implemented check for anonymous volumes

2025-08-29 15:06:26 +02:00 · 2023-11-17 16:53:56 +01:00
parent 66280fdbde
commit a519a09725
24 changed files with 177 additions and 42 deletions
--- a/roles/health-docker-volumes/README.md
+++ b/roles/health-docker-volumes/README.md
@@ -0,0 +1,24 @@
+# Health Check for Docker Volumes
+
+## Description
+
+This role checks for anonymous Docker volumes that are not bound to a container and may be left over from previous operations. It provides a cleanup mechanism by identifying such volumes and possibly taking action against them.
+
+## Files
+
+- `vars/main.yml`: Variable definitions for the script's directory.
+- `handlers/main.yml`: Handlers to reload and restart the systemd service and timer.
+- `files/health-docker-volumes.sh`: The script that checks for anonymous Docker volumes.
+- `tasks/main.yml`: Tasks to create necessary directories, copy scripts, and create systemd service and timer.
+- `templates/health-docker-volumes.service.j2`: Systemd service template.
+- `templates/health-docker-volumes.timer.j2`: Systemd timer template.
+- `meta/main.yml`: Meta information declaring dependencies for the role.
+
+## Usage
+
+This role can be included in your playbook. Set the `path_administrator_scripts` variable to determine where the health check scripts should reside.
+
+The role uses `systemd_notifier` for failure notifications, so ensure this dependency is present in your environment.
+
+## Created with AI
+This script was created with the help of AI. The full conversation you find [here](https://chat.openai.com/share/1fa829f1-f001-4111-b1d4-1b2e3d583da2).
--- a/roles/health-docker-volumes/files/health-docker-volumes.sh
+++ b/roles/health-docker-volumes/files/health-docker-volumes.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+anonymous_volumes=$(docker volume ls --format "{{.Name}}" | grep -E '^[a-f0-9]{64}$')
+
+if [ -z "$anonymous_volumes" ]; then
+    echo "No anonymous volumes found."
+    exit 0
+fi
+
+echo "Anonymous volumes found:"
+
+for volume in $anonymous_volumes; do
+    container_ids=$(docker ps -aq --filter volume=$volume)
+
+    if [ -z "$container_ids" ]; then
+        echo "Volume $volume is not used by any running containers."
+        continue
+    fi
+
+    for container_id in $container_ids; do
+        container_name=$(docker inspect --format '{{ .Name }}' $container_id | sed 's#^/##')
+        mount_path=$(docker inspect --format "{{ range .Mounts }}{{ if eq .Name \"$volume\" }}{{ .Destination }}{{ end }}{{ end }}" $container_id)
+        
+        if [ -n "$mount_path" ]; then
+            echo "Volume $volume is used by container $container_name at mount path $mount_path"
+        else
+            echo "Volume $volume is used by container $container_name, but mount path could not be determined."
+        fi
+    done
+done
+
+exit 1
--- a/roles/health-docker-volumes/handlers/main.yml
+++ b/roles/health-docker-volumes/handlers/main.yml
@@ -0,0 +1,11 @@
+- name: "reload health-docker-volumes.service"
+  systemd:
+    name: health-docker-volumes.service
+    enabled: yes
+    daemon_reload: yes
+- name: "restart health-docker-volumes.timer"
+  systemd:
+    name: health-docker-volumes.timer
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
--- a/roles/health-docker-volumes/meta/main.yml
+++ b/roles/health-docker-volumes/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - systemd_notifier
--- a/roles/health-docker-volumes/tasks/main.yml
+++ b/roles/health-docker-volumes/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: "create {{health_docker_volumes_folder}}"
+  file:
+    path: "{{health_docker_volumes_folder}}"
+    state: directory
+    mode: 0755
+
+- name: create health-docker-volumes.sh
+  copy:
+    src: health-docker-volumes.sh
+    dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh"
+
+- name: create health-docker-volumes.service
+  template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service
+  notify: reload health-docker-volumes.service
+
+- name: create health-docker-volumes.timer
+  template:
+    src: health-docker-volumes.timer.j2
+    dest: "/etc/systemd/system/health-docker-volumes.timer"
+  register: health_docker_volumes_timer
+  changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool
+  notify: restart health-docker-volumes.timer
--- a/roles/health-docker-volumes/templates/health-docker-volumes.service.j2
+++ b/roles/health-docker-volumes/templates/health-docker-volumes.service.j2
@@ -0,0 +1,7 @@
+[Unit]
+Description=Checking docker health
+OnFailure=systemd-notifier@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/bin/bash {{health_docker_volumes_folder}}health-docker-volumes.sh
--- a/roles/health-docker-volumes/templates/health-docker-volumes.timer.j2
+++ b/roles/health-docker-volumes/templates/health-docker-volumes.timer.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=starts health-docker-volumes.service
+
+[Timer]
+OnCalendar={{on_calendar_health_docker_volumes}}
+RandomizedDelaySec={{randomized_delay_sec}}
+Persistent=false
+
+[Install]
+WantedBy=timers.target
--- a/roles/health-docker-volumes/vars/main.yml
+++ b/roles/health-docker-volumes/vars/main.yml
@@ -0,0 +1 @@
+health_docker_volumes_folder: "{{path_administrator_scripts}}health-docker-volumes/"
				`@@ -0,0 +1 @@`
				`health_docker_volumes_folder: "{{path_administrator_scripts}}health-docker-volumes/"`