Shorted monitor-bot- to mon-bot-

2025-08-29 23:08:06 +02:00 · 2025-07-09 03:22:01 +02:00
parent dd1aab70fb
commit ae5f021b8d
82 changed files with 150 additions and 150 deletions
--- a/roles/mon-bot-docker-volumes/README.md
+++ b/roles/mon-bot-docker-volumes/README.md
@@ -0,0 +1,25 @@
+# Health Check for Docker Volumes
+
+## Description
+
+This role checks for anonymous Docker volumes that are not bound to a container and may be left over from previous operations. It provides a cleanup mechanism by identifying such volumes, excluding any that are whitelisted, and possibly taking action against them.
+
+## Files
+
+- `vars/main.yml`: Variable definitions for the script's directory and whitelist.
+- `handlers/main.yml`: Handlers to reload and restart the systemd service and timer.
+- `files/mon-bot-docker-volumes.sh`: The script that checks for anonymous Docker volumes and excludes whitelisted volumes.
+- `tasks/main.yml`: Tasks to create necessary directories, copy scripts, and create systemd service and timer.
+- `templates/mon-bot-docker-volumes.cymais.service.j2`: Systemd service template, including the whitelisted volumes as a parameter.
+- `templates/mon-bot-docker-volumes.cymais.timer.j2`: Systemd timer template.
+- `meta/main.yml`: Meta information declaring dependencies for the role.
+
+## Usage
+
+Include this role in your playbook and set the `path_administrator_scripts` variable to determine where the health check scripts should reside. Define `whitelisted_anonymous_volumes` in `vars/main.yml` with an array of volume IDs that should be ignored by the health check.
+
+Ensure that the `alert-compose` dependency is satisfied for error notifications.
+
+## Created with AI
+This script was created with the help of AI. The full conversation you find [here](https://chat.openai.com/share/1fa829f1-f001-4111-b1d4-1b2e3d583da2).
+
--- a/roles/mon-bot-docker-volumes/files/mon-bot-docker-volumes.sh
+++ b/roles/mon-bot-docker-volumes/files/mon-bot-docker-volumes.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+status=0
+
+# The first argument is a space-separated list of whitelisted volume IDs
+whitelist=$1
+whitelisted_volumes=($whitelist)  # Split into an array
+
+anonymous_volumes=$(docker volume ls --format "{{.Name}}" | grep -E '^[a-f0-9]{64}$')
+
+if [ -z "$anonymous_volumes" ]; then
+    echo "No anonymous volumes found."
+    exit
+fi
+
+echo "Anonymous volumes found:"
+
+for volume in $anonymous_volumes; do
+    # Check if the volume is in the whitelist
+    if printf '%s\n' "${whitelisted_volumes[@]}" | grep -q "^$volume$"; then
+        echo "Volume $volume is whitelisted and will be skipped."
+        continue
+    fi
+
+    container_mount_path=$(docker ps -q | xargs -I {} docker inspect {} --format="{{range .Mounts}}{{if eq .Name \"$volume\"}}{{.Destination}}{{end}}{{end}}" | tr -d '\n' | xargs)
+    if [ "$container_mount_path" == "/var/www/bootstrap" ]; then
+        echo "Volume $volume is a bootstrap volume and will be skipped."
+        continue
+    fi
+
+    ((status++))
+        
+    container_ids=$(docker ps -aq --filter volume=$volume)
+    if [ -z "$container_ids" ]; then
+        echo "Volume $volume is not used by any running containers."
+        continue
+    fi
+
+    for container_id in $container_ids; do
+        container_name=$(docker inspect --format '{{ .Name }}' $container_id | sed 's#^/##')
+        mount_path=$(docker inspect --format "{{ range .Mounts }}{{ if eq .Name \"$volume\" }}{{ .Destination }}{{ end }}{{ end }}" $container_id)
+        
+        if [ -n "$mount_path" ]; then
+            echo "Volume $volume is used by container $container_name at mount path $mount_path"
+        else
+            echo "Volume $volume is used by container $container_name, but mount path could not be determined."
+        fi
+    done
+done
+
+exit $status
--- a/roles/mon-bot-docker-volumes/handlers/main.yml
+++ b/roles/mon-bot-docker-volumes/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: "reload mon-bot-docker-volumes.cymais.service"
+  systemd:
+    name: mon-bot-docker-volumes.cymais.service
+    enabled: yes
+    daemon_reload: yes
--- a/roles/mon-bot-docker-volumes/meta/main.yml
+++ b/roles/mon-bot-docker-volumes/meta/main.yml
@@ -0,0 +1,24 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Detects anonymous Docker volumes not bound to containers (unless whitelisted) and alerts."
+  company: |
+    Kevin Veen-Birkenbach  
+    Consulting & Coaching Solutions  
+    https://www.veen.world
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions: ["rolling"]
+  galaxy_tags:
+    - monitor
+    - docker
+    - volumes
+    - health
+    - systemd
+  repository: "https://s.veen.world/cymais"
+  documentation: "https://s.veen.world/cymais"
+dependencies:
+  - alert-compose
--- a/roles/mon-bot-docker-volumes/tasks/main.yml
+++ b/roles/mon-bot-docker-volumes/tasks/main.yml
@@ -0,0 +1,36 @@
+- name: "create {{health_docker_volumes_folder}}"
+  file:
+    path: "{{health_docker_volumes_folder}}"
+    state: directory
+    mode: 0755
+  when: run_once_health_docker_volumes is not defined
+
+- name: create mon-bot-docker-volumes.sh
+  copy:
+    src: mon-bot-docker-volumes.sh
+    dest: "{{health_docker_volumes_folder}}mon-bot-docker-volumes.sh"
+  when: run_once_health_docker_volumes is not defined
+
+- name: create mon-bot-docker-volumes.cymais.service
+  template:
+    src:  mon-bot-docker-volumes.service.j2
+    dest: /etc/systemd/system/mon-bot-docker-volumes.cymais.service
+  notify: reload mon-bot-docker-volumes.cymais.service
+  when: run_once_health_docker_volumes is not defined
+
+- name: set service_name to the name of the current role
+  set_fact:
+    service_name: "{{ role_name }}"
+  when: run_once_health_docker_volumes is not defined
+
+- name: "include role for generic-timer for {{service_name}}"
+  include_role:
+    name: generic-timer
+  vars:
+    on_calendar:  "{{on_calendar_health_docker_volumes}}"
+  when: run_once_health_docker_volumes is not defined
+
+- name: run the health_docker_volumes tasks once
+  set_fact:
+    run_once_health_docker_volumes: true
+  when: run_once_health_docker_volumes is not defined
--- a/roles/mon-bot-docker-volumes/templates/mon-bot-docker-volumes.service.j2
+++ b/roles/mon-bot-docker-volumes/templates/mon-bot-docker-volumes.service.j2
@@ -0,0 +1,7 @@
+[Unit]
+Description=Checking docker health
+OnFailure=alert-compose.cymais@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/bin/bash {{ health_docker_volumes_folder }}mon-bot-docker-volumes.sh "{{ whitelisted_anonymous_docker_volumes | join(' ') }}"
--- a/roles/mon-bot-docker-volumes/vars/main.yml
+++ b/roles/mon-bot-docker-volumes/vars/main.yml
@@ -0,0 +1 @@
+health_docker_volumes_folder: "{{path_administrator_scripts}}mon-bot-docker-volumes/"
				`@@ -0,0 +1 @@`
				`health_docker_volumes_folder: "{{path_administrator_scripts}}mon-bot-docker-volumes/"`