { $audit_log_path: + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { $rclone_conf_path: ensure => present, owner => 'www-data', diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 8c74570..0936df0 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -21,6 +21,7 @@ services: - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh - /opt/nextcloud/config.php:/var/www/html/config/config.php - /opt/nextcloud/nextcloud.log:/var/www/html/data/nextcloud.log + - /opt/nextcloud/audit.log:/var/www/html/data/audit.log - /opt/nextcloud/rclone.conf:/rclone.conf <%- if @skeletondirectory -%> - /opt/nextcloud/skeleton:<%= @skeletondirectory %> @@ -42,7 +43,7 @@ services: ports: - 443:443 <%- end -%> - command: sh -c 'tail -f /var/www/html/data/nextcloud.log | tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' + command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true <%- if !@hostnet -%> diff --git a/templates/multinode/compress-logs.erb.sh b/templates/multinode/compress-logs.erb.sh index 9468c85..5e5e341 100644 --- a/templates/multinode/compress-logs.erb.sh +++ b/templates/multinode/compress-logs.erb.sh @@ -5,7 +5,7 @@ no_files=30 # Keep this many files as an archive, script is run once a week # a specific host, but will differ between hosts sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m -for logfile in $(ls /opt/multinode/*/{nextcloud.log,server/server.log}); do +for logfile in $(ls /opt/multinode/*/{nextcloud.log,audit.log,server/server.log}); do if [[ -f ${logfile}.gz.${no_files} ]]; then rm ${logfile}.gz.${no_files} fi diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index c6f0bb3..8008cb7 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -13,6 +13,7 @@ services: - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini - <%= @config_php_path %>:/var/www/html/config/config.php - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log + - <%= @audit_log_path %>:/var/www/html/data/audit.log - <%= @rclone_conf_path %>:/rclone.conf environment: - NC_PASS=<%= @admin_password%> @@ -25,7 +26,7 @@ services: - 89.32.32.32 ports: - <%= @https_port %>:443 - command: apachectl -D FOREGROUND + command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true networks: From 7673aca60e84d1c3df0d13e72d50695042315f55 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:29:07 +0200 Subject: [PATCH 019/124] Move nrpe class from opsrepo --- manifests/nrpe.pp | 79 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 manifests/nrpe.pp diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp new file mode 100644 index 0000000..c13f0ea --- /dev/null +++ b/manifests/nrpe.pp @@ -0,0 +1,79 @@ + +# NRPE class +class sunetdrive::nrpe( + $loadw = '15,10,5', + $loadc = '30,25,20', + $procsw = 150, + $procsc = 200, +) { + + require apt + class { 'sunet::nagios': + command_timeout => 600, + loadw => $loadw, + loadc => $loadc, + procsw => $procsw, + procsc => $procsc, + } + package {'nagios-plugins-contrib': ensure => latest} + if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '22.04') >= 0 ){ + $mem_w = '90' + $mem_c = '95' + } else { + $mem_w = '10' + $mem_c = '5' + } + $checks = ['nrpe_check_memory'] + $checks.each |$check| { + ensure_resource("sunet::nagios::${check}", "nagios-nrpe-${check}") + } + sunet::nagios::nrpe_command {'check_entropy': + command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' + } + sunet::nagios::nrpe_command {'check_ntp_time': + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + } + sunet::nagios::nrpe_command {'check_scriptherder': + command_line => '/usr/local/bin/scriptherder --mode check' + } + sunet::sudoer {'nagios_run_needrestart_command': + user_name => 'nagios', + collection => 'nrpe_needrestart_check', + command_line => '/usr/sbin/needrestart -p -l' + } + sunet::sudoer {'nagios_run_galera_command': + user_name => 'nagios', + collection => 'nrpe_galera_check', + command_line => '/usr/lib/nagios/plugins/check_galera_cluster -w 2 -c 1 -0' + } + sunet::nagios::nrpe_command {'check_galera_cluster': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_galera_cluster -w 2 -c 1 -0' + } + sunet::sudoer {'nagios_run_proxysql_command': + user_name => 'nagios', + collection => 'nrpe_proxysql_check', + command_line => '/usr/lib/nagios/plugins/check_proxysql_server, /usr/lib/nagios/plugins/check_mysql_server_status' + } + sunet::nagios::nrpe_command {'check_proxysql_server': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_proxysql_server' + } + sunet::sudoer {'nagios_run_replication_command': + user_name => 'nagios', + collection => 'nrpe_replication_check', + command_line => '/usr/local/bin/check_replication' + } + sunet::nagios::nrpe_command {'check_async_replication': + command_line => '/usr/bin/sudo /usr/local/bin/check_replication' + } + sunet::sudoer {'nagios_run_backup_command': + user_name => 'nagios', + collection => 'nrpe_backup_check', + command_line => '/usr/local/bin/check_backups' + } + sunet::nagios::nrpe_command {'check_backups': + command_line => '/usr/bin/sudo /usr/local/bin/check_backups' + } + sunet::nagios::nrpe_command {'check_mysql_server_status': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' + } +} From dbac473c26a6c0463aa07fd5fb16c08ad9936b49 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:29:07 +0200 Subject: [PATCH 020/124] Move nrpe class from opsrepo --- manifests/nrpe.pp | 79 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 manifests/nrpe.pp diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp new file mode 100644 index 0000000..c13f0ea --- /dev/null +++ b/manifests/nrpe.pp @@ -0,0 +1,79 @@ + +# NRPE class +class sunetdrive::nrpe( + $loadw = '15,10,5', + $loadc = '30,25,20', + $procsw = 150, + $procsc = 200, +) { + + require apt + class { 'sunet::nagios': + command_timeout => 600, + loadw => $loadw, + loadc => $loadc, + procsw => $procsw, + procsc => $procsc, + } + package {'nagios-plugins-contrib': ensure => latest} + if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '22.04') >= 0 ){ + $mem_w = '90' + $mem_c = '95' + } else { + $mem_w = '10' + $mem_c = '5' + } + $checks = ['nrpe_check_memory'] + $checks.each |$check| { + ensure_resource("sunet::nagios::${check}", "nagios-nrpe-${check}") + } + sunet::nagios::nrpe_command {'check_entropy': + command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' + } + sunet::nagios::nrpe_command {'check_ntp_time': + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + } + sunet::nagios::nrpe_command {'check_scriptherder': + command_line => '/usr/local/bin/scriptherder --mode check' + } + sunet::sudoer {'nagios_run_needrestart_command': + user_name => 'nagios', + collection => 'nrpe_needrestart_check', + command_line => '/usr/sbin/needrestart -p -l' + } + sunet::sudoer {'nagios_run_galera_command': + user_name => 'nagios', + collection => 'nrpe_galera_check', + command_line => '/usr/lib/nagios/plugins/check_galera_cluster -w 2 -c 1 -0' + } + sunet::nagios::nrpe_command {'check_galera_cluster': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_galera_cluster -w 2 -c 1 -0' + } + sunet::sudoer {'nagios_run_proxysql_command': + user_name => 'nagios', + collection => 'nrpe_proxysql_check', + command_line => '/usr/lib/nagios/plugins/check_proxysql_server, /usr/lib/nagios/plugins/check_mysql_server_status' + } + sunet::nagios::nrpe_command {'check_proxysql_server': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_proxysql_server' + } + sunet::sudoer {'nagios_run_replication_command': + user_name => 'nagios', + collection => 'nrpe_replication_check', + command_line => '/usr/local/bin/check_replication' + } + sunet::nagios::nrpe_command {'check_async_replication': + command_line => '/usr/bin/sudo /usr/local/bin/check_replication' + } + sunet::sudoer {'nagios_run_backup_command': + user_name => 'nagios', + collection => 'nrpe_backup_check', + command_line => '/usr/local/bin/check_backups' + } + sunet::nagios::nrpe_command {'check_backups': + command_line => '/usr/bin/sudo /usr/local/bin/check_backups' + } + sunet::nagios::nrpe_command {'check_mysql_server_status': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' + } +} From 1a63b4884f53d9235a05b77bfd7ca656bbd810af Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:46:50 +0200 Subject: [PATCH 021/124] Correct hostgroup name --- manifests/sitemonitornaemon.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp index fd07491..4602549 100644 --- a/manifests/sitemonitornaemon.pp +++ b/manifests/sitemonitornaemon.pp @@ -46,7 +46,7 @@ class sunetdrive::sitemonitornaemon() { mode => '0644', } nagioscfg::service {'check_scriptherder': - hostgroup_name => ['nrpe'], + hostgroup_name => ['sunetdrive::nrpe'], check_command => 'check_nrpe_1arg_to30!check_scriptherder', description => 'Scriptherder Status', contact_groups => ['naemon-admins'], From f8dce117a8245b93686da5bb4cc9cf2de6c677f1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:46:50 +0200 Subject: [PATCH 022/124] Correct hostgroup name --- manifests/sitemonitornaemon.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp index fd07491..4602549 100644 --- a/manifests/sitemonitornaemon.pp +++ b/manifests/sitemonitornaemon.pp @@ -46,7 +46,7 @@ class sunetdrive::sitemonitornaemon() { mode => '0644', } nagioscfg::service {'check_scriptherder': - hostgroup_name => ['nrpe'], + hostgroup_name => ['sunetdrive::nrpe'], check_command => 'check_nrpe_1arg_to30!check_scriptherder', description => 'Scriptherder Status', contact_groups => ['naemon-admins'], From b4b099b237a190cecb15ff0d8f7e829bbc102f10 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 18:10:38 +0200 Subject: [PATCH 023/124] Node3 sunet-prod reinstalled --- templates/mariadb_backup/rclone.conf.erb | 2 +- templates/reva/rclone.conf.erb | 2 +- templates/script/rclone.conf.erb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/mariadb_backup/rclone.conf.erb b/templates/mariadb_backup/rclone.conf.erb index 3d144dc..273e9bf 100644 --- a/templates/mariadb_backup/rclone.conf.erb +++ b/templates/mariadb_backup/rclone.conf.erb @@ -1,6 +1,6 @@ [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> diff --git a/templates/reva/rclone.conf.erb b/templates/reva/rclone.conf.erb index 3d144dc..273e9bf 100644 --- a/templates/reva/rclone.conf.erb +++ b/templates/reva/rclone.conf.erb @@ -1,6 +1,6 @@ [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> diff --git a/templates/script/rclone.conf.erb b/templates/script/rclone.conf.erb index e77212d..c7b55f7 100644 --- a/templates/script/rclone.conf.erb +++ b/templates/script/rclone.conf.erb @@ -14,7 +14,7 @@ endpoint = <%= @s3_host_mirror %> acl = private [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> From 911edbed58dd878b176ec44c97a30caeeda268b7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 18:10:38 +0200 Subject: [PATCH 024/124] Node3 sunet-prod reinstalled --- templates/mariadb_backup/rclone.conf.erb | 2 +- templates/reva/rclone.conf.erb | 2 +- templates/script/rclone.conf.erb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/mariadb_backup/rclone.conf.erb b/templates/mariadb_backup/rclone.conf.erb index 3d144dc..273e9bf 100644 --- a/templates/mariadb_backup/rclone.conf.erb +++ b/templates/mariadb_backup/rclone.conf.erb @@ -1,6 +1,6 @@ [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> diff --git a/templates/reva/rclone.conf.erb b/templates/reva/rclone.conf.erb index 3d144dc..273e9bf 100644 --- a/templates/reva/rclone.conf.erb +++ b/templates/reva/rclone.conf.erb @@ -1,6 +1,6 @@ [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> diff --git a/templates/script/rclone.conf.erb b/templates/script/rclone.conf.erb index e77212d..c7b55f7 100644 --- a/templates/script/rclone.conf.erb +++ b/templates/script/rclone.conf.erb @@ -14,7 +14,7 @@ endpoint = <%= @s3_host_mirror %> acl = private [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> From 15a752a65d49aec71afbd7ad119df156a484a3ea Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 22:31:01 +0200 Subject: [PATCH 025/124] Add uptime check taht warns if server has been up for too long --- templates/scriptreceiver/check_max_uptime | 31 +++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 templates/scriptreceiver/check_max_uptime diff --git a/templates/scriptreceiver/check_max_uptime b/templates/scriptreceiver/check_max_uptime new file mode 100755 index 0000000..63fbb63 --- /dev/null +++ b/templates/scriptreceiver/check_max_uptime @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +import argparse +import sys + +parser = argparse.ArgumentParser() +parser.add_argument('-w', '--warning', + help='Warning threashold', + required=True) +parser.add_argument('-c', '--critical', + help='Critical threashold', + required=True) + +args = parser.parse_args() +warning = int(args.warning) +critical = int(args.critical) + +with open('/proc/uptime', 'r') as f: + uptime_seconds = float(f.readline().split()[0]) +days = int(uptime_seconds / 86400) + +status = "OK" +exit = 0 +if days > warning: + status = "WARNING" + exit = 1 +if days > critical: + status = "CRITICAL" + exit = 2 + +print(f"{status}: uptime {days} days | uptime={days};{warning};{critical};") +sys.exit(exit) From cf0a778781911e7d440079afd904a76fd5b839ae Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 22:31:01 +0200 Subject: [PATCH 026/124] Add uptime check taht warns if server has been up for too long --- templates/scriptreceiver/check_max_uptime | 31 +++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 templates/scriptreceiver/check_max_uptime diff --git a/templates/scriptreceiver/check_max_uptime b/templates/scriptreceiver/check_max_uptime new file mode 100755 index 0000000..63fbb63 --- /dev/null +++ b/templates/scriptreceiver/check_max_uptime @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +import argparse +import sys + +parser = argparse.ArgumentParser() +parser.add_argument('-w', '--warning', + help='Warning threashold', + required=True) +parser.add_argument('-c', '--critical', + help='Critical threashold', + required=True) + +args = parser.parse_args() +warning = int(args.warning) +critical = int(args.critical) + +with open('/proc/uptime', 'r') as f: + uptime_seconds = float(f.readline().split()[0]) +days = int(uptime_seconds / 86400) + +status = "OK" +exit = 0 +if days > warning: + status = "WARNING" + exit = 1 +if days > critical: + status = "CRITICAL" + exit = 2 + +print(f"{status}: uptime {days} days | uptime={days};{warning};{critical};") +sys.exit(exit) From b7e94c225970604f848170a67f9dae4d7d97aa82 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 1 Oct 2024 10:34:37 +0200 Subject: [PATCH 027/124] twofactor_enforced: Change manifest to work with fullnode --- manifests/app_type.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 493929d..ef15b0e 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -44,8 +44,8 @@ define sunetdrive::app_type ( $s3_secret = safe_hiera('s3_secret') $secret = safe_hiera('secret') } - $twofactor_enforced_groups = hiera_array('twofactor_enforced_groups') - $twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups') + $twofactor_enforced_groups = $config['twofactor_enforced_groups'] + $twofactor_enforced_excluded_groups = $config['twofactor_enforced_excluded_groups'] $nextcloud_version = hiera("nextcloud_version_${environment}") $nextcloud_version_string = split($nextcloud_version, '[-]')[0] # Common settings for multinode and full nodes From 24c2fcbdfccca682aa2bf9e5ed36f0e01ee0ca3a Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 1 Oct 2024 11:19:43 +0200 Subject: [PATCH 028/124] twofactor_enforced: Make template work with nil values --- templates/application/config.php.erb | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index 09dee08..ec36ad8 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -214,18 +214,22 @@ $CONFIG = array ( array ( 0 => 'admin', 1 => 'forcemfa', - <%- index = 2 -%> - <%- @twofactor_enforced_groups.each do |item| -%> + <%- if @twofactor_enforced_groups -%> + <%- index = 2 -%> + <%- @twofactor_enforced_groups.each do |item| -%> <%= index %> => '<%= item %>', - <%- index += 1 -%> + <%- index += 1 -%> + <%- end -%> <%- end -%> ), 'twofactor_enforced_excluded_groups' => array ( - <%- index = 0 -%> - <%- @twofactor_enforced_excluded_groups.each do |item| -%> + <%- if @twofactor_enforced_excluded_groups -%> + <%- index = 0 -%> + <%- @twofactor_enforced_excluded_groups.each do |item| -%> <%= index %> => '<%= item %>', - <%- index += 1 -%> + <%- index += 1 -%> + <%- end -%> <%- end -%> ), 'updatechecker' => false, From 766c337cb2c62762113bc92b8e61f561cffeb3e5 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 1 Oct 2024 10:34:37 +0200 Subject: [PATCH 029/124] twofactor_enforced: Change manifest to work with fullnode --- manifests/app_type.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 493929d..ef15b0e 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -44,8 +44,8 @@ define sunetdrive::app_type ( $s3_secret = safe_hiera('s3_secret') $secret = safe_hiera('secret') } - $twofactor_enforced_groups = hiera_array('twofactor_enforced_groups') - $twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups') + $twofactor_enforced_groups = $config['twofactor_enforced_groups'] + $twofactor_enforced_excluded_groups = $config['twofactor_enforced_excluded_groups'] $nextcloud_version = hiera("nextcloud_version_${environment}") $nextcloud_version_string = split($nextcloud_version, '[-]')[0] # Common settings for multinode and full nodes From e3697719d21d781b519c65e177208f3d84d27937 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 1 Oct 2024 11:19:43 +0200 Subject: [PATCH 030/124] twofactor_enforced: Make template work with nil values --- templates/application/config.php.erb | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index 09dee08..ec36ad8 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -214,18 +214,22 @@ $CONFIG = array ( array ( 0 => 'admin', 1 => 'forcemfa', - <%- index = 2 -%> - <%- @twofactor_enforced_groups.each do |item| -%> + <%- if @twofactor_enforced_groups -%> + <%- index = 2 -%> + <%- @twofactor_enforced_groups.each do |item| -%> <%= index %> => '<%= item %>', - <%- index += 1 -%> + <%- index += 1 -%> + <%- end -%> <%- end -%> ), 'twofactor_enforced_excluded_groups' => array ( - <%- index = 0 -%> - <%- @twofactor_enforced_excluded_groups.each do |item| -%> + <%- if @twofactor_enforced_excluded_groups -%> + <%- index = 0 -%> + <%- @twofactor_enforced_excluded_groups.each do |item| -%> <%= index %> => '<%= item %>', - <%- index += 1 -%> + <%- index += 1 -%> + <%- end -%> <%- end -%> ), 'updatechecker' => false, From ac917b9811c92db0b748074f91e7d65e0e400001 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 2 Oct 2024 17:37:14 +0200 Subject: [PATCH 031/124] Use all adresses --- templates/mariadb/docker-compose_mariadb.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/docker-compose_mariadb.yml.erb b/templates/mariadb/docker-compose_mariadb.yml.erb index 1650563..6130e84 100644 --- a/templates/mariadb/docker-compose_mariadb.yml.erb +++ b/templates/mariadb/docker-compose_mariadb.yml.erb @@ -21,6 +21,6 @@ services: - MYSQL_ROOT_PASSWORD=<%= @mysql_root_password %> - BOOTSTRAP=<%= @bootstrap %> - FORCE_BOOTSTRAP=0 - command: "--wsrep_cluster_address=gcomm://<%= @db_ip[0] %>,<%= @db_ip[1] %>,<%= @db_ip[2] %>" + command: "--wsrep_cluster_address=gcomm://<%= @db_ip.join(',') %>" tty: true From 260fd526fe0733ecb13084b352b7530838729ad6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 2 Oct 2024 17:37:14 +0200 Subject: [PATCH 032/124] Use all adresses --- templates/mariadb/docker-compose_mariadb.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/docker-compose_mariadb.yml.erb b/templates/mariadb/docker-compose_mariadb.yml.erb index 1650563..6130e84 100644 --- a/templates/mariadb/docker-compose_mariadb.yml.erb +++ b/templates/mariadb/docker-compose_mariadb.yml.erb @@ -21,6 +21,6 @@ services: - MYSQL_ROOT_PASSWORD=<%= @mysql_root_password %> - BOOTSTRAP=<%= @bootstrap %> - FORCE_BOOTSTRAP=0 - command: "--wsrep_cluster_address=gcomm://<%= @db_ip[0] %>,<%= @db_ip[1] %>,<%= @db_ip[2] %>" + command: "--wsrep_cluster_address=gcomm://<%= @db_ip.join(',') %>" tty: true From 07d54eba92531a7d01130f424a9b142917cec1d3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 033/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From ccdb53310dc7bebf01bcb14c0d928d8bb4f12dfd Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 034/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From d832f2a274ad3e86ed8174489d8613148f4e1ef2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 035/124] format --- manifests/script.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 3d1ace0..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,12 +109,12 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/root/.ssh/': ensure => directory, From 722a8bdb6856302dc85642d30b6951393d534ee1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 036/124] Add mysql command to host --- manifests/db_type.pp | 5 +++++ templates/mariadb/mysql.erb.sh | 4 ++++ 2 files changed, 9 insertions(+) create mode 100644 templates/mariadb/mysql.erb.sh diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 295f839..440a3e9 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -90,6 +90,11 @@ define sunetdrive::db_type( ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } + file { '/usr/local/bin/mysql': + ensure => present, + content => template('sunetdrive/mariadb/mysql.erb.sh'), + mode => '0744', + } file { '/usr/local/bin/size-test': ensure => present, content => template('sunetdrive/mariadb/size-test.erb'), diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh new file mode 100644 index 0000000..b62d38d --- /dev/null +++ b/templates/mariadb/mysql.erb.sh @@ -0,0 +1,4 @@ +#!/bin/bash +pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') + +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 07ddb2220a2644b913d1213969b9b0aebf7ce132 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 037/124] format --- manifests/script.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 3d1ace0..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,12 +109,12 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/root/.ssh/': ensure => directory, From 141f9334f25edeb999fe63bd7e56dfb1ebb32186 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 038/124] Add mysql command to host --- manifests/db_type.pp | 5 +++++ templates/mariadb/mysql.erb.sh | 4 ++++ 2 files changed, 9 insertions(+) create mode 100644 templates/mariadb/mysql.erb.sh diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 295f839..440a3e9 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -90,6 +90,11 @@ define sunetdrive::db_type( ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } + file { '/usr/local/bin/mysql': + ensure => present, + content => template('sunetdrive/mariadb/mysql.erb.sh'), + mode => '0744', + } file { '/usr/local/bin/size-test': ensure => present, content => template('sunetdrive/mariadb/size-test.erb'), diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh new file mode 100644 index 0000000..b62d38d --- /dev/null +++ b/templates/mariadb/mysql.erb.sh @@ -0,0 +1,4 @@ +#!/bin/bash +pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') + +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From b573820906c2a2503f6d0f228dd459496622a766 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 039/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From e4093f5e401edbe9baf9a094ca99b26da7c3586d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 040/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 2b590b3f01d059da968bc939d02c7c9b9a036927 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 041/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 5c16a783e9596c551702518ca63c47c5b81942d6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 042/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 8b74bd9c750d6daa37b3db5c0483a810bfbf9ca4 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 043/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From d3e0f41ff1aac66a99ddb285558aa1380f98b7f8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 044/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 00d4c96d2822f150b66de8ffbae8210c111d379e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 045/124] Fix mode on log files --- manifests/app_type.pp | 4 ++-- manifests/onlyoffice.pp | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index ef15b0e..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -198,14 +198,14 @@ define sunetdrive::app_type ( force => true, owner => 'www-data', group => 'root', - mode => '0644', + mode => '0640', } file { '/opt/nextcloud/audit.log': ensure => file, force => true, owner => 'www-data', group => 'root', - mode => '0644', + mode => '0640', } file { '/opt/nextcloud/rclone.conf': ensure => file, diff --git a/manifests/onlyoffice.pp b/manifests/onlyoffice.pp index 6d63ac0..2fd3359 100644 --- a/manifests/onlyoffice.pp +++ b/manifests/onlyoffice.pp @@ -16,14 +16,14 @@ class sunetdrive::onlyoffice () { command => "docker login registry.gitlab.collabora.com -u ${token_name} -p ${access_token}", } sunet::collabora::docs { 'sunet-onlyoffice': - dns => [ '89.32.32.32' ], - extra_hosts => $extra_hosts, + dns => [ '89.32.32.32' ], + extra_hosts => $extra_hosts, extra_volumes => ['/opt/collabora/coolwsd.xml:/etc/coolwsd/coolwsd.xml'], - docker_tag => $docker_tag, - docker_image => 'registry.gitlab.collabora.com/productivity/collabora-online-nc', + docker_tag => $docker_tag, + docker_image => 'registry.gitlab.collabora.com/productivity/collabora-online-nc', } file {'/opt/collabora/coolwsd.xml': - ensure => present, + ensure => present, content => template('sunetdrive/document/coolwsd.xml.erb'), } } From 8ca506f60882a97e72f0620ebdfe4c81caeb857d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 046/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 15beb333ec0d0c8760b7081b21af4179ae923e28 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 047/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 6d78fdde7c2ade6a928d98bbd2e731003114807c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 048/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From f2b840682647b3c2c4234fab30ad2e35a9e6e1b2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 049/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 5c0e05394dec63648d7d78af4868b6b8abbc4323 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 050/124] Fix mode on log files --- manifests/app_type.pp | 4 ++-- manifests/onlyoffice.pp | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index ef15b0e..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -198,14 +198,14 @@ define sunetdrive::app_type ( force => true, owner => 'www-data', group => 'root', - mode => '0644', + mode => '0640', } file { '/opt/nextcloud/audit.log': ensure => file, force => true, owner => 'www-data', group => 'root', - mode => '0644', + mode => '0640', } file { '/opt/nextcloud/rclone.conf': ensure => file, diff --git a/manifests/onlyoffice.pp b/manifests/onlyoffice.pp index 6d63ac0..2fd3359 100644 --- a/manifests/onlyoffice.pp +++ b/manifests/onlyoffice.pp @@ -16,14 +16,14 @@ class sunetdrive::onlyoffice () { command => "docker login registry.gitlab.collabora.com -u ${token_name} -p ${access_token}", } sunet::collabora::docs { 'sunet-onlyoffice': - dns => [ '89.32.32.32' ], - extra_hosts => $extra_hosts, + dns => [ '89.32.32.32' ], + extra_hosts => $extra_hosts, extra_volumes => ['/opt/collabora/coolwsd.xml:/etc/coolwsd/coolwsd.xml'], - docker_tag => $docker_tag, - docker_image => 'registry.gitlab.collabora.com/productivity/collabora-online-nc', + docker_tag => $docker_tag, + docker_image => 'registry.gitlab.collabora.com/productivity/collabora-online-nc', } file {'/opt/collabora/coolwsd.xml': - ensure => present, + ensure => present, content => template('sunetdrive/document/coolwsd.xml.erb'), } } From 7460019ec536a88020eb72b1a48b99c0761bd74b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 051/124] puppet-lint --fix --- functions/get_customer.pp | 2 +- functions/get_environment.pp | 2 +- functions/get_node_number.pp | 2 +- manifests/cloudimage.pp | 4 ++-- manifests/infra_script.pp | 2 +- manifests/mariadb.pp | 6 +++--- manifests/multinode.pp | 4 ++-- manifests/multinode_db.pp | 2 +- manifests/scriptreceiver.pp | 2 +- manifests/sitemonitornaemon.pp | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/functions/get_customer.pp b/functions/get_customer.pp index aef58a1..ab67f9f 100644 --- a/functions/get_customer.pp +++ b/functions/get_customer.pp @@ -1,6 +1,6 @@ # Lets determin who the customer is by looking at the hostname function sunetdrive::get_customer() >> String { - $hostnameparts = split($facts['fqdn'],'\.') + $hostnameparts = split($facts['networking']['fqdn'],'\.') if $hostnameparts[1] == 'drive' { if $hostnameparts[0] =~ /^gss/ { return 'gss' diff --git a/functions/get_environment.pp b/functions/get_environment.pp index 42fa60f..f0556af 100644 --- a/functions/get_environment.pp +++ b/functions/get_environment.pp @@ -1,6 +1,6 @@ # Lets determin where we are by looking at the hostname function sunetdrive::get_environment() >> String { - $hostname = $facts['fqdn'] + $hostname = $facts['networking']['fqdn'] if $hostname =~ /^.*\.drive\.sunet\.se$/ { if $hostname =~ /^.*\.pilot\.drive\.sunet\.se$/ { return 'pilot' diff --git a/functions/get_node_number.pp b/functions/get_node_number.pp index 4c256fe..2b5317b 100644 --- a/functions/get_node_number.pp +++ b/functions/get_node_number.pp @@ -1,4 +1,4 @@ # Lets determin where we are by looking at the hostname function sunetdrive::get_node_number() >> Integer { - Integer(regsubst($::fqdn, /^[a-zA-Z\-]+(\d).*$/, '\\1')) + Integer(regsubst($facts['networking']['fqdn'], /^[a-zA-Z\-]+(\d).*$/, '\\1')) } diff --git a/manifests/cloudimage.pp b/manifests/cloudimage.pp index aa9cada..eeca54f 100644 --- a/manifests/cloudimage.pp +++ b/manifests/cloudimage.pp @@ -38,8 +38,8 @@ define sunetdrive::cloudimage( resolver => ['130.242.80.14', '130.242.80.99'], search => $search, # - repo => $::cosmos_repo_origin_url, - tagpattern => $::cosmos_tag_pattern, + repo => $facts['cosmos_repo_origin_url'], + tagpattern => $facts['cosmos_tag_pattern'], # cpus => $cpus, memory => $memory, diff --git a/manifests/infra_script.pp b/manifests/infra_script.pp index fac5198..be78e19 100644 --- a/manifests/infra_script.pp +++ b/manifests/infra_script.pp @@ -4,7 +4,7 @@ class sunetdrive::infra_script ( $location = undef ) { $environment = sunetdrive::get_environment() - $customer = "common" + $customer = 'common' $config = hiera_hash($environment) $gss_backup_server = $config['gss_backup_server'] $lookup_backup_server = $config['lookup_backup_server'] diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index c6356d2..3eae4d5 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -10,9 +10,9 @@ class sunetdrive::mariadb ( $quorum_id = $facts['networking']['fqdn'] $quorum_password = safe_hiera('quorum_password') $db = sunetdrive::db_type { 'base_db': - bootstrap => $bootstrap, - tag_mariadb => $tag_mariadb, - location => $location, + bootstrap => $bootstrap, + tag_mariadb => $tag_mariadb, + location => $location, } file { '/etc/quorum.conf': ensure => file, diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 9620cb7..0ba70ad 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -5,7 +5,7 @@ class sunetdrive::multinode ( ) { include sunet::packages::yq - $myname = $facts['hostname'] + $myname = $facts['networking']['hostname'] $is_multinode = true; $environment = sunetdrive::get_environment() $lb_servers = hiera_hash($environment)['lb_servers'] @@ -278,7 +278,7 @@ MACAddressPolicy=none' $s3_host = $customer_config['s3_host'] $s3_usepath = hiera('s3_usepath') $smtpuser = hiera("smtp_user_${environment}") - $trusted_domains = [$site_name, $facts['fqdn'], 'localhost'] + $trusted_domains = [$site_name, $facts['networking']['fqdn'], 'localhost'] $tug_office = hiera_array('tug_office') if $customer_config['twofactor_enforced_groups'] { $twofactor_enforced_groups = $customer_config['twofactor_enforced_groups'] diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..c373e0b 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -16,7 +16,7 @@ class sunetdrive::multinode_db(){ } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { notify { 'hostmessage': - message => "We are on multinode-db1. Set up statistics environment.", + message => 'We are on multinode-db1. Set up statistics environment.', } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' diff --git a/manifests/scriptreceiver.pp b/manifests/scriptreceiver.pp index 9c8e319..6aca740 100644 --- a/manifests/scriptreceiver.pp +++ b/manifests/scriptreceiver.pp @@ -69,7 +69,7 @@ class sunetdrive::scriptreceiver() owner => 'root', group => 'root', } - file { "/etc/sudoers.d/99-safer_reboot": + file { '/etc/sudoers.d/99-safer_reboot': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/safer_reboot\n", mode => '0440', diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp index 4602549..e0abcd4 100644 --- a/manifests/sitemonitornaemon.pp +++ b/manifests/sitemonitornaemon.pp @@ -7,7 +7,7 @@ class sunetdrive::sitemonitornaemon() { $tls_servers_with_port = hiera_array('tls_servers_with_port') $nextcloud_version_prod = split(hiera('nextcloud_version_prod'),'[-]')[0] $nextcloud_version_test = split(hiera('nextcloud_version_test'),'[-]')[0] - $monitorhost = $::fqdn + $monitorhost = $facts['networking']['fqdn'] $environment = sunetdrive::get_environment() $influx_passwd = safe_hiera('influx_passwd') $slack_url = safe_hiera('slack_url') From 026c5c5d03da7b479a4b4f7905d978a307ca0356 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 052/124] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From c761c560529a9b92ba4980f1c2e31209eac57818 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 053/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From f29e074ded405964ca3635c42def9e800828bc0c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 054/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From e0c06d4571d9d0d8e022e5ae72b8ee5f1981f89e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 055/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 1a39e0dbec6fdd10d4a4090d4442e220885d07af Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 056/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 52869ca08969f4d3f11e52994932c50a90f49c25 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 057/124] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From d7e7e260c25d6b88b20a6f1be0d86f377a76b246 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 058/124] puppet-lint --fix --- functions/get_customer.pp | 2 +- functions/get_environment.pp | 2 +- functions/get_node_number.pp | 2 +- manifests/cloudimage.pp | 4 ++-- manifests/infra_script.pp | 2 +- manifests/mariadb.pp | 6 +++--- manifests/multinode.pp | 4 ++-- manifests/multinode_db.pp | 2 +- manifests/scriptreceiver.pp | 2 +- manifests/sitemonitornaemon.pp | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/functions/get_customer.pp b/functions/get_customer.pp index aef58a1..ab67f9f 100644 --- a/functions/get_customer.pp +++ b/functions/get_customer.pp @@ -1,6 +1,6 @@ # Lets determin who the customer is by looking at the hostname function sunetdrive::get_customer() >> String { - $hostnameparts = split($facts['fqdn'],'\.') + $hostnameparts = split($facts['networking']['fqdn'],'\.') if $hostnameparts[1] == 'drive' { if $hostnameparts[0] =~ /^gss/ { return 'gss' diff --git a/functions/get_environment.pp b/functions/get_environment.pp index 42fa60f..f0556af 100644 --- a/functions/get_environment.pp +++ b/functions/get_environment.pp @@ -1,6 +1,6 @@ # Lets determin where we are by looking at the hostname function sunetdrive::get_environment() >> String { - $hostname = $facts['fqdn'] + $hostname = $facts['networking']['fqdn'] if $hostname =~ /^.*\.drive\.sunet\.se$/ { if $hostname =~ /^.*\.pilot\.drive\.sunet\.se$/ { return 'pilot' diff --git a/functions/get_node_number.pp b/functions/get_node_number.pp index 4c256fe..2b5317b 100644 --- a/functions/get_node_number.pp +++ b/functions/get_node_number.pp @@ -1,4 +1,4 @@ # Lets determin where we are by looking at the hostname function sunetdrive::get_node_number() >> Integer { - Integer(regsubst($::fqdn, /^[a-zA-Z\-]+(\d).*$/, '\\1')) + Integer(regsubst($facts['networking']['fqdn'], /^[a-zA-Z\-]+(\d).*$/, '\\1')) } diff --git a/manifests/cloudimage.pp b/manifests/cloudimage.pp index aa9cada..eeca54f 100644 --- a/manifests/cloudimage.pp +++ b/manifests/cloudimage.pp @@ -38,8 +38,8 @@ define sunetdrive::cloudimage( resolver => ['130.242.80.14', '130.242.80.99'], search => $search, # - repo => $::cosmos_repo_origin_url, - tagpattern => $::cosmos_tag_pattern, + repo => $facts['cosmos_repo_origin_url'], + tagpattern => $facts['cosmos_tag_pattern'], # cpus => $cpus, memory => $memory, diff --git a/manifests/infra_script.pp b/manifests/infra_script.pp index fac5198..be78e19 100644 --- a/manifests/infra_script.pp +++ b/manifests/infra_script.pp @@ -4,7 +4,7 @@ class sunetdrive::infra_script ( $location = undef ) { $environment = sunetdrive::get_environment() - $customer = "common" + $customer = 'common' $config = hiera_hash($environment) $gss_backup_server = $config['gss_backup_server'] $lookup_backup_server = $config['lookup_backup_server'] diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index c6356d2..3eae4d5 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -10,9 +10,9 @@ class sunetdrive::mariadb ( $quorum_id = $facts['networking']['fqdn'] $quorum_password = safe_hiera('quorum_password') $db = sunetdrive::db_type { 'base_db': - bootstrap => $bootstrap, - tag_mariadb => $tag_mariadb, - location => $location, + bootstrap => $bootstrap, + tag_mariadb => $tag_mariadb, + location => $location, } file { '/etc/quorum.conf': ensure => file, diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 9620cb7..0ba70ad 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -5,7 +5,7 @@ class sunetdrive::multinode ( ) { include sunet::packages::yq - $myname = $facts['hostname'] + $myname = $facts['networking']['hostname'] $is_multinode = true; $environment = sunetdrive::get_environment() $lb_servers = hiera_hash($environment)['lb_servers'] @@ -278,7 +278,7 @@ MACAddressPolicy=none' $s3_host = $customer_config['s3_host'] $s3_usepath = hiera('s3_usepath') $smtpuser = hiera("smtp_user_${environment}") - $trusted_domains = [$site_name, $facts['fqdn'], 'localhost'] + $trusted_domains = [$site_name, $facts['networking']['fqdn'], 'localhost'] $tug_office = hiera_array('tug_office') if $customer_config['twofactor_enforced_groups'] { $twofactor_enforced_groups = $customer_config['twofactor_enforced_groups'] diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 6841b75..8ec056e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -17,7 +17,7 @@ class sunetdrive::multinode_db(){ if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': - message => "We are on multinode-db1. Set up statistics environment.", + message => 'We are on multinode-db1. Set up statistics environment.', } $custdata=$customers.reduce({}) |$memo, $value| { $memo + {$value => lookup($value)} diff --git a/manifests/scriptreceiver.pp b/manifests/scriptreceiver.pp index 9c8e319..6aca740 100644 --- a/manifests/scriptreceiver.pp +++ b/manifests/scriptreceiver.pp @@ -69,7 +69,7 @@ class sunetdrive::scriptreceiver() owner => 'root', group => 'root', } - file { "/etc/sudoers.d/99-safer_reboot": + file { '/etc/sudoers.d/99-safer_reboot': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/safer_reboot\n", mode => '0440', diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp index 4602549..e0abcd4 100644 --- a/manifests/sitemonitornaemon.pp +++ b/manifests/sitemonitornaemon.pp @@ -7,7 +7,7 @@ class sunetdrive::sitemonitornaemon() { $tls_servers_with_port = hiera_array('tls_servers_with_port') $nextcloud_version_prod = split(hiera('nextcloud_version_prod'),'[-]')[0] $nextcloud_version_test = split(hiera('nextcloud_version_test'),'[-]')[0] - $monitorhost = $::fqdn + $monitorhost = $facts['networking']['fqdn'] $environment = sunetdrive::get_environment() $influx_passwd = safe_hiera('influx_passwd') $slack_url = safe_hiera('slack_url') From e3a66f95dfd31be2bad83c575d644a1ee27ea0a5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 059/124] Set permissions on redis --- manifests/redis_cluster.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index a567830..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -17,4 +17,10 @@ class sunetdrive::redis_cluster ( content => template('sunetdrive/redis_cluster/reset_cluster.erb.sh'), mode => '0700', } + exec { 'set_permissions_directory': + command => 'chown -R 999:root /opt/redis/node-*' + } + exec { 'set_permissions_files': + command => 'chown -R 999:99 /opt/redis/node-*/*' + } } From 8b0d90e4ebaf28f8e4d4960129a516eddaf5639a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 060/124] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 4111ac75009be88354603bf5e8619c068196748c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 061/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 1ecf6c81286eac284d5266b42b698071154c1232 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 062/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From daa647beb9628eacc1e761b21f6132f4c83f5f9c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 063/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From cc2a9e9ebf162a406efeb2db67d40155b21cb95b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 064/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 6224fe3e964ff8ab8dfe781ca4c5e01a5cd6c9a3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 065/124] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 019a3d9792a2275495bc1bbf3aa19067c1cefe5b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 066/124] puppet-lint --fix --- manifests/multinode_db.pp | 3 --- 1 file changed, 3 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8ec056e..d26acac 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -19,9 +19,6 @@ class sunetdrive::multinode_db(){ notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } - $custdata=$customers.reduce({}) |$memo, $value| { - $memo + {$value => lookup($value)} - } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': From b065ac7ae6d78d1e9d29b9db333452e3d1cee9c7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 067/124] Set permissions on redis --- manifests/redis_cluster.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index a567830..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -17,4 +17,10 @@ class sunetdrive::redis_cluster ( content => template('sunetdrive/redis_cluster/reset_cluster.erb.sh'), mode => '0700', } + exec { 'set_permissions_directory': + command => 'chown -R 999:root /opt/redis/node-*' + } + exec { 'set_permissions_files': + command => 'chown -R 999:99 /opt/redis/node-*/*' + } } From e76c22f6d568e8cb067b74cbf18736a17b063f57 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 068/124] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 74af996a7647c2b2983e4211a89d445a5bed1dad Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 069/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From beb69036a1e5b4451c8c70fe08e04dd62ceaf876 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 070/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From d63c586998872bf95818aed909917ae23c86c4ab Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 071/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From a74899332e48b72d69cea20e550b698c0aba5208 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 072/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 45ac19bec82f9a78a234240b6f3534c84fb72d14 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 073/124] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From a7fe6cecc7c3761564b9fdb2d62ccd316b0bda0a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 074/124] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From 158f982aedb203a908838cac44ff4a365262cef8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 075/124] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 51ddfa985c757e69adb549e0d852cec4a9849648 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 076/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 81341be6e7c434c6785d5115a7dbd5620d3917ec Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 077/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From f5f97e1c3a0a2f5d802b7d4e11129a1429a7dd20 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 078/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 8646f1eda7fd50ec89ffe6ae96a6dded2d63528b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 079/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From f531a60514eddf3ba2bacd1d9eee2960fe1c033b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 080/124] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From e0f6d3bafafcec84bc1918904ffc4fcc37dd7428 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 081/124] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From 39384f7e4054dd582fc1df12ae461f11cbd1c987 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 082/124] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From d3cb9b9e147759835d1841af3dfba463f5fa0779 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 083/124] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From b280257882ebce2d46282d4174f388e2bb1312ff Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 084/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From cb35c3bbf74371e897e36a9b84f7649680271525 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 085/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 56f8a5d149be19f02d0c17513b8e5421933d4bc0 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 086/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From ac9e29d39e81be4179c6ee2525ded9e725a74bac Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 087/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From c649a7a6b42462696e9d920ea417b9b489b80cb0 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 088/124] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 958ff7daa9ae9bb320ed3207a58108975108a699 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 089/124] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From 6865d6833f3b8ee21c702722e17c805f303a3502 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 090/124] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From a64b2533bbd9eb0a7cb326ede0fba17a67d1c94a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 091/124] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From b8a16bd700ae97c14894bd205ea8f3f411f4436e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:54:57 +0200 Subject: [PATCH 092/124] Fix ntp --- manifests/common.pp | 1 - manifests/nrpe.pp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..f5380f6 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -3,7 +3,6 @@ class sunetdrive::common { include sunet::tools include sunet::motd - include sunet::ntp include apt include apparmor include sunet::packages::jq diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c13f0ea..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -31,7 +31,7 @@ class sunetdrive::nrpe( command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' } sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H ntp.se' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' From 76640002c0d6050084e795daccc420d614147343 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 093/124] Move hee from cosmos-sites.pp --- manifests/common.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..d3acb7f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,10 +45,4 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } - if $::facts['os']['distro']['id'] == 'Debian' { - exec { 'sysstat_systemd_timer': - command => 'systemctl enable --now sysstat-collect.timer', - unless => 'systemctl is-enabled --quiet sysstat-collect.timer', - } - } } From 7177dfa12e5e29881919bb5c1a934ceb13e68632 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 094/124] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 8cae1a668ad5d44de8c015bb2e7ab6c9c843086b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 095/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From e3a729e1a838b6eef4027057a77cf1c9b685ecf2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 096/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 4b4d0626cfe0d915007babc93cf385a64a9cddc1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 097/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 142fc78f6bcb2738ceb31dad4a3413bddd8f17b7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 098/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 124c2f6c5d79050fda80d79818f4e5a9b49736af Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 099/124] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From dc8ff6a712b51cb6c075b8870877c4325ce4f9bb Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 100/124] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From 671b5f95dfa0d9e52b8943da9349963bf92de54c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 101/124] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From cb13190197e18e8844302955d78a8ea4505fb1f5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 102/124] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From d3d0807d433cd3ebe8676c1e12bad951f806cff1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:54:57 +0200 Subject: [PATCH 103/124] Fix ntp --- manifests/common.pp | 1 - manifests/nrpe.pp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..f5380f6 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -3,7 +3,6 @@ class sunetdrive::common { include sunet::tools include sunet::motd - include sunet::ntp include apt include apparmor include sunet::packages::jq diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c13f0ea..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -31,7 +31,7 @@ class sunetdrive::nrpe( command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' } sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H ntp.se' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' From 9a367b09557526ba31cd19197ee001c04311b776 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 24 Oct 2024 12:15:08 +0200 Subject: [PATCH 104/124] Decoupling the admin_password from proxysql --- manifests/app_type.pp | 2 -- templates/application/complete_reinstall.erb.sh | 9 ++++++++- templates/application/docker-compose_nextcloud.yml.erb | 2 -- templates/multinode/complete_reinstall.erb.sh | 9 ++++++++- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..b377c8a 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -15,7 +15,6 @@ define sunetdrive::app_type ( # The config used $config = $override_config # Other settings - $admin_password = $config[ 'admin_password' ] $dbhost = $config[ 'dbhost' ] $dbname = $config[ 'dbname' ] $dbuser = $config[ 'dbuser' ] @@ -31,7 +30,6 @@ define sunetdrive::app_type ( $config = hiera_hash($environment) $skeletondirectory = $config['skeletondirectory'] # Other settings - $admin_password = safe_hiera('admin_password') $dbhost = 'proxysql_proxysql_1' $dbname = 'nextcloud' $dbuser = 'nextcloud' diff --git a/templates/application/complete_reinstall.erb.sh b/templates/application/complete_reinstall.erb.sh index ec43c88..18914b1 100644 --- a/templates/application/complete_reinstall.erb.sh +++ b/templates/application/complete_reinstall.erb.sh @@ -3,7 +3,6 @@ config_php='/var/www/html/config/config.php' dbhost="<%= @dbhost %>" mysql_user_password="<%= @mysql_user_password %>" -admin_password="<%= @admin_password %>" location="<%= @location %>" bucket="<%= @s3_bucket %>" @@ -14,6 +13,9 @@ if [[ "${user_input}" == "IKnowWhatIAmDoing" ]]; then echo "WARNING: This will delete everything in the database and reinstall Nextcloud." echo "You have 10 seconds to abort by hitting CTRL/C" sleep 10s + echo "Setting temp admin password" + apt update && apt install -y apg + admin_password="$(apg -m 40 | head -1)" echo "Ok, proceeding." echo "Dropping database in 3 seconds" sleep 3s @@ -48,6 +50,11 @@ EOF instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') + echo "Now delete the admin user:" + echo " occ user:delete admin" + echo "and then create a new admin user:" + echo " /usr/local/bin/add_admin_user " + echo "" echo "Please use edit-secrets to add these variables to all Nextcloud servers:" echo "instanceid: DEC::PKCS7[${instanceid}]!" echo "secret: DEC::PKCS7[${secret}]!" diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 0936df0..6ca5473 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -9,8 +9,6 @@ services: <%- if @hostnet -%> network_mode: host <%- end -%> - environment: - - NC_PASS=<%= @admin_password%> volumes: - /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf diff --git a/templates/multinode/complete_reinstall.erb.sh b/templates/multinode/complete_reinstall.erb.sh index e448a0f..3e35175 100644 --- a/templates/multinode/complete_reinstall.erb.sh +++ b/templates/multinode/complete_reinstall.erb.sh @@ -3,10 +3,12 @@ config_php='/var/www/html/config/config.php' dbhost="<%= @dbhost %>" mysql_user_password="<%= @mysql_user_password %>" -admin_password="<%= @admin_password %>" location="<%= @location %>" bucket="<%= @s3_bucket %>" customer="<%= @customer %>" +echo "Setting temp admin password" +apt update && apt install -y apg +admin_password="$(apg -m 40 | head -1)" /usr/bin/mysql -e "drop database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 /usr/bin/mysql -e "create database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 @@ -35,6 +37,11 @@ EOF instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') +echo "Now delete the admin user:" +echo " occ user:delete admin" +echo "and then create a new admin user:" +echo " /usr/local/bin/add_admin_user " +echo "" echo "${customer}_instanceid: DEC::PKCS7[${instanceid}]!" echo "${customer}_secret: DEC::PKCS7[${secret}]!" echo "${customer}_passwordsalt: DEC::PKCS7[${passwordsalt}]!" From 6365549250ef57bd6e2a811719ccbe60d5f92e88 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 105/124] Move hee from cosmos-sites.pp --- manifests/common.pp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index f5380f6..d3acb7f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -3,6 +3,7 @@ class sunetdrive::common { include sunet::tools include sunet::motd + include sunet::ntp include apt include apparmor include sunet::packages::jq @@ -44,10 +45,4 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } - if $::facts['os']['distro']['id'] == 'Debian' { - exec { 'sysstat_systemd_timer': - command => 'systemctl enable --now sysstat-collect.timer', - unless => 'systemctl is-enabled --quiet sysstat-collect.timer', - } - } } From 124203cd922c1635dbc590b267beb98dc35bde71 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 106/124] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From a563e163097b8ecd801561e30f6240a993157139 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:29:07 +0200 Subject: [PATCH 107/124] Move nrpe class from opsrepo --- manifests/nrpe.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c13f0ea 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -31,7 +31,7 @@ class sunetdrive::nrpe( command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' } sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H ntp.se' + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' From 64e37466281113812a59b55bddaddb7ec796369d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 108/124] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 714e2d98f6521680476af67056dbd9f8e92d614e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 109/124] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 4dd95bdb39912f90a7c1969efffa79547d1af387 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 110/124] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 42363a9aaf7549251c3e961c7734385fa2c29990 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 111/124] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From d6b4098932e2c8af98d571c71afe9b4c85ab8c39 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 112/124] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 22bfeaf24489750d2bb2d9aa765d14f4bad017c5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 113/124] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From deabba2e22b56b9cd7ba6d951b4d2eeb2f9190a1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 114/124] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From 48f8f6d690e90b57a7151be5c293b56cd0aea0ee Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 115/124] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From dac082f4f5b7384c2ad0d75b0ffcff7eb713614a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:54:57 +0200 Subject: [PATCH 116/124] Fix ntp --- manifests/common.pp | 1 - manifests/nrpe.pp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..f5380f6 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -3,7 +3,6 @@ class sunetdrive::common { include sunet::tools include sunet::motd - include sunet::ntp include apt include apparmor include sunet::packages::jq diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c13f0ea..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -31,7 +31,7 @@ class sunetdrive::nrpe( command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' } sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H ntp.se' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' From a8060b77748142e5a0089cd20c59938d406e217b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 24 Oct 2024 12:15:08 +0200 Subject: [PATCH 117/124] Decoupling the admin_password from proxysql --- manifests/app_type.pp | 2 -- templates/application/complete_reinstall.erb.sh | 9 ++++++++- templates/application/docker-compose_nextcloud.yml.erb | 2 -- templates/multinode/complete_reinstall.erb.sh | 9 ++++++++- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..b377c8a 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -15,7 +15,6 @@ define sunetdrive::app_type ( # The config used $config = $override_config # Other settings - $admin_password = $config[ 'admin_password' ] $dbhost = $config[ 'dbhost' ] $dbname = $config[ 'dbname' ] $dbuser = $config[ 'dbuser' ] @@ -31,7 +30,6 @@ define sunetdrive::app_type ( $config = hiera_hash($environment) $skeletondirectory = $config['skeletondirectory'] # Other settings - $admin_password = safe_hiera('admin_password') $dbhost = 'proxysql_proxysql_1' $dbname = 'nextcloud' $dbuser = 'nextcloud' diff --git a/templates/application/complete_reinstall.erb.sh b/templates/application/complete_reinstall.erb.sh index ec43c88..18914b1 100644 --- a/templates/application/complete_reinstall.erb.sh +++ b/templates/application/complete_reinstall.erb.sh @@ -3,7 +3,6 @@ config_php='/var/www/html/config/config.php' dbhost="<%= @dbhost %>" mysql_user_password="<%= @mysql_user_password %>" -admin_password="<%= @admin_password %>" location="<%= @location %>" bucket="<%= @s3_bucket %>" @@ -14,6 +13,9 @@ if [[ "${user_input}" == "IKnowWhatIAmDoing" ]]; then echo "WARNING: This will delete everything in the database and reinstall Nextcloud." echo "You have 10 seconds to abort by hitting CTRL/C" sleep 10s + echo "Setting temp admin password" + apt update && apt install -y apg + admin_password="$(apg -m 40 | head -1)" echo "Ok, proceeding." echo "Dropping database in 3 seconds" sleep 3s @@ -48,6 +50,11 @@ EOF instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') + echo "Now delete the admin user:" + echo " occ user:delete admin" + echo "and then create a new admin user:" + echo " /usr/local/bin/add_admin_user " + echo "" echo "Please use edit-secrets to add these variables to all Nextcloud servers:" echo "instanceid: DEC::PKCS7[${instanceid}]!" echo "secret: DEC::PKCS7[${secret}]!" diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 0936df0..6ca5473 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -9,8 +9,6 @@ services: <%- if @hostnet -%> network_mode: host <%- end -%> - environment: - - NC_PASS=<%= @admin_password%> volumes: - /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf diff --git a/templates/multinode/complete_reinstall.erb.sh b/templates/multinode/complete_reinstall.erb.sh index e448a0f..3e35175 100644 --- a/templates/multinode/complete_reinstall.erb.sh +++ b/templates/multinode/complete_reinstall.erb.sh @@ -3,10 +3,12 @@ config_php='/var/www/html/config/config.php' dbhost="<%= @dbhost %>" mysql_user_password="<%= @mysql_user_password %>" -admin_password="<%= @admin_password %>" location="<%= @location %>" bucket="<%= @s3_bucket %>" customer="<%= @customer %>" +echo "Setting temp admin password" +apt update && apt install -y apg +admin_password="$(apg -m 40 | head -1)" /usr/bin/mysql -e "drop database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 /usr/bin/mysql -e "create database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 @@ -35,6 +37,11 @@ EOF instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') +echo "Now delete the admin user:" +echo " occ user:delete admin" +echo "and then create a new admin user:" +echo " /usr/local/bin/add_admin_user " +echo "" echo "${customer}_instanceid: DEC::PKCS7[${instanceid}]!" echo "${customer}_secret: DEC::PKCS7[${secret}]!" echo "${customer}_passwordsalt: DEC::PKCS7[${passwordsalt}]!" From bff0aff8234fd407f7301b9551c50a05a44d7595 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 24 Oct 2024 12:19:05 +0200 Subject: [PATCH 118/124] remove admin pass from env --- templates/multinode/docker-compose_nextcloud.yml.erb | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index 8008cb7..eee8e71 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -15,8 +15,6 @@ services: - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log - <%= @audit_log_path %>:/var/www/html/data/audit.log - <%= @rclone_conf_path %>:/rclone.conf - environment: - - NC_PASS=<%= @admin_password%> networks: - default - proxysql_proxysql From d5e88dd431cb5d6f006c852e047727a495046214 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 24 Oct 2024 12:29:31 +0200 Subject: [PATCH 119/124] Dummy edit --- templates/multinode/docker-compose_nextcloud.yml.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index eee8e71..b536672 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -15,6 +15,7 @@ services: - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log - <%= @audit_log_path %>:/var/www/html/data/audit.log - <%= @rclone_conf_path %>:/rclone.conf + networks: - default - proxysql_proxysql From 812a56cf990a5c2e9f4715423a41173dcb84c560 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Mon, 4 Nov 2024 10:58:52 +0100 Subject: [PATCH 120/124] check_replication: Add user to docker exec to be able to check rootless builds. --- templates/mariadb_backup/check_replication.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/check_replication.erb b/templates/mariadb_backup/check_replication.erb index f133caa..8d4eab6 100755 --- a/templates/mariadb_backup/check_replication.erb +++ b/templates/mariadb_backup/check_replication.erb @@ -1,6 +1,6 @@ #!/bin/bash -result="$(docker exec mariadb_backup_mariadb_backup_1 mysql -p<%= @mysql_root_password %> -BN -e 'show status like "slave_running"')" +result="$(docker exec -u root mariadb_backup_mariadb_backup_1 mysql -p<%= @mysql_root_password %> -BN -e 'show status like "slave_running"')" if [[ "${result}" == "Slave_running ON" ]]; then echo "OK: Replica running" exit 0 From 932d91364e45809595cdbccfc5f31872c0aeaa84 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 12 Nov 2024 15:33:29 +0100 Subject: [PATCH 121/124] Script to remount userbuckets as project buckets --- manifests/app_type.pp | 8 +++ .../remount_user_bucket_as_project.sh | 72 +++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100755 templates/application/remount_user_bucket_as_project.sh diff --git a/manifests/app_type.pp b/manifests/app_type.pp index b377c8a..5e8f6a2 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -141,6 +141,14 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/upgrade23-25.erb.sh'), mode => '0744', } + file { '/usr/local/bin/remount_user_bucket_as_project.sh': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/remount_user_bucket_as_project.sh'), + mode => '0744', + } file { '/opt/rotate/conf.d/nextcloud.conf': ensure => file, force => true, diff --git a/templates/application/remount_user_bucket_as_project.sh b/templates/application/remount_user_bucket_as_project.sh new file mode 100755 index 0000000..4192993 --- /dev/null +++ b/templates/application/remount_user_bucket_as_project.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +mountid="${1}" +user="${2}" +container="${3}" +if [[ -z ${mountid} ]] || [[ -z ${user} ]]; then + echo "We need a valid mount id and user to proceed" + echo "Usage: ${0} []" + exit +fi + +if [[ -z ${container} ]]; then + container="nextcloud_app_1" +fi + +occ="/usr/local/bin/occ" +function get_config { + ${occ} files_external:config ${mountid} ${1} +} + +bucket="$(get_config bucket)" +hostname="$(get_config hostname)" +key="$(get_config key)" +port="$(get_config port)" +region="$(get_config region)" +secret="$(get_config secret)" +jsonfile="/tmp/${user}-user-bucket.json" +mount_point="${user/@/-}" +mount_point="${mount_point/./-}-user-bucket" + +echo "This will remount the user bucket with mountid ${mountid} for ${user} as project bucket with mountpoint ${mount_point}." +read -r -p "Press enter to continue" + +echo ' +[ + { + "mount_point": "\/'${mount_point}'", + "storage": "\\OCA\\Files_External\\Lib\\Storage\\AmazonS3", + "authentication_type": "amazons3::accesskey", + "configuration": { + "bucket": "'${bucket}'", + "hostname": "'${hostname}'", + "key": "'${key}'", + "legacy_auth": false, + "port": "'${port}'", + "region": "'${region}'", + "secret": "'${secret}'", + "storageClass": "", + "useMultipartCopy": false, + "use_path_style": true, + "use_ssl": true + }, + "options": { + "encrypt": true, + "previews": true, + "enable_sharing": true, + "filesystem_check_changes": 0, + "encoding_compatibility": false, + "readonly": false + }, + "applicable_users": [ + ], + "applicable_groups": ["admin"] + } +] +' > "${jsonfile}" + + +docker cp ${jsonfile} ${container}:/${jsonfile} +${occ} files_external:import /${jsonfile} +docker exec ${container} rm /${jsonfile} +${occ} files_external:delete ${mountid} From 5913537c34a5149ccfaee153e7b3ff8ad0f5073a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 12 Nov 2024 15:44:15 +0100 Subject: [PATCH 122/124] Remove newlines and such --- templates/application/remount_user_bucket_as_project.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/application/remount_user_bucket_as_project.sh b/templates/application/remount_user_bucket_as_project.sh index 4192993..bfe89e8 100755 --- a/templates/application/remount_user_bucket_as_project.sh +++ b/templates/application/remount_user_bucket_as_project.sh @@ -15,7 +15,7 @@ fi occ="/usr/local/bin/occ" function get_config { - ${occ} files_external:config ${mountid} ${1} + ${occ} files_external:config ${mountid} ${1} | tr -d '\n\t\r' } bucket="$(get_config bucket)" From 1aae63ba0792de38933b66229ebda8c5c10d7f3b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 12 Nov 2024 15:51:54 +0100 Subject: [PATCH 123/124] Clean up --- templates/application/remount_user_bucket_as_project.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/application/remount_user_bucket_as_project.sh b/templates/application/remount_user_bucket_as_project.sh index bfe89e8..8027081 100755 --- a/templates/application/remount_user_bucket_as_project.sh +++ b/templates/application/remount_user_bucket_as_project.sh @@ -69,4 +69,5 @@ echo ' docker cp ${jsonfile} ${container}:/${jsonfile} ${occ} files_external:import /${jsonfile} docker exec ${container} rm /${jsonfile} +rm ${jsonfile} ${occ} files_external:delete ${mountid} From ce745ff6b00e90efcff31860d190a3c7df0f27bb Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 12 Nov 2024 16:01:43 +0100 Subject: [PATCH 124/124] Fix port and add more output --- .../application/remount_user_bucket_as_project.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/templates/application/remount_user_bucket_as_project.sh b/templates/application/remount_user_bucket_as_project.sh index 8027081..797cd74 100755 --- a/templates/application/remount_user_bucket_as_project.sh +++ b/templates/application/remount_user_bucket_as_project.sh @@ -18,11 +18,17 @@ function get_config { ${occ} files_external:config ${mountid} ${1} | tr -d '\n\t\r' } +echo "Gathering information, hang tight." + +echo -n "." bucket="$(get_config bucket)" +echo -n "." hostname="$(get_config hostname)" +echo -n "." key="$(get_config key)" -port="$(get_config port)" +echo -n "." region="$(get_config region)" +echo -n "." secret="$(get_config secret)" jsonfile="/tmp/${user}-user-bucket.json" mount_point="${user/@/-}" @@ -42,7 +48,7 @@ echo ' "hostname": "'${hostname}'", "key": "'${key}'", "legacy_auth": false, - "port": "'${port}'", + "port": "443", "region": "'${region}'", "secret": "'${secret}'", "storageClass": "",