#Class for SUNET-Drive-Script class sunetdrive::script ( $bootstrap = undef, $location = undef ) { include sunet::packages::python3_pip include sunet::packages::kopia $environment = sunetdrive::get_environment() $customer = sunetdrive::get_customer() $apikey_test = safe_hiera('monitor_apikey_test') $apikey_prod = safe_hiera('monitor_apikey_prod') $full_project_mapping = hiera_hash('project_mapping') $project_mapping = $full_project_mapping[$customer][$environment] $primary_project = $project_mapping['primary_project'] $mirror_project = $project_mapping['mirror_project'] $assigned_projects = $project_mapping['assigned'] $full_backup_retention = hiera('full_backup_retention') $config = hiera_hash($environment) $backup_server = $config['backup_server'] $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' $singlenodes = lookup('singlenodes') $multinodes = keys(lookup('multinode_mapping')) $extra_backup_jobs = pick($config['extra_backup_jobs'], {}) if $customer == 'mdu' { $eppn_suffix = 'mdh.se' $include_userbuckets = 'true' } elsif $customer == 'uu' { $eppn_suffix = 'users.uu.se' $include_userbuckets = 'false' } else { $eppn_suffix = "${customer}.se" $include_userbuckets = 'false' } $ssh_config = "Host *.sunet.se User script IdentityFile /root/.ssh/id_script" $s3_key = safe_hiera('s3_key') $s3_secret = safe_hiera('s3_secret') $statistics_secret = safe_hiera('statistics_secret') $s3_key_pilot = hiera('s3_key_pilot', false) $s3_secret_pilot = hiera('s3_secret_pilot', false) # FIXME: This will not work if we start to mess around with the location of multinode customer data $s3_host = $config['s3_host'] if $s3_host == 's3.sto4.safedc.net' { $s3_host_mirror = 's3.sto3.safedc.net' $s3_key_mirror = safe_hiera('s3_key_sto3') $s3_secret_mirror = safe_hiera('s3_secret_sto3') } else { $s3_host_mirror = 's3.sto4.safedc.net' $s3_key_mirror = safe_hiera('s3_key_sto4') $s3_secret_mirror = safe_hiera('s3_secret_sto4') } $site_name = $config['site_name'] $user_bucket_name = $config['user_bucket_name'] if $config['user_scans'] { $config['user_scans'].each |$job| { sunet::scriptherder::cronjob { $job['name']: cmd => "ssh -t -l script ${job['server']} /usr/bin/sudo /usr/local/bin/occ ${job['container']} files:scan ${job['user']}", hour => $job['hour'], minute => $job['minute'], ok_criteria => ['exit_status=0','max_age=1d'], warn_criteria => ['exit_status=1','max_age=2d'], } } } # It is a start that will get us user buckets and primary buckets $backup_projects = $location exec { 'rclone_deb': command => "/usr/bin/wget -q ${rclone_url} -O ${local_path}", creates => $local_path, } package { 'rclone': ensure => installed, provider => dpkg, source => $local_path, require => Exec['rclone_deb'], } package { 'fuse3': ensure => installed, provider => apt, } package { 'python3': ensure => installed, provider => apt, } package { 'duplicity': ensure => installed, provider => apt, } package { 'xmlstarlet': ensure => installed, provider => apt, } $drive_version = '0.3.1' if $facts['os']['distro']['id'] == 'Debian' { $pip_cmd = 'pip3 install --break-system-packages' } else { $pip_cmd = 'python3 -m pip install' } exec { 'drive-utils': command => "${pip_cmd} https://pypi.sunet.se/packages/drive-utils-${drive_version}.tar.gz", unless => "python3 -m pip list | grep drive-utils | grep ${drive_version}", require => Package['python3'], } file { '/opt/backups': ensure => directory, mode => '0700' } file { '/opt/backups/scripts': ensure => directory, mode => '0700' } file { '/root/.ssh/': ensure => directory, mode => '0700', } file { '/root/tasks/': ensure => directory, mode => '0700', } file { '/root/scripts/': ensure => directory, mode => '0700', } file { '/root/.ssh/id_script': ensure => file, content => safe_hiera('ssh_priv_key'), owner => 'root', group => 'root', mode => '0600', } file { '/root/.ssh/config': ensure => file, content => $ssh_config, owner => 'root', group => 'root', mode => '0600', } file { '/root/.rclone.conf': ensure => file, content => template('sunetdrive/script/rclone.conf.erb'), owner => 'root', group => 'root', mode => '0600', } if $s3_key_pilot and $s3_secret_pilot { file { '/root/scripts/migratebuckets.sh': ensure => file, content => template('sunetdrive/script/migratebuckets.erb.sh'), owner => 'root', group => 'root', mode => '0700', } } file { '/root/tasks/backupsingleproject.sh': ensure => file, content => template('sunetdrive/script/backupsingleproject.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/backupbuckets.sh': ensure => file, content => template('sunetdrive/script/backup-all-buckets.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/backup-projectbuckets.sh': ensure => absent, } file { '/root/tasks/backupdb.sh': ensure => file, content => template('sunetdrive/script/backupdb.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/restart-nextcloud-farm': ensure => file, content => template('sunetdrive/script/restart-nextcloud-farm.erb'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/restart-db-cluster': ensure => file, content => template('sunetdrive/script/restart-db-cluster.erb'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/restart-proxysql.sh': ensure => file, content => template('sunetdrive/script/restart-proxysql.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/usage.sh': ensure => file, content => template('sunetdrive/script/usage.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/maintenance.sh': ensure => file, content => template('sunetdrive/script/maintenance.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/reboot-customer.sh': ensure => file, content => template('sunetdrive/script/reboot-customer.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/usr/local/bin/check_backups': ensure => file, content => template('sunetdrive/script/check_backup.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/collect_backup_data.sh': ensure => file, content => template('sunetdrive/script/collect_backup_data.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/makebuckets.sh': ensure => file, content => template('sunetdrive/script/makebuckets.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/makemanualuserbucket.sh': ensure => file, content => template('sunetdrive/script/makemanualuserbucket.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/backupsinglenodedb.sh': ensure => absent, } if $environment == 'test' { sunet::scriptherder::cronjob { 'reboot-customer': cmd => '/root/tasks/reboot-customer.sh', hour => '2', minute => '10', ok_criteria => ['exit_status=0','max_age=21d'], warn_criteria => ['exit_status=1','max_age=31d'], } } # Opt out of userbuckets, also customers that ended the contract if $customer in ['extern', 'gih', 'hkr', 'suni', 'common', 'su', 'lnu'] { sunet::scriptherder::cronjob { 'makebuckets': ensure => absent, cmd => 'bin/true', } } else { sunet::scriptherder::cronjob { 'makebuckets': cmd => '/root/tasks/makebuckets.sh', minute => '*/5', ok_criteria => ['exit_status=0','max_age=15m'], warn_criteria => ['exit_status=1','max_age=30m'], } } # Opt in folder structer for multinode customers if $customer in ['common'] { file { '/root/tasks/listusers.sh': ensure => file, content => template('sunetdrive/script/listusers.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/create_folders_in_singlenode_buckets.sh': ensure => file, content => template('sunetdrive/script/create_folders_in_singlenode_buckets.erb.sh'), owner => 'root', group => 'root', mode => '0700', } sunet::scriptherder::cronjob { 'create_folders_in_singlenode_buckets_for_kmh': cmd => '/root/tasks/create_folders_in_singlenode_buckets.sh kmh true', minute => '*/30', ok_criteria => ['exit_status=0','max_age=1h'], warn_criteria => ['exit_status=1','max_age=2h'], } } # Opt in to folder structure in projectbuckets if $customer in ['gih', 'mdu'] { sunet::scriptherder::cronjob { 'create_folders_in_project_buckets': ensure => absent, cmd => 'true', } file { '/root/tasks/create_folders_in_project_buckets.sh': ensure => absent, } file { '/root/tasks/create_folders_in_fullnode_buckets.sh': ensure => file, content => template('sunetdrive/script/create_folders_in_fullnode_buckets.erb.sh'), owner => 'root', group => 'root', mode => '0700', } } if $customer in ['gih'] { sunet::scriptherder::cronjob { 'create_folders_in_fullnode_buckets': cmd => '/root/tasks/create_folders_in_fullnode_buckets.sh', minute => '*/30', ok_criteria => ['exit_status=0','max_age=1h'], warn_criteria => ['exit_status=1','max_age=2h'], } } if $customer in ['mdu'] { sunet::scriptherder::cronjob { 'create_folders_in_fullnode_buckets': cmd => '/root/tasks/create_folders_in_fullnode_buckets.sh "Arbetsmaterial (work material)" "Bevarande (retention)" "Gallringsbart (disposal)"', minute => '*/30', ok_criteria => ['exit_status=0','max_age=1h'], warn_criteria => ['exit_status=1','max_age=2h'], } } if $customer == 'common' { $multinode_passwords = $multinodes.map | $index, $customer | { safe_hiera("${customer}_admin_app_password") } file { '/root/tasks/announce.sh': ensure => file, content => template('sunetdrive/script/multinodeannounce.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/backupmultinodedb.sh': ensure => file, content => template('sunetdrive/script/backupmultinodedb.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/opt/backups/scripts/hb.sh': ensure => file, content => template('sunetdrive/script/backup-hb.erb.sh'), owner => 'root', group => 'root', mode => '0700', } sunet::scriptherder::cronjob { 'backupmultinodedb': cmd => '/root/tasks/backupmultinodedb.sh', hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } if $environment == 'prod' { file { '/root/tasks/aggregate.sh': ensure => file, content => template('sunetdrive/script/aggregate.sh'), owner => 'root', group => 'root', mode => '0700', } sunet::scriptherder::cronjob { 'aggregate_billing': cmd => '/root/tasks/aggregate.sh', hour => '4', minute => '10', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } } $singlenodes.each | $singlenode| { $multinode = hiera_hash('multinode_mapping')[$singlenode]['server'] $multinodeserver = "${multinode}.${site_name}" $nccontainer = "nextcloud-${singlenode}_app_1" sunet::scriptherder::cronjob { "backup${singlenode}db": ensure => absent, cmd => 'true', } sunet::scriptherder::cronjob { "listusers_${singlenode}": cmd => "/root/tasks/listusers.sh ${singlenode} ${multinodeserver}", minute => '*/5', ok_criteria => ['exit_status=0','max_age=30m'], warn_criteria => ['exit_status=1', 'max_age=60m'], } if $environment == 'prod' { sunet::scriptherder::cronjob { "statistics${singlenode}": cmd => "/root/tasks/usage.sh ${singlenode} ${multinodeserver}", hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } } unless $singlenode in ['mau', 'uu'] { sunet::scriptherder::cronjob { "make${singlenode}buckets": cmd => "/root/tasks/makebuckets.sh ${multinodeserver} ${nccontainer} ${singlenode}-${environment}", minute => '*', ok_criteria => ['exit_status=0','max_age=15m'], warn_criteria => ['exit_status=1','max_age=30m'], } } } $gss_backup_server = $config['gss_backup_server'] $lookup_backup_server = $config['lookup_backup_server'] sunet::scriptherder::cronjob { 'backupgssdb': cmd => "/root/tasks/backupdb.sh ${gss_backup_server}", hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } sunet::scriptherder::cronjob { 'backuplookupdb': cmd => "/root/tasks/backupdb.sh ${lookup_backup_server}", hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } } else { $admin_app_password = safe_hiera('admin_app_password') file { '/root/tasks/announce.sh': ensure => file, content => template('sunetdrive/script/announce.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/delete_announcement_with_subject.sh': ensure => file, content => template('sunetdrive/script/delete_announcement_with_subject.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/root/tasks/backupmultinodedb.sh': ensure => absent, } sunet::scriptherder::cronjob { 'backupmultinodedb': ensure => absent, cmd => 'true', } sunet::scriptherder::cronjob { 'backupdb': cmd => "/root/tasks/backupdb.sh ${backup_server}", hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } sunet::scriptherder::cronjob { 'restart_proxysql': ensure => 'absent', cmd => '/bin/true', purge_results => true, } if $environment == 'prod' { sunet::scriptherder::cronjob { 'statistics': cmd => '/root/tasks/usage.sh', hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } } } sunet::scriptherder::cronjob { 'collect_backup_data': cmd => '/root/tasks/collect_backup_data.sh', hour => '*', minute => '3', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } sunet::scriptherder::cronjob { 'backupbuckets': cmd => '/root/tasks/backupbuckets.sh', hour => '2', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } # sunet::scriptherder::cronjob { 'scriptherder_daily': # cmd => '/bin/true', # special => 'daily', # ok_criteria => ['exit_status=0','max_age=4d'], # warn_criteria => ['exit_status=1','max_age=8d'], # } # cron { 'example_job': # ensure => 'present', # command => '/bin/true', # hour => ['0'], # target => 'root', # user => 'root', # } }