sys-service: add ExecStartPost support and adjust health/repair roles

- extended generic systemctl template to support ExecStartPost
- health-docker-volumes: run main script with whitelist, trigger both compose alarm and cleanup on failure
- repair-docker-hard: added ExecStartPre lock, ExecStart, and ExecStartPost to trigger compose alarm always, plus cleanup on failure
- removed obsolete role-specific systemctl.service.j2 templates
- improved consistency across vars and defaults

See: https://chatgpt.com/share/68ad6cb8-c164-800f-96b6-a45c6c7779b3

roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml

@@ -8,4 +8,5 @@
   vars:
     system_service_on_calendar:         "{{ SYS_SCHEDULE_HEALTH_DOCKER_VOLUMES }}"
     system_service_timer_enabled:       true
-    system_service_tpl_on_failure:  "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_ANONYMOUS_VOLUMES }}"
+    system_service_tpl_exec_start:      '{{ system_service_script_exec }} "{{ DOCKER_WHITELISTET_ANON_VOLUMES | join(" ") }}"'

roles/sys-ctl-hlth-docker-volumes/templates/systemctl.service.j2

@@ -1,7 +0,0 @@
-[Unit]
-Description=Checking docker health
-OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
-
-[Service]
-Type=oneshot
-ExecStart={{ system_service_script_exec }} "{{ DOCKER_WHITELISTET_ANON_VOLUMES | join(' ') }}"

roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml

@@ -8,4 +8,8 @@
   vars:
     system_service_on_calendar:         "{{ SYS_SCHEDULE_REPAIR_DOCKER_HARD }}"
     system_service_timer_enabled:       true
+    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_REPAIR_DOCKER_HARD }} --timeout "{{ SYS_TIMEOUT_RESTART_DOCKER }}"'
+    system_service_tpl_exec_start:      '{{ system_service_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
+    system_service_tpl_exec_start_post: "/usr/bin/systemctl start {{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
     system_service_tpl_on_failure:      "{{ SYS_SERVICE_CLEANUP_ANONYMOUS_VOLUMES }}"
+

roles/sys-ctl-rpr-docker-hard/templates/systemctl.service.j2

@@ -1,8 +0,0 @@
-[Unit]
-Description=Restart Docker Instances
-OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
-
-[Service]
-Type=oneshot
-ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_REPAIR_DOCKER_HARD }} --timeout "{{ SYS_TIMEOUT_RESTART_DOCKER }}"
-ExecStart={{ system_service_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}

roles/sys-service/templates/systemctl.service.j2

@@ -11,7 +11,8 @@ Type={{ system_service_tpl_type }}
   ('TimeoutStartSec', system_service_tpl_timeout_start_sec),
   ('ExecStartPre',    system_service_tpl_exec_start_pre),
   ('ExecStart',       system_service_tpl_exec_start),
-  ('RuntimeMaxSec',   system_service_tpl_runtime)
+  ('ExecStartPost',   system_service_tpl_exec_start_post),
+  ('RuntimeMaxSec',   system_service_tpl_runtime),
 ] %}
 {{ val | systemd_directive(key) }}
 {% endfor %}

roles/sys-service/vars/main.yml

@@ -20,7 +20,8 @@ system_service_script_exec:   "{{ system_service_script_inter }} {{ system_servi
 # Service template
 system_service_tpl_on_failure:        "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
 system_service_tpl_type:              "oneshot"
-system_service_tpl_exec_start:        "{{ system_service_script_exec }}"
 system_service_tpl_runtime:           "{{ '' if system_service_tpl_type == 'oneshot' else SYS_SERVICE_DEFAULT_RUNTIME }}"
 system_service_tpl_exec_start_pre:    ""
+system_service_tpl_exec_start:        "{{ system_service_script_exec }}"
+system_service_tpl_exec_start_post:   ""
 system_service_tpl_timeout_start_sec: "60s"