infra(sys-service): centralize async control + pre-deploy backup safeguard

- Added MODE_BACKUP to trigger backup before the rest of the deployment - sys-ctl-bkp-docker-2-loc: force linear sync and force flush when MODE_BACKUP is true - Unified name resolution via system_service_name across handlers and tasks - Introduced system_service_force_linear_sync and system_service_force_flush (rename from system_force_flush) - Drive async/poll via system_service_async/system_service_poll using omit when disabled - Propagated per-role overrides (cleanup, repair, cert tasks) for clarity and safety - Minor formatting and consistency cleanups Why: Ensure the backup runs before the deployment routine to safeguard data integrity. Refs: Conversation https://chatgpt.com/share/68de4c41-b6e4-800f-85cd-ce6949097b5e Signed-off-by: Kevin Veen-Birkenbach <kevin@veen.world>
2025-10-09 18:28:10 +02:00 · 2025-10-02 11:58:23 +02:00
parent 8beda2d45d
commit 23353ac878
17 changed files with 72 additions and 52 deletions
--- a/group_vars/all/01_modes.yml
+++ b/group_vars/all/01_modes.yml
@@ -7,3 +7,4 @@ MODE_DEBUG:   false                       # This enables debugging in ansible an
 MODE_RESET:   false                       # Cleans up all Infinito.Nexus files. It's necessary to run to whole playbook and not particial roles when using this function.
 MODE_CLEANUP: "{{ MODE_DEBUG  | bool }}"  # Cleanup unused files and configurations
 MODE_ASSERT:  "{{ MODE_DEBUG  | bool }}"  # Executes validation tasks during the run.
+MODE_BACKUP:  true                        # Executes the Backup before the deployment
--- a/roles/sys-ctl-alm-compose/tasks/01_core.yml
+++ b/roles/sys-ctl-alm-compose/tasks/01_core.yml
@@ -10,6 +10,7 @@
    system_service_copy_files:        true
    system_service_tpl_exec_start:    "{{ system_service_script_exec }} %I"
    system_service_tpl_on_failure:    ""
+    system_service_force_linear_sync: false

 - name: "Include core service for '{{ system_service_id  }}'"
  include_role:
@@ -20,6 +21,7 @@
    system_service_copy_files:        true
    system_service_tpl_exec_start:    "{{ system_service_script_exec }} %I"
    system_service_tpl_on_failure:    "" # No on failure needed, because it's anyhow the default on failure procedure
+    system_service_force_linear_sync: false

 - name: Assert '{{ system_service_id }}'
  block:
--- a/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml
+++ b/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml
@@ -19,6 +19,8 @@
  vars:
    system_service_copy_files:          false
    system_service_timer_enabled:       true
+    system_service_force_linear_sync:   true
+    system_service_force_flush:         "{{ MODE_BACKUP | bool }}"
    system_service_on_calendar:         "{{ SYS_SCHEDULE_BACKUP_DOCKER_TO_LOCAL }}"
    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_BACKUP_DOCKER_2_LOC }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"'
    system_service_tpl_exec_start:      "/bin/sh -c '{{ BKP_DOCKER_2_LOC_EXEC }}'"
--- a/roles/sys-ctl-cln-anon-volumes/tasks/main.yml
+++ b/roles/sys-ctl-cln-anon-volumes/tasks/main.yml
@@ -12,6 +12,7 @@
      system_service_tpl_exec_start:      dockreap --no-confirmation
      system_service_tpl_exec_start_pre:  "" # Anonymous volumes can allways be removed. It isn't necessary to wait for any service to stop.
      system_service_copy_files:          false
+      system_service_force_linear_sync:   false

  - include_tasks: utils/run_once.yml
  when:
--- a/roles/sys-ctl-cln-bkps/tasks/01_core.yml
+++ b/roles/sys-ctl-cln-bkps/tasks/01_core.yml
@@ -20,6 +20,7 @@
    system_service_tpl_exec_start:      "{{ system_service_script_exec }} --backups-folder-path {{ BACKUPS_FOLDER_PATH }} --maximum-backup-size-percent {{SIZE_PERCENT_MAXIMUM_BACKUP}}"
    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(" ") }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"'
    system_service_copy_files:          true
+    system_service_force_linear_sync:   false

 - include_tasks: utils/run_once.yml
  vars:
--- a/roles/sys-ctl-cln-certs/tasks/01_core.yml
+++ b/roles/sys-ctl-cln-certs/tasks/01_core.yml
@@ -17,3 +17,4 @@
    system_service_timer_enabled:     true
    system_service_on_calendar:       "{{ SYS_SCHEDULE_CLEANUP_CERTS }}"
    system_service_copy_files:        false
+    system_service_force_linear_sync: false
--- a/roles/sys-ctl-cln-disc-space/tasks/01_core.yml
+++ b/roles/sys-ctl-cln-disc-space/tasks/01_core.yml
@@ -14,3 +14,4 @@
    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    system_service_tpl_exec_start:      "{{ system_service_script_exec }} {{ SIZE_PERCENT_CLEANUP_DISC_SPACE }}"
    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(" ") }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"'
+    system_service_force_linear_sync:   false
--- a/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml
+++ b/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml
@@ -21,5 +21,5 @@
    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(" ") }} --timeout "{{ SYS_TIMEOUT_CLEANUP_SERVICES }}"'
    system_service_tpl_exec_start:      '/bin/sh -c "{{ CLEANUP_FAILED_BACKUPS_PKG }} --all --workers {{ CLEANUP_FAILED_BACKUPS_WORKERS }} --yes"'
-
+    system_service_force_linear_sync:   false
 - include_tasks: utils/run_once.yml
--- a/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml
+++ b/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml
@@ -13,3 +13,4 @@
    persistent:                       "true"
    system_service_timer_enabled:     true
    system_service_tpl_on_failure:    "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_force_linear_sync: false
--- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml
+++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml
@@ -20,3 +20,4 @@
    persistent:                       true
    system_service_timer_enabled:     true
    system_service_tpl_on_failure:    "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_force_linear_sync: false
--- a/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml
@@ -18,3 +18,4 @@
    system_service_timer_enabled:     true
    system_service_tpl_on_failure:    "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    system_service_tpl_exec_start:    "/bin/sh -c 'btrfs-auto-balancer 90 10'"
+    system_service_force_linear_sync: true
--- a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
@@ -12,5 +12,6 @@
    system_service_tpl_exec_start:      '{{ system_service_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
    system_service_tpl_exec_start_post: "/usr/bin/systemctl start {{ SYS_SERVICE_CLEANUP_ANONYMOUS_VOLUMES }}"
    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_force_linear_sync:   true

 - include_tasks: utils/run_once.yml
--- a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
@@ -10,5 +10,6 @@
    system_service_tpl_exec_start_pre:  "/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }} --timeout '{{ SYS_TIMEOUT_DOCKER_RPR_SOFT }}'"
    system_service_tpl_exec_start: >
      /bin/sh -c '{{ system_service_script_exec }} --manipulation-string "{{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }}" {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
+    system_service_force_linear_sync:   true

 - include_tasks: utils/run_once.yml
--- a/roles/sys-service/handlers/main.yml
+++ b/roles/sys-service/handlers/main.yml
@@ -1,19 +1,19 @@
 - name: "Enable systemctl service"
  systemd:
-    name: "{{ system_service_id | get_service_name(SOFTWARE_NAME) }}"
+    name: "{{ system_service_name }}"
    enabled: yes
    daemon_reload: true
  become: true
-  async:  "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:   "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  async:  "{{ system_service_async }}"
+  poll:   "{{ system_service_poll }}"
  listen: refresh systemctl service

 - name: "Set systemctl service state"
  systemd:
-    name: "{{ system_service_id | get_service_name(SOFTWARE_NAME) }}"
+    name: "{{ system_service_name }}"
    state: "{{ system_service_state }}"
  become: true
-  async:  "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:   "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  async:  "{{ system_service_async }}"
+  poll:   "{{ system_service_poll }}"
  when:   not (system_service_suppress_flush | bool)
  listen: refresh systemctl service
--- a/roles/sys-service/tasks/05_service.yml
+++ b/roles/sys-service/tasks/05_service.yml
@@ -31,7 +31,7 @@
 - name: "setup systemctl '{{ system_service_id }}'"
  template:
    src:  "{{ system_service_template_src }}"
-    dest: "{{ [ PATH_SYSTEM_SERVICE_DIR, system_service_id | get_service_name(SOFTWARE_NAME) ] | path_join }}"
+    dest: "{{ [ PATH_SYSTEM_SERVICE_DIR, system_service_name ] | path_join }}"
    owner: root
    group: root
    mode: '0644'
@@ -46,5 +46,5 @@
    command: /bin/true
    notify: refresh systemctl service
    when: not system_service_uses_at
-  when: system_force_flush | bool
+  when: system_service_force_flush | bool

--- a/roles/sys-service/vars/main.yml
+++ b/roles/sys-service/vars/main.yml
@@ -1,4 +1,5 @@
 UNIT_SUFFIX_REMOVER_PACKAGE:          "unsure"
+system_service_name:                  "{{ system_service_id | get_service_name(SOFTWARE_NAME) }}"

 ## Paths
 system_service_role_name:             "{{ system_service_id | regex_replace('@','') }}"
@@ -6,12 +7,17 @@ system_service_role_dir:       "{{ [ playbook_dir, 'roles', system_service_role_
 system_service_script_dir:            "{{ [ PATH_SYSTEMCTL_SCRIPTS, system_service_id ] | path_join }}"

 ## Settings
-system_force_flush:            "{{ SYS_SERVICE_ALL_ENABLED | bool }}"                           # When set to true it activates the flushing of services. defaults to SYS_SERVICE_ALL_ENABLED
+system_service_force_linear_sync:     "{{ system_service_name in SYS_SERVICE_GROUP_MANIPULATION }}"    # Disables automatic async
+system_service_force_flush:           "{{ SYS_SERVICE_ALL_ENABLED | bool }}"                           # When set to true it activates the flushing of services. defaults to SYS_SERVICE_ALL_ENABLED
 system_service_suppress_flush:        "{{ (system_service_id in SYS_SERVICE_SUPPRESS_FLUSH) | bool }}" # When set to true it suppresses the flushing of services
 system_service_copy_files:            true                                                             # When set to false file copying will be skipped
 system_service_timer_enabled:         false                                                            # When set to true timer will be loaded
 system_service_state:                 "{{ SYS_SERVICE_DEFAULT_STATE }}"

+## ASYNC Settings
+system_service_async:                 "{{ omit if (system_service_force_linear_sync | bool or not ASYNC_ENABLED | bool) else ASYNC_TIME }}"
+system_service_poll:                  "{{ omit if (system_service_force_linear_sync | bool or not ASYNC_ENABLED | bool) else ASYNC_POLL }}"
+
 # Dynamic Loaded ( Just available when dependencies are loaded )
 system_service_script_base:           "{{ system_service_script_src | basename | regex_replace('\\.j2$', '') }}"
 system_service_script_type:           "{{ system_service_script_base | filetype }}"
--- a/roles/sys-svc-docker/tasks/03_cleanup.yml
+++ b/roles/sys-svc-docker/tasks/03_cleanup.yml
@@ -3,7 +3,7 @@
      include_role:
        name: sys-ctl-cln-anon-volumes
      vars: 
-        system_force_flush: true
+        system_service_force_flush: true
    - include_tasks: utils/run_once.yml
  when: run_once_sys_ctl_cln_anon_volumes is not defined