files/scriptreciver/sysctl-d-gofasta.conf

@@ -1,6 +0,0 @@
-net.core.rmem_max=67108864
-net.core.wmem_max=67108864
-net.ipv4.tcp_rmem=4096 87380 33554432
-net.ipv4.tcp_wmem=4096 87380 33554432
-net.core.default_qdisc=fq
-net.ipv4.tcp_congestion_control=bbr

manifests/app_type.pp

@@ -101,23 +101,6 @@ define sunetdrive::app_type (
       content => template('sunetdrive/application/get_containers'),
       mode    => '0744',
     }
-    if ($nodenumber == 3) {
-      file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
-        ensure  => present,
-        owner   => 'root',
-        group   => 'root',
-        content => template('sunetdrive/application/check_nextcloud_mounts.py'),
-        mode    => '0744',
-      }
-      sunet::sudoer {'nagios_run_nextcloud_mounts_command':
-        user_name    => 'nagios',
-        collection   => 'nrpe_nextcloud_mounts_check',
-        command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-      }
-      sunet::nagios::nrpe_command {'check_nextcloud_mounts':
-        command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-      }
-    }
     if ($nodenumber == 3) {
       file { '/usr/local/bin/scan_external_mounts':
         ensure  => present,
@@ -405,4 +388,22 @@ define sunetdrive::app_type (
       }
     }
   }
+  if $facts['networking']['hostname'] == 'node1' or $is_multinode {
+    file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
+      ensure  => present,
+      force   => true,
+      owner   => 'root',
+      group   => 'root',
+      content => template('sunetdrive/application/check_nextcloud_mounts.py'),
+      mode    => '0744',
+    }
+    sunet::sudoer {'nagios_run_nextcloud_mounts_command':
+      user_name    => 'nagios',
+      collection   => 'nrpe_nextcloud_mounts_check',
+      command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
+    }
+    sunet::nagios::nrpe_command {'check_nextcloud_mounts':
+      command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
+    }
+  }
 }

manifests/db_type.pp

@@ -15,7 +15,6 @@ define sunetdrive::db_type(
   $backup_password = safe_hiera('backup_password')
   $proxysql_password = safe_hiera('proxysql_password')
   $mysql_user_password = safe_hiera('mysql_user_password')
-  $roundcube_password = safe_hiera('roundcube_password')
   $mariadb_dir = '/etc/mariadb'
   $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
   $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
@@ -34,10 +33,8 @@ define sunetdrive::db_type(
   $ports = [3306, 4444, 4567, 4568]
   if $location =~ /^multinode/ {
     $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['kube'] + $config['kube_v6']
-  } elsif $location == 'sunet-prod' {
+  } elsif $location == 'sunet-test' or $location == 'sunet-prod' {
-    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6'] + $config['webmail'] + $config['webmail_v6']
+    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6']
-  } elsif $location == 'sunet-test' {
-    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6'] + $config['webmail'] + $config['webmail_v6'] + $config['calendar'] + $config['calendar_v6']
   } else {
     $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6
   }
@@ -49,7 +46,7 @@ define sunetdrive::db_type(
   sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
 
 
-  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql', '05-roundcube.sql']
+  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql']
   $sql_files.each |$sql_file|{
     file { "${mariadb_dir}/init/${sql_file}":
       ensure  => present,

manifests/multinode.pp

@@ -46,21 +46,6 @@ class sunetdrive::multinode (
     content => template('sunetdrive/application/get_containers'),
     mode    => '0744',
   }
-  file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    content => template('sunetdrive/application/check_nextcloud_mounts.py'),
-    mode    => '0744',
-  }
-  sunet::sudoer {'nagios_run_nextcloud_mounts_command':
-    user_name    => 'nagios',
-    collection   => 'nrpe_nextcloud_mounts_check',
-    command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-  }
-  sunet::nagios::nrpe_command {'check_nextcloud_mounts':
-    command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-  }
   file { '/usr/local/bin/scan_external_mounts':
     ensure  => present,
     force   => true,

manifests/multinode_db.pp

@@ -41,10 +41,7 @@ class sunetdrive::multinode_db(){
         group   => 'root',
         mode    => '0600',
       }
-      file { '/root/tasks/':
+      file { '/root/tasks/listusersbydep.sh':
-        ensure  => directory,
-      }
-      -> file { '/root/tasks/listusersbydep.sh':
         ensure  => file,
         content => template('sunetdrive/mariadb/listusersdep.sh.erb'),
         owner   => 'root',
@@ -58,10 +55,7 @@ class sunetdrive::multinode_db(){
         group   => 'root',
         mode    => '0700',
       }
-      file {'/opt/mariadb/statistics/':
+      file {'/opt/mariadb/statistics/custdata.json':
-        ensure      => directory,
-      }
-      -> file {'/opt/mariadb/statistics/custdata.json':
         ensure      => file,
         content     => template('sunetdrive/mariadb/custconfig.json.erb'),
         owner       => 'root',

manifests/scriptreceiver.pp

@@ -5,19 +5,7 @@ class sunetdrive::scriptreceiver()
   sunet::system_user {'script': username => 'script', group => 'script', managehome => true, shell => '/bin/bash' }
 
   # These tasks correspond to a ${task}.erb.sh template
-  $tasks = [
+  $tasks = ['list_users', 'list_files_for_user', 'create_bucket', 'backup_db', 'purge_backups', 'maintenancemode', 'restart_sunet_service', 'start_sentinel', 'stop_sentinel', 'removeswap', 'backup_multinode_db']
-    'list_users',
-    'list_files_for_user',
-    'create_bucket',
-    'backup_db',
-    'purge_backups',
-    'maintenancemode',
-    'restart_sunet_service',
-    'start_sentinel',
-    'stop_sentinel',
-    'removeswap',
-    'backup_multinode_db'
-  ]
 
   $environment = sunetdrive::get_environment()
   $config = hiera_hash($environment)
@@ -47,9 +35,7 @@ class sunetdrive::scriptreceiver()
     type   => 'ssh-ed25519',
     key    => $script_pub_key,
   }
-  file { '/etc/sysctl.d/gofasta.conf':
+
-    ensure  => 'absent',
-  }
   file { '/opt/rotate':
     ensure => directory,
     mode   => '0750',

manifests/sitemonitornaemon.pp

@@ -11,9 +11,6 @@ class sunetdrive::sitemonitornaemon() {
   $environment = sunetdrive::get_environment()
   $influx_passwd = safe_hiera('influx_passwd')
   $slack_url = safe_hiera('slack_url')
-  $extra_host_groups = {
-    node3_hosts => join($facts['configured_hosts_in_cosmos']['all'].filter |$host| { $host =~ /^node3\./ }, ',')
-  }
 
   file { '/usr/local/bin/slack_nagios.sh':
     ensure  => present,
@@ -48,11 +45,6 @@ class sunetdrive::sitemonitornaemon() {
     content => template('sunetdrive/monitor/sunetdrive_thruk_templates.conf.erb'),
     mode    => '0644',
   }
-  file { '/etc/naemon/conf.d/sunetdrive_extra_hostgroups.cfg':
-    ensure  => present,
-    content => template('sunetdrive/monitor/sunetdrive_extra_hostgroups.cfg.erb'),
-    mode    => '0644',
-  }
   nagioscfg::service {'check_scriptherder':
     hostgroup_name => ['sunetdrive::nrpe'],
     check_command  => 'check_nrpe_1arg_to300!check_scriptherder',
@@ -108,11 +100,10 @@ class sunetdrive::sitemonitornaemon() {
     contact_groups => ['alerts']
   }
   nagioscfg::service {'check_nextcloud_mounts':
-    hostgroup_name => ['node3_hosts','sunetdrive::multinode'],
+    hostgroup_name => ['sunetdrive::application','sunetdrive::multinode'],
     check_command  => 'check_nrpe_1arg!check_nextcloud_mounts',
-    description    => 'S3 buckets with multiple Nextcloud mounts',
+    description    => 'Nextcloud bucket mounted multiple times',
     contact_groups => ['alerts']
   }
-
 }
 

templates/application/check_nextcloud_mounts.py

@@ -6,37 +6,29 @@ import shlex
 import subprocess
 import sys
 
+buckets = []
+bucket_count = {}
+containers = {}
 exit = 0
-base_message = "OK: no duplicate mounts"
-long_message = ""
 
 get_containers = subprocess.Popen('/usr/local/bin/get_containers', stdout=subprocess.PIPE).stdout.read()
 containers = get_containers.decode().splitlines()
 
-for i, container in enumerate(containers, start=1):
+for container in containers:
-    buckets = []
     list_command = f"/usr/local/bin/nocc {container} files_external:list --all --show-password --output json"
     command = shlex.split(list_command)
     mount_data_byte = subprocess.Popen(command, stdout=subprocess.PIPE).stdout.read()
-    try:
     mount_data = json.loads(mount_data_byte.decode())
-    except json.decoder.JSONDecodeError as err:
-        if i == 1 or i != len(containers):
-            base_message = "WARNING: invalid json"
-        long_message +=  f"\ncontainer: {container} - json decode error: {err}"
-#        lets do exit 0 for now
-#        exit = 1
-        continue
     for items in mount_data:
         buckets.append(items["configuration"]["bucket"])
     bucket_count = dict(Counter(buckets))
-    for k, v in bucket_count.items():
+    for i, (k, v) in enumerate(bucket_count.items()):
         if v > 1:
-            base_message = "WARNING: buckets with multiple mounts"
+            if i == 0:
-            long_message += f"\ncontainer: {container} - bucket: {k} - {v}"
+                print("WARNING: buckets with multiple mounts")
+                print(f"bucket {k} is mounted {v} times | {k}_num_mounts={v}")
+            else:
+                print(f"bucket {k} is mounted {v} times | {k}_num_mounts={v}")
 #            lets do exit 0 for now
 #            exit = 1
-print(base_message)
-if long_message != "":
-    print(long_message.lstrip())
 sys.exit(exit)

templates/application/config.php.erb

@@ -16,7 +16,6 @@ $CONFIG = array (
     ),
   ),
   'appstoreenabled' => false,
-  'auth.bruteforce.protection.enabled' => false,
   'config_is_read_only' => true,
   'csrf.disabled' => true,
   'datadirectory' => '/var/www/html/data',
@@ -77,7 +76,7 @@ $CONFIG = array (
       'region' => 'us-east-1',
       'hostname' => '<%= @s3_host %>',
       'port' => '',
-      'useMultipartCopy' => true,
+      'useMultipartCopy' => false,
       'objectPrefix' => 'urn:oid:',
       'autocreate' => false,
       'use_ssl' => true,

templates/application/remount_user_bucket_as_project.sh

@@ -52,7 +52,7 @@ echo '
             "region": "'${region}'",
             "secret": "'${secret}'",
             "storageClass": "",
-            "useMultipartCopy": true,
+            "useMultipartCopy": false,
             "use_path_style": true,
             "use_ssl": true
         },

templates/mariadb/05-roundcube.sql.erb

@@ -1,3 +0,0 @@
-CREATE SCHEMA roundcubemail;
-CREATE USER 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
-GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';

templates/monitor/sunetdrive_extra_hostgroups.cfg.erb

@@ -1,8 +0,0 @@
-<% @extra_host_groups.each do |group, members| -%>
-# <%= group %>
-define hostgroup {
-  hostgroup_name <%= group %>
-  alias <%= group %>
-  members <%= members %>
-}
-<% end -%>

templates/scriptreceiver/create_bucket.erb.sh

@@ -38,7 +38,7 @@ preexisting="$(docker exec -u www-data -i "${container}" php --define apc.enable
 if [[ -z ${preexisting} ]]; then
 	docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:create "${user_bucket_name}" \
 		amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \
-		-c useMultipartCopy=true amazons3::accesskey --user ${user}
+		-c useMultipartCopy=false amazons3::accesskey --user ${user}
 	for shareid in $(docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:export ${user} | jq -r '.[].mount_id'); do
 		docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:option ${shareid} enable_sharing true
 	done

templates/scriptreceiver/create_bucket_without_question.sh

@@ -7,7 +7,7 @@ bucket=${4}
 user=${5}
 /usr/local/bin/occ files_external:create "${bucket}" \
 	amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \
-	-c useMultipartCopy=true amazons3::accesskey --user "${user}"
+	-c useMultipartCopy=false amazons3::accesskey --user "${user}"
-for shareid in $(/usr/local/bin/nocc files_external:export "${user}" | jq -r '.[].mount_id'); do
+for shareid in $(/usr/local/bin/occ files_external:export "${user}" | jq -r '.[].mount_id'); do
-	/usr/local/bin/nocc files_external:option "${shareid}" enable_sharing true
+	/usr/local/bin/occ files_external:option "${shareid}" enable_sharing true
 done