From 6299dad4fd5a98f570a700da5b6a1443071d1541 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 20 May 2024 10:44:37 +0200 Subject: [PATCH 001/247] Update config for lookup server --- manifests/lookup.pp | 5 +++++ templates/lookup/config.php.erb | 27 ++++++++++++++++++++------- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/manifests/lookup.pp b/manifests/lookup.pp index ccd7b43..88db327 100644 --- a/manifests/lookup.pp +++ b/manifests/lookup.pp @@ -5,6 +5,9 @@ class sunetdrive::lookup ( ) { $environment = sunetdrive::get_environment() + $config = lookup($environment, undef, undef, undef) + + $public_url = "https://${config['site_name']}" # Firewall settings @@ -13,8 +16,10 @@ class sunetdrive::lookup ( $dbhost = 'proxysql_proxysql_1' $gss_jwt_key = safe_hiera('gss_jwt_key') + $replication_auth = safe_hiera('replication_auth') $mysql_user_password = safe_hiera('mysql_user_password') $lookup_version = hiera("lookup_version_${environment}") + $email_sender = $config['email_sender'] #Create users user { 'www-data': ensure => present, system => true } diff --git a/templates/lookup/config.php.erb b/templates/lookup/config.php.erb index ce464dd..c7f9551 100644 --- a/templates/lookup/config.php.erb +++ b/templates/lookup/config.php.erb @@ -1,16 +1,29 @@ - "<%= @gss_jwt_key %>", 'DB' => [ 'host' => "<%= @dbhost %>", 'db' => "lookup" , 'user' => "lookup", 'pass' => "<%= @mysql_user_password %>", ], - + 'EMAIL_SENDER' => '<%= @email_sender %>', + 'ERROR_VERBOSE' => false, 'GLOBAL_SCALE' => true, - - 'AUTH_KEY' => "<%= @gss_jwt_key %>", -]; \ No newline at end of file + 'IP_BLACKLIST' => [ + ], + 'MAX_REQUESTS' => 10000, + 'MAX_SEARCH_PAGE' => 10, + 'PUBLIC_URL' => '<%= @public_url %>', + 'REPLICATION_AUTH' => '<%= @replication_auth %>', + 'REPLICATION_HOSTS' => [ + ], + 'SPAM_BLACKLIST' => [ + ], + 'TWITTER' => [ + 'CONSUMER_KEY' => '', + 'CONSUMER_SECRET' => '', + 'ACCESS_TOKEN' => '', + 'ACCESS_TOKEN_SECRET' => '', + ], +]; From 16496dfded2936330d664d8ad21a2a7d87ac4c3e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 19 Jun 2024 09:09:59 +0200 Subject: [PATCH 002/247] Fix rclone cert issue --- templates/script/listusers.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/script/listusers.erb.sh b/templates/script/listusers.erb.sh index be0c500..c261e31 100644 --- a/templates/script/listusers.erb.sh +++ b/templates/script/listusers.erb.sh @@ -11,7 +11,7 @@ base_dir="${project}:${bucket}" stat_dir="/opt/statistics" customer_dir="${stat_dir}/${location}" mkdir -p "${customer_dir}" -rclone mkdir "${base_dir}/${location}" +rclone mkdir --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies "${base_dir}/${location}" echo "${userjson}" | jq . >"${customer_dir}/users.json" status=${?} if [[ ${status} -eq 0 ]]; then From 765e0b41cb9549a343c58e96e5044e9caecbf9c3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 25 Jun 2024 11:19:53 +0200 Subject: [PATCH 003/247] Use correect variable --- templates/script/backup-all-buckets.erb.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/script/backup-all-buckets.erb.sh b/templates/script/backup-all-buckets.erb.sh index d808c42..cf19cdc 100644 --- a/templates/script/backup-all-buckets.erb.sh +++ b/templates/script/backup-all-buckets.erb.sh @@ -25,9 +25,9 @@ projects+=("<%= project['project'] %> <%= project['mirror_project'] %> <%= singl #<% end %> #<% end %> #<% else %> -declare -a projects=("<%= @primary_project %> <%= @mirror_project %> <%= customer %>") +declare -a projects=("<%= @primary_project %> <%= @mirror_project %> ${customer}") #<% @assigned_projects.each do |project| %> -projects+=("<%= project['project'] %> <%= project['mirror_project'] %> <%= customer %>") +projects+=("<%= project['project'] %> <%= project['mirror_project'] %> ${customer}") #<% end %> #<% end %> From 6e5831367eec92e8646d8a347d4b652dfb4cd690 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 25 Jun 2024 18:09:13 +0200 Subject: [PATCH 004/247] No ports for mode host --- templates/lookup/docker-compose_lookup.yml.erb | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/lookup/docker-compose_lookup.yml.erb b/templates/lookup/docker-compose_lookup.yml.erb index 59fc38b..0fbf94d 100644 --- a/templates/lookup/docker-compose_lookup.yml.erb +++ b/templates/lookup/docker-compose_lookup.yml.erb @@ -13,7 +13,5 @@ services: - 89.46.20.75 - 89.46.21.29 - 89.32.32.32 - ports: - - 443:443 command: apachectl -D FOREGROUND tty: true From 3738e703b6c50e353f03daa8071f25cd18b4a84e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Jun 2024 09:14:59 +0200 Subject: [PATCH 005/247] Clean up logic --- templates/script/backup-all-buckets.erb.sh | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/templates/script/backup-all-buckets.erb.sh b/templates/script/backup-all-buckets.erb.sh index cf19cdc..c15b605 100644 --- a/templates/script/backup-all-buckets.erb.sh +++ b/templates/script/backup-all-buckets.erb.sh @@ -46,16 +46,20 @@ function do_backup { ps aux | grep duplicity | grep "[^a-zA-Z]${bucket}" > /dev/null local oktorun=$? # 1 == this bucket has no other bakup process in progress mkdir -p ${mountpoint} - [[ ${oktorun} -ne 0 ]] && rclone mount ${project}:${bucket} ${mountpoint}/ --daemon --allow-other --dir-cache-time 24h - rclone mkdir ${mirror}:${mirrorbucket} - [[ ${oktorun} -ne 0 ]] && duplicity --full-if-older-than 1M --asynchronous-upload --tempdir /mnt --archive-dir /mnt \ - --no-encryption ${mountpoint} rclone://${mirror}:/${mirrorbucket} && \ - [[ -n "${extra_backup_jobs[${customer}]}" ]] && [[ -f ${extra_backup_jobs[${customer} ]] && ${extra_backup_jobs[${customer}]} - umount ${mountpoint} - rmdir ${mountpoint} - # Clean up - [ ${oktorun} -ne 0 ] && duplicity remove-all-but-n-full ${number_of_full_to_keep} --tempdir /mnt --archive-dir /mnt \ + if [[ ${oktorun} -ne 0 ]]; then + rclone mount ${project}:${bucket} ${mountpoint}/ --daemon --allow-other --dir-cache-time 24h + rclone mkdir ${mirror}:${mirrorbucket} + duplicity --full-if-older-than 1M --asynchronous-upload --tempdir /mnt --archive-dir /mnt \ + --no-encryption ${mountpoint} rclone://${mirror}:/${mirrorbucket} + if [[ -n "${extra_backup_jobs[${customer}]}" ]] && [[ -f ${extra_backup_jobs[${customer} ]]; then + ${extra_backup_jobs[${customer}]} + fi + umount ${mountpoint} + rmdir ${mountpoint} + # Clean up + duplicity remove-all-but-n-full ${number_of_full_to_keep} --tempdir /mnt --archive-dir /mnt \ --force rclone://${mirror}:/${mirrorbucket} + fi } for entry in "${projects[@]}"; do From 4a45670bec7e062f60247a5959fdeb2d1d9b9801 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Jun 2024 09:40:36 +0200 Subject: [PATCH 006/247] Fix syntax error --- templates/script/backup-all-buckets.erb.sh | 56 +++++++++++----------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/templates/script/backup-all-buckets.erb.sh b/templates/script/backup-all-buckets.erb.sh index c15b605..96ccd29 100644 --- a/templates/script/backup-all-buckets.erb.sh +++ b/templates/script/backup-all-buckets.erb.sh @@ -15,7 +15,7 @@ extra_backup_jobs["<%= client %>"]="<%= job %>" #<% if @location.start_with?('common') %> declare -a sixmonths=('mau') if [[ " ${sixmonths[*]} " =~ " ${customer} " ]]; then - number_of_full_to_keep=6 + number_of_full_to_keep=6 fi declare -a projects #<% @singlenodes.each do |singlenode| %> @@ -37,47 +37,45 @@ fi function do_backup { - local project="${1}" - local mirror="${2}" - local bucket="${3}" - local customer="${4}" - local mirrorbucket="${bucket}-mirror" - local mountpoint="/opt/backupmounts/${bucket}" - ps aux | grep duplicity | grep "[^a-zA-Z]${bucket}" > /dev/null - local oktorun=$? # 1 == this bucket has no other bakup process in progress - mkdir -p ${mountpoint} - if [[ ${oktorun} -ne 0 ]]; then + local project="${1}" + local mirror="${2}" + local bucket="${3}" + local customer="${4}" + local mirrorbucket="${bucket}-mirror" + local mountpoint="/opt/backupmounts/${bucket}" + ps aux | grep duplicity | grep "[^a-zA-Z]${bucket}" > /dev/null + local oktorun=$? # 1 == this bucket has no other bakup process in progress + if [[ ${oktorun} -ne 0 ]]; then + mkdir -p ${mountpoint} rclone mount ${project}:${bucket} ${mountpoint}/ --daemon --allow-other --dir-cache-time 24h rclone mkdir ${mirror}:${mirrorbucket} - duplicity --full-if-older-than 1M --asynchronous-upload --tempdir /mnt --archive-dir /mnt \ - --no-encryption ${mountpoint} rclone://${mirror}:/${mirrorbucket} - if [[ -n "${extra_backup_jobs[${customer}]}" ]] && [[ -f ${extra_backup_jobs[${customer} ]]; then + duplicity --full-if-older-than 1M --asynchronous-upload --tempdir /mnt --archive-dir /mnt --no-encryption ${mountpoint} rclone://${mirror}:/${mirrorbucket} + if [[ "${extra_backup_jobs[${customer}]:+none}" != "none" ]] && [[ -f "${extra_backup_jobs[${customer}]}" ]]; then ${extra_backup_jobs[${customer}]} fi umount ${mountpoint} rmdir ${mountpoint} - # Clean up - duplicity remove-all-but-n-full ${number_of_full_to_keep} --tempdir /mnt --archive-dir /mnt \ - --force rclone://${mirror}:/${mirrorbucket} + # Clean up + duplicity remove-all-but-n-full ${number_of_full_to_keep} --tempdir /mnt --archive-dir /mnt --force rclone://${mirror}:/${mirrorbucket} fi } for entry in "${projects[@]}"; do - project=$(echo ${entry} | awk '{print $1}') - mirror=$(echo ${entry} | awk '{print $2}') - customer=$(echo ${entry} | awk '{print $3}') - for bucket in $(rclone lsd ${project}:/ | awk '{print $5}'); do - maybesize=$(timeout 30s rclone size --json ${project}:${bucket}) + project=$(echo ${entry} | awk '{print $1}') + mirror=$(echo ${entry} | awk '{print $2}') + customer=$(echo ${entry} | awk '{print $3}') + for bucket in $(rclone lsd ${project}:/ | awk '{print $5}'); do + maybesize=$(timeout 30s rclone size --json ${project}:${bucket}) if [[ ${?} -eq 124 ]]; then size=$((${fork_limit} * 1000000001)) else size=$(echo ${maybesize} | jq -r '.bytes' ) fi - # If bucket is above 50 GB we fork - if [[ ${size} -gt $((${fork_limit} * 1000000000)) ]]; then - do_backup ${project} ${mirror} ${bucket} ${customer} & - else - do_backup ${project} ${mirror} ${bucket} ${customer} - fi - done + # If bucket is above 50 GB we fork + if [[ ${size} -gt $((${fork_limit} * 1000000000)) ]]; then + do_backup ${project} ${mirror} ${bucket} ${customer} & + else + do_backup ${project} ${mirror} ${bucket} ${customer} + fi + done done From adeaea5a3799b45d7ed0a699a8ba8a21afdab998 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Jun 2024 09:58:18 +0200 Subject: [PATCH 007/247] Fix bug in script --- manifests/script.pp | 2 +- .../create_folders_in_fullnode_buckets.erb.sh | 46 +++++++++---------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f4a9e84..b70c78d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -250,7 +250,7 @@ class sunetdrive::script ( if $customer in ['extern', 'gih', 'hkr', 'suni', 'common', 'su', 'lnu'] { sunet::scriptherder::cronjob { 'makebuckets': ensure => absent, - cmd => 'bin/true', + cmd => 'bin/true', } } else { sunet::scriptherder::cronjob { 'makebuckets': diff --git a/templates/script/create_folders_in_fullnode_buckets.erb.sh b/templates/script/create_folders_in_fullnode_buckets.erb.sh index 8cfe792..526ce58 100644 --- a/templates/script/create_folders_in_fullnode_buckets.erb.sh +++ b/templates/script/create_folders_in_fullnode_buckets.erb.sh @@ -7,16 +7,16 @@ include_userbuckets="<%= @include_userbuckets %>" container="nextcloud_app_1" yq="/usr/local/bin/yq" if ! [[ -x ${yq} ]]; then - pip install yq + pip install yq fi declare -a directories if [[ -n ${1} ]]; then - directories=("${@}") + directories=("${@}") else - directories+=("Arbetsmaterial") - directories+=("Bevarande") - directories+=("Gallringsbart") + directories+=("Arbetsmaterial") + directories+=("Bevarande") + directories+=("Gallringsbart") fi olddir="${PWD}" @@ -25,31 +25,31 @@ dirty=0 primary='' declare -a users=( 'admin' ) cd "${tempdir}" || echo "Could not cd to tempdir" -declare -a projects=( "${yq}" -r '.project_mapping.'"${customer}"'.'"${environment}"'.assigned | "\(.[].project)"' /etc/hiera/data/common.yaml ) +declare -a projects=( $("${yq}" -r '.project_mapping.'"${customer}"'.'"${environment}"'.assigned | "\(.[].project)"' /etc/hiera/data/common.yaml) ) if [[ "${include_userbuckets}" == "true" ]]; then - primary=$("${yq}" -r '.project_mapping.'"${customer}"'.'"${environment}"'.primary_project' /etc/hiera/data/common.yaml) - projects+=( "${primary}" ) + primary=$("${yq}" -r '.project_mapping.'"${customer}"'.'"${environment}"'.primary_project' /etc/hiera/data/common.yaml) + projects+=( "${primary}" ) fi for project in "${projects[@]}"; do - for bucket in $(rclone lsd "${project}:" | awk '{print $NF}' | grep -E -v '^primary'); do - count=$(rclone size --json "${project}:${bucket}" | jq -r .count) - if [[ ${count} -gt 0 ]]; then - echo "Skipping ${project}:${bucket} because it has stuff in it already" - continue - fi - for directory in "${directories[@]}"; do - dirty=1 + for bucket in $(rclone lsd "${project}:" | awk '{print $NF}' | grep -E -v '^primary'); do + count=$(rclone size --json "${project}:${bucket}" | jq -r .count) + if [[ ${count} -gt 0 ]]; then + echo "Skipping ${project}:${bucket} because it has stuff in it already" + continue + fi + for directory in "${directories[@]}"; do + dirty=1 if [[ -n ${primary} ]] && [[ ${project} == "${primary}" ]] ; then user=$(echo "${bucket}" | awk -F '-' '{print $1}') users+=( "${user}@${eppn_suffix}" ) fi - echo "Creating ${project}:${bucket}/${directory} because it looks nice and empty" - temp="README.md" - echo "**${directory}**" >"${temp}" - echo "Var god lämna kvar denna fil/Please leave this file" >>"${temp}" - rclone --no-traverse move "${temp}" "${project}:${bucket}/${directory}" - done - done + echo "Creating ${project}:${bucket}/${directory} because it looks nice and empty" + temp="README.md" + echo "**${directory}**" >"${temp}" + echo "Var god lämna kvar denna fil/Please leave this file" >>"${temp}" + rclone --no-traverse move "${temp}" "${project}:${bucket}/${directory}" + done + done done cd "${olddir}" || echo "could not cd to home dir" rmdir "${tempdir}" From eef539928e442ac824cbb34a6a11a59083cc2e8d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Jun 2024 10:19:53 +0200 Subject: [PATCH 008/247] Switch logic --- templates/script/backup-all-buckets.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/script/backup-all-buckets.erb.sh b/templates/script/backup-all-buckets.erb.sh index 96ccd29..853b772 100644 --- a/templates/script/backup-all-buckets.erb.sh +++ b/templates/script/backup-all-buckets.erb.sh @@ -50,7 +50,7 @@ function do_backup { rclone mount ${project}:${bucket} ${mountpoint}/ --daemon --allow-other --dir-cache-time 24h rclone mkdir ${mirror}:${mirrorbucket} duplicity --full-if-older-than 1M --asynchronous-upload --tempdir /mnt --archive-dir /mnt --no-encryption ${mountpoint} rclone://${mirror}:/${mirrorbucket} - if [[ "${extra_backup_jobs[${customer}]:+none}" != "none" ]] && [[ -f "${extra_backup_jobs[${customer}]}" ]]; then + if [[ "${extra_backup_jobs[${customer}]:+found}" == "found" ]] && [[ -f "${extra_backup_jobs[${customer}]}" ]]; then ${extra_backup_jobs[${customer}]} fi umount ${mountpoint} From d696c19242a552237ea7e08e1c4ace97cae4b4cf Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Jun 2024 12:48:50 +0200 Subject: [PATCH 009/247] Add backup script for hb --- manifests/script.pp | 11 +++++++++++ templates/script/backup-hb.erb.sh | 6 ++++++ 2 files changed, 17 insertions(+) create mode 100755 templates/script/backup-hb.erb.sh diff --git a/manifests/script.pp b/manifests/script.pp index b70c78d..fdabf30 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -97,6 +97,10 @@ class sunetdrive::script ( unless => "python3 -m pip list | grep drive-utils | grep ${drive_version}", require => Package['python3'], } + file { '/opt/backups/scripts': + ensure => directory, + mode => '0700' + } file { '/root/.ssh/': ensure => directory, mode => '0700', @@ -335,6 +339,13 @@ class sunetdrive::script ( group => 'root', mode => '0700', } + file { '/opt/backups/scripts/hb.sh': + ensure => file, + content => template('sunetdrive/script/backup-hb.erb.sh'), + owner => 'root', + group => 'root', + mode => '0700', + } sunet::scriptherder::cronjob { 'backupmultinodedb': cmd => '/root/tasks/backupmultinodedb.sh', hour => '2', diff --git a/templates/script/backup-hb.erb.sh b/templates/script/backup-hb.erb.sh new file mode 100755 index 0000000..706b589 --- /dev/null +++ b/templates/script/backup-hb.erb.sh @@ -0,0 +1,6 @@ +#!/bin/bash +environ="prod" +if [[ $(hostname -d) == "drive.test.sunet.se" ]]; then + environ="test" +fi +rsync -e "ssh -i ${HOME}/.ssh/id_script" -avz /opt/backupmounts/ "sd-${environ}@sd-${environ}-backup.hb.se:~/sd-${environ}" From 76fe97382da5b5905721f17a9ad2245d0dc7299c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 28 Jun 2024 10:57:13 +0200 Subject: [PATCH 010/247] loglevel 1 https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html This should mean we still have all relevant loginfo we need, such as logins and file operations --- templates/application/config.php.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index af642f6..09dee08 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -68,7 +68,7 @@ $CONFIG = array ( 'instanceid' => '<%= @instanceid %>', 'integrity.check.disabled' => true, 'log_type' => 'file', - 'loglevel' => 0, + 'loglevel' => 1, 'lookup_server' => '<%= @lookup_server %>', 'mail_domain' => '<%= @mail_domain %>', 'mail_from_address' => '<%= @mail_from_address %>', From 6a5000a557ac6ab4fbb2af3ac66190895f530996 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 011/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index dc5aec8..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -14,4 +14,28 @@ class sunetdrive::multinode_db(){ mode => '0744', } } + if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { + notify { 'hostmessage': + message => "We are on multinode-db1. Set up statistics environment.", + } + $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' + $local_path = '/tmp/rclone-current-linux-amd64.deb' + exec { 'rclone_deb': + command => "/usr/bin/wget -q ${rclone_url} -O ${local_path}", + creates => $local_path, + } + package { 'rclone': + ensure => installed, + provider => dpkg, + source => $local_path, + require => Exec['rclone_deb'], + } + file { '/root/.rclone.conf': + ensure => file, + content => template('sunetdrive/mariadb_backup/rclone.conf.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } + } } From 9364391ad54e7f37e6ee8d147f9ad5fc2a8b3cc7 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 012/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From ea09557c1a0fd429cb6e0abe9b6641a479dad7d0 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 9 Sep 2024 16:03:30 +0200 Subject: [PATCH 013/247] Don't use incudes like this in newer puppet --- manifests/dockerhost.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/dockerhost.pp b/manifests/dockerhost.pp index 069fac3..e5d13cf 100644 --- a/manifests/dockerhost.pp +++ b/manifests/dockerhost.pp @@ -1,4 +1,3 @@ -include apt # Wrapper for sunet::dockerhost to do thiss specific things class sunetdrive::dockerhost( String $version = safe_hiera('docker_version'), From ffc5170fc0da102f9aa98e24e6da61ab92beb397 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 014/247] Create parent dir --- manifests/script.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/script.pp b/manifests/script.pp index d940ea1..3d1ace0 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -108,6 +108,10 @@ class sunetdrive::script ( unless => "python3 -m pip list | grep drive-utils | grep ${drive_version}", require => Package['python3'], } + file { '/opt/backups': + ensure => directory, + mode => '0700' + } file { '/opt/backups/scripts': ensure => directory, mode => '0700' From dd022213a65682791d824a9fd9f481c2e5c5f14d Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 015/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,12 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } } } From d0260d7c05114aa962c4d4a2d9f956d1498240da Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 016/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From 98a02615ccfc5d70ec928a7278b202c693829945 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 18 Sep 2024 12:37:48 +0200 Subject: [PATCH 017/247] Install netcat on nodes and backup --- manifests/app_type.pp | 1 + manifests/mariadb_backup.pp | 1 + 2 files changed, 2 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 1828bee..5ce6f7f 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -5,6 +5,7 @@ define sunetdrive::app_type ( $override_config = undef, $override_compose = undef ) { + include sunet::packages::netcat_openbsd # Config from group.yaml and customer specific conf $environment = sunetdrive::get_environment() $customer = sunetdrive::get_customer() diff --git a/manifests/mariadb_backup.pp b/manifests/mariadb_backup.pp index 2a9dd6c..bc817f8 100644 --- a/manifests/mariadb_backup.pp +++ b/manifests/mariadb_backup.pp @@ -1,5 +1,6 @@ # This is a asyncronous replica of the Maria DB Cluster for SUNET Drive class sunetdrive::mariadb_backup($tag_mariadb=undef, $location=undef) { + include sunet::packages::netcat_openbsd $dirs = [ 'datadir', 'init', 'conf', 'backups' ] $dirs.each | $dir | { ensure_resource('file',"/opt/mariadb_backup/${dir}", { ensure => directory, recurse => true } ) From b0ded4d0efda0774aa93b4241b843d23536be9d7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 018/247] Move hee from cosmos-sites.pp --- manifests/common.pp | 48 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 manifests/common.pp diff --git a/manifests/common.pp b/manifests/common.pp new file mode 100644 index 0000000..d3acb7f --- /dev/null +++ b/manifests/common.pp @@ -0,0 +1,48 @@ + +# Common class +class sunetdrive::common { + include sunet::tools + include sunet::motd + include sunet::ntp + include apt + include apparmor + include sunet::packages::jq + if $::facts['sunet_nftables_enabled'] != 'yes' { + warning('Enabling UFW') + include ufw + } else { + if $facts['networking']['hostname'] =~ /^kube[wc]/ { + warning('Setting nftables to installed but disabled') + ensure_resource ('class','sunet::nftables::init', { enabled => false }) + } else { + warning('Enabling nftables') + ensure_resource ('class','sunet::nftables::init', { }) + } + } + package {'sysstat': ensure => 'latest'} + package {'needrestart': ensure => installed} + service {'sysstat': provider => 'systemd'} + file_line { 'enable_sa': + ensure => 'present', + line => 'ENABLED="true"', + path => '/etc/default/sysstat', + match => 'ENABLED="false"', + require => Package['sysstat'], + } + file_line { 'sa_cron_comment': + ensure => 'present', + line => '# Activity reports every 2 minutes everyday', + path => '/etc/cron.d/sysstat', + match => '^#\ Activity\ reports\ every\ 10\ minutes\ everyday', + require => Package['sysstat'], + notify => Service['sysstat'], + } + file_line { 'sa_cron': + ensure => 'present', + line => '*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1', + path => '/etc/cron.d/sysstat', + match => '^5-55/10', + require => Package['sysstat'], + notify => Service['sysstat'], + } +} From 705d3c87326db4fb6838c5a7a076b25b79b91dd1 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 019/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,12 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } } } From f339aa2865569bb464b424cccbed92e52c24c235 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 020/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From fc2079e2fa1c23ea076ea62cb425f29f85c87712 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 021/247] Add audit log to other logs --- manifests/app_type.pp | 10 +++++++++- manifests/multinode.pp | 8 ++++++++ templates/application/docker-compose_nextcloud.yml.erb | 3 ++- templates/multinode/compress-logs.erb.sh | 2 +- templates/multinode/docker-compose_nextcloud.yml.erb | 3 ++- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 5ce6f7f..493929d 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -148,7 +148,8 @@ define sunetdrive::app_type ( force => true, owner => 'root', group => 'root', - content => "#This file is managed by puppet\n#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n", + content => "#This file is managed by puppet +#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n/opt/nextcloud/audit.log:180:256\n", mode => '0644', } file { '/opt/rotate/conf.d/redis.conf': @@ -199,6 +200,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0644', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', diff --git a/manifests/multinode.pp b/manifests/multinode.pp index eeffdb4..9620cb7 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -264,6 +264,7 @@ MACAddressPolicy=none' $mail_from_address = hiera("mail_from_address_${environment}") $mail_smtphost = hiera("mail_smtphost_${environment}") $nextcloud_log_path ="/opt/multinode/${customer}/nextcloud.log" + $audit_log_path ="/opt/multinode/${customer}/audit.log" if $customer_config['nextcloud_version'] { $nextcloud_version = $customer_config['nextcloud_version'] } else { @@ -384,6 +385,13 @@ MACAddressPolicy=none' group => 'root', mode => '0644', } + file { $audit_log_path: + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { $rclone_conf_path: ensure => present, owner => 'www-data', diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 8c74570..0936df0 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -21,6 +21,7 @@ services: - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh - /opt/nextcloud/config.php:/var/www/html/config/config.php - /opt/nextcloud/nextcloud.log:/var/www/html/data/nextcloud.log + - /opt/nextcloud/audit.log:/var/www/html/data/audit.log - /opt/nextcloud/rclone.conf:/rclone.conf <%- if @skeletondirectory -%> - /opt/nextcloud/skeleton:<%= @skeletondirectory %> @@ -42,7 +43,7 @@ services: ports: - 443:443 <%- end -%> - command: sh -c 'tail -f /var/www/html/data/nextcloud.log | tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' + command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true <%- if !@hostnet -%> diff --git a/templates/multinode/compress-logs.erb.sh b/templates/multinode/compress-logs.erb.sh index 9468c85..5e5e341 100644 --- a/templates/multinode/compress-logs.erb.sh +++ b/templates/multinode/compress-logs.erb.sh @@ -5,7 +5,7 @@ no_files=30 # Keep this many files as an archive, script is run once a week # a specific host, but will differ between hosts sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m -for logfile in $(ls /opt/multinode/*/{nextcloud.log,server/server.log}); do +for logfile in $(ls /opt/multinode/*/{nextcloud.log,audit.log,server/server.log}); do if [[ -f ${logfile}.gz.${no_files} ]]; then rm ${logfile}.gz.${no_files} fi diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index c6f0bb3..8008cb7 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -13,6 +13,7 @@ services: - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini - <%= @config_php_path %>:/var/www/html/config/config.php - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log + - <%= @audit_log_path %>:/var/www/html/data/audit.log - <%= @rclone_conf_path %>:/rclone.conf environment: - NC_PASS=<%= @admin_password%> @@ -25,7 +26,7 @@ services: - 89.32.32.32 ports: - <%= @https_port %>:443 - command: apachectl -D FOREGROUND + command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true networks: From d135f415d0887b1f7890044d67d0d64a35a0f80b Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 022/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,12 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } } } From 473f7029437b90f9e8ab7e7c3d32f33618816d70 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 023/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From 66bd2e9babe557aa173d53dafbd553d047b0d11d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:29:07 +0200 Subject: [PATCH 024/247] Move nrpe class from opsrepo --- manifests/nrpe.pp | 79 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 manifests/nrpe.pp diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp new file mode 100644 index 0000000..c13f0ea --- /dev/null +++ b/manifests/nrpe.pp @@ -0,0 +1,79 @@ + +# NRPE class +class sunetdrive::nrpe( + $loadw = '15,10,5', + $loadc = '30,25,20', + $procsw = 150, + $procsc = 200, +) { + + require apt + class { 'sunet::nagios': + command_timeout => 600, + loadw => $loadw, + loadc => $loadc, + procsw => $procsw, + procsc => $procsc, + } + package {'nagios-plugins-contrib': ensure => latest} + if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '22.04') >= 0 ){ + $mem_w = '90' + $mem_c = '95' + } else { + $mem_w = '10' + $mem_c = '5' + } + $checks = ['nrpe_check_memory'] + $checks.each |$check| { + ensure_resource("sunet::nagios::${check}", "nagios-nrpe-${check}") + } + sunet::nagios::nrpe_command {'check_entropy': + command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' + } + sunet::nagios::nrpe_command {'check_ntp_time': + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + } + sunet::nagios::nrpe_command {'check_scriptherder': + command_line => '/usr/local/bin/scriptherder --mode check' + } + sunet::sudoer {'nagios_run_needrestart_command': + user_name => 'nagios', + collection => 'nrpe_needrestart_check', + command_line => '/usr/sbin/needrestart -p -l' + } + sunet::sudoer {'nagios_run_galera_command': + user_name => 'nagios', + collection => 'nrpe_galera_check', + command_line => '/usr/lib/nagios/plugins/check_galera_cluster -w 2 -c 1 -0' + } + sunet::nagios::nrpe_command {'check_galera_cluster': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_galera_cluster -w 2 -c 1 -0' + } + sunet::sudoer {'nagios_run_proxysql_command': + user_name => 'nagios', + collection => 'nrpe_proxysql_check', + command_line => '/usr/lib/nagios/plugins/check_proxysql_server, /usr/lib/nagios/plugins/check_mysql_server_status' + } + sunet::nagios::nrpe_command {'check_proxysql_server': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_proxysql_server' + } + sunet::sudoer {'nagios_run_replication_command': + user_name => 'nagios', + collection => 'nrpe_replication_check', + command_line => '/usr/local/bin/check_replication' + } + sunet::nagios::nrpe_command {'check_async_replication': + command_line => '/usr/bin/sudo /usr/local/bin/check_replication' + } + sunet::sudoer {'nagios_run_backup_command': + user_name => 'nagios', + collection => 'nrpe_backup_check', + command_line => '/usr/local/bin/check_backups' + } + sunet::nagios::nrpe_command {'check_backups': + command_line => '/usr/bin/sudo /usr/local/bin/check_backups' + } + sunet::nagios::nrpe_command {'check_mysql_server_status': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' + } +} From eeca6dfbe967cc163eaca710753b8630d5854870 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:46:50 +0200 Subject: [PATCH 025/247] Correct hostgroup name --- manifests/sitemonitornaemon.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp index fd07491..4602549 100644 --- a/manifests/sitemonitornaemon.pp +++ b/manifests/sitemonitornaemon.pp @@ -46,7 +46,7 @@ class sunetdrive::sitemonitornaemon() { mode => '0644', } nagioscfg::service {'check_scriptherder': - hostgroup_name => ['nrpe'], + hostgroup_name => ['sunetdrive::nrpe'], check_command => 'check_nrpe_1arg_to30!check_scriptherder', description => 'Scriptherder Status', contact_groups => ['naemon-admins'], From 8ba567e3859e210947deab6ae0d76d8206aab970 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 026/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,12 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } } } From 2c216513d363b65ac68835fdd69b0af8901e6dd5 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 027/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From cd1a4ba19cea6f0b1aa5e3ea015f7b1306f4dd97 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 18:10:38 +0200 Subject: [PATCH 028/247] Node3 sunet-prod reinstalled --- templates/mariadb_backup/rclone.conf.erb | 2 +- templates/reva/rclone.conf.erb | 2 +- templates/script/rclone.conf.erb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/mariadb_backup/rclone.conf.erb b/templates/mariadb_backup/rclone.conf.erb index 3d144dc..273e9bf 100644 --- a/templates/mariadb_backup/rclone.conf.erb +++ b/templates/mariadb_backup/rclone.conf.erb @@ -1,6 +1,6 @@ [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> diff --git a/templates/reva/rclone.conf.erb b/templates/reva/rclone.conf.erb index 3d144dc..273e9bf 100644 --- a/templates/reva/rclone.conf.erb +++ b/templates/reva/rclone.conf.erb @@ -1,6 +1,6 @@ [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> diff --git a/templates/script/rclone.conf.erb b/templates/script/rclone.conf.erb index e77212d..c7b55f7 100644 --- a/templates/script/rclone.conf.erb +++ b/templates/script/rclone.conf.erb @@ -14,7 +14,7 @@ endpoint = <%= @s3_host_mirror %> acl = private [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> From b66e072cf72d4b2e93ad90ff4afa7f47d0710820 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 1 Oct 2024 10:34:37 +0200 Subject: [PATCH 029/247] twofactor_enforced: Change manifest to work with fullnode --- manifests/app_type.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 493929d..ef15b0e 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -44,8 +44,8 @@ define sunetdrive::app_type ( $s3_secret = safe_hiera('s3_secret') $secret = safe_hiera('secret') } - $twofactor_enforced_groups = hiera_array('twofactor_enforced_groups') - $twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups') + $twofactor_enforced_groups = $config['twofactor_enforced_groups'] + $twofactor_enforced_excluded_groups = $config['twofactor_enforced_excluded_groups'] $nextcloud_version = hiera("nextcloud_version_${environment}") $nextcloud_version_string = split($nextcloud_version, '[-]')[0] # Common settings for multinode and full nodes From 4ec608adf264fa937ac3dccb2ae2fc54ab1a39af Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 1 Oct 2024 11:19:43 +0200 Subject: [PATCH 030/247] twofactor_enforced: Make template work with nil values --- templates/application/config.php.erb | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index 09dee08..ec36ad8 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -214,18 +214,22 @@ $CONFIG = array ( array ( 0 => 'admin', 1 => 'forcemfa', - <%- index = 2 -%> - <%- @twofactor_enforced_groups.each do |item| -%> + <%- if @twofactor_enforced_groups -%> + <%- index = 2 -%> + <%- @twofactor_enforced_groups.each do |item| -%> <%= index %> => '<%= item %>', - <%- index += 1 -%> + <%- index += 1 -%> + <%- end -%> <%- end -%> ), 'twofactor_enforced_excluded_groups' => array ( - <%- index = 0 -%> - <%- @twofactor_enforced_excluded_groups.each do |item| -%> + <%- if @twofactor_enforced_excluded_groups -%> + <%- index = 0 -%> + <%- @twofactor_enforced_excluded_groups.each do |item| -%> <%= index %> => '<%= item %>', - <%- index += 1 -%> + <%- index += 1 -%> + <%- end -%> <%- end -%> ), 'updatechecker' => false, From 66a81768c82d197d7e104515ad5ecdea9fe6844e Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 031/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,12 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } } } From 652f2fbdf7ceada1001f1b9d0240a2005fb9b125 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 032/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From f5297850d978a3f690e2acd44e0aff694a6613c9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 22:31:01 +0200 Subject: [PATCH 033/247] Add uptime check taht warns if server has been up for too long --- templates/scriptreceiver/check_max_uptime | 31 +++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 templates/scriptreceiver/check_max_uptime diff --git a/templates/scriptreceiver/check_max_uptime b/templates/scriptreceiver/check_max_uptime new file mode 100755 index 0000000..63fbb63 --- /dev/null +++ b/templates/scriptreceiver/check_max_uptime @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +import argparse +import sys + +parser = argparse.ArgumentParser() +parser.add_argument('-w', '--warning', + help='Warning threashold', + required=True) +parser.add_argument('-c', '--critical', + help='Critical threashold', + required=True) + +args = parser.parse_args() +warning = int(args.warning) +critical = int(args.critical) + +with open('/proc/uptime', 'r') as f: + uptime_seconds = float(f.readline().split()[0]) +days = int(uptime_seconds / 86400) + +status = "OK" +exit = 0 +if days > warning: + status = "WARNING" + exit = 1 +if days > critical: + status = "CRITICAL" + exit = 2 + +print(f"{status}: uptime {days} days | uptime={days};{warning};{critical};") +sys.exit(exit) From 62bb2da068b097043cfb45d85c47b9a1cc05b8ae Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 2 Oct 2024 17:37:14 +0200 Subject: [PATCH 034/247] Use all adresses --- templates/mariadb/docker-compose_mariadb.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/docker-compose_mariadb.yml.erb b/templates/mariadb/docker-compose_mariadb.yml.erb index 1650563..6130e84 100644 --- a/templates/mariadb/docker-compose_mariadb.yml.erb +++ b/templates/mariadb/docker-compose_mariadb.yml.erb @@ -21,6 +21,6 @@ services: - MYSQL_ROOT_PASSWORD=<%= @mysql_root_password %> - BOOTSTRAP=<%= @bootstrap %> - FORCE_BOOTSTRAP=0 - command: "--wsrep_cluster_address=gcomm://<%= @db_ip[0] %>,<%= @db_ip[1] %>,<%= @db_ip[2] %>" + command: "--wsrep_cluster_address=gcomm://<%= @db_ip.join(',') %>" tty: true From 0bf3ebfc533fdc9cb55c1ea9a016c88a11635e20 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 035/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From b4e496bf58f3de75bfe99e1000e0aac16468e293 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 036/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,12 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } } } From 606b14db17891885f1409c5875d52c73c4084408 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 037/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From b79eb5d4bf8843ee3bf4a3e233cccfaf00cb2346 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 038/247] format --- manifests/script.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 3d1ace0..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,12 +109,12 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/root/.ssh/': ensure => directory, From f2c31c79cd265a76e04d7b3aca3cd5cf64002d70 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 039/247] Add mysql command to host --- manifests/db_type.pp | 5 +++++ templates/mariadb/mysql.erb.sh | 4 ++++ 2 files changed, 9 insertions(+) create mode 100644 templates/mariadb/mysql.erb.sh diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 295f839..440a3e9 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -90,6 +90,11 @@ define sunetdrive::db_type( ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } + file { '/usr/local/bin/mysql': + ensure => present, + content => template('sunetdrive/mariadb/mysql.erb.sh'), + mode => '0744', + } file { '/usr/local/bin/size-test': ensure => present, content => template('sunetdrive/mariadb/size-test.erb'), diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh new file mode 100644 index 0000000..b62d38d --- /dev/null +++ b/templates/mariadb/mysql.erb.sh @@ -0,0 +1,4 @@ +#!/bin/bash +pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') + +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From aade6fb2c7d6647befd8ece45f4cd8c64d70c8df Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 040/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 01b3c4cf568a76a1f0404976eb69acfeb486c602 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 041/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,12 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } } } From bbee5643d6f9b361acab1e5df4fb940d0a1d3d6a Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 042/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From 301d451c3adcf1ebc8949dfc619d563d7614a55c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 043/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 60d37feb61b3f5b7a166b883821cd4fe19cc27b8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 044/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 4b13d54f230a7ccab8000d74ccce7d2d39c88b19 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 045/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From bcbcb6e46985477ebeccf0cc7a39c17bc36edf92 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 046/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 3e98d5f477fc95a49534ec346b4cc81472d80175 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 047/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 38447ceb3780220835d4b736fa299f8e11485d87 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 048/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,12 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } } } From 3304d408a5cc5bb62a1d2defbd9adcf4ab0a1b7d Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 049/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From 1ff784e5e489fc270c86f76168994b6085d8e828 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 050/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 1c9365e121d7c2f64fcf74ec1ff1c5c2174e0306 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 051/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 862f94b4ebfb45c4bb290d1dbc12efda4df5bb5f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 052/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From b1ae0c0465c6c324c1537484d5bc4da73a016374 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 053/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From dc16a41e0faa4a9a8b8f90a148fd29532362a272 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 054/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 6664271b494e7db33688e7e172f33a1ff59dc708 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 055/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 58af85571b518ff5e2380447dc5237726e4baf07 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 056/247] Fix mode on log files --- manifests/app_type.pp | 4 ++-- manifests/onlyoffice.pp | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index ef15b0e..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -198,14 +198,14 @@ define sunetdrive::app_type ( force => true, owner => 'www-data', group => 'root', - mode => '0644', + mode => '0640', } file { '/opt/nextcloud/audit.log': ensure => file, force => true, owner => 'www-data', group => 'root', - mode => '0644', + mode => '0640', } file { '/opt/nextcloud/rclone.conf': ensure => file, diff --git a/manifests/onlyoffice.pp b/manifests/onlyoffice.pp index 6d63ac0..2fd3359 100644 --- a/manifests/onlyoffice.pp +++ b/manifests/onlyoffice.pp @@ -16,14 +16,14 @@ class sunetdrive::onlyoffice () { command => "docker login registry.gitlab.collabora.com -u ${token_name} -p ${access_token}", } sunet::collabora::docs { 'sunet-onlyoffice': - dns => [ '89.32.32.32' ], - extra_hosts => $extra_hosts, + dns => [ '89.32.32.32' ], + extra_hosts => $extra_hosts, extra_volumes => ['/opt/collabora/coolwsd.xml:/etc/coolwsd/coolwsd.xml'], - docker_tag => $docker_tag, - docker_image => 'registry.gitlab.collabora.com/productivity/collabora-online-nc', + docker_tag => $docker_tag, + docker_image => 'registry.gitlab.collabora.com/productivity/collabora-online-nc', } file {'/opt/collabora/coolwsd.xml': - ensure => present, + ensure => present, content => template('sunetdrive/document/coolwsd.xml.erb'), } } From 9b2490e415257877ecf2a8b07854b1dc8020e8f6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 057/247] puppet-lint --fix --- functions/get_customer.pp | 2 +- functions/get_environment.pp | 2 +- functions/get_node_number.pp | 2 +- manifests/cloudimage.pp | 4 ++-- manifests/infra_script.pp | 2 +- manifests/mariadb.pp | 6 +++--- manifests/multinode.pp | 4 ++-- manifests/multinode_db.pp | 2 +- manifests/scriptreceiver.pp | 2 +- manifests/sitemonitornaemon.pp | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/functions/get_customer.pp b/functions/get_customer.pp index aef58a1..ab67f9f 100644 --- a/functions/get_customer.pp +++ b/functions/get_customer.pp @@ -1,6 +1,6 @@ # Lets determin who the customer is by looking at the hostname function sunetdrive::get_customer() >> String { - $hostnameparts = split($facts['fqdn'],'\.') + $hostnameparts = split($facts['networking']['fqdn'],'\.') if $hostnameparts[1] == 'drive' { if $hostnameparts[0] =~ /^gss/ { return 'gss' diff --git a/functions/get_environment.pp b/functions/get_environment.pp index 42fa60f..f0556af 100644 --- a/functions/get_environment.pp +++ b/functions/get_environment.pp @@ -1,6 +1,6 @@ # Lets determin where we are by looking at the hostname function sunetdrive::get_environment() >> String { - $hostname = $facts['fqdn'] + $hostname = $facts['networking']['fqdn'] if $hostname =~ /^.*\.drive\.sunet\.se$/ { if $hostname =~ /^.*\.pilot\.drive\.sunet\.se$/ { return 'pilot' diff --git a/functions/get_node_number.pp b/functions/get_node_number.pp index 4c256fe..2b5317b 100644 --- a/functions/get_node_number.pp +++ b/functions/get_node_number.pp @@ -1,4 +1,4 @@ # Lets determin where we are by looking at the hostname function sunetdrive::get_node_number() >> Integer { - Integer(regsubst($::fqdn, /^[a-zA-Z\-]+(\d).*$/, '\\1')) + Integer(regsubst($facts['networking']['fqdn'], /^[a-zA-Z\-]+(\d).*$/, '\\1')) } diff --git a/manifests/cloudimage.pp b/manifests/cloudimage.pp index aa9cada..eeca54f 100644 --- a/manifests/cloudimage.pp +++ b/manifests/cloudimage.pp @@ -38,8 +38,8 @@ define sunetdrive::cloudimage( resolver => ['130.242.80.14', '130.242.80.99'], search => $search, # - repo => $::cosmos_repo_origin_url, - tagpattern => $::cosmos_tag_pattern, + repo => $facts['cosmos_repo_origin_url'], + tagpattern => $facts['cosmos_tag_pattern'], # cpus => $cpus, memory => $memory, diff --git a/manifests/infra_script.pp b/manifests/infra_script.pp index fac5198..be78e19 100644 --- a/manifests/infra_script.pp +++ b/manifests/infra_script.pp @@ -4,7 +4,7 @@ class sunetdrive::infra_script ( $location = undef ) { $environment = sunetdrive::get_environment() - $customer = "common" + $customer = 'common' $config = hiera_hash($environment) $gss_backup_server = $config['gss_backup_server'] $lookup_backup_server = $config['lookup_backup_server'] diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index c6356d2..3eae4d5 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -10,9 +10,9 @@ class sunetdrive::mariadb ( $quorum_id = $facts['networking']['fqdn'] $quorum_password = safe_hiera('quorum_password') $db = sunetdrive::db_type { 'base_db': - bootstrap => $bootstrap, - tag_mariadb => $tag_mariadb, - location => $location, + bootstrap => $bootstrap, + tag_mariadb => $tag_mariadb, + location => $location, } file { '/etc/quorum.conf': ensure => file, diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 9620cb7..0ba70ad 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -5,7 +5,7 @@ class sunetdrive::multinode ( ) { include sunet::packages::yq - $myname = $facts['hostname'] + $myname = $facts['networking']['hostname'] $is_multinode = true; $environment = sunetdrive::get_environment() $lb_servers = hiera_hash($environment)['lb_servers'] @@ -278,7 +278,7 @@ MACAddressPolicy=none' $s3_host = $customer_config['s3_host'] $s3_usepath = hiera('s3_usepath') $smtpuser = hiera("smtp_user_${environment}") - $trusted_domains = [$site_name, $facts['fqdn'], 'localhost'] + $trusted_domains = [$site_name, $facts['networking']['fqdn'], 'localhost'] $tug_office = hiera_array('tug_office') if $customer_config['twofactor_enforced_groups'] { $twofactor_enforced_groups = $customer_config['twofactor_enforced_groups'] diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..c373e0b 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -16,7 +16,7 @@ class sunetdrive::multinode_db(){ } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { notify { 'hostmessage': - message => "We are on multinode-db1. Set up statistics environment.", + message => 'We are on multinode-db1. Set up statistics environment.', } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' diff --git a/manifests/scriptreceiver.pp b/manifests/scriptreceiver.pp index 9c8e319..6aca740 100644 --- a/manifests/scriptreceiver.pp +++ b/manifests/scriptreceiver.pp @@ -69,7 +69,7 @@ class sunetdrive::scriptreceiver() owner => 'root', group => 'root', } - file { "/etc/sudoers.d/99-safer_reboot": + file { '/etc/sudoers.d/99-safer_reboot': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/safer_reboot\n", mode => '0440', diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp index 4602549..e0abcd4 100644 --- a/manifests/sitemonitornaemon.pp +++ b/manifests/sitemonitornaemon.pp @@ -7,7 +7,7 @@ class sunetdrive::sitemonitornaemon() { $tls_servers_with_port = hiera_array('tls_servers_with_port') $nextcloud_version_prod = split(hiera('nextcloud_version_prod'),'[-]')[0] $nextcloud_version_test = split(hiera('nextcloud_version_test'),'[-]')[0] - $monitorhost = $::fqdn + $monitorhost = $facts['networking']['fqdn'] $environment = sunetdrive::get_environment() $influx_passwd = safe_hiera('influx_passwd') $slack_url = safe_hiera('slack_url') From d471c7f2712d4ab0dbdf175c0d15fc33aec5f70d Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 08:57:17 +0200 Subject: [PATCH 058/247] multinode-db1: Add logic and template to create userlists by department. --- manifests/multinode_db.pp | 10 ++++++++++ templates/mariadb/genuserdeplists.sh.erb | 12 ++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 templates/mariadb/genuserdeplists.sh.erb diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index c373e0b..f10c50d 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -18,6 +18,9 @@ class sunetdrive::multinode_db(){ notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } + $custdata=$customers.reduce({}) |$memo, $value| { + $memo + {$value => lookup($value)} + } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': @@ -44,5 +47,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file { '/root/tasks/genusersondepartmentlists.sh': + ensure => file, + content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb new file mode 100644 index 0000000..dc2f5eb --- /dev/null +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -0,0 +1,12 @@ +#!/bin/bash + +<% @custdata.each do |cust,data| -%> +#Customer <%= cust %> has no billing departments. +<% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> +mkdir -p /opt/mariadb/statistics/users/<%= cust %> +chmod '0700' /opt/mariadb/statistics/users/<%= cust %> +<% data[@environment]["billdomains"].each do |dom| -%> + /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +<% end -%> +<% end -%> +<% end -%> From 49f00af7831b276944980b3a91513f9438cc3f34 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 15:39:01 +0200 Subject: [PATCH 059/247] multinode-db1: Add initial upload logic of deprtment filtered user lists. --- templates/mariadb/genuserdeplists.sh.erb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index dc2f5eb..36d7d90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,12 +1,19 @@ #!/bin/bash +<% basedir="statistics:drive-server-coms" -%> +<% cupath="/opt/mariadb/statistics/users/" -%> + <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> - /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ +fi <% end -%> <% end -%> <% end -%> From ac85bddc8a82d2b8a98d3d367149d9c36ee4c7fc Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 10:06:05 +0200 Subject: [PATCH 060/247] Lookup statistics secret on multinode-db1 in env test. --- manifests/multinode_db.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index f10c50d..79ead21 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,6 +15,7 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { + $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } From c9e7d8eb2cf963d29a82c6cfe79532a36ff0150c Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 12:43:13 +0200 Subject: [PATCH 061/247] genusersondepartmentlists: Add som logic for error handling --- templates/mariadb/genuserdeplists.sh.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 36d7d90..54d06b4 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +status=0 <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. @@ -13,6 +14,10 @@ chmod '0700' /opt/mariadb/statistics/users/<%= cust %> if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null then timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ + [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } +else + echo "Error in json data" + status=1 fi <% end -%> <% end -%> From a329a46491c02e20986a373c4990617d29fbf737 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 13:43:43 +0200 Subject: [PATCH 062/247] genusersondepartmentlists: Make status count --- templates/mariadb/genuserdeplists.sh.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 54d06b4..a02d348 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -22,3 +22,5 @@ fi <% end -%> <% end -%> <% end -%> + +exit ${status} From a51cc9fdc4ed6a86cda009a196eb8ce358f284e2 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 14:33:46 +0200 Subject: [PATCH 063/247] Gen users on department lists by a cronjob. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 79ead21..73acbb1 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,5 +55,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + sunet::scriptherder::cronjob { 'genuserdeplists': + cmd => '/root/tasks/genusersondepartmentlists.sh', + hour => '2', + minute => '5', + ok_criteria => ['exit_status=0','max_age=30h'], + warn_criteria => ['exit_status=1', 'max_age=60h'], + } } } From f886d53f3cfdbf88369b184642fa1caa7b5680e8 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Mon, 9 Sep 2024 16:18:00 +0200 Subject: [PATCH 064/247] Dump customer datastructure for statistics logic to be transferred to script1. --- manifests/multinode_db.pp | 7 +++++++ templates/mariadb/custconfig.json.erb | 1 + templates/mariadb/genuserdeplists.sh.erb | 6 ++++++ 3 files changed, 14 insertions(+) create mode 100644 templates/mariadb/custconfig.json.erb diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 73acbb1..8ec056e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,6 +55,13 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file {'/opt/mariadb/statistics/custdata.json': + ensure => file, + content => template('sunetdrive/mariadb/custconfig.json.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } sunet::scriptherder::cronjob { 'genuserdeplists': cmd => '/root/tasks/genusersondepartmentlists.sh', hour => '2', diff --git a/templates/mariadb/custconfig.json.erb b/templates/mariadb/custconfig.json.erb new file mode 100644 index 0000000..2712515 --- /dev/null +++ b/templates/mariadb/custconfig.json.erb @@ -0,0 +1 @@ +<%= @custdata.to_json %> diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index a02d348..78f4c90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +<% custdata="/opt/mariadb/statistics/custdata.json" -%> status=0 <% @custdata.each do |cust,data| -%> @@ -23,4 +24,9 @@ fi <% end -%> <% end -%> +if [[ -f <%= custdata %> ]] +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ +fi + exit ${status} From 751ad087e68ba434cafdf24371f1877c0bd96a74 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 065/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From a8f2bb9bb641fd18cf50b4d5c3b4435c16db5320 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 066/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From f973b83d1bf6ed99d78b775ff10aea362419b6fb Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 067/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From f06aa65ec5db0fbd6a36be5a6de2c85e1707581d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 068/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 6aa7238ee2bc63c5e5655c104fab9e5a1052b98a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 069/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From af2385dffefe80209e6adb8ec3994e95821c5c8e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 070/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From a6d680aaeda97de40007d698285639328a4d2012 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 071/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From a089d02cc455ae4c184463e44d678cdcbff47da9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 072/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 2b543373ed5be64336589b559b24b30a834b37e4 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 073/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 8e982592c2b071dc58a5373b87b2ba1839f74867 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 074/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 4b3e9c0da1add2d61df29b0fb8d1c2d5d363a88e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 075/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From f2abb855ba317a0f3a13a002e37224b53b3ce5c2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 076/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 52f563692dea0839365a2de95bae2c7cb3660fdb Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 077/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 2aba03fe4181d8913041288c95b89d1061ffa4af Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 078/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 90569f54d32657fdabf53e5e20d9ccf8a281b427 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 079/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From b24c8ec6830981329572d24cf74f37eabc66b565 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 080/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From a4d0294c1030730a2af7a58b1b5801b745ef5ec5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 081/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 1eaa62a150939ca195c0204342aafa097c293b6a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 082/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From f79d7acb02acf6f26d774f043ed9de04b4194475 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 083/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 3818772b87e4b84df93b690b7ce7152041ce7307 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 084/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 88c8e159bc68a58a491bb640db8b6e4b208a9f00 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 085/247] Set permissions on redis --- manifests/redis_cluster.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index a567830..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -17,4 +17,10 @@ class sunetdrive::redis_cluster ( content => template('sunetdrive/redis_cluster/reset_cluster.erb.sh'), mode => '0700', } + exec { 'set_permissions_directory': + command => 'chown -R 999:root /opt/redis/node-*' + } + exec { 'set_permissions_files': + command => 'chown -R 999:99 /opt/redis/node-*/*' + } } From ad0b7abff972dfcd40914ee0a32552522bb04f01 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 086/247] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From 46d1db97bcaf897a43b0124661e37067d78e4d89 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:26:34 +0200 Subject: [PATCH 087/247] Indent --- manifests/multinode_db.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8ec056e..ea4089f 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -56,11 +56,11 @@ class sunetdrive::multinode_db(){ mode => '0700', } file {'/opt/mariadb/statistics/custdata.json': - ensure => file, - content => template('sunetdrive/mariadb/custconfig.json.erb'), - owner => 'root', - group => 'root', - mode => '0600', + ensure => file, + content => template('sunetdrive/mariadb/custconfig.json.erb'), + owner => 'root', + group => 'root', + mode => '0600', } sunet::scriptherder::cronjob { 'genuserdeplists': cmd => '/root/tasks/genusersondepartmentlists.sh', From 438e2c24e00fc60b240e98af3e188a4a778de137 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 088/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 34 +--------------------------------- 1 file changed, 1 insertion(+), 33 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index ea4089f..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,12 +15,8 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { - $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': - message => 'We are on multinode-db1. Set up statistics environment.', - } - $custdata=$customers.reduce({}) |$memo, $value| { - $memo + {$value => lookup($value)} + message => "We are on multinode-db1. Set up statistics environment.", } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' @@ -41,33 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } - file { '/root/tasks/genusersondepartmentlists.sh': - ensure => file, - content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } - file {'/opt/mariadb/statistics/custdata.json': - ensure => file, - content => template('sunetdrive/mariadb/custconfig.json.erb'), - owner => 'root', - group => 'root', - mode => '0600', - } - sunet::scriptherder::cronjob { 'genuserdeplists': - cmd => '/root/tasks/genusersondepartmentlists.sh', - hour => '2', - minute => '5', - ok_criteria => ['exit_status=0','max_age=30h'], - warn_criteria => ['exit_status=1', 'max_age=60h'], - } } } From 1cede4b87c83f7cf00e5128846f18c329b823f9e Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 089/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From 9648aa184c50dae4f19bd5c0acffbfec06c9aab8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 090/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From a0df922493395150a260c0f7ba9a26a796e34978 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 091/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 330f167a2ccb29025c13f55b89a667680bed29e5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 092/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 6445c0434e9d7ce57bcdcde70162e7fc5f41fe1e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 093/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From ecc158b48e5728c79baf7773fa0c0fb5dd438561 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 094/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From b7a17f7520aed0a17ae003047fbf3fd732969c57 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 095/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From f948bfb4aee9fce75682d2f83355f608fb95045d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 096/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 96734c873677172f280ece72fe17aecd1db7b17d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 097/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From d680ed8597cf7ed24e28b63d7940de5ad4539c32 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 098/247] puppet-lint --fix --- manifests/multinode_db.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..c373e0b 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -16,7 +16,7 @@ class sunetdrive::multinode_db(){ } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { notify { 'hostmessage': - message => "We are on multinode-db1. Set up statistics environment.", + message => 'We are on multinode-db1. Set up statistics environment.', } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' From 1ab9fbc14ec623f50ea67abc1295f6df980b4416 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 08:57:17 +0200 Subject: [PATCH 099/247] multinode-db1: Add logic and template to create userlists by department. --- manifests/multinode_db.pp | 10 ++++++++++ templates/mariadb/genuserdeplists.sh.erb | 22 +--------------------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index c373e0b..f10c50d 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -18,6 +18,9 @@ class sunetdrive::multinode_db(){ notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } + $custdata=$customers.reduce({}) |$memo, $value| { + $memo + {$value => lookup($value)} + } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': @@ -44,5 +47,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file { '/root/tasks/genusersondepartmentlists.sh': + ensure => file, + content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 78f4c90..dc2f5eb 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,32 +1,12 @@ #!/bin/bash -<% basedir="statistics:drive-server-coms" -%> -<% cupath="/opt/mariadb/statistics/users/" -%> -<% custdata="/opt/mariadb/statistics/custdata.json" -%> -status=0 - <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> -/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json -if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null -then - timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ - [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } -else - echo "Error in json data" - status=1 -fi + /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <% end -%> <% end -%> <% end -%> - -if [[ -f <%= custdata %> ]] -then - timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ -fi - -exit ${status} From 6853993a3421bb56bbcbc1e4f6dd1f14951da7ce Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 15:39:01 +0200 Subject: [PATCH 100/247] multinode-db1: Add initial upload logic of deprtment filtered user lists. --- templates/mariadb/genuserdeplists.sh.erb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index dc2f5eb..36d7d90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,12 +1,19 @@ #!/bin/bash +<% basedir="statistics:drive-server-coms" -%> +<% cupath="/opt/mariadb/statistics/users/" -%> + <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> - /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ +fi <% end -%> <% end -%> <% end -%> From 3c7fe384585bfb5eb2b1bcd5b73f6a7b6011ac70 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 10:06:05 +0200 Subject: [PATCH 101/247] Lookup statistics secret on multinode-db1 in env test. --- manifests/multinode_db.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index f10c50d..79ead21 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,6 +15,7 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { + $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } From f03e6241bfd59bb321986547382ff2b47668c4c4 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 12:43:13 +0200 Subject: [PATCH 102/247] genusersondepartmentlists: Add som logic for error handling --- templates/mariadb/genuserdeplists.sh.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 36d7d90..54d06b4 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +status=0 <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. @@ -13,6 +14,10 @@ chmod '0700' /opt/mariadb/statistics/users/<%= cust %> if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null then timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ + [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } +else + echo "Error in json data" + status=1 fi <% end -%> <% end -%> From 2fb9e754cce3754051aba9efad45df0eee908141 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 13:43:43 +0200 Subject: [PATCH 103/247] genusersondepartmentlists: Make status count --- templates/mariadb/genuserdeplists.sh.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 54d06b4..a02d348 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -22,3 +22,5 @@ fi <% end -%> <% end -%> <% end -%> + +exit ${status} From 5c3fa640866d9be1a38fbcc79ed5ce4f7fa53dc5 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 14:33:46 +0200 Subject: [PATCH 104/247] Gen users on department lists by a cronjob. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 79ead21..73acbb1 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,5 +55,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + sunet::scriptherder::cronjob { 'genuserdeplists': + cmd => '/root/tasks/genusersondepartmentlists.sh', + hour => '2', + minute => '5', + ok_criteria => ['exit_status=0','max_age=30h'], + warn_criteria => ['exit_status=1', 'max_age=60h'], + } } } From 1438c94ca520cd8b85aa7c5676ce2ac759263f42 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Mon, 9 Sep 2024 16:18:00 +0200 Subject: [PATCH 105/247] Dump customer datastructure for statistics logic to be transferred to script1. --- manifests/multinode_db.pp | 7 +++++++ templates/mariadb/genuserdeplists.sh.erb | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 73acbb1..8ec056e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,6 +55,13 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file {'/opt/mariadb/statistics/custdata.json': + ensure => file, + content => template('sunetdrive/mariadb/custconfig.json.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } sunet::scriptherder::cronjob { 'genuserdeplists': cmd => '/root/tasks/genusersondepartmentlists.sh', hour => '2', diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index a02d348..78f4c90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +<% custdata="/opt/mariadb/statistics/custdata.json" -%> status=0 <% @custdata.each do |cust,data| -%> @@ -23,4 +24,9 @@ fi <% end -%> <% end -%> +if [[ -f <%= custdata %> ]] +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ +fi + exit ${status} From 66093b13b82373083b7a61426c813a40ac1d5658 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 106/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 8e2f1d032d069aa7373a7b1e2d9d3684090676d2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 107/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 978d073bde954c8455d941b3feddd37b6c131170 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 108/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 1d6e08b852be54636dabede65452f8612f8c5b05 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 109/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From d57135d906f1bdab3e850a15524b5fb1dccd392f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 110/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 29acc076b3718b4cbca5e413b42d2d000a19482e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 111/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From f0cb47dd97e02559c3765594a78e264d9bbb6fe8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 112/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From ed08626dc8e462846b17bbacb2942a877c13eecd Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 113/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 9a37885da6b65c9b84598382da2e35933cd6e1f7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 114/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 64e5e61879aa8982902095cff0366f88092e6957 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 115/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From f95fc106c98ded3accff6022941cfa8627dcfc0e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 116/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From cebb4929a914d7f006516390cc75ffb108c6464b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 117/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 7dad764539004f6777dca8fa23e05d6eabad411d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 118/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 8510d4e9586291795d130aeb031c93411fed297f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 119/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 7f7743b53805c5430a3858b6ae7608445b394d3e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 120/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 5f425cf2bf6f9f77cf8453f8867abee0976526df Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 121/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 04061b41c1d3398a3a5283d86a325f855def01c6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 122/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 880e0401cc17f95d00d139d900ad9239d4ef9461 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 123/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From bff3c3620bc6279f9041e0c1c9c98fa975750166 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 124/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 7be06a1215cff4491b5685672c794e75ee36159c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 125/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 170d1cfc77a81d24eac67982ffdfdd8bbe54bafc Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 126/247] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From 6969510b5d11f2dc812005cee5b80d756847818d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 127/247] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From 7222cf5703cf76b2057983a11b1e616a3078be61 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 128/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 34 +--------------------------------- 1 file changed, 1 insertion(+), 33 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8ec056e..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,12 +15,8 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { - $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': - message => 'We are on multinode-db1. Set up statistics environment.', - } - $custdata=$customers.reduce({}) |$memo, $value| { - $memo + {$value => lookup($value)} + message => "We are on multinode-db1. Set up statistics environment.", } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' @@ -41,33 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } - file { '/root/tasks/genusersondepartmentlists.sh': - ensure => file, - content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } - file {'/opt/mariadb/statistics/custdata.json': - ensure => file, - content => template('sunetdrive/mariadb/custconfig.json.erb'), - owner => 'root', - group => 'root', - mode => '0600', - } - sunet::scriptherder::cronjob { 'genuserdeplists': - cmd => '/root/tasks/genusersondepartmentlists.sh', - hour => '2', - minute => '5', - ok_criteria => ['exit_status=0','max_age=30h'], - warn_criteria => ['exit_status=1', 'max_age=60h'], - } } } From 2bed7d8914bffe59b59548d53ad7b8b0d635d49e Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 129/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From ce6774487a1d127c76a69cbb0193fe7a029069f0 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 130/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 1cc0e866641ef29771714aa1e16ed78e7b7a268d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 131/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 9fb353de794d590b74ee1d056f2986a0b41aa9f7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 132/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From fdb57e1b99fcab7ab9d6d106fc90ab53324a1a1a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 133/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 4ec58c3b6133caaeec0f70c780107df26211c6c8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 134/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From e8c5a9e8acf05a2dc91428f1fdd85f8d83a86320 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 135/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 9de3ab2c60d07cb627dbde512f998c73260306e1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 136/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 4504de316069fcf8b6694d4ad048257e1db8361b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 137/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 57958e647518d2092a764eb8baa4c56383a8df66 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 138/247] puppet-lint --fix --- manifests/multinode_db.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..c373e0b 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -16,7 +16,7 @@ class sunetdrive::multinode_db(){ } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { notify { 'hostmessage': - message => "We are on multinode-db1. Set up statistics environment.", + message => 'We are on multinode-db1. Set up statistics environment.', } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' From 3abec90157f8a70f5f2f99d53db5f43f336313cd Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 08:57:17 +0200 Subject: [PATCH 139/247] multinode-db1: Add logic and template to create userlists by department. --- manifests/multinode_db.pp | 10 ++++++++++ templates/mariadb/genuserdeplists.sh.erb | 22 +--------------------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index c373e0b..f10c50d 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -18,6 +18,9 @@ class sunetdrive::multinode_db(){ notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } + $custdata=$customers.reduce({}) |$memo, $value| { + $memo + {$value => lookup($value)} + } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': @@ -44,5 +47,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file { '/root/tasks/genusersondepartmentlists.sh': + ensure => file, + content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 78f4c90..dc2f5eb 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,32 +1,12 @@ #!/bin/bash -<% basedir="statistics:drive-server-coms" -%> -<% cupath="/opt/mariadb/statistics/users/" -%> -<% custdata="/opt/mariadb/statistics/custdata.json" -%> -status=0 - <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> -/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json -if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null -then - timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ - [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } -else - echo "Error in json data" - status=1 -fi + /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <% end -%> <% end -%> <% end -%> - -if [[ -f <%= custdata %> ]] -then - timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ -fi - -exit ${status} From aea23bbf862994a2b150e90b9393963aacca347e Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 15:39:01 +0200 Subject: [PATCH 140/247] multinode-db1: Add initial upload logic of deprtment filtered user lists. --- templates/mariadb/genuserdeplists.sh.erb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index dc2f5eb..36d7d90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,12 +1,19 @@ #!/bin/bash +<% basedir="statistics:drive-server-coms" -%> +<% cupath="/opt/mariadb/statistics/users/" -%> + <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> - /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ +fi <% end -%> <% end -%> <% end -%> From da0e74313dcac994e70f9fe1ce640307334b3960 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 10:06:05 +0200 Subject: [PATCH 141/247] Lookup statistics secret on multinode-db1 in env test. --- manifests/multinode_db.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index f10c50d..79ead21 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,6 +15,7 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { + $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } From 06c4f4ec68b435db29a7b1ff0cb03115e242c3ca Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 12:43:13 +0200 Subject: [PATCH 142/247] genusersondepartmentlists: Add som logic for error handling --- templates/mariadb/genuserdeplists.sh.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 36d7d90..54d06b4 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +status=0 <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. @@ -13,6 +14,10 @@ chmod '0700' /opt/mariadb/statistics/users/<%= cust %> if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null then timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ + [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } +else + echo "Error in json data" + status=1 fi <% end -%> <% end -%> From cb2a62349d366cf5c422f9f2bacb89f99f62fff1 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 13:43:43 +0200 Subject: [PATCH 143/247] genusersondepartmentlists: Make status count --- templates/mariadb/genuserdeplists.sh.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 54d06b4..a02d348 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -22,3 +22,5 @@ fi <% end -%> <% end -%> <% end -%> + +exit ${status} From 4fee7b1042a68ffc7a456ec4b2060bdc102b9da7 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 14:33:46 +0200 Subject: [PATCH 144/247] Gen users on department lists by a cronjob. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 79ead21..73acbb1 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,5 +55,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + sunet::scriptherder::cronjob { 'genuserdeplists': + cmd => '/root/tasks/genusersondepartmentlists.sh', + hour => '2', + minute => '5', + ok_criteria => ['exit_status=0','max_age=30h'], + warn_criteria => ['exit_status=1', 'max_age=60h'], + } } } From c28c6ac91b7154bf4bfbe1f2899a0f8dd7840769 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Mon, 9 Sep 2024 16:18:00 +0200 Subject: [PATCH 145/247] Dump customer datastructure for statistics logic to be transferred to script1. --- manifests/multinode_db.pp | 7 +++++++ templates/mariadb/genuserdeplists.sh.erb | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 73acbb1..8ec056e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,6 +55,13 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file {'/opt/mariadb/statistics/custdata.json': + ensure => file, + content => template('sunetdrive/mariadb/custconfig.json.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } sunet::scriptherder::cronjob { 'genuserdeplists': cmd => '/root/tasks/genusersondepartmentlists.sh', hour => '2', diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index a02d348..78f4c90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +<% custdata="/opt/mariadb/statistics/custdata.json" -%> status=0 <% @custdata.each do |cust,data| -%> @@ -23,4 +24,9 @@ fi <% end -%> <% end -%> +if [[ -f <%= custdata %> ]] +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ +fi + exit ${status} From e3a511521bcc33df1e372814f755388109788dd7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 146/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 959e0e6228c124a435f0bd6486a9264e57a6fe57 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 147/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 5dc6a9e5749ae30ee5ac972170ec39ef509f0128 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 148/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 92cd7dc19fa0f441feda9e65e893e298a1dd7bec Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 149/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 16b645b84540079b5a2b15d56d68c45c9fd97c88 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 150/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From b6bfa49bd768e5225ac09ebd986e863839b0472f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 151/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 86fea06b02b68e8f8d41503c38ff5824435bcaf2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 152/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 9a419cd214fa96952b698f32b9c3013cb9ebd274 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 153/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 36131d0b2182eef15610448b0f578a983b2fe0e4 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 154/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 73d96f7f6ddf95fc8a5df83064b9eab1e369e958 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 155/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 37d8165cc521f08cbf90791d35f84069fb973d96 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 156/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 1e3d79542c1a667ded3d390cc55de4688c72868f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 157/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From eecb8a9e3484b11a90c65e6d0ba71d272b9772f6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 158/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 374afd5e5a4edcf032ccbf82fa6f5d2e5d415f92 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 159/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 6a5e2aed62a66c59e0346ddf85b16da19c2fcc7c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 160/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From e8e8a9ef7dec8d3792c533343ec445642f603510 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 161/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From a507c0f43f82f1d72a5f28a44929117b9661c05d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 162/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 5c228af37a1e2b945888f4e5383787477bc1f283 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 163/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 3eb87725afa8813c00c4990630d512ec8d03bb9f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 164/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 12d07a5ab0c8d5e8cc4133ba12467ed64f72f1f5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 165/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From d27990988aa9bc37034195cc6ba6b4e25878cc2d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 166/247] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From 5487bb9d9c4392bdf9a5be91fb11814d9dff562a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 167/247] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From 90372ddd011c03b5a477f870e03edb7e7463f972 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 168/247] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From 57b2ca6316cf9867280777b05adf863e4acc133d Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 11:02:30 +0200 Subject: [PATCH 169/247] multinode-db1 test: Add rclone and statistics remote --- manifests/multinode_db.pp | 34 +--------------------------------- 1 file changed, 1 insertion(+), 33 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8ec056e..8e6563e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,12 +15,8 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { - $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': - message => 'We are on multinode-db1. Set up statistics environment.', - } - $custdata=$customers.reduce({}) |$memo, $value| { - $memo + {$value => lookup($value)} + message => "We are on multinode-db1. Set up statistics environment.", } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' @@ -41,33 +37,5 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } - file { '/root/tasks/listusersbydep.sh': - ensure => file, - content => template('sunetdrive/mariadb/listusersdep.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } - file { '/root/tasks/genusersondepartmentlists.sh': - ensure => file, - content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), - owner => 'root', - group => 'root', - mode => '0700', - } - file {'/opt/mariadb/statistics/custdata.json': - ensure => file, - content => template('sunetdrive/mariadb/custconfig.json.erb'), - owner => 'root', - group => 'root', - mode => '0600', - } - sunet::scriptherder::cronjob { 'genuserdeplists': - cmd => '/root/tasks/genusersondepartmentlists.sh', - hour => '2', - minute => '5', - ok_criteria => ['exit_status=0','max_age=30h'], - warn_criteria => ['exit_status=1', 'max_age=60h'], - } } } From 1086053d506d52ef93e3046b66332ec07cb45c5c Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Thu, 29 Aug 2024 13:46:23 +0200 Subject: [PATCH 170/247] multinode-db1: Add script to list users by department domain in email. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8e6563e..189787a 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -37,5 +37,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0600', } + file { '/root/tasks/listusersbydep.sh': + ensure => file, + content => template('sunetdrive/mariadb/listusersdep.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } From 1d3970c1345a80da0cdd080814e69f813a206043 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 171/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 91b9955db2d5fe17fc09dfd27687f9a75e1e696d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 172/247] Move hee from cosmos-sites.pp --- manifests/common.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..d3acb7f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,10 +45,4 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } - if $::facts['os']['distro']['id'] == 'Debian' { - exec { 'sysstat_systemd_timer': - command => 'systemctl enable --now sysstat-collect.timer', - unless => 'systemctl is-enabled --quiet sysstat-collect.timer', - } - } } From fb58999b223d5eec2303982900066202df766f26 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 173/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 71bca06a0830ab1eef19ffd69d2475e7e1fd1de8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 174/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 2b9e1998997bfbc5e3136bfe4dca1e4ac66e9201 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 175/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From f36659353df53c7017419a5d8a2a24216926f01e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 176/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 839121906897c85c056722b5bd495cf596996204 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 177/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 6d2d863076e8238cd98d1c85d9fd74bff437ecb8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 178/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From bf3ed2e92f05da3f3a99ea71d43cae0bba0d941a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 179/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 9ee7f6f7b87ad6399d8c368235097f3cd4aced30 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 180/247] puppet-lint --fix --- manifests/multinode_db.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..c373e0b 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -16,7 +16,7 @@ class sunetdrive::multinode_db(){ } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { notify { 'hostmessage': - message => "We are on multinode-db1. Set up statistics environment.", + message => 'We are on multinode-db1. Set up statistics environment.', } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' From 2f682f8bd8e848f9c11d90ba8c268ff95075244f Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 08:57:17 +0200 Subject: [PATCH 181/247] multinode-db1: Add logic and template to create userlists by department. --- manifests/multinode_db.pp | 10 ++++++++++ templates/mariadb/genuserdeplists.sh.erb | 22 +--------------------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index c373e0b..f10c50d 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -18,6 +18,9 @@ class sunetdrive::multinode_db(){ notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } + $custdata=$customers.reduce({}) |$memo, $value| { + $memo + {$value => lookup($value)} + } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': @@ -44,5 +47,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file { '/root/tasks/genusersondepartmentlists.sh': + ensure => file, + content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 78f4c90..dc2f5eb 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,32 +1,12 @@ #!/bin/bash -<% basedir="statistics:drive-server-coms" -%> -<% cupath="/opt/mariadb/statistics/users/" -%> -<% custdata="/opt/mariadb/statistics/custdata.json" -%> -status=0 - <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> -/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json -if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null -then - timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ - [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } -else - echo "Error in json data" - status=1 -fi + /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <% end -%> <% end -%> <% end -%> - -if [[ -f <%= custdata %> ]] -then - timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ -fi - -exit ${status} From 992f74d3a1ec7f9e020b8a05106b7e37454f2b09 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 15:39:01 +0200 Subject: [PATCH 182/247] multinode-db1: Add initial upload logic of deprtment filtered user lists. --- templates/mariadb/genuserdeplists.sh.erb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index dc2f5eb..36d7d90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,12 +1,19 @@ #!/bin/bash +<% basedir="statistics:drive-server-coms" -%> +<% cupath="/opt/mariadb/statistics/users/" -%> + <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> - /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ +fi <% end -%> <% end -%> <% end -%> From 2c7acd1ec60aa9fecaab59ed5ea9729aa3f04d8a Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 10:06:05 +0200 Subject: [PATCH 183/247] Lookup statistics secret on multinode-db1 in env test. --- manifests/multinode_db.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index f10c50d..79ead21 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,6 +15,7 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { + $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } From 4e45dd1733db505049f7bc997d95cbbce5a58deb Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 12:43:13 +0200 Subject: [PATCH 184/247] genusersondepartmentlists: Add som logic for error handling --- templates/mariadb/genuserdeplists.sh.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 36d7d90..54d06b4 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +status=0 <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. @@ -13,6 +14,10 @@ chmod '0700' /opt/mariadb/statistics/users/<%= cust %> if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null then timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ + [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } +else + echo "Error in json data" + status=1 fi <% end -%> <% end -%> From d4eb4af0796554d341d44c435fbd8944ce24111b Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 13:43:43 +0200 Subject: [PATCH 185/247] genusersondepartmentlists: Make status count --- templates/mariadb/genuserdeplists.sh.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 54d06b4..a02d348 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -22,3 +22,5 @@ fi <% end -%> <% end -%> <% end -%> + +exit ${status} From d597ec106a49540fc8724feb6eb83ad0067a1144 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 14:33:46 +0200 Subject: [PATCH 186/247] Gen users on department lists by a cronjob. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 79ead21..73acbb1 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,5 +55,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + sunet::scriptherder::cronjob { 'genuserdeplists': + cmd => '/root/tasks/genusersondepartmentlists.sh', + hour => '2', + minute => '5', + ok_criteria => ['exit_status=0','max_age=30h'], + warn_criteria => ['exit_status=1', 'max_age=60h'], + } } } From 28b6584a6cf23de61b9eaee89e7a50d16ee9db8d Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Mon, 9 Sep 2024 16:18:00 +0200 Subject: [PATCH 187/247] Dump customer datastructure for statistics logic to be transferred to script1. --- manifests/multinode_db.pp | 7 +++++++ templates/mariadb/genuserdeplists.sh.erb | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 73acbb1..8ec056e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,6 +55,13 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file {'/opt/mariadb/statistics/custdata.json': + ensure => file, + content => template('sunetdrive/mariadb/custconfig.json.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } sunet::scriptherder::cronjob { 'genuserdeplists': cmd => '/root/tasks/genusersondepartmentlists.sh', hour => '2', diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index a02d348..78f4c90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +<% custdata="/opt/mariadb/statistics/custdata.json" -%> status=0 <% @custdata.each do |cust,data| -%> @@ -23,4 +24,9 @@ fi <% end -%> <% end -%> +if [[ -f <%= custdata %> ]] +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ +fi + exit ${status} From 72d71a69c7b180bb5880ef32a2ac329ad9db434a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 188/247] Create parent dir --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 494150d..f45e23f 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 25309ea51fbd6b62dde06fc5251cb5d01acf8ae7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 189/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 1a223f2846e9dc6b48bbf469119f5202b43278a6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 190/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 662d9592fa4832b40e8e7ed76d0b89ae7ac5bbac Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 191/247] format --- manifests/script.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index f45e23f..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,8 +109,8 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': ensure => directory, From 453e72a79d2dc32cda183dad40fe6df047435580 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 192/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From a2ee732d5df18be95dca7e6cf58ac39049c643ab Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 193/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 2f47e6e109280ad90b178b78e9a6482e9752f67c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 194/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From bb8f2d8b6704b8e74622234a81986c738f636771 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 195/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 76700f595ddf871ac1eac93bb455a9935ac4e01c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 196/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From fa5a34aeba5791c3b73d7d06f6dd7f947282fe74 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 197/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 38c56a07cda1b0f14437ba0debbb647a7e6339df Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 198/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From b6bd77a52b744d9c7797bd5fd886454e15ef6276 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 199/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 67d9e825a5ea5afc3b0ea7115f57924552e3ea45 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 200/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 22785da3e0a6f20c5d5efe772c81f911de54be95 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 201/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 2e171b1d0494f3eddf3e546f160e02a4c30fe116 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 202/247] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 6d3bca981d9dfd630dacba44b6745422603bd65a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 203/247] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 221c89564a6fee3c268d039ef1511a52d9108c86 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 204/247] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 3baf31c7ed161ea60fb1cb24e9a7647728427baf Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 205/247] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 38825adce8edf8ab74e692d5a10bf3d57d9b5d35 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 206/247] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 22581082324d889ca3d7a254fc6b7feedbe11792 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 207/247] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 4dcdf87f32bdf98fc9703931f1e3c72e6bbcea2a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 208/247] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From df6557a91b95545b62960041e60a980d06e35d53 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 209/247] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From a69ae092d1c434896a271e5d73184fe2c6c6162e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 210/247] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From a5580567af61adfd7f6af0b82f157427ec448150 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:54:57 +0200 Subject: [PATCH 211/247] Fix ntp --- manifests/common.pp | 1 - manifests/nrpe.pp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..f5380f6 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -3,7 +3,6 @@ class sunetdrive::common { include sunet::tools include sunet::motd - include sunet::ntp include apt include apparmor include sunet::packages::jq diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c13f0ea..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -31,7 +31,7 @@ class sunetdrive::nrpe( command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' } sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H ntp.se' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' From 0e83c47dd1b50390624f2d2d010dc3a53979c4d5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 12 Nov 2024 16:44:22 +0100 Subject: [PATCH 212/247] Add container for multinode purposes --- templates/application/remount_user_bucket_as_project.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/application/remount_user_bucket_as_project.sh b/templates/application/remount_user_bucket_as_project.sh index 797cd74..e5a1a7f 100755 --- a/templates/application/remount_user_bucket_as_project.sh +++ b/templates/application/remount_user_bucket_as_project.sh @@ -13,7 +13,7 @@ if [[ -z ${container} ]]; then container="nextcloud_app_1" fi -occ="/usr/local/bin/occ" +occ="/usr/local/bin/occ ${container}" function get_config { ${occ} files_external:config ${mountid} ${1} | tr -d '\n\t\r' } From c3fbf4c1ce1a92d7f3009aa017eed7c84469eea3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 213/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 849bd7f8461633881e4ce797b3c9c4bbeb399b52 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 214/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From 596f05f099ca332b5a17b503509313f6e31fbd53 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 16:08:04 +0100 Subject: [PATCH 215/247] Run same version as db cluster --- templates/mariadb_backup/docker-compose_mariadb_backup.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/docker-compose_mariadb_backup.yml.erb b/templates/mariadb_backup/docker-compose_mariadb_backup.yml.erb index 38c919e..9266fac 100644 --- a/templates/mariadb_backup/docker-compose_mariadb_backup.yml.erb +++ b/templates/mariadb_backup/docker-compose_mariadb_backup.yml.erb @@ -3,7 +3,7 @@ version: '3.2' services: mariadb_backup: - image: docker.sunet.se/drive/mariadb + image: docker.sunet.se/drive/mariadb:<%= @mariadb_version %> container_name: mariadb_backup_mariadb_backup_1 dns: - 89.46.20.75 From 9a58486d11dcf193af7724c23e3c3e29d55d734a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 16:11:12 +0100 Subject: [PATCH 216/247] Set mariadb version --- manifests/mariadb_backup.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mariadb_backup.pp b/manifests/mariadb_backup.pp index bc817f8..751c5d8 100644 --- a/manifests/mariadb_backup.pp +++ b/manifests/mariadb_backup.pp @@ -7,6 +7,7 @@ class sunetdrive::mariadb_backup($tag_mariadb=undef, $location=undef) { } # Config from group.yaml $environment = sunetdrive::get_environment() + $mariadb_version = hiera("mariadb_version_${environment}") $config = hiera_hash($environment) $first_db = $config['first_db'] From 49c3a692827d548fc9d2aca4a27668260c07ade9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 16:22:09 +0100 Subject: [PATCH 217/247] Allow backups from root --- templates/mariadb_backup/do_backup.erb.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/templates/mariadb_backup/do_backup.erb.sh b/templates/mariadb_backup/do_backup.erb.sh index 9ba16b5..b606fd1 100644 --- a/templates/mariadb_backup/do_backup.erb.sh +++ b/templates/mariadb_backup/do_backup.erb.sh @@ -8,10 +8,12 @@ mkdir -p "${backup_dir}" if [[ -z ${customer} ]]; then buopts="--slave-info --safe-slave-backup" dumpopts="--dump-slave" - mysql -p${MYSQL_ROOT_PASSWORD} -e "stop slave" + mysql -p"${MYSQL_ROOT_PASSWORD}" -u root -e "stop slave" fi -mariadb-backup --backup ${buopts} -u root -p${MYSQL_ROOT_PASSWORD} --stream=xbstream | gzip >"${backup_dir}/${stream_name}" -mysqldump --all-databases --single-transaction ${dumpopts} -u root -p${MYSQL_ROOT_PASSWORD} | gzip >"${backup_dir}/${dump_name}" +# shellcheck disable=SC2086 +mariadb-backup --backup ${buopts} -u root -p"${MYSQL_ROOT_PASSWORD}" --stream=xbstream | gzip >"${backup_dir}/${stream_name}" +# shellcheck disable=SC2086 +mysqldump --all-databases --single-transaction ${dumpopts} -u root -p"${MYSQL_ROOT_PASSWORD}" | gzip >"${backup_dir}/${dump_name}" if [[ -z ${customer} ]]; then - mysql -p${MYSQL_ROOT_PASSWORD} -e "start slave" + mysql -p"${MYSQL_ROOT_PASSWORD}" -u root -e "start slave" fi From 8e2ba68b80c9616c87d689ad812a3d98efd79c18 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 218/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 6cff18612113055e5588c19c5830df2bb4648b18 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 219/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From c3ce7089ad8581b7d158187587d895d018e18588 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Dec 2024 10:32:01 +0100 Subject: [PATCH 220/247] Remove ref to gss --- facts.d/nc_versions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/facts.d/nc_versions.sh b/facts.d/nc_versions.sh index 2beb9c8..38ce14f 100755 --- a/facts.d/nc_versions.sh +++ b/facts.d/nc_versions.sh @@ -21,7 +21,7 @@ for environment in test prod; do version=$(yq -r ".${key}" "${group}") print_fact "${customer}" "${environment}" "${version}" done - for customer in $(yq -r '.fullnodes[]' "${common}") gss; do + for customer in $(yq -r '.fullnodes[]' "${common}"); do group="${repo}/${customer}-common/overlay/etc/hiera/data/group.yaml" version=$(yq -r ".${key}" "${group}") print_fact "${customer}" "${environment}" "${version}" From a4b4f4c013c7aeaf490bb6b9230ef23749493724 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 221/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 3e5a76a37d18842784a5249748167fe970d2b7c9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 222/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From 1c43f32440c49c639ff3f914a69798f67755eb9b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 223/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From ba792bd85152f3b0e895d0da4d060ecfe50dbd0e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 224/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From 39285f075f2429bad5087fcfc46cc14f69c33d43 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Dec 2024 14:58:23 +0100 Subject: [PATCH 225/247] Remove gss --- templates/script/restart-db-cluster.erb | 6 ++---- templates/script/restart-nextcloud-farm.erb | 5 ++--- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/templates/script/restart-db-cluster.erb b/templates/script/restart-db-cluster.erb index 418512c..82ac939 100755 --- a/templates/script/restart-db-cluster.erb +++ b/templates/script/restart-db-cluster.erb @@ -67,12 +67,10 @@ def main() -> int: reboot_command = ['sudo /usr/local/bin/safer_reboot'] if customers[0] == "common": - customers = ["gss", "lookup", "multinode"] + customers = ["lookup", "multinode"] for customer in customers: backup_type = "backup" - if customer == "gss": - backup_type = "gssbackup" - elif customer == "lookup": + if customer == "lookup": backup_type = "lookupbackup" elif customer == "multinode": backup_command = ['sudo /home/script/bin/backup_multinode_db.sh'] diff --git a/templates/script/restart-nextcloud-farm.erb b/templates/script/restart-nextcloud-farm.erb index 2a01450..671eecf 100755 --- a/templates/script/restart-nextcloud-farm.erb +++ b/templates/script/restart-nextcloud-farm.erb @@ -89,9 +89,8 @@ def main() -> int: server_type = "node" backup_type = "backup" if customer == "common": - customer = "gss" - server_type = "gss" - backup_type = "gssbackup" + print("GSS no longer exists, bailing out.") + sys.exit(0) backup = build_fqdn(customer, environment, 1, backup_type) print("\tRunning backup command at {}".format(backup)) From ab039d217b0769284da921d763961d8a22be5514 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 226/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 80e1034695b64c00f79a7ae5171de227ecbe1d31 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 227/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From b100e18eea9eb7624a68da26ade00268f0dacdbe Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 09:35:53 +0100 Subject: [PATCH 228/247] Proxysql no longer has external network --- templates/multinode/docker-compose_nextcloud.yml.erb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index b536672..11898c1 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -18,7 +18,6 @@ services: networks: - default - - proxysql_proxysql dns: - 89.46.20.75 - 89.46.21.29 @@ -27,7 +26,3 @@ services: - <%= @https_port %>:443 command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true - -networks: - proxysql_proxysql: - external: true From 4561e417c644fe832d6530d84aae9a608e3889da Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 229/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 19473d6d821e0057fdeaafba9da90e85521c6f35 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 230/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From e31f4c8c61e7100adb25df223eca3e5b53dfb5bd Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 09:42:19 +0100 Subject: [PATCH 231/247] Proxysql no longer has external network --- templates/multinode/docker-compose_cache.yml.erb | 7 ------- 1 file changed, 7 deletions(-) diff --git a/templates/multinode/docker-compose_cache.yml.erb b/templates/multinode/docker-compose_cache.yml.erb index eb7051b..80cd284 100644 --- a/templates/multinode/docker-compose_cache.yml.erb +++ b/templates/multinode/docker-compose_cache.yml.erb @@ -12,10 +12,3 @@ services: - <%= @redis_conf_dir %>:/data command: redis-server /data/redis.conf --loglevel verbose restart: always - networks: - - proxysql_proxysql - -networks: - proxysql_proxysql: - external: true - From b09c79cc3de42f92e118b8e97400d5d00c343c19 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 232/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 0f746f67cee506a575fdcad3b99a7cff6c8380e6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 233/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From 11ab90e981151b07a053f572135dc57fec6c9b2b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 09:51:57 +0100 Subject: [PATCH 234/247] Open ports --- manifests/multinode.pp | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 0ba70ad..40d55dd 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -407,10 +407,18 @@ MACAddressPolicy=none' content => template('sunetdrive/multinode/complete_reinstall.erb.sh'), mode => '0744', } - # Open ports - sunet::misc::ufw_allow { "https_port_${customer}": - from => '0.0.0.0', - port => $https_port, + if $::facts['sunet_nftables_enabled'] == 'yes' { + sunet::nftables::docker_expose { "https_port_${customer}": + allow_clients => '0.0.0.0', + port => $https_port, + iif => 'ens3', + } + } else { + # Open ports + sunet::misc::ufw_allow { "https_port_${customer}": + from => '0.0.0.0', + port => $https_port, + } } } } From 601ff83b9f434622959a5ed139bb155e0922588b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 235/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 32339a3fbf65e50068e631412c138bbbd92fca32 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 236/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From 9ef9bab2cd7d2256d6afb6674596419ce357b5fe Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 10:11:12 +0100 Subject: [PATCH 237/247] Allow on all interfaces and on ipv6 --- manifests/multinode.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 40d55dd..d728e5f 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -409,9 +409,9 @@ MACAddressPolicy=none' } if $::facts['sunet_nftables_enabled'] == 'yes' { sunet::nftables::docker_expose { "https_port_${customer}": - allow_clients => '0.0.0.0', + allow_clients => ['0.0.0.0', '::/0'], port => $https_port, - iif => 'ens3', + iif => '*', } } else { # Open ports From 7c1456702feee4460bbcba8cdecec599b5f43b6d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 238/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 67b72f387a077f4a985ff6bf6508eef9b5551698 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 239/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From a942487f303a82e5ad080610cd35328aa1a20535 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 10:36:42 +0100 Subject: [PATCH 240/247] Add new option --- manifests/proxysql.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp index 4926870..c75edeb 100644 --- a/manifests/proxysql.pp +++ b/manifests/proxysql.pp @@ -4,6 +4,7 @@ class sunetdrive::proxysql ( $location = undef, $proxysql_container_name = 'proxysql_proxysql_1', $manage_config = true, + $manage_network = true, ) { # Config from group.yaml @@ -26,7 +27,7 @@ class sunetdrive::proxysql ( $mysql_user = safe_hiera('mysql_user') $transaction_persistent = 1 - if $::facts['dockerhost2'] == 'yes' { + if $::facts['dockerhost2'] == 'yes' and $manage_network { $hostnet = true } From d9b4ff9f3442410965ca672d212527e294f75669 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 10:39:15 +0100 Subject: [PATCH 241/247] Add back proxysql networ --- templates/multinode/docker-compose_cache.yml.erb | 6 ++++++ templates/multinode/docker-compose_nextcloud.yml.erb | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/templates/multinode/docker-compose_cache.yml.erb b/templates/multinode/docker-compose_cache.yml.erb index 80cd284..f1fa987 100644 --- a/templates/multinode/docker-compose_cache.yml.erb +++ b/templates/multinode/docker-compose_cache.yml.erb @@ -11,4 +11,10 @@ services: volumes: - <%= @redis_conf_dir %>:/data command: redis-server /data/redis.conf --loglevel verbose + networks: + - proxysql_proxysql restart: always + +networks: + proxysql_proxysql: + external: true diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index 11898c1..b536672 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -18,6 +18,7 @@ services: networks: - default + - proxysql_proxysql dns: - 89.46.20.75 - 89.46.21.29 @@ -26,3 +27,7 @@ services: - <%= @https_port %>:443 command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true + +networks: + proxysql_proxysql: + external: true From af323bdfd973c113f3858a3917447e236c6b6118 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:28:08 +0100 Subject: [PATCH 242/247] Use new uptime check --- manifests/nrpe.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c9aac3b 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,6 +5,8 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, + $uptimew = 30, + $uptimec = 50, ) { require apt @@ -76,4 +78,8 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } + sunet::nagios::nrpe_check_uptime { 'check_uptime': + uptimew => $uptimew, + uptimec => $uptimec, + } } From 60c776088ebab4f8ff1a122cd83ed0336f90d25c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 11 Dec 2024 09:38:52 +0100 Subject: [PATCH 243/247] Revert "Use new uptime check" This reverts commit 60fc3ef307ef1e37ec6a293d8a98505768e2a1cd. --- manifests/nrpe.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c9aac3b..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,6 @@ class sunetdrive::nrpe( $loadc = '30,25,20', $procsw = 150, $procsc = 200, - $uptimew = 30, - $uptimec = 50, ) { require apt @@ -78,8 +76,4 @@ class sunetdrive::nrpe( sunet::nagios::nrpe_command {'check_mysql_server_status': command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' } - sunet::nagios::nrpe_check_uptime { 'check_uptime': - uptimew => $uptimew, - uptimec => $uptimec, - } } From 86a5d1d3079c1cb8607c9c68875661e929ae40e7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 09:35:53 +0100 Subject: [PATCH 244/247] Proxysql no longer has external network --- templates/multinode/docker-compose_nextcloud.yml.erb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index b536672..11898c1 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -18,7 +18,6 @@ services: networks: - default - - proxysql_proxysql dns: - 89.46.20.75 - 89.46.21.29 @@ -27,7 +26,3 @@ services: - <%= @https_port %>:443 command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true - -networks: - proxysql_proxysql: - external: true From 288369396798523a5394aec159b0799a1d0ee7c3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 10:39:15 +0100 Subject: [PATCH 245/247] Add back proxysql networ --- templates/multinode/docker-compose_nextcloud.yml.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index 11898c1..b536672 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -18,6 +18,7 @@ services: networks: - default + - proxysql_proxysql dns: - 89.46.20.75 - 89.46.21.29 @@ -26,3 +27,7 @@ services: - <%= @https_port %>:443 command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true + +networks: + proxysql_proxysql: + external: true From 536a4a11d375d40558003d3edfcab2513eda58ed Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 11:03:46 +0100 Subject: [PATCH 246/247] Use other format --- manifests/multinode.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/multinode.pp b/manifests/multinode.pp index d728e5f..381c19a 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -408,11 +408,11 @@ MACAddressPolicy=none' mode => '0744', } if $::facts['sunet_nftables_enabled'] == 'yes' { - sunet::nftables::docker_expose { "https_port_${customer}": - allow_clients => ['0.0.0.0', '::/0'], - port => $https_port, - iif => '*', - } + $name = "https_port_${customer}" + ensure_resource('sunet::nftables::ufw_allow_compat', $name, { + from => ['0.0.0.0', '::/0'], + port => $https_port, + }) } else { # Open ports sunet::misc::ufw_allow { "https_port_${customer}": From 8f7cd413ffdfdf5d9e72ca81bd90da4c771dec6e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Dec 2024 11:10:38 +0100 Subject: [PATCH 247/247] Add netamsk --- manifests/multinode.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 381c19a..8934343 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -410,7 +410,7 @@ MACAddressPolicy=none' if $::facts['sunet_nftables_enabled'] == 'yes' { $name = "https_port_${customer}" ensure_resource('sunet::nftables::ufw_allow_compat', $name, { - from => ['0.0.0.0', '::/0'], + from => ['0.0.0.0/0', '::/0'], port => $https_port, }) } else {