18 changed files with 50 additions and 171 deletions
--- a/files/scriptreciver/sysctl-d-gofasta.conf
+++ b/files/scriptreciver/sysctl-d-gofasta.conf
@ -1,6 +0,0 @@
-net.core.rmem_max=67108864
-net.core.wmem_max=67108864
-net.ipv4.tcp_rmem=4096 87380 33554432
-net.ipv4.tcp_wmem=4096 87380 33554432
-net.core.default_qdisc=fq
-net.ipv4.tcp_congestion_control=bbr
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@ -101,24 +101,7 @@ define sunetdrive::app_type (
      content => template('sunetdrive/application/get_containers'),
      mode    => '0744',
    }
-    if ($nodenumber == 3) {
-      file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
-        ensure  => present,
-        owner   => 'root',
-        group   => 'root',
-        content => template('sunetdrive/application/check_nextcloud_mounts.py'),
-        mode    => '0744',
-      }
-      sunet::sudoer {'nagios_run_nextcloud_mounts_command':
-        user_name    => 'nagios',
-        collection   => 'nrpe_nextcloud_mounts_check',
-        command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-      }
-      sunet::nagios::nrpe_command {'check_nextcloud_mounts':
-        command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-      }
-    }
-    if ($nodenumber == 3) {
+    if ($environment == 'test' and ($nodenumber == 3)) {
      file { '/usr/local/bin/scan_external_mounts':
        ensure  => present,
        force   => true,
@ -134,6 +117,10 @@ define sunetdrive::app_type (
        ok_criteria   => ['exit_status=0','max_age=2d'],
        warn_criteria => ['exit_status=1','max_age=3d'],
      }
+      cron { 'scan_external_mounts':
+        ensure  => absent,
+        command => 'true',
+      }
    }
    file { '/opt/nextcloud/cron.sh':
      ensure  => file,
@ -405,4 +392,5 @@ define sunetdrive::app_type (
      }
    }
  }
+
 }
--- a/manifests/db_type.pp
+++ b/manifests/db_type.pp
@ -15,7 +15,6 @@ define sunetdrive::db_type(
  $backup_password = safe_hiera('backup_password')
  $proxysql_password = safe_hiera('proxysql_password')
  $mysql_user_password = safe_hiera('mysql_user_password')
-  $roundcube_password = safe_hiera('roundcube_password')
  $mariadb_dir = '/etc/mariadb'
  $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
  $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
@ -34,10 +33,8 @@ define sunetdrive::db_type(
  $ports = [3306, 4444, 4567, 4568]
  if $location =~ /^multinode/ {
    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['kube'] + $config['kube_v6']
-  } elsif $location == 'sunet-prod' {
-    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6'] + $config['webmail'] + $config['webmail_v6']
-  } elsif $location == 'sunet-test' {
-    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6'] + $config['webmail'] + $config['webmail_v6'] + $config['calendar'] + $config['calendar_v6']
+  } elsif $location == 'sunet-test' or $location == 'sunet-prod' {
+    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6']
  } else {
    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6
  }
@ -49,7 +46,7 @@ define sunetdrive::db_type(
  sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }


-  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql', '05-roundcube.sql']
+  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql']
  $sql_files.each |$sql_file|{
    file { "${mariadb_dir}/init/${sql_file}":
      ensure  => present,
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@ -46,35 +46,26 @@ class sunetdrive::multinode (
    content => template('sunetdrive/application/get_containers'),
    mode    => '0744',
  }
-  file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    content => template('sunetdrive/application/check_nextcloud_mounts.py'),
-    mode    => '0744',
-  }
-  sunet::sudoer {'nagios_run_nextcloud_mounts_command':
-    user_name    => 'nagios',
-    collection   => 'nrpe_nextcloud_mounts_check',
-    command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-  }
-  sunet::nagios::nrpe_command {'check_nextcloud_mounts':
-    command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-  }
-  file { '/usr/local/bin/scan_external_mounts':
-    ensure  => present,
-    force   => true,
-    owner   => 'root',
-    group   => 'root',
-    content => template('sunetdrive/application/scan_external_mounts.sh'),
-    mode    => '0744',
-  }
-  sunet::scriptherder::cronjob { 'scriptherder_scan_external_mounts':
-    cmd           => '/usr/local/bin/scan_external_mounts',
-    hour          => '1',
-    minute        => '20',
-    ok_criteria   => ['exit_status=0','max_age=2d'],
-    warn_criteria => ['exit_status=1','max_age=3d'],
+  if ($environment == 'test') {
+    file { '/usr/local/bin/scan_external_mounts':
+      ensure  => present,
+      force   => true,
+      owner   => 'root',
+      group   => 'root',
+      content => template('sunetdrive/application/scan_external_mounts.sh'),
+      mode    => '0744',
+    }
+    sunet::scriptherder::cronjob { 'scriptherder_scan_external_mounts':
+      cmd           => '/usr/local/bin/scan_external_mounts',
+      hour          => '1',
+      minute        => '20',
+      ok_criteria   => ['exit_status=0','max_age=2d'],
+      warn_criteria => ['exit_status=1','max_age=3d'],
+    }
+    cron { 'scan_external_mounts':
+      ensure  => absent,
+      command => 'true',
+    }
  }
  file { '/usr/local/bin/nocc':
    ensure  => present,
--- a/manifests/multinode_db.pp
+++ b/manifests/multinode_db.pp
@ -41,10 +41,7 @@ class sunetdrive::multinode_db(){
        group   => 'root',
        mode    => '0600',
      }
-      file { '/root/tasks/':
-        ensure  => directory,
-      }
-      -> file { '/root/tasks/listusersbydep.sh':
+      file { '/root/tasks/listusersbydep.sh':
        ensure  => file,
        content => template('sunetdrive/mariadb/listusersdep.sh.erb'),
        owner   => 'root',
@ -58,10 +55,7 @@ class sunetdrive::multinode_db(){
        group   => 'root',
        mode    => '0700',
      }
-      file {'/opt/mariadb/statistics/':
-        ensure      => directory,
-      }
-      -> file {'/opt/mariadb/statistics/custdata.json':
+      file {'/opt/mariadb/statistics/custdata.json':
        ensure      => file,
        content     => template('sunetdrive/mariadb/custconfig.json.erb'),
        owner       => 'root',
--- a/manifests/scriptreceiver.pp
+++ b/manifests/scriptreceiver.pp
@ -5,19 +5,7 @@ class sunetdrive::scriptreceiver()
  sunet::system_user {'script': username => 'script', group => 'script', managehome => true, shell => '/bin/bash' }

  # These tasks correspond to a ${task}.erb.sh template
-  $tasks = [
-    'list_users',
-    'list_files_for_user',
-    'create_bucket',
-    'backup_db',
-    'purge_backups',
-    'maintenancemode',
-    'restart_sunet_service',
-    'start_sentinel',
-    'stop_sentinel',
-    'removeswap',
-    'backup_multinode_db'
-  ]
+  $tasks = ['list_users', 'list_files_for_user', 'create_bucket', 'backup_db', 'purge_backups', 'maintenancemode', 'restart_sunet_service', 'start_sentinel', 'stop_sentinel', 'removeswap', 'backup_multinode_db']

  $environment = sunetdrive::get_environment()
  $config = hiera_hash($environment)
@ -47,9 +35,7 @@ class sunetdrive::scriptreceiver()
    type   => 'ssh-ed25519',
    key    => $script_pub_key,
  }
-  file { '/etc/sysctl.d/gofasta.conf':
-    ensure  => 'absent',
-  }
+
  file { '/opt/rotate':
    ensure => directory,
    mode   => '0750',
--- a/manifests/sitemonitornaemon.pp
+++ b/manifests/sitemonitornaemon.pp
@ -11,9 +11,6 @@ class sunetdrive::sitemonitornaemon() {
  $environment = sunetdrive::get_environment()
  $influx_passwd = safe_hiera('influx_passwd')
  $slack_url = safe_hiera('slack_url')
-  $extra_host_groups = {
-    node3_hosts => join($facts['configured_hosts_in_cosmos']['all'].filter |$host| { $host =~ /^node3\./ }, ',')
-  }

  file { '/usr/local/bin/slack_nagios.sh':
    ensure  => present,
@ -48,11 +45,6 @@ class sunetdrive::sitemonitornaemon() {
    content => template('sunetdrive/monitor/sunetdrive_thruk_templates.conf.erb'),
    mode    => '0644',
  }
-  file { '/etc/naemon/conf.d/sunetdrive_extra_hostgroups.cfg':
-    ensure  => present,
-    content => template('sunetdrive/monitor/sunetdrive_extra_hostgroups.cfg.erb'),
-    mode    => '0644',
-  }
  nagioscfg::service {'check_scriptherder':
    hostgroup_name => ['sunetdrive::nrpe'],
    check_command  => 'check_nrpe_1arg_to300!check_scriptherder',
@ -107,12 +99,6 @@ class sunetdrive::sitemonitornaemon() {
    description    => 'Status of sarimner interface',
    contact_groups => ['alerts']
  }
-  nagioscfg::service {'check_nextcloud_mounts':
-    hostgroup_name => ['node3_hosts','sunetdrive::multinode'],
-    check_command  => 'check_nrpe_1arg!check_nextcloud_mounts',
-    description    => 'S3 buckets with multiple Nextcloud mounts',
-    contact_groups => ['alerts']
-  }

 }

--- a/templates/application/check_nextcloud_mounts.py
+++ b/templates/application/check_nextcloud_mounts.py
@ -1,42 +0,0 @@
-#!/usr/bin/env python3
-
-from collections import Counter
-import json
-import shlex
-import subprocess
-import sys
-
-exit = 0
-base_message = "OK: no duplicate mounts"
-long_message = ""
-
-get_containers = subprocess.Popen('/usr/local/bin/get_containers', stdout=subprocess.PIPE).stdout.read()
-containers = get_containers.decode().splitlines()
-
-for i, container in enumerate(containers, start=1):
-    buckets = []
-    list_command = f"/usr/local/bin/nocc {container} files_external:list --all --show-password --output json"
-    command = shlex.split(list_command)
-    mount_data_byte = subprocess.Popen(command, stdout=subprocess.PIPE).stdout.read()
-    try:
-        mount_data = json.loads(mount_data_byte.decode())
-    except json.decoder.JSONDecodeError as err:
-        if i == 1 or i != len(containers):
-            base_message = "WARNING: invalid json"
-        long_message +=  f"\ncontainer: {container} - json decode error: {err}"
-#        lets do exit 0 for now
-#        exit = 1
-        continue
-    for items in mount_data:
-        buckets.append(items["configuration"]["bucket"])
-    bucket_count = dict(Counter(buckets))
-    for k, v in bucket_count.items():
-        if v > 1:
-            base_message = "WARNING: buckets with multiple mounts"
-            long_message += f"\ncontainer: {container} - bucket: {k} - {v}"
-#            lets do exit 0 for now
-#            exit = 1
-print(base_message)
-if long_message != "":
-    print(long_message.lstrip())
-sys.exit(exit)
--- a/templates/application/config.php.erb
+++ b/templates/application/config.php.erb
@ -16,7 +16,6 @@ $CONFIG = array (
    ),
  ),
  'appstoreenabled' => false,
-  'auth.bruteforce.protection.enabled' => false,
  'config_is_read_only' => true,
  'csrf.disabled' => true,
  'datadirectory' => '/var/www/html/data',
@ -77,7 +76,7 @@ $CONFIG = array (
      'region' => 'us-east-1',
      'hostname' => '<%= @s3_host %>',
      'port' => '',
-      'useMultipartCopy' => true,
+      'useMultipartCopy' => false,
      'objectPrefix' => 'urn:oid:',
      'autocreate' => false,
      'use_ssl' => true,
--- a/templates/application/nocc.erb
+++ b/templates/application/nocc.erb
@ -15,7 +15,7 @@ if [[ "x${oc_list}" != "x" ]]; then
        done
 fi

-docker exec -i ${MY_VARS} -u www-data ${container} php --define apc.enable_cli=1 /var/www/html/occ "$@"
+docker exec -ti ${MY_VARS} -u www-data ${container} php --define apc.enable_cli=1 /var/www/html/occ "$@"
 exit 0


--- a/templates/application/remount_user_bucket_as_project.sh
+++ b/templates/application/remount_user_bucket_as_project.sh
@ -52,7 +52,7 @@ echo '
            "region": "'${region}'",
            "secret": "'${secret}'",
            "storageClass": "",
-            "useMultipartCopy": true,
+            "useMultipartCopy": false,
            "use_path_style": true,
            "use_ssl": true
        },
--- a/templates/application/scan_external_mounts.sh
+++ b/templates/application/scan_external_mounts.sh
@ -3,16 +3,15 @@
 error_ids=""
 # Only run if this is the only instance of this script running
 # note: since this script forks to run pgrep, we need -eq 2 here
-# shellcheck disable=SC2126
-if [[ $(pgrep -a -f "${0}" | grep -v scriptherder | wc -l) -eq 2 ]]; then
+if [[ $(pgrep -f "${0}" | wc -l) -eq 2 ]]; then
 	# We sleep a deterministic amount of time, which will be between 0 an 128 m and allways the same within
 	# a specific host, but will differ between hosts
 	sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m
 	errors=''
-	for container in $(/usr/local/bin/get_containers); do
+	for container in $(get_containers); do
 		error_ids="${error_ids} ${container}: "
-		for id in $(/usr/local/bin/nocc "${container}" files_external:list --all --output json | jq '.[].mount_id' | jq .); do
-			/usr/local/bin/nocc "${container}" files_external:scan "${id}" | grep Error
+		for id in $(nocc "${container}" files_external:list --all --output json | jq '.[].mount_id' | jq .); do
+			nocc "${container}" files_external:scan "${id}" | grep Error
 			# shellcheck disable=SC2181
 			if [[ ${?} -eq 0 ]]; then
 				errors="${errors} ${id}"
@ -22,7 +21,7 @@ if [[ $(pgrep -a -f "${0}" | grep -v scriptherder | wc -l) -eq 2 ]]; then
 	done
 else
 	echo "Another instance of this script is already running, exiting"
-	pgrep -a -f "${0}" | grep -v scriptherder
+	pgrep -a -f "${0}"
 	exit 0
 fi

--- a/templates/mariadb/05-roundcube.sql.erb
+++ b/templates/mariadb/05-roundcube.sql.erb
@ -1,3 +0,0 @@
-CREATE SCHEMA roundcubemail;
-CREATE USER 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
-GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
--- a/templates/monitor/sunetdrive_extra_hostgroups.cfg.erb
+++ b/templates/monitor/sunetdrive_extra_hostgroups.cfg.erb
@ -1,8 +0,0 @@
-<% @extra_host_groups.each do |group, members| -%>
-# <%= group %>
-define hostgroup {
-  hostgroup_name <%= group %>
-  alias <%= group %>
-  members <%= members %>
-}
-<% end -%>
--- a/templates/script/listusers.erb.sh
+++ b/templates/script/listusers.erb.sh
@ -1,10 +1,10 @@
 #!/bin/bash

-customer="${1}"
-multinode="${2}"
+customer="${1}" 
+multinode="${2}" 
 environment="<%= @environment %>"
 location="${customer}-${environment}"
-userjson=$(ssh -o StrictHostKeyChecking=no "script@${multinode}" "sudo /home/script/bin/list_users.sh nextcloud-${customer}-app-1")
+userjson=$(ssh "script@${multinode}" "sudo /home/script/bin/list_users.sh nextcloud-${customer}-app-1") 
 project="statistics"
 bucket="drive-server-coms"
 base_dir="${project}:${bucket}"
--- a/templates/script/makebuckets.erb.sh
+++ b/templates/script/makebuckets.erb.sh
@ -43,11 +43,9 @@ for eppn in $(echo "${users}" | jq -r keys[]); do
  username=${eppn%@*}
  # Remove underscore from username
  user=${username//_/-}
-  # convert user to lower case for bucket naming rules
-  user_lower=${user,,}

  echo "$(date) - Check bucket status for ${eppn}"
-  bucketname="${user_lower}-${site_name//./-}"
+  bucketname="${user}-${site_name//./-}"
  if ! echo "${buckets}" | grep "${bucketname}" &> /dev/null; then
    echo "$(date) - ${eppn} has no mounts configured, adding bucket and mounts..."
    ${rclone} mkdir "${rcp}:${bucketname}"
--- a/templates/scriptreceiver/create_bucket.erb.sh
+++ b/templates/scriptreceiver/create_bucket.erb.sh
@ -33,12 +33,12 @@ fi
 key=$(grep access_key_id "${rclone_config}" | awk '{print $3}')
 secret=$(grep secret_access_key "${rclone_config}"| awk '{print $3}')
 endpoint=$(grep endpoint "${rclone_config}" | awk '{print $3}')
-preexisting="$(docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:list --output json --show-password "${user}" | jq -r '.[] | .configuration.bucket' | grep "${bucket}")"
+preexisting="$(docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:list --output json "${user}" | jq -r '.[] | .configuration.bucket' | grep "${bucket}")"

 if [[ -z ${preexisting} ]]; then
 	docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:create "${user_bucket_name}" \
 		amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \
-		-c useMultipartCopy=true amazons3::accesskey --user ${user}
+		-c useMultipartCopy=false amazons3::accesskey --user ${user}
 	for shareid in $(docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:export ${user} | jq -r '.[].mount_id'); do
 		docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:option ${shareid} enable_sharing true
 	done
--- a/templates/scriptreceiver/create_bucket_without_question.sh
+++ b/templates/scriptreceiver/create_bucket_without_question.sh
@ -7,7 +7,7 @@ bucket=${4}
 user=${5}
 /usr/local/bin/occ files_external:create "${bucket}" \
 	amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \
-	-c useMultipartCopy=true amazons3::accesskey --user "${user}"
-for shareid in $(/usr/local/bin/nocc files_external:export "${user}" | jq -r '.[].mount_id'); do
-	/usr/local/bin/nocc files_external:option "${shareid}" enable_sharing true
+	-c useMultipartCopy=false amazons3::accesskey --user "${user}"
+for shareid in $(/usr/local/bin/occ files_external:export "${user}" | jq -r '.[].mount_id'); do
+	/usr/local/bin/occ files_external:option "${shareid}" enable_sharing true
 done