From 202c714b9eaacad3d3fbf43612097b2b71c5919b Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 16 Apr 2023 10:33:21 +0200 Subject: [PATCH] Optimized randomized_delay_sec, persistend & on_calendar for systemd-timer --- group_vars/all | 8 +++++++- .../templates/deploy-letsencrypt-mailu.timer.j2 | 6 +++--- .../templates/backups-cleanup.timer.j2 | 3 ++- .../templates/btrfs-health-check.timer.j2 | 2 ++ roles/native-certbot-nginx/handlers/main.yml | 4 ++-- roles/native-certbot-nginx/tasks/main.yml | 11 +++++++---- .../templates/{certbot.service => certbot.service.j2} | 0 roles/native-certbot-nginx/templates/certbot.timer | 10 ---------- roles/native-certbot-nginx/templates/certbot.timer.j2 | 10 ++++++++++ .../templates/disc-space-check.timer.j2 | 2 ++ .../docker-compose-restart-unhealthy.timer.j2 | 2 ++ .../templates/docker-health-check.timer.j2 | 2 ++ .../templates/docker-volume-backup.timer.j2 | 2 ++ .../templates/journalctl-health-check.timer.j2 | 2 ++ .../templates/pull-remote-backups.timer.j2 | 2 ++ 15 files changed, 45 insertions(+), 21 deletions(-) rename roles/native-certbot-nginx/templates/{certbot.service => certbot.service.j2} (100%) delete mode 100644 roles/native-certbot-nginx/templates/certbot.timer create mode 100644 roles/native-certbot-nginx/templates/certbot.timer.j2 diff --git a/group_vars/all b/group_vars/all index 1a235fad..542ce8a5 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1,14 +1,20 @@ # Server Tact Variables -# @see https://man.archlinux.org/man/systemd.time.7 +# validate timers via: systemctl list-timers +# more information: https://man.archlinux.org/man/systemd.time.7 + +randomized_delay_sec: "15min" on_calendar_btrfs_health_check: "*-*-* 00:00:00" on_calendar_journalctl_health_check: "*-*-* 00:00:00" on_calendar_disc_space_check: "*-*-* 06,12,18,00:00:00" on_calendar_docker_health_check: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:00:00" + on_calendar_backups_cleanup: "*-*-* 06,12,18,00:30:00" on_calendar_docker_volume_backup: "*-*-* 03:30:00" on_calendar_docker_compose_restart_unhealthy: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01:30:00" on_calendar_pull_primary_backups: "*-*-* 21:30:00" +on_calendar_renew_lets_encrypt_certificates: "*-*-* 12,00:30:00" +on_calendar_deploy_mailu_certificates: "*-*-* 12,00:50:00" # Space Variables size_percent_maximum_backup: 75 diff --git a/roles/docker-mailu/templates/deploy-letsencrypt-mailu.timer.j2 b/roles/docker-mailu/templates/deploy-letsencrypt-mailu.timer.j2 index 4436b0a4..79853124 100644 --- a/roles/docker-mailu/templates/deploy-letsencrypt-mailu.timer.j2 +++ b/roles/docker-mailu/templates/deploy-letsencrypt-mailu.timer.j2 @@ -1,9 +1,9 @@ [Unit] -Description=Twice daily deployment of Let's Encrypt's certificates +Description=Deployment of Let's Encrypt's certificates [Timer] -OnCalendar=0/12:00:00 -RandomizedDelaySec=1h +OnCalendar={{on_calendar_deploy_mailu_certificates}} +RandomizedDelaySec={{randomized_delay_sec}} Persistent=true [Install] diff --git a/roles/native-backups-cleanup/templates/backups-cleanup.timer.j2 b/roles/native-backups-cleanup/templates/backups-cleanup.timer.j2 index ffbe6f7f..3ec81479 100644 --- a/roles/native-backups-cleanup/templates/backups-cleanup.timer.j2 +++ b/roles/native-backups-cleanup/templates/backups-cleanup.timer.j2 @@ -2,8 +2,9 @@ Description=starts backups-cleanup.service [Timer] -OnBootSec=1min OnCalendar={{on_calendar_backups_cleanup}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=true [Install] WantedBy=timers.target diff --git a/roles/native-btrfs-health-check/templates/btrfs-health-check.timer.j2 b/roles/native-btrfs-health-check/templates/btrfs-health-check.timer.j2 index 81ea384c..be468c84 100644 --- a/roles/native-btrfs-health-check/templates/btrfs-health-check.timer.j2 +++ b/roles/native-btrfs-health-check/templates/btrfs-health-check.timer.j2 @@ -3,6 +3,8 @@ Description=starts btrfs-health-check.service [Timer] OnCalendar={{on_calendar_btrfs_health_check}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=false [Install] WantedBy=timers.target diff --git a/roles/native-certbot-nginx/handlers/main.yml b/roles/native-certbot-nginx/handlers/main.yml index 13fd5fa4..e428b905 100644 --- a/roles/native-certbot-nginx/handlers/main.yml +++ b/roles/native-certbot-nginx/handlers/main.yml @@ -1,7 +1,7 @@ -- name: "restart certbot service" +- name: "reload certbot service" systemd: name: certbot.service - state: restarted + state: reloaded enabled: yes daemon_reload: yes - name: "restart certbot timer" diff --git a/roles/native-certbot-nginx/tasks/main.yml b/roles/native-certbot-nginx/tasks/main.yml index a574f9ab..d0ed6270 100644 --- a/roles/native-certbot-nginx/tasks/main.yml +++ b/roles/native-certbot-nginx/tasks/main.yml @@ -2,12 +2,15 @@ pacman: name: [certbot,certbot-nginx] state: present - notify: restart certbot service - name: configure certbot.service.tpl - template: src=certbot.service dest=/etc/systemd/system/certbot.service - notify: restart certbot service + template: + src: certbot.service.j2 + dest: /etc/systemd/system/certbot.service + notify: reload certbot service - name: configure certbot.timer.tpl - template: src=certbot.timer dest=/etc/systemd/system/certbot.timer + template: + src: certbot.timer.j2 + dest: /etc/systemd/system/certbot.timer notify: restart certbot timer diff --git a/roles/native-certbot-nginx/templates/certbot.service b/roles/native-certbot-nginx/templates/certbot.service.j2 similarity index 100% rename from roles/native-certbot-nginx/templates/certbot.service rename to roles/native-certbot-nginx/templates/certbot.service.j2 diff --git a/roles/native-certbot-nginx/templates/certbot.timer b/roles/native-certbot-nginx/templates/certbot.timer deleted file mode 100644 index 94c8b8be..00000000 --- a/roles/native-certbot-nginx/templates/certbot.timer +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Twice daily renewal of Let's Encrypt's certificates - -[Timer] -OnCalendar=0/12:00:00 -RandomizedDelaySec=1h -Persistent=true - -[Install] -WantedBy=timers.target diff --git a/roles/native-certbot-nginx/templates/certbot.timer.j2 b/roles/native-certbot-nginx/templates/certbot.timer.j2 new file mode 100644 index 00000000..6b530b85 --- /dev/null +++ b/roles/native-certbot-nginx/templates/certbot.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Renewal of Let's Encrypt's certificates + +[Timer] +OnCalendar=0/12:00:00 +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/roles/native-disc-space-check/templates/disc-space-check.timer.j2 b/roles/native-disc-space-check/templates/disc-space-check.timer.j2 index 3ac6bda7..cca1b2cb 100644 --- a/roles/native-disc-space-check/templates/disc-space-check.timer.j2 +++ b/roles/native-disc-space-check/templates/disc-space-check.timer.j2 @@ -3,6 +3,8 @@ Description=starts disc-space-check.service [Timer] OnCalendar={{on_calendar_disc_space_check}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=true [Install] WantedBy=timers.target diff --git a/roles/native-docker-compose-restart-unhealthy/templates/docker-compose-restart-unhealthy.timer.j2 b/roles/native-docker-compose-restart-unhealthy/templates/docker-compose-restart-unhealthy.timer.j2 index 87c6146f..83c6da5d 100644 --- a/roles/native-docker-compose-restart-unhealthy/templates/docker-compose-restart-unhealthy.timer.j2 +++ b/roles/native-docker-compose-restart-unhealthy/templates/docker-compose-restart-unhealthy.timer.j2 @@ -3,6 +3,8 @@ Description=starts docker-compose-restart-unhealthy.service [Timer] OnCalendar={{on_calendar_docker_compose_restart_unhealthy}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=false [Install] WantedBy=timers.target diff --git a/roles/native-docker-health-check/templates/docker-health-check.timer.j2 b/roles/native-docker-health-check/templates/docker-health-check.timer.j2 index 8e019b8d..5f38e35e 100644 --- a/roles/native-docker-health-check/templates/docker-health-check.timer.j2 +++ b/roles/native-docker-health-check/templates/docker-health-check.timer.j2 @@ -3,6 +3,8 @@ Description=starts docker-health-check.service [Timer] OnCalendar={{on_calendar_docker_health_check}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=false [Install] WantedBy=timers.target diff --git a/roles/native-docker-volume-backup/templates/docker-volume-backup.timer.j2 b/roles/native-docker-volume-backup/templates/docker-volume-backup.timer.j2 index 5c576a4c..73e50e24 100644 --- a/roles/native-docker-volume-backup/templates/docker-volume-backup.timer.j2 +++ b/roles/native-docker-volume-backup/templates/docker-volume-backup.timer.j2 @@ -3,6 +3,8 @@ Description=backups the docker volumes [Timer] OnCalendar={{on_calendar_docker_volume_backup}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=false [Install] WantedBy=timers.target diff --git a/roles/native-journalctl-health-check/templates/journalctl-health-check.timer.j2 b/roles/native-journalctl-health-check/templates/journalctl-health-check.timer.j2 index 13c02e73..e262db3d 100644 --- a/roles/native-journalctl-health-check/templates/journalctl-health-check.timer.j2 +++ b/roles/native-journalctl-health-check/templates/journalctl-health-check.timer.j2 @@ -3,6 +3,8 @@ Description=starts journalctl-health-check.service [Timer] OnCalendar={{on_calendar_journalctl_health_check}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=false [Install] WantedBy=timers.target diff --git a/roles/native-pull-primary-backups/templates/pull-remote-backups.timer.j2 b/roles/native-pull-primary-backups/templates/pull-remote-backups.timer.j2 index 6f4b9986..e2c3b5e0 100644 --- a/roles/native-pull-primary-backups/templates/pull-remote-backups.timer.j2 +++ b/roles/native-pull-primary-backups/templates/pull-remote-backups.timer.j2 @@ -3,6 +3,8 @@ Description=starts pull remote backup timer [Timer] OnCalendar={{on_calendar_pull_primary_backups}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=false [Install] WantedBy=timers.target