From b7a26db915ac4e1692ed8568e1083466bc7e7902 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 12 Jun 2023 10:01:03 +0200 Subject: [PATCH 01/13] Fix fact --- manifests/mariadb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index 66f3522..88a11c2 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -8,7 +8,7 @@ class sunetdrive::mariadb ( $replicate_rewrite_db = undef, ) { - $quorum_id = $facts['facts['networking']['fqdn']'] + $quorum_id = $facts['networking']['fqdn'] $quorum_password = safe_hiera('quorum_password') $db = sunetdrive::db_type { 'base_db': bootstrap => $bootstrap, From 61c56fd2f2c03d1d8c24bcc295fa02bfb938714e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 12 Jun 2023 11:29:51 +0200 Subject: [PATCH 02/13] Pass on variable --- manifests/db_type.pp | 14 ++++++++------ manifests/mariadb.pp | 7 ++++--- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 6448878..8c1a853 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -4,7 +4,9 @@ define sunetdrive::db_type( $bootstrap=undef, $location=undef, $override_config = undef, - $override_compose = undef) + $override_compose = undef, + $replicate_rewrite_db = undef, +) { # Config from group.yaml @@ -27,8 +29,8 @@ define sunetdrive::db_type( $mysql_user_password = safe_hiera('mysql_user_password') $mariadb_dir = '/etc/mariadb' $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb' - $server_id = 1000 + Integer($facts['hostname'][-1]) - ensure_resource('file',"${mariadb_dir}", { ensure => directory, recurse => true } ) + $server_id = 1000 + Integer($facts['networking']['hostname']) + ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } ) $dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ] $dirs.each |$dir| { ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } ) @@ -90,7 +92,7 @@ define sunetdrive::db_type( mode => '0744', } sunet::scriptherder::cronjob { 'purge_binlogs': - cmd => "/usr/local/bin/purge-binlogs", + cmd => '/usr/local/bin/purge-binlogs', hour => '6', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], @@ -109,14 +111,14 @@ define sunetdrive::db_type( content => template('sunetdrive/mariadb/status-test.erb'), mode => '0744', } - file { "/etc/sudoers.d/99-size-test": + file { '/etc/sudoers.d/99-size-test': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/size-test\n", mode => '0440', owner => 'root', group => 'root', } - file { "/etc/sudoers.d/99-status-test": + file { '/etc/sudoers.d/99-status-test': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/status-test\n", mode => '0440', diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index 88a11c2..8725c8a 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -11,9 +11,10 @@ class sunetdrive::mariadb ( $quorum_id = $facts['networking']['fqdn'] $quorum_password = safe_hiera('quorum_password') $db = sunetdrive::db_type { 'base_db': - bootstrap => $bootstrap, - tag_mariadb => $tag_mariadb, - location => $location, + bootstrap => $bootstrap, + tag_mariadb => $tag_mariadb, + location => $location, + replicate_rewrite_db => $replicate_rewrite_db, } file { '/etc/quorum.conf': ensure => file, From 08243f555d3446e62e554cec64d9b67ed446370f Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 12 Jun 2023 11:42:00 +0200 Subject: [PATCH 03/13] Add back index --- manifests/db_type.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 8c1a853..7c953b4 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -29,7 +29,7 @@ define sunetdrive::db_type( $mysql_user_password = safe_hiera('mysql_user_password') $mariadb_dir = '/etc/mariadb' $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb' - $server_id = 1000 + Integer($facts['networking']['hostname']) + $server_id = 1000 + Integer($facts['networking']['hostname'][-1]) ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } ) $dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ] $dirs.each |$dir| { From 2119f710088ab7e8cf055192e45dbdd72d81ea16 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 13 Jun 2023 11:46:25 +0200 Subject: [PATCH 04/13] Backup dir overwritten by data script --- templates/script/backupdb.erb.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/templates/script/backupdb.erb.sh b/templates/script/backupdb.erb.sh index b35acbc..29f90d3 100644 --- a/templates/script/backupdb.erb.sh +++ b/templates/script/backupdb.erb.sh @@ -10,7 +10,8 @@ if ! [[ ${backup} =~ backup1.*sunet.se$ ]]; then echo "Usage: ${0} " echo "Example: ${0} backup1.sunet.drive.sunet.se" fi -backup_dir="/opt/backups" +backup_dir="/opt/backups/backups" +mkdir -p ${backup_dir} bucket="db-backups" mirror="<%= @customer %>-<%= @environment %>-mirror" if [[ ${mirror} =~ common-(test|prod)-mirror ]]; then @@ -23,11 +24,8 @@ ssh ${backup} "sudo /home/script/bin/backup_db.sh" echo "Cleaning up old backups for ${backup}" ssh ${backup} "sudo /home/script/bin/purge_backups.sh /opt/mariadb_backup/backups/" echo "Copying backups here" -mkdir -p ${backup_dir} scp script@${backup}:/opt/mariadb_backup/backups/$(date +%Y/%m/%d)/*.gz ${backup_dir} echo "Copying backups to remote bucket" rclone mkdir ${mirror}:${bucket} duplicity --full-if-older-than 1M --tempdir /mnt --archive-dir /mnt --no-encryption ${backup_dir} rclone://${mirror}:/${bucket} duplicity remove-all-but-n-full ${number_of_full_to_keep} --tempdir /mnt --archive-dir /mnt --force rclone://${mirror}:/${bucket} -echo "cleaning up" -rm -r ${backup_dir} From 95030efba239e9b20fa850ddb00447347556c35a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 13 Jun 2023 11:52:15 +0200 Subject: [PATCH 05/13] Run backup on same dir as before --- templates/script/backupdb.erb.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/script/backupdb.erb.sh b/templates/script/backupdb.erb.sh index 29f90d3..9ea12a8 100644 --- a/templates/script/backupdb.erb.sh +++ b/templates/script/backupdb.erb.sh @@ -10,7 +10,8 @@ if ! [[ ${backup} =~ backup1.*sunet.se$ ]]; then echo "Usage: ${0} " echo "Example: ${0} backup1.sunet.drive.sunet.se" fi -backup_dir="/opt/backups/backups" +backup_dir="/opt/backups" +backup_dir_long="${backup_dir}/backups" mkdir -p ${backup_dir} bucket="db-backups" mirror="<%= @customer %>-<%= @environment %>-mirror" @@ -24,7 +25,7 @@ ssh ${backup} "sudo /home/script/bin/backup_db.sh" echo "Cleaning up old backups for ${backup}" ssh ${backup} "sudo /home/script/bin/purge_backups.sh /opt/mariadb_backup/backups/" echo "Copying backups here" -scp script@${backup}:/opt/mariadb_backup/backups/$(date +%Y/%m/%d)/*.gz ${backup_dir} +scp script@${backup}:/opt/mariadb_backup/backups/$(date +%Y/%m/%d)/*.gz ${backup_dir_long} echo "Copying backups to remote bucket" rclone mkdir ${mirror}:${bucket} duplicity --full-if-older-than 1M --tempdir /mnt --archive-dir /mnt --no-encryption ${backup_dir} rclone://${mirror}:/${bucket} From a9fdb43bf6167b354b9077cc360043eb9cf98f36 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 13 Jun 2023 11:59:19 +0200 Subject: [PATCH 06/13] Add a default for backup --- templates/script/backupdb.erb.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/script/backupdb.erb.sh b/templates/script/backupdb.erb.sh index 9ea12a8..1eb7992 100644 --- a/templates/script/backupdb.erb.sh +++ b/templates/script/backupdb.erb.sh @@ -6,6 +6,9 @@ sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk number_of_full_to_keep="<%= @full_backup_retention %>" backup="${1}" +if [[ -z ${backup} ]]; then + backup="backup1.$(hostname -d)" +fi if ! [[ ${backup} =~ backup1.*sunet.se$ ]]; then echo "Usage: ${0} " echo "Example: ${0} backup1.sunet.drive.sunet.se" From fa93c0184659595f0085687c22765e97ca3a88f3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 13 Jun 2023 12:09:13 +0200 Subject: [PATCH 07/13] Fix permissions --- templates/scriptreceiver/backup_db.erb.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/scriptreceiver/backup_db.erb.sh b/templates/scriptreceiver/backup_db.erb.sh index 025a338..3e15f25 100644 --- a/templates/scriptreceiver/backup_db.erb.sh +++ b/templates/scriptreceiver/backup_db.erb.sh @@ -11,5 +11,7 @@ else fi docker exec ${container} /do_backup.sh ${customer} +chown root:script /opt/mariadb_backup/ +chmod 750 /opt/mariadb_backup/ chmod 755 ${backupdir} chown -R script:root ${backupdir} From c7072d6dae4b5663f1b6a07de2f9222e849a5619 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 28 Jun 2023 15:51:43 +0200 Subject: [PATCH 08/13] Fix gss_mode for multinode --- manifests/multinode.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/multinode.pp b/manifests/multinode.pp index f169c37..2cc335f 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -14,6 +14,8 @@ class sunetdrive::multinode ( $db_ip = hiera_hash($environment)['db'] $admin_password = hiera('admin_password') $cluster_admin_password = hiera('cluster_admin_password') + # This is a global value from common.yaml but overridden in the gss-servers local.yaml + $gss_mode = hiera('gss_mode') $twofactor_enforced_groups = [] $twofactor_enforced_excluded_groups = [] From 6df092764fd9afd9c2978c7433773fd4f3e3f2b7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 18 Jul 2023 15:59:08 +0200 Subject: [PATCH 09/13] Remove replicate readwrite db --- manifests/mariadb.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index 8725c8a..c6356d2 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -5,7 +5,6 @@ class sunetdrive::mariadb ( $tag_mariadb = undef, $override_config = undef, $override_compose = undef, - $replicate_rewrite_db = undef, ) { $quorum_id = $facts['networking']['fqdn'] @@ -14,7 +13,6 @@ class sunetdrive::mariadb ( bootstrap => $bootstrap, tag_mariadb => $tag_mariadb, location => $location, - replicate_rewrite_db => $replicate_rewrite_db, } file { '/etc/quorum.conf': ensure => file, From 3986e69349a7fbfab60907b620d1f562c8e642e6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 25 Jul 2023 13:35:31 +0200 Subject: [PATCH 10/13] See if we can get ipv6 for monitor --- manifests/dockerhost.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/dockerhost.pp b/manifests/dockerhost.pp index 2060daa..9728721 100644 --- a/manifests/dockerhost.pp +++ b/manifests/dockerhost.pp @@ -8,6 +8,8 @@ class sunetdrive::dockerhost( String $docker_args = '', Optional[String] $docker_dns = undef, String $storage_driver = 'aufs', + Bool $write_daemon_config = false, + Bool $enable_ipv6 = false, ) { if $version == 'NOT_SET_IN_HIERA' { fail('Docker version not set in Hiera') @@ -26,6 +28,8 @@ class sunetdrive::dockerhost( storage_driver => $storage_driver, docker_network => true, # let docker choose a network for the 'docker' bridge compose_version => $compose_version, + write_daemon_config => $write_daemon_config, + enable_ipv6 => $enable_ipv6, } file { '/etc/apt/preferences.d/containerd.io.pref': ensure => absent, From 58fd21e0aa677a381d2f5b053f4863e82fae1385 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 25 Jul 2023 13:37:56 +0200 Subject: [PATCH 11/13] Typo --- manifests/dockerhost.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/dockerhost.pp b/manifests/dockerhost.pp index 9728721..069fac3 100644 --- a/manifests/dockerhost.pp +++ b/manifests/dockerhost.pp @@ -8,8 +8,8 @@ class sunetdrive::dockerhost( String $docker_args = '', Optional[String] $docker_dns = undef, String $storage_driver = 'aufs', - Bool $write_daemon_config = false, - Bool $enable_ipv6 = false, + Boolean $write_daemon_config = false, + Boolean $enable_ipv6 = false, ) { if $version == 'NOT_SET_IN_HIERA' { fail('Docker version not set in Hiera') From f56a5c6eaebf403f8e99037b25aa19cb7ae26022 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 16 Aug 2023 12:53:08 +0200 Subject: [PATCH 12/13] Add get drive customers script to all servers --- manifests/scriptreceiver.pp | 7 +++++++ templates/scriptreceiver/get_drive_customers.erb.sh | 12 ++++++++++++ 2 files changed, 19 insertions(+) create mode 100755 templates/scriptreceiver/get_drive_customers.erb.sh diff --git a/manifests/scriptreceiver.pp b/manifests/scriptreceiver.pp index 568129c..825fb1f 100644 --- a/manifests/scriptreceiver.pp +++ b/manifests/scriptreceiver.pp @@ -48,6 +48,13 @@ class sunetdrive::scriptreceiver() owner => 'root', group => 'root', } + file { '/usr/local/bin/get_drive_customers': + ensure => file, + content => template('sunetdrive/scriptreceiver/get_drive_customers.erb.sh'), + mode => '0744', + owner => 'root', + group => 'root', + } file { '/usr/local/bin/safer_reboot': ensure => file, content => template('sunetdrive/scriptreceiver/safer_reboot.erb'), diff --git a/templates/scriptreceiver/get_drive_customers.erb.sh b/templates/scriptreceiver/get_drive_customers.erb.sh new file mode 100755 index 0000000..62c6bd8 --- /dev/null +++ b/templates/scriptreceiver/get_drive_customers.erb.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +mode=${1} +if [[ "${mode}" == "multi" ]]; then + filter='.multinode_mapping| keys | join("\n")' +elif [[ "${mode}" == "single" ]]; then + filter='.singlenodes| join("\n")' +else + filter='.fullnodes | join("\n")' +fi +yq -r "${filter}" < /etc/hiera/data/common.yaml + From 364a8685a70df6fd227ec022abd6072891e5aa01 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Aug 2023 17:13:02 +0200 Subject: [PATCH 13/13] Get drive customers --- manifests/scriptreceiver.pp | 7 +++++++ templates/scriptreceiver/get_drive_customers.erb.sh | 11 +++++++++++ 2 files changed, 18 insertions(+) create mode 100755 templates/scriptreceiver/get_drive_customers.erb.sh diff --git a/manifests/scriptreceiver.pp b/manifests/scriptreceiver.pp index 568129c..84c5fae 100644 --- a/manifests/scriptreceiver.pp +++ b/manifests/scriptreceiver.pp @@ -55,6 +55,13 @@ class sunetdrive::scriptreceiver() owner => 'root', group => 'root', } + file { '/usr/local/bin/get_drive_customers': + ensure => file, + content => template('sunetdrive/scriptreceiver/get_drive_customers.erb.sh'), + mode => '0744', + owner => 'root', + group => 'root', + } file { '/root/.bashrc': ensure => file, content => template('sunetdrive/scriptreceiver/baschrc.erb.sh'), diff --git a/templates/scriptreceiver/get_drive_customers.erb.sh b/templates/scriptreceiver/get_drive_customers.erb.sh new file mode 100755 index 0000000..388ef30 --- /dev/null +++ b/templates/scriptreceiver/get_drive_customers.erb.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +mode=${1} +if [[ "${mode}" == "multi" ]]; then + filter='.multinode_mapping| keys | join("\n")' +elif [[ "${mode}" == "single" ]]; then + filter='.singlenodes| join("\n")' +else + filter='.fullnodes | join("\n")' +fi +cat /etc/hiera/data/common.yaml | yq -r "${filter}"