sunetdrive/manifests/script.pp
2024-11-17 13:57:57 +01:00

510 lines
17 KiB
Puppet

#Class for SUNET-Drive-Script
class sunetdrive::script (
$bootstrap = undef,
$location = undef
) {
include sunet::packages::python3_pip
include sunet::packages::kopia
$environment = sunetdrive::get_environment()
$customer = sunetdrive::get_customer()
$apikey_test = safe_hiera('monitor_apikey_test')
$apikey_prod = safe_hiera('monitor_apikey_prod')
$full_project_mapping = hiera_hash('project_mapping')
$project_mapping = $full_project_mapping[$customer][$environment]
$primary_project = $project_mapping['primary_project']
$mirror_project = $project_mapping['mirror_project']
$assigned_projects = $project_mapping['assigned']
$full_backup_retention = hiera('full_backup_retention')
$config = hiera_hash($environment)
$backup_server = $config['backup_server']
$rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb'
$local_path = '/tmp/rclone-current-linux-amd64.deb'
$singlenodes = lookup('singlenodes')
$multinodes = keys(lookup('multinode_mapping'))
$extra_backup_jobs = pick($config['extra_backup_jobs'], {})
if $customer == 'mdu' {
$eppn_suffix = 'mdh.se'
$include_userbuckets = 'true'
} elsif $customer == 'uu' {
$eppn_suffix = 'users.uu.se'
$include_userbuckets = 'false'
}
else {
$eppn_suffix = "${customer}.se"
$include_userbuckets = 'false'
}
$ssh_config = "Host *.sunet.se
User script
IdentityFile /root/.ssh/id_script"
$s3_key = safe_hiera('s3_key')
$s3_secret = safe_hiera('s3_secret')
$statistics_secret = safe_hiera('statistics_secret')
$s3_key_pilot = hiera('s3_key_pilot', false)
$s3_secret_pilot = hiera('s3_secret_pilot', false)
# FIXME: This will not work if we start to mess around with the location of multinode customer data
$s3_host = $config['s3_host']
if $s3_host == 's3.sto4.safedc.net' {
$s3_host_mirror = 's3.sto3.safedc.net'
$s3_key_mirror = safe_hiera('s3_key_sto3')
$s3_secret_mirror = safe_hiera('s3_secret_sto3')
} else {
$s3_host_mirror = 's3.sto4.safedc.net'
$s3_key_mirror = safe_hiera('s3_key_sto4')
$s3_secret_mirror = safe_hiera('s3_secret_sto4')
}
$site_name = $config['site_name']
$user_bucket_name = $config['user_bucket_name']
if $config['user_scans'] {
$config['user_scans'].each |$job| {
sunet::scriptherder::cronjob { $job['name']:
cmd => "ssh -t -l script ${job['server']} /usr/bin/sudo /usr/local/bin/occ ${job['container']} files:scan ${job['user']}",
hour => $job['hour'],
minute => $job['minute'],
ok_criteria => ['exit_status=0','max_age=1d'],
warn_criteria => ['exit_status=1','max_age=2d'],
}
}
}
# It is a start that will get us user buckets and primary buckets
$backup_projects = $location
exec { 'rclone_deb':
command => "/usr/bin/wget -q ${rclone_url} -O ${local_path}",
creates => $local_path,
}
package { 'rclone':
ensure => installed,
provider => dpkg,
source => $local_path,
require => Exec['rclone_deb'],
}
package { 'fuse3':
ensure => installed,
provider => apt,
}
package { 'python3':
ensure => installed,
provider => apt,
}
package { 'duplicity':
ensure => installed,
provider => apt,
}
package { 'xmlstarlet':
ensure => installed,
provider => apt,
}
$drive_version = '0.3.1'
if $facts['os']['distro']['id'] == 'Debian' {
$pip_cmd = 'pip3 install --break-system-packages'
} else {
$pip_cmd = 'python3 -m pip install'
}
exec { 'drive-utils':
command => "${pip_cmd} https://pypi.sunet.se/packages/drive-utils-${drive_version}.tar.gz",
unless => "python3 -m pip list | grep drive-utils | grep ${drive_version}",
require => Package['python3'],
}
file { '/opt/backups':
ensure => directory,
mode => '0700'
}
file { '/opt/backups/scripts':
ensure => directory,
mode => '0700'
}
file { '/root/.ssh/':
ensure => directory,
mode => '0700',
}
file { '/root/tasks/':
ensure => directory,
mode => '0700',
}
file { '/root/scripts/':
ensure => directory,
mode => '0700',
}
file { '/root/.ssh/id_script':
ensure => file,
content => safe_hiera('ssh_priv_key'),
owner => 'root',
group => 'root',
mode => '0600',
}
file { '/root/.ssh/config':
ensure => file,
content => $ssh_config,
owner => 'root',
group => 'root',
mode => '0600',
}
file { '/root/.rclone.conf':
ensure => file,
content => template('sunetdrive/script/rclone.conf.erb'),
owner => 'root',
group => 'root',
mode => '0600',
}
if $s3_key_pilot and $s3_secret_pilot {
file { '/root/scripts/migratebuckets.sh':
ensure => file,
content => template('sunetdrive/script/migratebuckets.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
}
file { '/root/tasks/backupsingleproject.sh':
ensure => file,
content => template('sunetdrive/script/backupsingleproject.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/backupbuckets.sh':
ensure => file,
content => template('sunetdrive/script/backup-all-buckets.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/backup-projectbuckets.sh':
ensure => absent,
}
file { '/root/tasks/backupdb.sh':
ensure => file,
content => template('sunetdrive/script/backupdb.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/restart-nextcloud-farm':
ensure => file,
content => template('sunetdrive/script/restart-nextcloud-farm.erb'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/restart-db-cluster':
ensure => file,
content => template('sunetdrive/script/restart-db-cluster.erb'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/restart-proxysql.sh':
ensure => file,
content => template('sunetdrive/script/restart-proxysql.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/usage.sh':
ensure => file,
content => template('sunetdrive/script/usage.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/maintenance.sh':
ensure => file,
content => template('sunetdrive/script/maintenance.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/reboot-customer.sh':
ensure => file,
content => template('sunetdrive/script/reboot-customer.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/usr/local/bin/check_backups':
ensure => file,
content => template('sunetdrive/script/check_backup.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/collect_backup_data.sh':
ensure => file,
content => template('sunetdrive/script/collect_backup_data.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/makebuckets.sh':
ensure => file,
content => template('sunetdrive/script/makebuckets.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/makemanualuserbucket.sh':
ensure => file,
content => template('sunetdrive/script/makemanualuserbucket.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/backupsinglenodedb.sh':
ensure => absent,
}
if $environment == 'test' {
sunet::scriptherder::cronjob { 'reboot-customer':
cmd => '/root/tasks/reboot-customer.sh',
hour => '2',
minute => '10',
ok_criteria => ['exit_status=0','max_age=21d'],
warn_criteria => ['exit_status=1','max_age=31d'],
}
}
# Opt out of userbuckets, also customers that ended the contract
if $customer in ['extern', 'gih', 'hkr', 'suni', 'common', 'su', 'lnu'] {
sunet::scriptherder::cronjob { 'makebuckets':
ensure => absent,
cmd => 'bin/true',
}
} else {
sunet::scriptherder::cronjob { 'makebuckets':
cmd => '/root/tasks/makebuckets.sh',
minute => '*/5',
ok_criteria => ['exit_status=0','max_age=15m'],
warn_criteria => ['exit_status=1','max_age=30m'],
}
}
# Opt in folder structer for multinode customers
if $customer in ['common'] {
file { '/root/tasks/listusers.sh':
ensure => file,
content => template('sunetdrive/script/listusers.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/create_folders_in_singlenode_buckets.sh':
ensure => file,
content => template('sunetdrive/script/create_folders_in_singlenode_buckets.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
sunet::scriptherder::cronjob { 'create_folders_in_singlenode_buckets_for_kmh':
cmd => '/root/tasks/create_folders_in_singlenode_buckets.sh kmh true',
minute => '*/30',
ok_criteria => ['exit_status=0','max_age=1h'],
warn_criteria => ['exit_status=1','max_age=2h'],
}
}
# Opt in to folder structure in projectbuckets
if $customer in ['gih', 'mdu'] {
sunet::scriptherder::cronjob { 'create_folders_in_project_buckets':
ensure => absent,
cmd => 'true',
}
file { '/root/tasks/create_folders_in_project_buckets.sh':
ensure => absent,
}
file { '/root/tasks/create_folders_in_fullnode_buckets.sh':
ensure => file,
content => template('sunetdrive/script/create_folders_in_fullnode_buckets.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
}
if $customer in ['gih'] {
sunet::scriptherder::cronjob { 'create_folders_in_fullnode_buckets':
cmd => '/root/tasks/create_folders_in_fullnode_buckets.sh',
minute => '*/30',
ok_criteria => ['exit_status=0','max_age=1h'],
warn_criteria => ['exit_status=1','max_age=2h'],
}
}
if $customer in ['mdu'] {
sunet::scriptherder::cronjob { 'create_folders_in_fullnode_buckets':
cmd => '/root/tasks/create_folders_in_fullnode_buckets.sh "Arbetsmaterial (work material)" "Bevarande (retention)" "Gallringsbart (disposal)"',
minute => '*/30',
ok_criteria => ['exit_status=0','max_age=1h'],
warn_criteria => ['exit_status=1','max_age=2h'],
}
}
if $customer == 'common' {
$multinode_passwords = $multinodes.map | $index, $customer | {
safe_hiera("${customer}_admin_app_password")
}
file { '/root/tasks/announce.sh':
ensure => file,
content => template('sunetdrive/script/multinodeannounce.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/backupmultinodedb.sh':
ensure => file,
content => template('sunetdrive/script/backupmultinodedb.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/opt/backups/scripts/hb.sh':
ensure => file,
content => template('sunetdrive/script/backup-hb.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
sunet::scriptherder::cronjob { 'backupmultinodedb':
cmd => '/root/tasks/backupmultinodedb.sh',
hour => '2',
minute => '0',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
if $environment == 'prod' {
file { '/root/tasks/aggregate.sh':
ensure => file,
content => template('sunetdrive/script/aggregate.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
sunet::scriptherder::cronjob { 'aggregate_billing':
cmd => '/root/tasks/aggregate.sh',
hour => '4',
minute => '10',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
}
$singlenodes.each | $singlenode| {
$multinode = hiera_hash('multinode_mapping')[$singlenode]['server']
$multinodeserver = "${multinode}.${site_name}"
$nccontainer = "nextcloud-${singlenode}_app_1"
sunet::scriptherder::cronjob { "backup${singlenode}db":
ensure => absent,
cmd => 'true',
}
sunet::scriptherder::cronjob { "listusers_${singlenode}":
cmd => "/root/tasks/listusers.sh ${singlenode} ${multinodeserver}",
minute => '*/5',
ok_criteria => ['exit_status=0','max_age=30m'],
warn_criteria => ['exit_status=1', 'max_age=60m'],
}
if $environment == 'prod' {
sunet::scriptherder::cronjob { "statistics${singlenode}":
cmd => "/root/tasks/usage.sh ${singlenode} ${multinodeserver}",
hour => '2',
minute => '0',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
}
unless $singlenode in ['mau', 'uu'] {
sunet::scriptherder::cronjob { "make${singlenode}buckets":
cmd => "/root/tasks/makebuckets.sh ${multinodeserver} ${nccontainer} ${singlenode}-${environment}",
minute => '*',
ok_criteria => ['exit_status=0','max_age=15m'],
warn_criteria => ['exit_status=1','max_age=30m'],
}
}
}
$gss_backup_server = $config['gss_backup_server']
$lookup_backup_server = $config['lookup_backup_server']
sunet::scriptherder::cronjob { 'backupgssdb':
cmd => "/root/tasks/backupdb.sh ${gss_backup_server}",
hour => '2',
minute => '0',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
sunet::scriptherder::cronjob { 'backuplookupdb':
cmd => "/root/tasks/backupdb.sh ${lookup_backup_server}",
hour => '2',
minute => '0',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
} else {
$admin_app_password = safe_hiera('admin_app_password')
file { '/root/tasks/announce.sh':
ensure => file,
content => template('sunetdrive/script/announce.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/delete_announcement_with_subject.sh':
ensure => file,
content => template('sunetdrive/script/delete_announcement_with_subject.erb.sh'),
owner => 'root',
group => 'root',
mode => '0700',
}
file { '/root/tasks/backupmultinodedb.sh':
ensure => absent,
}
sunet::scriptherder::cronjob { 'backupmultinodedb':
ensure => absent,
cmd => 'true',
}
sunet::scriptherder::cronjob { 'backupdb':
cmd => "/root/tasks/backupdb.sh ${backup_server}",
hour => '2',
minute => '0',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
sunet::scriptherder::cronjob { 'restart_proxysql':
ensure => 'absent',
cmd => '/bin/true',
purge_results => true,
}
if $environment == 'prod' {
sunet::scriptherder::cronjob { 'statistics':
cmd => '/root/tasks/usage.sh',
hour => '2',
minute => '0',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
}
}
sunet::scriptherder::cronjob { 'collect_backup_data':
cmd => '/root/tasks/collect_backup_data.sh',
hour => '*',
minute => '3',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
sunet::scriptherder::cronjob { 'backupbuckets':
cmd => '/root/tasks/backupbuckets.sh',
hour => '2',
minute => '0',
ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'],
}
# sunet::scriptherder::cronjob { 'scriptherder_daily':
# cmd => '/bin/true',
# special => 'daily',
# ok_criteria => ['exit_status=0','max_age=4d'],
# warn_criteria => ['exit_status=1','max_age=8d'],
# }
# cron { 'example_job':
# ensure => 'present',
# command => '/bin/true',
# hour => ['0'],
# target => 'root',
# user => 'root',
# }
}