From 8b0d90e4ebaf28f8e4d4960129a516eddaf5639a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 01/55] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 4111ac75009be88354603bf5e8619c068196748c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 02/55] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 1ecf6c81286eac284d5266b42b698071154c1232 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 03/55] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From daa647beb9628eacc1e761b21f6132f4c83f5f9c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 04/55] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From cc2a9e9ebf162a406efeb2db67d40155b21cb95b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 05/55] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 6224fe3e964ff8ab8dfe781ca4c5e01a5cd6c9a3 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 06/55] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 019a3d9792a2275495bc1bbf3aa19067c1cefe5b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:25:34 +0200 Subject: [PATCH 07/55] puppet-lint --fix --- manifests/multinode_db.pp | 3 --- 1 file changed, 3 deletions(-) diff --git a/manifests/multinode_db.pp b/manifests/multinode_db.pp index 8ec056e..d26acac 100644 --- a/manifests/multinode_db.pp +++ b/manifests/multinode_db.pp @@ -19,9 +19,6 @@ class sunetdrive::multinode_db(){ notify { 'hostmessage': message => 'We are on multinode-db1. Set up statistics environment.', } - $custdata=$customers.reduce({}) |$memo, $value| { - $memo + {$value => lookup($value)} - } $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': From b065ac7ae6d78d1e9d29b9db333452e3d1cee9c7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 08/55] Set permissions on redis --- manifests/redis_cluster.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index a567830..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -17,4 +17,10 @@ class sunetdrive::redis_cluster ( content => template('sunetdrive/redis_cluster/reset_cluster.erb.sh'), mode => '0700', } + exec { 'set_permissions_directory': + command => 'chown -R 999:root /opt/redis/node-*' + } + exec { 'set_permissions_files': + command => 'chown -R 999:99 /opt/redis/node-*/*' + } } From e76c22f6d568e8cb067b74cbf18736a17b063f57 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 09/55] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 74af996a7647c2b2983e4211a89d445a5bed1dad Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 10/55] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From beb69036a1e5b4451c8c70fe08e04dd62ceaf876 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 11/55] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From d63c586998872bf95818aed909917ae23c86c4ab Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 12/55] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From a74899332e48b72d69cea20e550b698c0aba5208 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 13/55] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 45ac19bec82f9a78a234240b6f3534c84fb72d14 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 14/55] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 158f982aedb203a908838cac44ff4a365262cef8 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 15/55] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 51ddfa985c757e69adb549e0d852cec4a9849648 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 16/55] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 81341be6e7c434c6785d5115a7dbd5620d3917ec Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 17/55] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From f5f97e1c3a0a2f5d802b7d4e11129a1429a7dd20 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 18/55] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 8646f1eda7fd50ec89ffe6ae96a6dded2d63528b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 19/55] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From f531a60514eddf3ba2bacd1d9eee2960fe1c033b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 20/55] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From e0f6d3bafafcec84bc1918904ffc4fcc37dd7428 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 21/55] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From d3cb9b9e147759835d1841af3dfba463f5fa0779 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 22/55] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From b280257882ebce2d46282d4174f388e2bb1312ff Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 23/55] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From cb35c3bbf74371e897e36a9b84f7649680271525 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 24/55] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 56f8a5d149be19f02d0c17513b8e5421933d4bc0 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 25/55] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From ac9e29d39e81be4179c6ee2525ded9e725a74bac Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 26/55] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From c649a7a6b42462696e9d920ea417b9b489b80cb0 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 27/55] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 958ff7daa9ae9bb320ed3207a58108975108a699 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 28/55] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From 6865d6833f3b8ee21c702722e17c805f303a3502 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 29/55] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From a64b2533bbd9eb0a7cb326ede0fba17a67d1c94a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 30/55] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From 76640002c0d6050084e795daccc420d614147343 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 31/55] Move hee from cosmos-sites.pp --- manifests/common.pp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..d3acb7f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,10 +45,4 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } - if $::facts['os']['distro']['id'] == 'Debian' { - exec { 'sysstat_systemd_timer': - command => 'systemctl enable --now sysstat-collect.timer', - unless => 'systemctl is-enabled --quiet sysstat-collect.timer', - } - } } From 7177dfa12e5e29881919bb5c1a934ceb13e68632 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 32/55] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 8cae1a668ad5d44de8c015bb2e7ab6c9c843086b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 33/55] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From e3a729e1a838b6eef4027057a77cf1c9b685ecf2 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 34/55] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 4b4d0626cfe0d915007babc93cf385a64a9cddc1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 35/55] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 142fc78f6bcb2738ceb31dad4a3413bddd8f17b7 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 36/55] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 124c2f6c5d79050fda80d79818f4e5a9b49736af Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 37/55] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From dc8ff6a712b51cb6c075b8870877c4325ce4f9bb Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 38/55] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From 671b5f95dfa0d9e52b8943da9349963bf92de54c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 39/55] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From cb13190197e18e8844302955d78a8ea4505fb1f5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 40/55] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From d3d0807d433cd3ebe8676c1e12bad951f806cff1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:54:57 +0200 Subject: [PATCH 41/55] Fix ntp --- manifests/common.pp | 1 - manifests/nrpe.pp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..f5380f6 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -3,7 +3,6 @@ class sunetdrive::common { include sunet::tools include sunet::motd - include sunet::ntp include apt include apparmor include sunet::packages::jq diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c13f0ea..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -31,7 +31,7 @@ class sunetdrive::nrpe( command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' } sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H ntp.se' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' From 6365549250ef57bd6e2a811719ccbe60d5f92e88 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 23 Sep 2024 17:03:26 +0200 Subject: [PATCH 42/55] Move hee from cosmos-sites.pp --- manifests/common.pp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index f5380f6..d3acb7f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -3,6 +3,7 @@ class sunetdrive::common { include sunet::tools include sunet::motd + include sunet::ntp include apt include apparmor include sunet::packages::jq @@ -44,10 +45,4 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } - if $::facts['os']['distro']['id'] == 'Debian' { - exec { 'sysstat_systemd_timer': - command => 'systemctl enable --now sysstat-collect.timer', - unless => 'systemctl is-enabled --quiet sysstat-collect.timer', - } - } } From 124203cd922c1635dbc590b267beb98dc35bde71 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 15:36:06 +0200 Subject: [PATCH 43/55] Add audit log to other logs --- manifests/app_type.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..85440fb 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,6 +207,13 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } + file { '/opt/nextcloud/audit.log': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + mode => '0644', + } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From a563e163097b8ecd801561e30f6240a993157139 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 24 Sep 2024 17:29:07 +0200 Subject: [PATCH 44/55] Move nrpe class from opsrepo --- manifests/nrpe.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 44ba586..c13f0ea 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -31,7 +31,7 @@ class sunetdrive::nrpe( command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' } sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H ntp.se' + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' From 64e37466281113812a59b55bddaddb7ec796369d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 3 Oct 2024 14:18:32 +0200 Subject: [PATCH 45/55] Add fix to init script from mandersson --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 4548cab..7dd2eda 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | ${mysql} + zcat ${init_file} | tail +2 | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From 714e2d98f6521680476af67056dbd9f8e92d614e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:00:50 +0200 Subject: [PATCH 46/55] Add mysql command to host --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index f2bc16f..b62d38d 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" From 4dd95bdb39912f90a7c1969efffa79547d1af387 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 4 Oct 2024 10:04:43 +0200 Subject: [PATCH 47/55] We want full compat --- templates/mariadb/mysql.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb/mysql.erb.sh b/templates/mariadb/mysql.erb.sh index b62d38d..f2bc16f 100644 --- a/templates/mariadb/mysql.erb.sh +++ b/templates/mariadb/mysql.erb.sh @@ -1,4 +1,4 @@ #!/bin/bash pw=$(yq -r '.services.db.environment[0]' /opt/mariadb/docker-compose.yml | awk -F '=' '{print $2}') -docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" -e "${@}" +docker exec -ti mariadb_db_1 mysql -u root -p"${pw}" "${@}" From 42363a9aaf7549251c3e961c7734385fa2c29990 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 7 Oct 2024 12:19:25 +0200 Subject: [PATCH 48/55] Rollback fix --- templates/mariadb_backup/start_replica_from_init.erb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mariadb_backup/start_replica_from_init.erb.sh b/templates/mariadb_backup/start_replica_from_init.erb.sh index 7dd2eda..4548cab 100644 --- a/templates/mariadb_backup/start_replica_from_init.erb.sh +++ b/templates/mariadb_backup/start_replica_from_init.erb.sh @@ -7,7 +7,7 @@ if [[ -f ${init_file} ]]; then master_command="${master_command}, MASTER_HOST='<%= @first_db %>', MASTER_USER='backup'" master_command="${master_command}, MASTER_PASSWORD='<%= @backup_password%>', MASTER_SSL=1" master_command="${master_command}, MASTER_CONNECT_RETRY=20" - zcat ${init_file} | tail +2 | ${mysql} + zcat ${init_file} | ${mysql} ${mysql} -e "${master_command}" ${mysql} -e "START SLAVE" sleep 3s From d6b4098932e2c8af98d571c71afe9b4c85ab8c39 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Wed, 9 Oct 2024 14:23:08 +0200 Subject: [PATCH 49/55] Fix mode on log files --- manifests/app_type.pp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 85440fb..698a311 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -207,13 +207,6 @@ define sunetdrive::app_type ( group => 'root', mode => '0640', } - file { '/opt/nextcloud/audit.log': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - mode => '0644', - } file { '/opt/nextcloud/rclone.conf': ensure => file, owner => 'www-data', From 22bfeaf24489750d2bb2d9aa765d14f4bad017c5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:13:51 +0200 Subject: [PATCH 50/55] Set permissions on redis --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 6a73b70..75c0fac 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:999 /opt/redis/node-*/*' + command => 'chown -R 999:99 /opt/redis/node-*/*' } } From deabba2e22b56b9cd7ba6d951b4d2eeb2f9190a1 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 21 Oct 2024 16:19:04 +0200 Subject: [PATCH 51/55] Oops --- manifests/redis_cluster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/redis_cluster.pp b/manifests/redis_cluster.pp index 75c0fac..6a73b70 100644 --- a/manifests/redis_cluster.pp +++ b/manifests/redis_cluster.pp @@ -21,6 +21,6 @@ class sunetdrive::redis_cluster ( command => 'chown -R 999:root /opt/redis/node-*' } exec { 'set_permissions_files': - command => 'chown -R 999:99 /opt/redis/node-*/*' + command => 'chown -R 999:999 /opt/redis/node-*/*' } } From 48f8f6d690e90b57a7151be5c293b56cd0aea0ee Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:30:59 +0200 Subject: [PATCH 52/55] enable sysstat timer on debian --- manifests/common.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/common.pp b/manifests/common.pp index d3acb7f..ad1ec9f 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -45,4 +45,10 @@ class sunetdrive::common { require => Package['sysstat'], notify => Service['sysstat'], } + if $::facts['os']['distro']['id'] == 'Debian' { + exec { 'sysstat_systemd_timer': + command => 'systemctl enable --now sysstat-collect.timer', + unless => 'systemctl is-enabled --quiet sysstat-collect.timer', + } + } } From dac082f4f5b7384c2ad0d75b0ffcff7eb713614a Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 22 Oct 2024 10:54:57 +0200 Subject: [PATCH 53/55] Fix ntp --- manifests/common.pp | 1 - manifests/nrpe.pp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/common.pp b/manifests/common.pp index ad1ec9f..f5380f6 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -3,7 +3,6 @@ class sunetdrive::common { include sunet::tools include sunet::motd - include sunet::ntp include apt include apparmor include sunet::packages::jq diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index c13f0ea..44ba586 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -31,7 +31,7 @@ class sunetdrive::nrpe( command_line => '/usr/lib/nagios/plugins/check_entropy -w 256' } sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H ntp.se' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' From a8060b77748142e5a0089cd20c59938d406e217b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 24 Oct 2024 12:15:08 +0200 Subject: [PATCH 54/55] Decoupling the admin_password from proxysql --- manifests/app_type.pp | 2 -- templates/application/complete_reinstall.erb.sh | 9 ++++++++- templates/application/docker-compose_nextcloud.yml.erb | 2 -- templates/multinode/complete_reinstall.erb.sh | 9 ++++++++- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..b377c8a 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -15,7 +15,6 @@ define sunetdrive::app_type ( # The config used $config = $override_config # Other settings - $admin_password = $config[ 'admin_password' ] $dbhost = $config[ 'dbhost' ] $dbname = $config[ 'dbname' ] $dbuser = $config[ 'dbuser' ] @@ -31,7 +30,6 @@ define sunetdrive::app_type ( $config = hiera_hash($environment) $skeletondirectory = $config['skeletondirectory'] # Other settings - $admin_password = safe_hiera('admin_password') $dbhost = 'proxysql_proxysql_1' $dbname = 'nextcloud' $dbuser = 'nextcloud' diff --git a/templates/application/complete_reinstall.erb.sh b/templates/application/complete_reinstall.erb.sh index ec43c88..18914b1 100644 --- a/templates/application/complete_reinstall.erb.sh +++ b/templates/application/complete_reinstall.erb.sh @@ -3,7 +3,6 @@ config_php='/var/www/html/config/config.php' dbhost="<%= @dbhost %>" mysql_user_password="<%= @mysql_user_password %>" -admin_password="<%= @admin_password %>" location="<%= @location %>" bucket="<%= @s3_bucket %>" @@ -14,6 +13,9 @@ if [[ "${user_input}" == "IKnowWhatIAmDoing" ]]; then echo "WARNING: This will delete everything in the database and reinstall Nextcloud." echo "You have 10 seconds to abort by hitting CTRL/C" sleep 10s + echo "Setting temp admin password" + apt update && apt install -y apg + admin_password="$(apg -m 40 | head -1)" echo "Ok, proceeding." echo "Dropping database in 3 seconds" sleep 3s @@ -48,6 +50,11 @@ EOF instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') + echo "Now delete the admin user:" + echo " occ user:delete admin" + echo "and then create a new admin user:" + echo " /usr/local/bin/add_admin_user " + echo "" echo "Please use edit-secrets to add these variables to all Nextcloud servers:" echo "instanceid: DEC::PKCS7[${instanceid}]!" echo "secret: DEC::PKCS7[${secret}]!" diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 0936df0..6ca5473 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -9,8 +9,6 @@ services: <%- if @hostnet -%> network_mode: host <%- end -%> - environment: - - NC_PASS=<%= @admin_password%> volumes: - /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf diff --git a/templates/multinode/complete_reinstall.erb.sh b/templates/multinode/complete_reinstall.erb.sh index e448a0f..3e35175 100644 --- a/templates/multinode/complete_reinstall.erb.sh +++ b/templates/multinode/complete_reinstall.erb.sh @@ -3,10 +3,12 @@ config_php='/var/www/html/config/config.php' dbhost="<%= @dbhost %>" mysql_user_password="<%= @mysql_user_password %>" -admin_password="<%= @admin_password %>" location="<%= @location %>" bucket="<%= @s3_bucket %>" customer="<%= @customer %>" +echo "Setting temp admin password" +apt update && apt install -y apg +admin_password="$(apg -m 40 | head -1)" /usr/bin/mysql -e "drop database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 /usr/bin/mysql -e "create database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 @@ -35,6 +37,11 @@ EOF instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') +echo "Now delete the admin user:" +echo " occ user:delete admin" +echo "and then create a new admin user:" +echo " /usr/local/bin/add_admin_user " +echo "" echo "${customer}_instanceid: DEC::PKCS7[${instanceid}]!" echo "${customer}_secret: DEC::PKCS7[${secret}]!" echo "${customer}_passwordsalt: DEC::PKCS7[${passwordsalt}]!" From bff0aff8234fd407f7301b9551c50a05a44d7595 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 24 Oct 2024 12:19:05 +0200 Subject: [PATCH 55/55] remove admin pass from env --- templates/multinode/docker-compose_nextcloud.yml.erb | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index 8008cb7..eee8e71 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -15,8 +15,6 @@ services: - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log - <%= @audit_log_path %>:/var/www/html/data/audit.log - <%= @rclone_conf_path %>:/rclone.conf - environment: - - NC_PASS=<%= @admin_password%> networks: - default - proxysql_proxysql