From 60cb53e631d9a09c76ff423766a661c0dca64107 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 08:57:17 +0200 Subject: [PATCH 01/37] multinode-db1: Add logic and template to create userlists by department. --- manifests/multinode_db.pp | 10 ++++++++++ templates/mariadb/genuserdeplists.sh.erb | 12 ++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 templates/mariadb/genuserdeplists.sh.erb diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 189787a..929a885 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -18,6 +18,9 @@ class sunetdrive::multinode_db(){ notify { 'hostmessage': message => "We are on multinode-db1. Set up statistics environment.", } + $custdata=$customers.reduce({}) |$memo, $value| { + $memo + {$value => lookup($value)} + } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': @@ -44,5 +47,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file { '/root/tasks/genusersondepartmentlists.sh': + ensure => file, + content => template('sunetdrive/mariadb/genuserdeplists.sh.erb'), + owner => 'root', + group => 'root', + mode => '0700', + } } } diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb new file mode 100644 index 0000000..dc2f5eb --- /dev/null +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -0,0 +1,12 @@ +#!/bin/bash + +<% @custdata.each do |cust,data| -%> +#Customer <%= cust %> has no billing departments. +<% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> +mkdir -p /opt/mariadb/statistics/users/<%= cust %> +chmod '0700' /opt/mariadb/statistics/users/<%= cust %> +<% data[@environment]["billdomains"].each do |dom| -%> + /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +<% end -%> +<% end -%> +<% end -%> From 7402202b9a09fedfab0ef8045cca500dc4802c33 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Fri, 30 Aug 2024 15:39:01 +0200 Subject: [PATCH 02/37] multinode-db1: Add initial upload logic of deprtment filtered user lists. --- templates/mariadb/genuserdeplists.sh.erb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index dc2f5eb..36d7d90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -1,12 +1,19 @@ #!/bin/bash +<% basedir="statistics:drive-server-coms" -%> +<% cupath="/opt/mariadb/statistics/users/" -%> + <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. <% if defined?(data[@environment]["billdomains"]) && data[@environment]["billdomains"] -%> mkdir -p /opt/mariadb/statistics/users/<%= cust %> chmod '0700' /opt/mariadb/statistics/users/<%= cust %> <% data[@environment]["billdomains"].each do |dom| -%> - /root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +/root/tasks/listusersbydep.sh <%= cust %> <%= dom %> > /opt/mariadb/statistics/users/<%= cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json +if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ +fi <% end -%> <% end -%> <% end -%> From d8eaa122e35ef44ae37e24fb181fd91361c6d79e Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 10:06:05 +0200 Subject: [PATCH 03/37] Lookup statistics secret on multinode-db1 in env test. --- manifests/multinode_db.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 929a885..4c6dd58 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -15,6 +15,7 @@ class sunetdrive::multinode_db(){ } } if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { + $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': message => "We are on multinode-db1. Set up statistics environment.", } From 05bde6adb6c1b81213609f0798331cb2fdc4087c Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 12:43:13 +0200 Subject: [PATCH 04/37] genusersondepartmentlists: Add som logic for error handling --- templates/mariadb/genuserdeplists.sh.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 36d7d90..54d06b4 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +status=0 <% @custdata.each do |cust,data| -%> #Customer <%= cust %> has no billing departments. @@ -13,6 +14,10 @@ chmod '0700' /opt/mariadb/statistics/users/<%= cust %> if jq . <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json &>/dev/null then timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= cupath + cust %>/users-<%= dom.gsub(/[.]/, '-') %>.json <%= basedir%>/<%= cust %>-<%= @environment%>/ + [[ $? -eq 0 ]] || { status=1 ; echo "Error: Upload of user data failed." ; } +else + echo "Error in json data" + status=1 fi <% end -%> <% end -%> From eac5b172f28c3142ed00d5d75a9e603a22c3843e Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 13:43:43 +0200 Subject: [PATCH 05/37] genusersondepartmentlists: Make status count --- templates/mariadb/genuserdeplists.sh.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index 54d06b4..a02d348 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -22,3 +22,5 @@ fi <% end -%> <% end -%> <% end -%> + +exit ${status} From 75c3a77c6d38004f1800bb501f9f5d78d65a15bc Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 3 Sep 2024 14:33:46 +0200 Subject: [PATCH 06/37] Gen users on department lists by a cronjob. --- manifests/multinode_db.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 4c6dd58..b4bfc6e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,5 +55,12 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + sunet::scriptherder::cronjob { 'genuserdeplists': + cmd => '/root/tasks/genusersondepartmentlists.sh', + hour => '2', + minute => '5', + ok_criteria => ['exit_status=0','max_age=30h'], + warn_criteria => ['exit_status=1', 'max_age=60h'], + } } } From bff8d8ab22d6979fc64f56abd8652001c44563d9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 9 Sep 2024 16:03:30 +0200 Subject: [PATCH 07/37] Don't use incudes like this in newer puppet --- manifests/dockerhost.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/dockerhost.pp b/manifests/dockerhost.pp index 069fac3..e5d13cf 100644 --- a/manifests/dockerhost.pp +++ b/manifests/dockerhost.pp @@ -1,4 +1,3 @@ -include apt # Wrapper for sunet::dockerhost to do thiss specific things class sunetdrive::dockerhost( String $version = safe_hiera('docker_version'), From 6827c0af7c6b6e9f5f48df1eae31004d168da9dc Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Mon, 9 Sep 2024 16:18:00 +0200 Subject: [PATCH 08/37] Dump customer datastructure for statistics logic to be transferred to script1. --- manifests/multinode_db.pp | 7 +++++++ templates/mariadb/custconfig.json.erb | 1 + templates/mariadb/genuserdeplists.sh.erb | 6 ++++++ 3 files changed, 14 insertions(+) create mode 100644 templates/mariadb/custconfig.json.erb diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index b4bfc6e..6841b75 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -55,6 +55,13 @@ class sunetdrive::multinode_db(){ group => 'root', mode => '0700', } + file {'/opt/mariadb/statistics/custdata.json': + ensure => file, + content => template('sunetdrive/mariadb/custconfig.json.erb'), + owner => 'root', + group => 'root', + mode => '0600', + } sunet::scriptherder::cronjob { 'genuserdeplists': cmd => '/root/tasks/genusersondepartmentlists.sh', hour => '2', diff --git a/templates/mariadb/custconfig.json.erb b/templates/mariadb/custconfig.json.erb new file mode 100644 index 0000000..2712515 --- /dev/null +++ b/templates/mariadb/custconfig.json.erb @@ -0,0 +1 @@ +<%= @custdata.to_json %> diff --git a/templates/mariadb/genuserdeplists.sh.erb b/templates/mariadb/genuserdeplists.sh.erb index a02d348..78f4c90 100644 --- a/templates/mariadb/genuserdeplists.sh.erb +++ b/templates/mariadb/genuserdeplists.sh.erb @@ -2,6 +2,7 @@ <% basedir="statistics:drive-server-coms" -%> <% cupath="/opt/mariadb/statistics/users/" -%> +<% custdata="/opt/mariadb/statistics/custdata.json" -%> status=0 <% @custdata.each do |cust,data| -%> @@ -23,4 +24,9 @@ fi <% end -%> <% end -%> +if [[ -f <%= custdata %> ]] +then + timeout 30s rclone copy -c --no-check-certificate --webdav-headers "Host,sunet.drive.sunet.se" --use-cookies <%= custdata %> <%= basedir%>/ +fi + exit ${status} From e4ccdde1693aed15db418c13e46675c49cb3bee8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 12 Sep 2024 17:27:16 +0200 Subject: [PATCH 09/37] Create parent dir --- manifests/script.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/script.pp b/manifests/script.pp index d940ea1..3d1ace0 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -108,6 +108,10 @@ class sunetdrive::script ( unless => "python3 -m pip list | grep drive-utils | grep ${drive_version}", require => Package['python3'], } + file { '/opt/backups': + ensure => directory, + mode => '0700' + } file { '/opt/backups/scripts': ensure => directory, mode => '0700' From e20e41edf8dbf43b40dfa1481d1a2abc0f032986 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 10/37] Move hee from cosmos-sites.pp --- manifests/common.pp | 48 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 manifests/common.pp diff --git a/manifests/common.pp b/manifests/common.pp new file mode 100644 index 0000000..d3acb7f --- /dev/null +++ b/manifests/common.pp @@ -0,0 +1,48 @@ + +# Common class +class sunetdrive::common { + include sunet::tools + include sunet::motd + include sunet::ntp + include apt + include apparmor + include sunet::packages::jq + if $::facts['sunet_nftables_enabled'] != 'yes' { + warning('Enabling UFW') + include ufw + } else { + if $facts['networking']['hostname'] =~ /^kube[wc]/ { + warning('Setting nftables to installed but disabled') + ensure_resource ('class','sunet::nftables::init', { enabled => false }) + } else { + warning('Enabling nftables') + ensure_resource ('class','sunet::nftables::init', { }) + } + } + package {'sysstat': ensure => 'latest'} + package {'needrestart': ensure => installed} + service {'sysstat': provider => 'systemd'} + file_line { 'enable_sa': + ensure => 'present', + line => 'ENABLED="true"', + path => '/etc/default/sysstat', + match => 'ENABLED="false"', + require => Package['sysstat'], + } + file_line { 'sa_cron_comment': + ensure => 'present', + line => '# Activity reports every 2 minutes everyday', + path => '/etc/cron.d/sysstat', + match => '^#\ Activity\ reports\ every\ 10\ minutes\ everyday', + require => Package['sysstat'], + notify => Service['sysstat'], + } + file_line { 'sa_cron': + ensure => 'present', + line => '*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1', + path => '/etc/cron.d/sysstat', + match => '^5-55/10', + require => Package['sysstat'], + notify => Service['sysstat'], + } +} From 1822ecd683f268def90dbd120a1e5c6896e04f52 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 11/37] Add audit log to other logs --- manifests/app_type.pp | 10 +++++++++- manifests/multinode.pp | 8 ++++++++ templates/application/docker-compose_nextcloud.yml.erb | 3 ++- templates/multinode/compress-logs.erb.sh | 2 +- templates/multinode/docker-compose_nextcloud.yml.erb | 3 ++- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 5ce6f7f..493929d 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -148,7 +148,8 @@ define sunetdrive::app_type ( force => true, owner => 'root', group => 'root', - content => "#This file is managed by puppet\n#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n", + content => "#This file is managed by puppet +#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n/opt/nextcloud/audit.log:180:256\n", mode => '0644', } file { '/opt/rotate/conf.d/redis.conf': @@ -199,6 +200,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0644', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', diff --git a/manifests/multinode.pp b/manifests/multinode.pp index eeffdb4..9620cb7 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -264,6 +264,7 @@ MACAddressPolicy=none' $mail_from_address = hiera("mail_from_address_${environment}") $mail_smtphost = hiera("mail_smtphost_${environment}") $nextcloud_log_path ="/opt/multinode/${customer}/nextcloud.log" + $audit_log_path ="/opt/multinode/${customer}/audit.log" if $customer_config['nextcloud_version'] { $nextcloud_version = $customer_config['nextcloud_version'] } else { @@ -384,6 +385,13 @@ MACAddressPolicy=none' group => 'root', mode => '0644', } + file { $audit_log_path: + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { $rclone_conf_path: ensure => present, owner => 'www-data', diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 8c74570..0936df0 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -21,6 +21,7 @@ services: - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh - /opt/nextcloud/config.php:/var/www/html/config/config.php - /opt/nextcloud/nextcloud.log:/var/www/html/data/nextcloud.log + - /opt/nextcloud/audit.log:/var/www/html/data/audit.log - /opt/nextcloud/rclone.conf:/rclone.conf <%- if @skeletondirectory -%> - /opt/nextcloud/skeleton:<%= @skeletondirectory %> @@ -42,7 +43,7 @@ services: ports: - 443:443 <%- end -%> - command: sh -c 'tail -f /var/www/html/data/nextcloud.log | tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' + command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true <%- if !@hostnet -%> diff --git a/templates/multinode/compress-logs.erb.sh b/templates/multinode/compress-logs.erb.sh index 9468c85..5e5e341 100644 --- a/templates/multinode/compress-logs.erb.sh +++ b/templates/multinode/compress-logs.erb.sh @@ -5,7 +5,7 @@ no_files=30 # Keep this many files as an archive, script is run once a week # a specific host, but will differ between hosts sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m -for logfile in $(ls /opt/multinode/*/{nextcloud.log,server/server.log}); do +for logfile in $(ls /opt/multinode/*/{nextcloud.log,audit.log,server/server.log}); do if [[ -f ${logfile}.gz.${no_files} ]]; then rm ${logfile}.gz.${no_files} fi diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index c6f0bb3..8008cb7 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -13,6 +13,7 @@ services: - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini - <%= @config_php_path %>:/var/www/html/config/config.php - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log + - <%= @audit_log_path %>:/var/www/html/data/audit.log - <%= @rclone_conf_path %>:/rclone.conf environment: - NC_PASS=<%= @admin_password%> @@ -25,7 +26,7 @@ services: - 89.32.32.32 ports: - <%= @https_port %>:443 - command: apachectl -D FOREGROUND + command: sh -c 'tail -F /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND' tty: true networks: From dbac473c26a6c0463aa07fd5fb16c08ad9936b49 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:29:07 +0200 Subject: [PATCH 12/37] Move nrpe class from opsrepo --- manifests/nrpe.pp | 79 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 manifests/nrpe.pp diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp new file mode 100644 index 0000000..c13f0ea --- /dev/null +++ b/manifests/nrpe.pp @@ -0,0 +1,79 @@ + +# NRPE class +class sunetdrive::nrpe( + $loadw = '15,10,5', + $loadc = '30,25,20', + $procsw = 150, + $procsc = 200, +) { + + require apt + class { 'sunet::nagios': + command_timeout => 600, + loadw => $loadw, + loadc => $loadc, + procsw => $procsw, + procsc => $procsc, + } + package {'nagios-plugins-contrib': ensure => latest} + if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '22.04') >= 0 ){ + $mem_w = '90' + $mem_c = '95' + } else { + $mem_w = '10' + $mem_c = '5' + } + $checks = ['nrpe_check_memory'] + $checks.each |$check| { + ensure_resource("sunet::nagios::${check}", "nagios-nrpe-${check}") + } + sunet::nagios::nrpe_command {'check_entropy': + command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' + } + sunet::nagios::nrpe_command {'check_ntp_time': + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + } + sunet::nagios::nrpe_command {'check_scriptherder': + command_line => '/usr/local/bin/scriptherder --mode check' + } + sunet::sudoer {'nagios_run_needrestart_command': + user_name => 'nagios', + collection => 'nrpe_needrestart_check', + command_line => '/usr/sbin/needrestart -p -l' + } + sunet::sudoer {'nagios_run_galera_command': + user_name => 'nagios', + collection => 'nrpe_galera_check', + command_line => '/usr/lib/nagios/plugins/check_galera_cluster -w 2 -c 1 -0' + } + sunet::nagios::nrpe_command {'check_galera_cluster': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_galera_cluster -w 2 -c 1 -0' + } + sunet::sudoer {'nagios_run_proxysql_command': + user_name => 'nagios', + collection => 'nrpe_proxysql_check', + command_line => '/usr/lib/nagios/plugins/check_proxysql_server, /usr/lib/nagios/plugins/check_mysql_server_status' + } + sunet::nagios::nrpe_command {'check_proxysql_server': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_proxysql_server' + } + sunet::sudoer {'nagios_run_replication_command': + user_name => 'nagios', + collection => 'nrpe_replication_check', + command_line => '/usr/local/bin/check_replication' + } + sunet::nagios::nrpe_command {'check_async_replication': + command_line => '/usr/bin/sudo /usr/local/bin/check_replication' + } + sunet::sudoer {'nagios_run_backup_command': + user_name => 'nagios', + collection => 'nrpe_backup_check', + command_line => '/usr/local/bin/check_backups' + } + sunet::nagios::nrpe_command {'check_backups': + command_line => '/usr/bin/sudo /usr/local/bin/check_backups' + } + sunet::nagios::nrpe_command {'check_mysql_server_status': + command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_mysql_server_status' + } +} From f8dce117a8245b93686da5bb4cc9cf2de6c677f1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:46:50 +0200 Subject: [PATCH 13/37] Correct hostgroup name --- manifests/sitemonitornaemon.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp index fd07491..4602549 100644 --- a/manifests/sitemonitornaemon.pp +++ b/manifests/sitemonitornaemon.pp @@ -46,7 +46,7 @@ class sunetdrive::sitemonitornaemon() { mode => '0644', } nagioscfg::service {'check_scriptherder': - hostgroup_name => ['nrpe'], + hostgroup_name => ['sunetdrive::nrpe'], check_command => 'check_nrpe_1arg_to30!check_scriptherder', description => 'Scriptherder Status', contact_groups => ['naemon-admins'], From 911edbed58dd878b176ec44c97a30caeeda268b7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 18:10:38 +0200 Subject: [PATCH 14/37] Node3 sunet-prod reinstalled --- templates/mariadb_backup/rclone.conf.erb | 2 +- templates/reva/rclone.conf.erb | 2 +- templates/script/rclone.conf.erb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/mariadb_backup/rclone.conf.erb b/templates/mariadb_backup/rclone.conf.erb index 3d144dc..273e9bf 100644 --- a/templates/mariadb_backup/rclone.conf.erb +++ b/templates/mariadb_backup/rclone.conf.erb @@ -1,6 +1,6 @@ [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> diff --git a/templates/reva/rclone.conf.erb b/templates/reva/rclone.conf.erb index 3d144dc..273e9bf 100644 --- a/templates/reva/rclone.conf.erb +++ b/templates/reva/rclone.conf.erb @@ -1,6 +1,6 @@ [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> diff --git a/templates/script/rclone.conf.erb b/templates/script/rclone.conf.erb index e77212d..c7b55f7 100644 --- a/templates/script/rclone.conf.erb +++ b/templates/script/rclone.conf.erb @@ -14,7 +14,7 @@ endpoint = <%= @s3_host_mirror %> acl = private [statistics] type = webdav -url = https://89.46.20.42/remote.php/dav/files/_script/ +url = https://89.45.236.246/remote.php/dav/files/_script/ vendor = nextcloud user = _script pass = <%= @statistics_secret %> From cf0a778781911e7d440079afd904a76fd5b839ae Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 22:31:01 +0200 Subject: [PATCH 15/37] Add uptime check taht warns if server has been up for too long --- templates/scriptreceiver/check_max_uptime | 31 +++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 templates/scriptreceiver/check_max_uptime diff --git a/templates/scriptreceiver/check_max_uptime b/templates/scriptreceiver/check_max_uptime new file mode 100755 index 0000000..63fbb63 --- /dev/null +++ b/templates/scriptreceiver/check_max_uptime @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +import argparse +import sys + +parser = argparse.ArgumentParser() +parser.add_argument('-w', '--warning', + help='Warning threashold', + required=True) +parser.add_argument('-c', '--critical', + help='Critical threashold', + required=True) + +args = parser.parse_args() +warning = int(args.warning) +critical = int(args.critical) + +with open('/proc/uptime', 'r') as f: + uptime_seconds = float(f.readline().split()[0]) +days = int(uptime_seconds / 86400) + +status = "OK" +exit = 0 +if days > warning: + status = "WARNING" + exit = 1 +if days > critical: + status = "CRITICAL" + exit = 2 + +print(f"{status}: uptime {days} days | uptime={days};{warning};{critical};") +sys.exit(exit) From 766c337cb2c62762113bc92b8e61f561cffeb3e5 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 1 Oct 2024 10:34:37 +0200 Subject: [PATCH 16/37] twofactor_enforced: Change manifest to work with fullnode --- manifests/app_type.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 493929d..ef15b0e 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -44,8 +44,8 @@ define sunetdrive::app_type ( $s3_secret = safe_hiera('s3_secret') $secret = safe_hiera('secret') } - $twofactor_enforced_groups = hiera_array('twofactor_enforced_groups') - $twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups') + $twofactor_enforced_groups = $config['twofactor_enforced_groups'] + $twofactor_enforced_excluded_groups = $config['twofactor_enforced_excluded_groups'] $nextcloud_version = hiera("nextcloud_version_${environment}") $nextcloud_version_string = split($nextcloud_version, '[-]')[0] # Common settings for multinode and full nodes From e3697719d21d781b519c65e177208f3d84d27937 Mon Sep 17 00:00:00 2001 From: Magnus Andersson Date: Tue, 1 Oct 2024 11:19:43 +0200 Subject: [PATCH 17/37] twofactor_enforced: Make template work with nil values --- templates/application/config.php.erb | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/templates/application/config.php.erb b/templates/application/config.php.erb index 09dee08..ec36ad8 100644 --- a/templates/application/config.php.erb +++ b/templates/application/config.php.erb @@ -214,18 +214,22 @@ $CONFIG = array ( array ( 0 => 'admin', 1 => 'forcemfa', - <%- index = 2 -%> - <%- @twofactor_enforced_groups.each do |item| -%> + <%- if @twofactor_enforced_groups -%> + <%- index = 2 -%> + <%- @twofactor_enforced_groups.each do |item| -%> <%= index %> => '<%= item %>', - <%- index += 1 -%> + <%- index += 1 -%> + <%- end -%> <%- end -%> ), 'twofactor_enforced_excluded_groups' => array ( - <%- index = 0 -%> - <%- @twofactor_enforced_excluded_groups.each do |item| -%> + <%- if @twofactor_enforced_excluded_groups -%> + <%- index = 0 -%> + <%- @twofactor_enforced_excluded_groups.each do |item| -%> <%= index %> => '<%= item %>', - <%- index += 1 -%> + <%- index += 1 -%> + <%- end -%> <%- end -%> ), 'updatechecker' => false, From 260fd526fe0733ecb13084b352b7530838729ad6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 2 Oct 2024 17:37:14 +0200 Subject: [PATCH 18/37] Use all adresses --- templates/mariadb/docker-compose_mariadb.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/docker-compose_mariadb.yml.erb b/templates/mariadb/docker-compose_mariadb.yml.erb index 1650563..6130e84 100644 --- a/templates/mariadb/docker-compose_mariadb.yml.erb +++ b/templates/mariadb/docker-compose_mariadb.yml.erb @@ -21,6 +21,6 @@ services: - MYSQL_ROOT_PASSWORD=<%= @mysql_root_password %> - BOOTSTRAP=<%= @bootstrap %> - FORCE_BOOTSTRAP=0 - command: "--wsrep_cluster_address=gcomm://<%= @db_ip[0] %>,<%= @db_ip[1] %>,<%= @db_ip[2] %>" + command: "--wsrep_cluster_address=gcomm://<%= @db_ip.join(',') %>" tty: true From ccdb53310dc7bebf01bcb14c0d928d8bb4f12dfd Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 19/37] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 07ddb2220a2644b913d1213969b9b0aebf7ce132 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 16:14:33 +0200 Subject: [PATCH 20/37] format --- manifests/script.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/script.pp b/manifests/script.pp index 3d1ace0..494150d 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -109,12 +109,12 @@ class sunetdrive::script ( require => Package['python3'], } file { '/opt/backups': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/opt/backups/scripts': - ensure => directory, - mode => '0700' + ensure => directory, + mode => '0700' } file { '/root/.ssh/': ensure => directory, From 141f9334f25edeb999fe63bd7e56dfb1ebb32186 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 21/37] Add mysql command to host --- manifests/db_type.pp | 5 +++++ templates/mariadb/mysql.erb.sh | 4 ++++ 2 files changed, 9 insertions(+) create mode 100644 templates/mariadb/mysql.erb.sh diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 295f839..440a3e9 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -90,6 +90,11 @@ define sunetdrive::db_type( ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } + file { '/usr/local/bin/mysql': + ensure => present, + content => template('sunetdrive/mariadb/mysql.erb.sh'), + mode => '0744', + } file { '/usr/local/bin/size-test': ensure => present, content => template('sunetdrive/mariadb/size-test.erb'), diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh new file mode 100644 index 0000000..b62d38d --- /dev/null +++ b/templates/mariadb/mysql.erb.sh @@ -0,0 +1,4 @@ +#!/bin/bash +pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') + +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From e4093f5e401edbe9baf9a094ca99b26da7c3586d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 22/37] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 5c16a783e9596c551702518ca63c47c5b81942d6 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 23/37] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 8b74bd9c750d6daa37b3db5c0483a810bfbf9ca4 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 24/37] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From d3e0f41ff1aac66a99ddb285558aa1380f98b7f8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 25/37] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 8ca506f60882a97e72f0620ebdfe4c81caeb857d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 26/37] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 15beb333ec0d0c8760b7081b21af4179ae923e28 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 27/37] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 6d78fdde7c2ade6a928d98bbd2e731003114807c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 28/37] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From f2b840682647b3c2c4234fab30ad2e35a9e6e1b2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 29/37] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 5c0e05394dec63648d7d78af4868b6b8abbc4323 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 30/37] Fix mode on log files --- manifests/app_type.pp | 4 ++-- manifests/onlyoffice.pp | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index ef15b0e..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -198,14 +198,14 @@ define sunetdrive::app_type ( force => true, owner => 'www-data', group => 'root', - mode => '0644', + mode => '0640', } file { '/opt/nextcloud/audit.log': ensure => file, force => true, owner => 'www-data', group => 'root', - mode => '0644', + mode => '0640', } file { '/opt/nextcloud/rclone.conf': ensure => file, diff --git a/manifests/onlyoffice.pp b/manifests/onlyoffice.pp index 6d63ac0..2fd3359 100644 --- a/manifests/onlyoffice.pp +++ b/manifests/onlyoffice.pp @@ -16,14 +16,14 @@ class sunetdrive::onlyoffice () { command => "docker login registry.gitlab.collabora.com -u ${token_name} -p ${access_token}", } sunet::collabora::docs { 'sunet-onlyoffice': - dns => [ '89.32.32.32' ], - extra_hosts => $extra_hosts, + dns => [ '89.32.32.32' ], + extra_hosts => $extra_hosts, extra_volumes => ['/opt/collabora/coolwsd.xml:/etc/coolwsd/coolwsd.xml'], - docker_tag => $docker_tag, - docker_image => 'registry.gitlab.collabora.com/productivity/collabora-online-nc', + docker_tag => $docker_tag, + docker_image => 'registry.gitlab.collabora.com/productivity/collabora-online-nc', } file {'/opt/collabora/coolwsd.xml': - ensure => present, + ensure => present, content => template('sunetdrive/document/coolwsd.xml.erb'), } } From 026c5c5d03da7b479a4b4f7905d978a307ca0356 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 31/37] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From c761c560529a9b92ba4980f1c2e31209eac57818 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 32/37] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From f29e074ded405964ca3635c42def9e800828bc0c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 33/37] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From e0c06d4571d9d0d8e022e5ae72b8ee5f1981f89e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 34/37] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 1a39e0dbec6fdd10d4a4090d4442e220885d07af Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 35/37] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 52869ca08969f4d3f11e52994932c50a90f49c25 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 36/37] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From d7e7e260c25d6b88b20a6f1be0d86f377a76b246 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 37/37] puppet-lint --fix --- functions/get_customer.pp | 2 +- functions/get_environment.pp | 2 +- functions/get_node_number.pp | 2 +- manifests/cloudimage.pp | 4 ++-- manifests/infra_script.pp | 2 +- manifests/mariadb.pp | 6 +++--- manifests/multinode.pp | 4 ++-- manifests/multinode_db.pp | 2 +- manifests/scriptreceiver.pp | 2 +- manifests/sitemonitornaemon.pp | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/functions/get_customer.pp b/functions/get_customer.pp index aef58a1..ab67f9f 100644 --- a/functions/get_customer.pp +++ b/functions/get_customer.pp @@ -1,6 +1,6 @@ # Lets determin who the customer is by looking at the hostname function sunetdrive::get_customer() >> String { - $hostnameparts = split($facts['fqdn'],'\.') + $hostnameparts = split($facts['networking']['fqdn'],'\.') if $hostnameparts[1] == 'drive' { if $hostnameparts[0] =~ /^gss/ { return 'gss' diff --git a/functions/get_environment.pp b/functions/get_environment.pp index 42fa60f..f0556af 100644 --- a/functions/get_environment.pp +++ b/functions/get_environment.pp @@ -1,6 +1,6 @@ # Lets determin where we are by looking at the hostname function sunetdrive::get_environment() >> String { - $hostname = $facts['fqdn'] + $hostname = $facts['networking']['fqdn'] if $hostname =~ /^.*\.drive\.sunet\.se$/ { if $hostname =~ /^.*\.pilot\.drive\.sunet\.se$/ { return 'pilot' diff --git a/functions/get_node_number.pp b/functions/get_node_number.pp index 4c256fe..2b5317b 100644 --- a/functions/get_node_number.pp +++ b/functions/get_node_number.pp @@ -1,4 +1,4 @@ # Lets determin where we are by looking at the hostname function sunetdrive::get_node_number() >> Integer { - Integer(regsubst($::fqdn, /^[a-zA-Z\-]+(\d).*$/, '\\1')) + Integer(regsubst($facts['networking']['fqdn'], /^[a-zA-Z\-]+(\d).*$/, '\\1')) } diff --git a/manifests/cloudimage.pp b/manifests/cloudimage.pp index aa9cada..eeca54f 100644 --- a/manifests/cloudimage.pp +++ b/manifests/cloudimage.pp @@ -38,8 +38,8 @@ define sunetdrive::cloudimage( resolver => ['130.242.80.14', '130.242.80.99'], search => $search, # - repo => $::cosmos_repo_origin_url, - tagpattern => $::cosmos_tag_pattern, + repo => $facts['cosmos_repo_origin_url'], + tagpattern => $facts['cosmos_tag_pattern'], # cpus => $cpus, memory => $memory, diff --git a/manifests/infra_script.pp b/manifests/infra_script.pp index fac5198..be78e19 100644 --- a/manifests/infra_script.pp +++ b/manifests/infra_script.pp @@ -4,7 +4,7 @@ class sunetdrive::infra_script ( $location = undef ) { $environment = sunetdrive::get_environment() - $customer = "common" + $customer = 'common' $config = hiera_hash($environment) $gss_backup_server = $config['gss_backup_server'] $lookup_backup_server = $config['lookup_backup_server'] diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index c6356d2..3eae4d5 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -10,9 +10,9 @@ class sunetdrive::mariadb ( $quorum_id = $facts['networking']['fqdn'] $quorum_password = safe_hiera('quorum_password') $db = sunetdrive::db_type { 'base_db': - bootstrap => $bootstrap, - tag_mariadb => $tag_mariadb, - location => $location, + bootstrap => $bootstrap, + tag_mariadb => $tag_mariadb, + location => $location, } file { '/etc/quorum.conf': ensure => file, diff --git a/manifests/multinode.pp b/manifests/multinode.pp index 9620cb7..0ba70ad 100644 --- a/manifests/multinode.pp +++ b/manifests/multinode.pp @@ -5,7 +5,7 @@ class sunetdrive::multinode ( ) { include sunet::packages::yq - $myname = $facts['hostname'] + $myname = $facts['networking']['hostname'] $is_multinode = true; $environment = sunetdrive::get_environment() $lb_servers = hiera_hash($environment)['lb_servers'] @@ -278,7 +278,7 @@ MACAddressPolicy=none' $s3_host = $customer_config['s3_host'] $s3_usepath = hiera('s3_usepath') $smtpuser = hiera("smtp_user_${environment}") - $trusted_domains = [$site_name, $facts['fqdn'], 'localhost'] + $trusted_domains = [$site_name, $facts['networking']['fqdn'], 'localhost'] $tug_office = hiera_array('tug_office') if $customer_config['twofactor_enforced_groups'] { $twofactor_enforced_groups = $customer_config['twofactor_enforced_groups'] diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 6841b75..8ec056e 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -17,7 +17,7 @@ class sunetdrive::multinode_db(){ if $facts["networking"]["fqdn"] =~ /^multinode-db1\.drive\.(test\.){1}sunet\.se$/ { $statistics_secret = safe_hiera('statistics_secret') notify { 'hostmessage': - message => "We are on multinode-db1. Set up statistics environment.", + message => 'We are on multinode-db1. Set up statistics environment.', } $custdata=$customers.reduce({}) |$memo, $value| { $memo + {$value => lookup($value)} diff --git a/manifests/scriptreceiver.pp b/manifests/scriptreceiver.pp index 9c8e319..6aca740 100644 --- a/manifests/scriptreceiver.pp +++ b/manifests/scriptreceiver.pp @@ -69,7 +69,7 @@ class sunetdrive::scriptreceiver() owner => 'root', group => 'root', } - file { "/etc/sudoers.d/99-safer_reboot": + file { '/etc/sudoers.d/99-safer_reboot': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/safer_reboot\n", mode => '0440', diff --git a/manifests/sitemonitornaemon.pp b/manifests/sitemonitornaemon.pp index 4602549..e0abcd4 100644 --- a/manifests/sitemonitornaemon.pp +++ b/manifests/sitemonitornaemon.pp @@ -7,7 +7,7 @@ class sunetdrive::sitemonitornaemon() { $tls_servers_with_port = hiera_array('tls_servers_with_port') $nextcloud_version_prod = split(hiera('nextcloud_version_prod'),'[-]')[0] $nextcloud_version_test = split(hiera('nextcloud_version_test'),'[-]')[0] - $monitorhost = $::fqdn + $monitorhost = $facts['networking']['fqdn'] $environment = sunetdrive::get_environment() $influx_passwd = safe_hiera('influx_passwd') $slack_url = safe_hiera('slack_url')