mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-26 06:31:04 +01:00
implemented whitelisting of anonymous docker volumes
This commit is contained in:
parent
a519a09725
commit
88038b21e2
@ -2,23 +2,24 @@
|
|||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
This role checks for anonymous Docker volumes that are not bound to a container and may be left over from previous operations. It provides a cleanup mechanism by identifying such volumes and possibly taking action against them.
|
This role checks for anonymous Docker volumes that are not bound to a container and may be left over from previous operations. It provides a cleanup mechanism by identifying such volumes, excluding any that are whitelisted, and possibly taking action against them.
|
||||||
|
|
||||||
## Files
|
## Files
|
||||||
|
|
||||||
- `vars/main.yml`: Variable definitions for the script's directory.
|
- `vars/main.yml`: Variable definitions for the script's directory and whitelist.
|
||||||
- `handlers/main.yml`: Handlers to reload and restart the systemd service and timer.
|
- `handlers/main.yml`: Handlers to reload and restart the systemd service and timer.
|
||||||
- `files/health-docker-volumes.sh`: The script that checks for anonymous Docker volumes.
|
- `files/health-docker-volumes.sh`: The script that checks for anonymous Docker volumes and excludes whitelisted volumes.
|
||||||
- `tasks/main.yml`: Tasks to create necessary directories, copy scripts, and create systemd service and timer.
|
- `tasks/main.yml`: Tasks to create necessary directories, copy scripts, and create systemd service and timer.
|
||||||
- `templates/health-docker-volumes.service.j2`: Systemd service template.
|
- `templates/health-docker-volumes.service.j2`: Systemd service template, including the whitelisted volumes as a parameter.
|
||||||
- `templates/health-docker-volumes.timer.j2`: Systemd timer template.
|
- `templates/health-docker-volumes.timer.j2`: Systemd timer template.
|
||||||
- `meta/main.yml`: Meta information declaring dependencies for the role.
|
- `meta/main.yml`: Meta information declaring dependencies for the role.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
This role can be included in your playbook. Set the `path_administrator_scripts` variable to determine where the health check scripts should reside.
|
Include this role in your playbook and set the `path_administrator_scripts` variable to determine where the health check scripts should reside. Define `whitelisted_anonymous_volumes` in `vars/main.yml` with an array of volume IDs that should be ignored by the health check.
|
||||||
|
|
||||||
The role uses `systemd_notifier` for failure notifications, so ensure this dependency is present in your environment.
|
Ensure that the `systemd_notifier` dependency is satisfied for error notifications.
|
||||||
|
|
||||||
## Created with AI
|
## Created with AI
|
||||||
This script was created with the help of AI. The full conversation you find [here](https://chat.openai.com/share/1fa829f1-f001-4111-b1d4-1b2e3d583da2).
|
This script was created with the help of AI. The full conversation you find [here](https://chat.openai.com/share/1fa829f1-f001-4111-b1d4-1b2e3d583da2).
|
||||||
|
|
||||||
|
@ -1,17 +1,29 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
status=0
|
||||||
|
|
||||||
|
# The first argument is a space-separated list of whitelisted volume IDs
|
||||||
|
whitelist=$1
|
||||||
|
whitelisted_volumes=($whitelist) # Split into an array
|
||||||
|
|
||||||
anonymous_volumes=$(docker volume ls --format "{{.Name}}" | grep -E '^[a-f0-9]{64}$')
|
anonymous_volumes=$(docker volume ls --format "{{.Name}}" | grep -E '^[a-f0-9]{64}$')
|
||||||
|
|
||||||
if [ -z "$anonymous_volumes" ]; then
|
if [ -z "$anonymous_volumes" ]; then
|
||||||
echo "No anonymous volumes found."
|
echo "No anonymous volumes found."
|
||||||
exit 0
|
exit $status
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Anonymous volumes found:"
|
echo "Anonymous volumes found:"
|
||||||
|
|
||||||
for volume in $anonymous_volumes; do
|
for volume in $anonymous_volumes; do
|
||||||
container_ids=$(docker ps -aq --filter volume=$volume)
|
# Check if the volume is in the whitelist
|
||||||
|
if printf '%s\n' "${whitelisted_volumes[@]}" | grep -q "^$volume$"; then
|
||||||
|
echo "Volume $volume is whitelisted and will be skipped."
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
status=1
|
||||||
|
container_ids=$(docker ps -aq --filter volume=$volume)
|
||||||
if [ -z "$container_ids" ]; then
|
if [ -z "$container_ids" ]; then
|
||||||
echo "Volume $volume is not used by any running containers."
|
echo "Volume $volume is not used by any running containers."
|
||||||
continue
|
continue
|
||||||
@ -29,4 +41,4 @@ for volume in $anonymous_volumes; do
|
|||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
exit 1
|
exit $status
|
||||||
|
@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/bin/bash {{health_docker_volumes_folder}}health-docker-volumes.sh
|
ExecStart=/bin/bash {{ health_docker_volumes_folder }}health-docker-volumes.sh "{{ whitelisted_anonymous_docker_volumes | join(' ') }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user