From 00c494193a9d0862e7ea96eb50fe9a373a1e9f2d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 25 Feb 2025 11:49:09 +0100 Subject: [PATCH 01/15] Remove lookup related manifests and config --- functions/get_customer.pp | 2 - manifests/app_type.pp | 1 - manifests/db_type.pp | 6 +- manifests/infra_script.pp | 4 +- manifests/lookup.pp | 47 -------------- manifests/multinode.pp | 1 - manifests/script.pp | 8 +-- templates/lookup/config.php.erb | 29 --------- .../lookup/docker-compose_lookup.yml.erb | 17 ----- templates/mariadb/05-lookup.sql.erb | 62 ------------------- templates/monitor/sunetdrive_sites.cfg.erb | 27 -------- templates/script/restart-db-cluster.erb | 6 +- 12 files changed, 9 insertions(+), 201 deletions(-) delete mode 100644 manifests/lookup.pp delete mode 100644 templates/lookup/config.php.erb delete mode 100644 templates/lookup/docker-compose_lookup.yml.erb delete mode 100644 templates/mariadb/05-lookup.sql.erb diff --git a/functions/get_customer.pp b/functions/get_customer.pp index ab67f9f..c1d9964 100644 --- a/functions/get_customer.pp +++ b/functions/get_customer.pp @@ -4,8 +4,6 @@ function sunetdrive::get_customer() >> String { if $hostnameparts[1] == 'drive' { if $hostnameparts[0] =~ /^gss/ { return 'gss' - } elsif $hostnameparts[0] =~ /^lookup/ { - return 'lookup' } else { return 'common' } diff --git a/manifests/app_type.pp b/manifests/app_type.pp index d8096b1..e86aa86 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -74,7 +74,6 @@ define sunetdrive::app_type ( $gs_federation = hiera('gs_federation') $gss_master_admin = hiera_array('gss_master_admin') $gss_master_url = hiera("gss_master_url_${environment}") - $lookup_server = hiera("lookup_server_${environment}") $mail_domain = hiera("mail_domain_${environment}") $mail_smtphost = hiera("mail_smtphost_${environment}") $mail_from_address = hiera("mail_from_address_${environment}") diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 23e4660..376334b 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -46,11 +46,7 @@ define sunetdrive::db_type( sunet::system_user {'mysql': username => 'mysql', group => 'mysql' } - if $location =~ /^lookup/ { - $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '05-lookup.sql'] - } else { - $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql'] - } + $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql'] $sql_files.each |$sql_file|{ file { "${mariadb_dir}/init/${sql_file}": ensure => present, diff --git a/manifests/infra_script.pp b/manifests/infra_script.pp index be78e19..818cf1a 100644 --- a/manifests/infra_script.pp +++ b/manifests/infra_script.pp @@ -7,7 +7,6 @@ class sunetdrive::infra_script ( $customer = 'common' $config = hiera_hash($environment) $gss_backup_server = $config['gss_backup_server'] - $lookup_backup_server = $config['lookup_backup_server'] $ssh_config = "Host *.sunet.se User script IdentityFile /root/.ssh/id_script" @@ -66,7 +65,8 @@ class sunetdrive::infra_script ( warn_criteria => ['exit_status=1','max_age=3d'], } sunet::scriptherder::cronjob { 'backuplookupdb': - cmd => "/root/tasks/backupdb.sh ${lookup_backup_server}", + ensure => 'absent', + cmd => 'true', hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], diff --git a/manifests/lookup.pp b/manifests/lookup.pp deleted file mode 100644 index 30994b8..0000000 --- a/manifests/lookup.pp +++ /dev/null @@ -1,47 +0,0 @@ -#Class for SUNET-Drive-Lookup-Server -class sunetdrive::lookup ( - $bootstrap = undef, - $location = undef -) { - - $environment = sunetdrive::get_environment() - $config = lookup($environment, undef, undef, undef) - - $public_url = "https://${config['site_name']}" - - - # Firewall settings - $nextcloud_ip = hiera_array("${location}_app", []) - $tug_office = hiera_array('tug_office') - - $dbhost = '127.0.0.1' - $gss_jwt_key = safe_hiera('gss_jwt_key') - $replication_auth = safe_hiera('replication_auth') - $mysql_user_password = safe_hiera('mysql_user_password') - $lookup_version = hiera("lookup_version_${environment}") - $email_sender = $config['email_sender'] - - #Create users - user { 'www-data': ensure => present, system => true } - - file { '/opt/lookup/config.php': - ensure => file, - owner => 'www-data', - group => 'root', - content => template('sunetdrive/lookup/config.php.erb'), - mode => '0644', - } - - sunet::docker_compose { 'drive_lookup_docker_compose': - content => template('sunetdrive/lookup/docker-compose_lookup.yml.erb'), - service_name => 'lookup', - compose_dir => '/opt/', - compose_filename => 'docker-compose.yml', - description => 'Lookup server', - } - - sunet::misc::ufw_allow { 'https': - from => '0.0.0.0/0', - port => 443, - } -} diff --git a/manifests/multinode.pp b/manifests/multinode.pp index ed3def2..1bf9aeb 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -274,7 +274,6 @@ MACAddressPolicy=none' $gss_master_admin = hiera_array('gss_master_admin') $gss_master_url = hiera("gss_master_url_${environment}") $https_port = hiera_hash('multinode_mapping')[$customer]['port'] - $lookup_server = hiera("lookup_server_${environment}") $mail_domain = hiera("mail_domain_${environment}") $mail_from_address = hiera("mail_from_address_${environment}") $mail_smtphost = hiera("mail_smtphost_${environment}") diff --git a/manifests/script.pp b/manifests/script.pp index 56a910d..4cfa6c1 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -418,17 +418,17 @@ class sunetdrive::script ( } } } - $gss_backup_server = $config['gss_backup_server'] - $lookup_backup_server = $config['lookup_backup_server'] sunet::scriptherder::cronjob { 'backupgssdb': - cmd => "/root/tasks/backupdb.sh ${gss_backup_server}", + ensure => 'absent', + cmd => 'true', hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } sunet::scriptherder::cronjob { 'backuplookupdb': - cmd => "/root/tasks/backupdb.sh ${lookup_backup_server}", + ensure => 'absent', + cmd => 'true', hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], diff --git a/templates/lookup/config.php.erb b/templates/lookup/config.php.erb deleted file mode 100644 index c7f9551..0000000 --- a/templates/lookup/config.php.erb +++ /dev/null @@ -1,29 +0,0 @@ - "<%= @gss_jwt_key %>", - 'DB' => [ - 'host' => "<%= @dbhost %>", - 'db' => "lookup" , - 'user' => "lookup", - 'pass' => "<%= @mysql_user_password %>", - ], - 'EMAIL_SENDER' => '<%= @email_sender %>', - 'ERROR_VERBOSE' => false, - 'GLOBAL_SCALE' => true, - 'IP_BLACKLIST' => [ - ], - 'MAX_REQUESTS' => 10000, - 'MAX_SEARCH_PAGE' => 10, - 'PUBLIC_URL' => '<%= @public_url %>', - 'REPLICATION_AUTH' => '<%= @replication_auth %>', - 'REPLICATION_HOSTS' => [ - ], - 'SPAM_BLACKLIST' => [ - ], - 'TWITTER' => [ - 'CONSUMER_KEY' => '', - 'CONSUMER_SECRET' => '', - 'ACCESS_TOKEN' => '', - 'ACCESS_TOKEN_SECRET' => '', - ], -]; diff --git a/templates/lookup/docker-compose_lookup.yml.erb b/templates/lookup/docker-compose_lookup.yml.erb deleted file mode 100644 index 0fbf94d..0000000 --- a/templates/lookup/docker-compose_lookup.yml.erb +++ /dev/null @@ -1,17 +0,0 @@ -version: '3.2' - -services: - - app: - container_name: lookup_app_1 - image: docker.sunet.se/drive/nextcloud-lookup:<%= @lookup_version %> - restart: always - volumes: - - /opt/lookup/config.php:/var/www/html/config/config.php - network_mode: host - dns: - - 89.46.20.75 - - 89.46.21.29 - - 89.32.32.32 - command: apachectl -D FOREGROUND - tty: true diff --git a/templates/mariadb/05-lookup.sql.erb b/templates/mariadb/05-lookup.sql.erb deleted file mode 100644 index 577c0e9..0000000 --- a/templates/mariadb/05-lookup.sql.erb +++ /dev/null @@ -1,62 +0,0 @@ -SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; -SET time_zone = "+00:00"; - -/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; -/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; -/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; -/*!40101 SET NAMES utf8mb4 */; - -CREATE DATABASE IF NOT EXISTS `lookup` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; -USE `lookup`; - -CREATE USER 'lookup'@'%' IDENTIFIED BY '<%= @mysql_user_password %>'; -GRANT ALL PRIVILEGES ON lookup.* TO 'lookup'@'%' IDENTIFIED BY '<%= @mysql_user_password %>'; - - -DROP TABLE IF EXISTS `emailValidation`; -CREATE TABLE IF NOT EXISTS `emailValidation` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `storeId` int(11) NOT NULL, - `token` varchar(16) COLLATE utf8mb4_unicode_ci NOT NULL, - PRIMARY KEY (`id`), - KEY `token` (`token`), - KEY `storeId` (`storeId`) -) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -DROP TABLE IF EXISTS `store`; -CREATE TABLE IF NOT EXISTS `store` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `userId` int(11) NOT NULL, - `k` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL, - `v` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL, - `valid` tinyint(1) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `key` (`k`(191)), - KEY `value` (`v`(191)), - KEY `userId` (`userId`) -) ENGINE=InnoDB AUTO_INCREMENT=51 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -DROP TABLE IF EXISTS `users`; -CREATE TABLE IF NOT EXISTS `users` ( - `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT, - `federationId` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL, - `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - PRIMARY KEY (`id`), - KEY `federationId` (`federationId`(191)) -) ENGINE=InnoDB AUTO_INCREMENT=15 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -DROP TABLE IF EXISTS `toVerify`; -CREATE TABLE IF NOT EXISTS `toVerify` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `userId` int(11) NOT NULL, - `storeId` int(11) NOT NULL, - `property` varchar(512) COLLATE utf8mb4_unicode_ci NOT NULL, - `location` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL, - `tries` int(11) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - - -/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; -/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; -/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; diff --git a/templates/monitor/sunetdrive_sites.cfg.erb b/templates/monitor/sunetdrive_sites.cfg.erb index 7991da6..c9a7772 100644 --- a/templates/monitor/sunetdrive_sites.cfg.erb +++ b/templates/monitor/sunetdrive_sites.cfg.erb @@ -131,32 +131,6 @@ define host { <% end -%> use monitor-site } -<% if site.match('lookup') %> -define service { - notes_url https://<%= site %> - action_url /grafana/dashboard/script/histou.js?host=$HOSTNAME$&service=$SERVICEDISPLAYNAME$&theme=light&annotations=true - check_command check_https - check_interval 5 - check_period 24x7 -<% if @environment == 'prod' %> - contacts slack -<% else -%> - contact_groups naemon-admins -<% end -%> - host_name <%= site %> - max_check_attempts 3 - notification_interval 60 - notification_period 24x7 - retry_interval 1 - service_description HTTPS -<% if site.match('test') -%> - servicegroups test-sites -<% else -%> - servicegroups prod-sites -<% end -%> -} -<% end -%> -<% unless site.match('lookup') %> define service { notes_url https://<%= site %>/status.php action_url /grafana/dashboard/script/histou.js?host=$HOSTNAME$&service=$SERVICEDISPLAYNAME$&theme=light&annotations=true @@ -209,4 +183,3 @@ define service { <% end -%> } <% end -%> -<% end -%> diff --git a/templates/script/restart-db-cluster.erb b/templates/script/restart-db-cluster.erb index 82ac939..3fdcbca 100755 --- a/templates/script/restart-db-cluster.erb +++ b/templates/script/restart-db-cluster.erb @@ -67,12 +67,10 @@ def main() -> int: reboot_command = ['sudo /usr/local/bin/safer_reboot'] if customers[0] == "common": - customers = ["lookup", "multinode"] + customers = ["multinode"] for customer in customers: backup_type = "backup" - if customer == "lookup": - backup_type = "lookupbackup" - elif customer == "multinode": + if customer == "multinode": backup_command = ['sudo /home/script/bin/backup_multinode_db.sh'] backup_type = "multinode-db" From ec6cda87fb682bebbcc6c4e5cbfecc9c268e2fe4 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 25 Feb 2025 11:55:43 +0100 Subject: [PATCH 02/15] Remove gss related manifests and config --- functions/get_customer.pp | 6 +---- manifests/app_type.pp | 27 +------------------ manifests/infra_script.pp | 4 +-- manifests/multinode.pp | 5 ---- .../docker-compose_nextcloud.yml.erb | 3 --- templates/monitor/sunetdrive_sites.cfg.erb | 1 - templates/script/maintenance.erb.sh | 2 +- 7 files changed, 5 insertions(+), 43 deletions(-) diff --git a/functions/get_customer.pp b/functions/get_customer.pp index c1d9964..fc162fe 100644 --- a/functions/get_customer.pp +++ b/functions/get_customer.pp @@ -2,11 +2,7 @@ function sunetdrive::get_customer() >> String { $hostnameparts = split($facts['networking']['fqdn'],'\.') if $hostnameparts[1] == 'drive' { - if $hostnameparts[0] =~ /^gss/ { - return 'gss' - } else { - return 'common' - } + return 'common' } elsif $hostnameparts[0] =~ /idp-proxy/ { return 'common' } diff --git a/manifests/app_type.pp b/manifests/app_type.pp index e86aa86..e791207 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -66,14 +66,11 @@ define sunetdrive::app_type ( # These are encrypted values from local.eyaml - $gss_jwt_key = safe_hiera('gss_jwt_key') $smtppassword = safe_hiera('smtp_password') #These are global values from common.yaml $gs_enabled = hiera('gs_enabled') $gs_federation = hiera('gs_federation') - $gss_master_admin = hiera_array('gss_master_admin') - $gss_master_url = hiera("gss_master_url_${environment}") $mail_domain = hiera("mail_domain_${environment}") $mail_smtphost = hiera("mail_smtphost_${environment}") $mail_from_address = hiera("mail_from_address_${environment}") @@ -81,9 +78,6 @@ define sunetdrive::app_type ( $smtpuser = hiera("smtp_user_${environment}") $tug_office = hiera_array('tug_office') - # This is a global value from common.yaml but overridden in the gss-servers local.yaml - $gss_mode = hiera('gss_mode') - # These are global values from common.yaml but can be overridden in group.yaml $drive_email_template_text_left = $config['drive_email_template_text_left'] $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left'] @@ -114,9 +108,6 @@ define sunetdrive::app_type ( file { '/opt/nextcloud/user-sync.sh': ensure => absent, } - -> cron { 'gss_user_sync': - ensure => absent, - } file { '/usr/local/bin/nocc': ensure => present, force => true, @@ -322,23 +313,7 @@ define sunetdrive::app_type ( mode => '0744', } } - if $location =~ /^gss-test/ { - file { '/opt/nextcloud/mappingfile.json': - ensure => present, - owner => 'www-data', - group => 'root', - content => template('sunetdrive/application/mappingfile-test.json.erb'), - mode => '0644', - } - } elsif $location =~ /^gss/ { - file { '/opt/nextcloud/mappingfile.json': - ensure => present, - owner => 'www-data', - group => 'root', - content => template('sunetdrive/application/mappingfile-prod.json.erb'), - mode => '0644', - } - } elsif $location =~ /^kau/ { + if $location =~ /^kau/ { file { '/mnt': ensure => directory, owner => 'www-data', diff --git a/manifests/infra_script.pp b/manifests/infra_script.pp index 818cf1a..55376b6 100644 --- a/manifests/infra_script.pp +++ b/manifests/infra_script.pp @@ -6,7 +6,6 @@ class sunetdrive::infra_script ( $environment = sunetdrive::get_environment() $customer = 'common' $config = hiera_hash($environment) - $gss_backup_server = $config['gss_backup_server'] $ssh_config = "Host *.sunet.se User script IdentityFile /root/.ssh/id_script" @@ -58,7 +57,8 @@ class sunetdrive::infra_script ( mode => '0700', } sunet::scriptherder::cronjob { 'backupgssdb': - cmd => "/root/tasks/backupdb.sh ${gss_backup_server}", + ensure => 'absent', + cmd => 'true', hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 1bf9aeb..385b1cd 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -14,8 +14,6 @@ class sunetdrive::multinode ( $db_ip = hiera_hash($environment)['db'] $admin_password = hiera('admin_password') $cluster_admin_password = hiera('cluster_admin_password') - # This is a global value from common.yaml but overridden in the gss-servers local.yaml - $gss_mode = hiera('gss_mode') $twofactor_enforced_groups = [] $twofactor_enforced_excluded_groups = [] @@ -271,8 +269,6 @@ MACAddressPolicy=none' $gs_enabled = hiera('gs_enabled') $gs_federation = hiera('gs_federation') - $gss_master_admin = hiera_array('gss_master_admin') - $gss_master_url = hiera("gss_master_url_${environment}") $https_port = hiera_hash('multinode_mapping')[$customer]['port'] $mail_domain = hiera("mail_domain_${environment}") $mail_from_address = hiera("mail_from_address_${environment}") @@ -326,7 +322,6 @@ MACAddressPolicy=none' $secret = safe_hiera("${customer}_secret") $passwordsalt= safe_hiera("${customer}_passwordsalt") $redis_host_password = safe_hiera("${customer}_redis_host_password") - $gss_jwt_key = safe_hiera('gss_jwt_key') $smtppassword = safe_hiera('smtp_password') $extra_config = { diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 6ca5473..8722e40 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -24,9 +24,6 @@ services: <%- if @skeletondirectory -%> - /opt/nextcloud/skeleton:<%= @skeletondirectory %> <%- end -%> -<%- if @location =~ /^gss/ -%> - - /opt/nextcloud/mappingfile.json:/var/www/html/mappingfile.json -<%- end -%> <% if @location =~ /^kau/ -%> - /mnt:/opt/tmp/ <%- end -%> diff --git a/templates/monitor/sunetdrive_sites.cfg.erb b/templates/monitor/sunetdrive_sites.cfg.erb index c9a7772..ae293c4 100644 --- a/templates/monitor/sunetdrive_sites.cfg.erb +++ b/templates/monitor/sunetdrive_sites.cfg.erb @@ -138,7 +138,6 @@ define service { check_interval 5 check_period 24x7 <% cur_cust = site.gsub(/\.drive.*/,'') %> -<% cur_cust = cur_cust.gsub(/drive.*/,'gss') %> # 'check_nextcloud' command definition <% if @environment == 'prod' and not site.match('test') and @fullnodes.include?(cur_cust) %> contacts slack diff --git a/templates/script/maintenance.erb.sh b/templates/script/maintenance.erb.sh index f37cdc7..c57b690 100644 --- a/templates/script/maintenance.erb.sh +++ b/templates/script/maintenance.erb.sh @@ -17,7 +17,7 @@ if [[ "${ENVIRONMENT}" == "prod" ]]; then fi if [[ "${CUSTOMER}" == "common" ]]; then customer="" - types="multinode gss" + types="multinode" fi domain="${customer}drive.${env}sunet.se" From d760626e0b7a334a2cd39138035b1e018298a06c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 25 Feb 2025 20:18:52 +0100 Subject: [PATCH 03/15] Make sure we know where our backups are located --- manifests/script.pp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 4cfa6c1..ef1dc5c 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -254,8 +254,11 @@ class sunetdrive::script ( group => 'root', mode => '0700', } - file { '/root/tasks/backupsinglenodedb.sh': - ensure => absent, + file_line { 'FIXME_remove_when_s3_migration_done_in_sto3': + ensure => 'present', + line => '37.156.195.53 s3.sto3.safedc.net', + path => '/etc/hosts', + match => '^37.156.195.53', } if $environment == 'test' { sunet::scriptherder::cronjob { 'reboot-customer': From a4a9e492f58e6d33226f61d780370ea15d87ceb2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 10:05:50 +0100 Subject: [PATCH 04/15] Move get_containers to all nodes --- manifests/app_type.pp | 8 ++++++++ manifests/multinode.pp | 8 -------- templates/{multinode => application}/get_containers | 0 3 files changed, 8 insertions(+), 8 deletions(-) rename templates/{multinode => application}/get_containers (100%) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index e791207..c279318 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -89,6 +89,14 @@ define sunetdrive::app_type ( $expiration_months = max(12, $full_backup_retention) $expiration_days_min = $expiration_months * 31 $expiration_days_max = $expiration_months * 31 + 93 + file { '/usr/local/bin/get_containers': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/get_containers'), + mode => '0744', + } unless $is_multinode{ user { 'www-data': ensure => present, system => true } diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 385b1cd..cf2bd71 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -87,14 +87,6 @@ class sunetdrive::multinode ( content => template('sunetdrive/multinode/get_non_paying_customers.erb.sh'), mode => '0744', } - file { '/usr/local/bin/get_containers': - ensure => present, - force => true, - owner => 'root', - group => 'root', - content => template('sunetdrive/multinode/get_containers'), - mode => '0744', - } file { '/usr/local/bin/restart_and_prune': ensure => present, force => true, diff --git a/templates/multinode/get_containers b/templates/application/get_containers similarity index 100% rename from templates/multinode/get_containers rename to templates/application/get_containers From fc0a790bd157f7540fc8a4ea66cb13e5438a906d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 10:32:07 +0100 Subject: [PATCH 05/15] Add scan cronjob to test --- manifests/app_type.pp | 16 ++++++++++++++++ templates/application/scan_external_mounts.sh | 10 ++++++++++ 2 files changed, 26 insertions(+) create mode 100644 templates/application/scan_external_mounts.sh diff --git a/manifests/app_type.pp b/manifests/app_type.pp index c279318..ebf4f90 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -97,6 +97,22 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/get_containers'), mode => '0744', } + if ($environment == 'test') { + file { '/usr/local/bin/scan_external_mounts': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/scan_external_mounts.sh'), + mode => '0744', + } + cron { 'scan_external_mounts': + command => '/usr/local/bin/scan_external_mounts', + user => 'root', + minute => '42', + hour => '9', + } + } unless $is_multinode{ user { 'www-data': ensure => present, system => true } diff --git a/templates/application/scan_external_mounts.sh b/templates/application/scan_external_mounts.sh new file mode 100644 index 0000000..cc18148 --- /dev/null +++ b/templates/application/scan_external_mounts.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# Only run if this is the only instance of this script running +if [[ $(pgrep -f "${0}" | wc -l) -eq 1 ]]; then + for container in $(get_containers); do + for id in $(nocc "${container}" files_external:list --all --output json | jq '.[].mount_id' | jq .); do + nocc "${container}" files_external:scan "${id}" + done + done +fi From 2944823676fe299a57df93dd81b671e63bf0d9f3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 10:34:44 +0100 Subject: [PATCH 06/15] Only run on node3 and multinodes --- manifests/app_type.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index ebf4f90..bf46d12 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -97,7 +97,7 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/get_containers'), mode => '0744', } - if ($environment == 'test') { + if ($environment == 'test' and ($nodenumber == 3 or $is_multinode )) { file { '/usr/local/bin/scan_external_mounts': ensure => present, force => true, From c7e337f3c4d8fc3e2544400eb37bbc8847e07631 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 11:01:46 +0100 Subject: [PATCH 07/15] multinodes are confused --- manifests/app_type.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index bf46d12..68a2de8 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -97,7 +97,7 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/get_containers'), mode => '0744', } - if ($environment == 'test' and ($nodenumber == 3 or $is_multinode )) { + if ($environment == 'test' and ($nodenumber == 3) and not ($is_multinode )) { file { '/usr/local/bin/scan_external_mounts': ensure => present, force => true, From 74f96705f15cbf848513cb21ca4e8dd48330a096 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 11:03:28 +0100 Subject: [PATCH 08/15] negation --- manifests/app_type.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 68a2de8..911e49d 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -97,7 +97,7 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/get_containers'), mode => '0744', } - if ($environment == 'test' and ($nodenumber == 3) and not ($is_multinode )) { + if ($environment == 'test' and ($nodenumber == 3) and ! ($is_multinode )) { file { '/usr/local/bin/scan_external_mounts': ensure => present, force => true, From ebe6f9640d1c7f7844e8df2a1f896b5515c69963 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 11:05:31 +0100 Subject: [PATCH 09/15] I am blind --- manifests/app_type.pp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 911e49d..5e90d79 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -89,15 +89,15 @@ define sunetdrive::app_type ( $expiration_months = max(12, $full_backup_retention) $expiration_days_min = $expiration_months * 31 $expiration_days_max = $expiration_months * 31 + 93 - file { '/usr/local/bin/get_containers': - ensure => present, - force => true, - owner => 'root', - group => 'root', - content => template('sunetdrive/application/get_containers'), - mode => '0744', - } if ($environment == 'test' and ($nodenumber == 3) and ! ($is_multinode )) { + file { '/usr/local/bin/get_containers': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/get_containers'), + mode => '0744', + } file { '/usr/local/bin/scan_external_mounts': ensure => present, force => true, From 7e53313d947b99731d9876e4437d07346f58ff2d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 11:09:17 +0100 Subject: [PATCH 10/15] Can I now have it outside? --- manifests/app_type.pp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 5e90d79..911e49d 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -89,15 +89,15 @@ define sunetdrive::app_type ( $expiration_months = max(12, $full_backup_retention) $expiration_days_min = $expiration_months * 31 $expiration_days_max = $expiration_months * 31 + 93 + file { '/usr/local/bin/get_containers': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/get_containers'), + mode => '0744', + } if ($environment == 'test' and ($nodenumber == 3) and ! ($is_multinode )) { - file { '/usr/local/bin/get_containers': - ensure => present, - force => true, - owner => 'root', - group => 'root', - content => template('sunetdrive/application/get_containers'), - mode => '0744', - } file { '/usr/local/bin/scan_external_mounts': ensure => present, force => true, From 41e9045833b72a59e05a6912ca3ad520c225c07f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 11:13:22 +0100 Subject: [PATCH 11/15] This is the way --- manifests/app_type.pp | 48 +++++++++++++++++++++--------------------- manifests/multinode.pp | 24 +++++++++++++++++++++ 2 files changed, 48 insertions(+), 24 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 911e49d..193ed9c 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -89,34 +89,34 @@ define sunetdrive::app_type ( $expiration_months = max(12, $full_backup_retention) $expiration_days_min = $expiration_months * 31 $expiration_days_max = $expiration_months * 31 + 93 - file { '/usr/local/bin/get_containers': - ensure => present, - force => true, - owner => 'root', - group => 'root', - content => template('sunetdrive/application/get_containers'), - mode => '0744', - } - if ($environment == 'test' and ($nodenumber == 3) and ! ($is_multinode )) { - file { '/usr/local/bin/scan_external_mounts': - ensure => present, - force => true, - owner => 'root', - group => 'root', - content => template('sunetdrive/application/scan_external_mounts.sh'), - mode => '0744', - } - cron { 'scan_external_mounts': - command => '/usr/local/bin/scan_external_mounts', - user => 'root', - minute => '42', - hour => '9', - } - } unless $is_multinode{ user { 'www-data': ensure => present, system => true } + file { '/usr/local/bin/get_containers': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/get_containers'), + mode => '0744', + } + if ($environment == 'test' and ($nodenumber == 3)) { + file { '/usr/local/bin/scan_external_mounts': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/scan_external_mounts.sh'), + mode => '0744', + } + cron { 'scan_external_mounts': + command => '/usr/local/bin/scan_external_mounts', + user => 'root', + minute => '20', + hour => '10', + } + } file { '/opt/nextcloud/cron.sh': ensure => file, owner => 'root', diff --git a/manifests/multinode.pp b/manifests/multinode.pp index cf2bd71..8471d1a 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -38,6 +38,30 @@ class sunetdrive::multinode ( user { 'www-data': ensure => present, system => true } sunet::system_user {'mysql': username => 'mysql', group => 'mysql' } ensure_resource('file', '/opt/nextcloud' , { ensure => directory, recurse => true } ) + file { '/usr/local/bin/get_containers': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/get_containers'), + mode => '0744', + } + if ($environment == 'test') { + file { '/usr/local/bin/scan_external_mounts': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/scan_external_mounts.sh'), + mode => '0744', + } + cron { 'scan_external_mounts': + command => '/usr/local/bin/scan_external_mounts', + user => 'root', + minute => '20', + hour => '10', + } + } file { '/usr/local/bin/nocc': ensure => present, force => true, From 2c974bd1788d3bc771bba677978eceef35aeda5b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 11:50:34 +0100 Subject: [PATCH 12/15] Change guard condition --- templates/application/scan_external_mounts.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/application/scan_external_mounts.sh b/templates/application/scan_external_mounts.sh index cc18148..557daf0 100644 --- a/templates/application/scan_external_mounts.sh +++ b/templates/application/scan_external_mounts.sh @@ -1,7 +1,8 @@ #!/bin/bash # Only run if this is the only instance of this script running -if [[ $(pgrep -f "${0}" | wc -l) -eq 1 ]]; then +# note: since this script forks to run pgrep, we need -eq 2 here +if [[ $(pgrep -f "${0}" | wc -l) -eq 2 ]]; then for container in $(get_containers); do for id in $(nocc "${container}" files_external:list --all --output json | jq '.[].mount_id' | jq .); do nocc "${container}" files_external:scan "${id}" From 1654186ddce0b04b29b0a71d4976eab015ee4a45 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 12:08:03 +0100 Subject: [PATCH 13/15] Add a deterministic sleep to spread out the load and lets run it at night in test --- manifests/app_type.pp | 2 +- manifests/multinode.pp | 2 +- templates/application/scan_external_mounts.sh | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 193ed9c..35b628b 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -114,7 +114,7 @@ define sunetdrive::app_type ( command => '/usr/local/bin/scan_external_mounts', user => 'root', minute => '20', - hour => '10', + hour => '1', } } file { '/opt/nextcloud/cron.sh': diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 8471d1a..50594ee 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -59,7 +59,7 @@ class sunetdrive::multinode ( command => '/usr/local/bin/scan_external_mounts', user => 'root', minute => '20', - hour => '10', + hour => '1', } } file { '/usr/local/bin/nocc': diff --git a/templates/application/scan_external_mounts.sh b/templates/application/scan_external_mounts.sh index 557daf0..9673dcf 100644 --- a/templates/application/scan_external_mounts.sh +++ b/templates/application/scan_external_mounts.sh @@ -1,4 +1,7 @@ #!/bin/bash +# We sleep a deterministic amount of time, which will be between 0 an 128 m and allways the same within +# a specific host, but will differ between hosts +sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m # Only run if this is the only instance of this script running # note: since this script forks to run pgrep, we need -eq 2 here From 800b2c4afcf88c3847d43db0ca9c2ca765527b1a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 12:09:59 +0100 Subject: [PATCH 14/15] Lets only sleep if we are not allready running --- templates/application/scan_external_mounts.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/application/scan_external_mounts.sh b/templates/application/scan_external_mounts.sh index 9673dcf..d1874b1 100644 --- a/templates/application/scan_external_mounts.sh +++ b/templates/application/scan_external_mounts.sh @@ -1,11 +1,11 @@ #!/bin/bash -# We sleep a deterministic amount of time, which will be between 0 an 128 m and allways the same within -# a specific host, but will differ between hosts -sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m # Only run if this is the only instance of this script running # note: since this script forks to run pgrep, we need -eq 2 here -if [[ $(pgrep -f "${0}" | wc -l) -eq 2 ]]; then +if [[ $(pgrep -f "${0}" | wc -l) -eq 2 ]]; then + # We sleep a deterministic amount of time, which will be between 0 an 128 m and allways the same within + # a specific host, but will differ between hosts + sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m for container in $(get_containers); do for id in $(nocc "${container}" files_external:list --all --output json | jq '.[].mount_id' | jq .); do nocc "${container}" files_external:scan "${id}" From 06d7fabf4b9460f6d7d3b053831cac2d52c216b1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 26 Feb 2025 12:30:30 +0100 Subject: [PATCH 15/15] Run cronjob in scriptherder and report errors found --- manifests/app_type.pp | 13 +++++++++---- manifests/multinode.pp | 13 +++++++++---- templates/application/scan_external_mounts.sh | 13 ++++++++++++- 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 35b628b..851bd45 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -110,11 +110,16 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/scan_external_mounts.sh'), mode => '0744', } + sunet::scriptherder::cronjob { 'scriptherder_scan_external_mounts': + cmd => '/usr/local/bin/scan_external_mounts', + hour => '1', + minute => '20', + ok_criteria => ['exit_status=0','max_age=2d'], + warn_criteria => ['exit_status=1','max_age=3d'], + } cron { 'scan_external_mounts': - command => '/usr/local/bin/scan_external_mounts', - user => 'root', - minute => '20', - hour => '1', + ensure => absent, + command => 'true', } } file { '/opt/nextcloud/cron.sh': diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 50594ee..9ebec47 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -55,11 +55,16 @@ class sunetdrive::multinode ( content => template('sunetdrive/application/scan_external_mounts.sh'), mode => '0744', } + sunet::scriptherder::cronjob { 'scriptherder_scan_external_mounts': + cmd => '/usr/local/bin/scan_external_mounts', + hour => '1', + minute => '20', + ok_criteria => ['exit_status=0','max_age=2d'], + warn_criteria => ['exit_status=1','max_age=3d'], + } cron { 'scan_external_mounts': - command => '/usr/local/bin/scan_external_mounts', - user => 'root', - minute => '20', - hour => '1', + ensure => absent, + command => 'true', } } file { '/usr/local/bin/nocc': diff --git a/templates/application/scan_external_mounts.sh b/templates/application/scan_external_mounts.sh index d1874b1..ef58cd8 100644 --- a/templates/application/scan_external_mounts.sh +++ b/templates/application/scan_external_mounts.sh @@ -1,5 +1,6 @@ #!/bin/bash +error_ids="" # Only run if this is the only instance of this script running # note: since this script forks to run pgrep, we need -eq 2 here if [[ $(pgrep -f "${0}" | wc -l) -eq 2 ]]; then @@ -8,7 +9,17 @@ if [[ $(pgrep -f "${0}" | wc -l) -eq 2 ]]; then sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m for container in $(get_containers); do for id in $(nocc "${container}" files_external:list --all --output json | jq '.[].mount_id' | jq .); do - nocc "${container}" files_external:scan "${id}" + nocc "${container}" files_external:scan "${id}" | grep Error + # shellcheck disable=SC2181 + if [[ ${?} -eq 0 ]]; then + error_ids="${error_ids} ${id}" + fi done done fi + +if [[ -n "${error_ids}" ]]; then + echo "Errors found in the following mounts: ${error_ids}" + exit 1 +fi +exit 0