diff --git a/COMMON_APPLICATIONS.md b/COMMON_APPLICATIONS.md index c8a4ba27..4a7767c3 100644 --- a/COMMON_APPLICATIONS.md +++ b/COMMON_APPLICATIONS.md @@ -40,6 +40,7 @@ Enhances system security with roles focused on security measures, user configura - **[User Alarm](./roles/user-alarm/)**: Manages the alarm user. - **[PC SSH](./roles/pc-ssh/)**: Configuration of SSH for secure remote access. - **[SSHD](./roles/sshd/)**: Configures SSH daemon settings. +- **[System Maintenance Service Freezer](./roles/system-maintenance-service-freezer)**: Freezes and defrost maintenance services to prevent dangerous inteactions between services ## Virtual Private Network (VPN) Centers on VPN configurations for secure and efficient network connectivity, particularly crucial for remote server access and end-users needing secure connections. diff --git a/README.md b/README.md index 5dd91a34..54a9a44d 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ Contact me for more details: ## Showcases The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup: -[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton)... +[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton),[System Maintenance Service Freezer](./roles/system-maintenance-service-freezer)... ## License diff --git a/roles/system-maintenance-service-freezer/files/system-maintenance-service-freezer.py b/roles/system-maintenance-service-freezer/files/system-maintenance-service-freezer.py index 984a3301..2d665dee 100644 --- a/roles/system-maintenance-service-freezer/files/system-maintenance-service-freezer.py +++ b/roles/system-maintenance-service-freezer/files/system-maintenance-service-freezer.py @@ -1,64 +1,82 @@ import argparse import subprocess import time +import os +def service_file_exists(service_name, service_type="service"): + """Check if a systemd service file exists.""" + # Paths where service files can be stored + path = "/etc/systemd/system/" + service_file_name = service_name + "." + service_type + full_path = os.path.join(path, service_file_name) + + print(f"Checking {full_path}") # Added debug output + if os.path.isfile(full_path): + return True + else: + print(f"File not found.") # Debug output if file is not found def check_service_active(service_name): - """Check if a service is active.""" + """Check if a service is active or activating.""" result = subprocess.run(['systemctl', 'is-active', service_name], stdout=subprocess.PIPE) - return result.stdout.decode('utf-8').strip() == 'active' + service_status = result.stdout.decode('utf-8').strip() + return service_status in ['active', 'activating', 'deactivating', 'reloading'] -def service_exists(service_name): - """Check if a service exists.""" - result = subprocess.run(['systemctl', 'status', service_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - return result.returncode == 0 +#def service_exists(service_name): +# """Check if a service exists.""" +# result = subprocess.run(['systemctl', 'status', service_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE) +# return result.returncode == 0 def freeze(services_to_wait_for, ignored_services): # Filter services that exist and are not in the ignored list - active_services = [service for service in services_to_wait_for if service_exists(service) and service not in ignored_services] - - while active_services: - for service in active_services: - if not check_service_active(service): - print(f"{service} stopped.") - # Disable the service - subprocess.run(['systemctl', 'disable', service]) - print(f"{service} disabled.") - + for service in services_to_wait_for: + print(f"\nFreezing: {service}") + if service in ignored_services: + print(f"{service} will be ignored.") + else: + service_active = check_service_active(service) + while not service_active: # Stop and disable the corresponding timer, if it exists - timer_name = service + ".timer" - timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE) - if timer_name in timer_check.stdout.decode(): + if service_file_exists(service,"timer"): + timer_name = service + ".timer" subprocess.run(['systemctl', 'stop', timer_name]) subprocess.run(['systemctl', 'disable', timer_name]) print(f"{timer_name} stopped and disabled.") - active_services.remove(service) - else: - print(f"Waiting for {service} to stop...") - time.sleep(5) - print("All required services have stopped.") + else: + print(f"Skipped.") + + if not service_active: + print(f"Waiting for 5 seconds for {service} to stop...") + time.sleep(5) + service_active = check_service_active(service) + print("\nAll required services have stopped.") def defrost(services_to_wait_for, ignored_services): for service in services_to_wait_for: - if service not in ignored_services and service_exists(service): - # Enable the service - subprocess.run(['systemctl', 'enable', service]) - print(f"{service} enabled.") - + print(f"\nUnfreezing: {service}") + if service in ignored_services: + print(f"{service} will be ignored.") + elif service_file_exists(service,"timer"): # Start and enable the corresponding timer, if it exists timer_name = service + ".timer" - timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE) - if timer_name in timer_check.stdout.decode(): - subprocess.run(['systemctl', 'start', timer_name]) - subprocess.run(['systemctl', 'enable', timer_name]) - print(f"{timer_name} started and enabled.") + subprocess.run(['systemctl', 'start', timer_name]) + subprocess.run(['systemctl', 'enable', timer_name]) + print(f"{timer_name} started and enabled.") + else: + print(f"Skipped.") + print("\nAll required services are started.") def main(services_to_wait_for, ignored_services, action): + print(f"Services to wait for: {services_to_wait_for}") + print(f"Services to ignore: {ignored_services}") if action == 'freeze': - # Code to handle freeze action + print("Freezing services."); freeze(services_to_wait_for, ignored_services) elif action == 'defrost': + print("Unfreezing services."); defrost(services_to_wait_for, ignored_services) + print('\nOverview:') + subprocess.run(['systemctl', 'list-timers']) if __name__ == "__main__": parser = argparse.ArgumentParser(description='freezes and defrost systemctl services and timers') diff --git a/roles/system-maintenance-service-freezer/tasks/main.yml b/roles/system-maintenance-service-freezer/tasks/main.yml index d78a535e..0a7c287e 100644 --- a/roles/system-maintenance-service-freezer/tasks/main.yml +++ b/roles/system-maintenance-service-freezer/tasks/main.yml @@ -12,7 +12,7 @@ template: src: system-maintenance-service-freezer.service.j2 dest: "/etc/systemd/system/system-maintenance-service-{{ item }}.service" - notify: "reload system-maintenance-service-{{ item }} service" + notify: "reload system-maintenance-service-{{ item }}.service" when: run_once_system_maintenance_service_freeze is not defined - name: run the system_maintenance_service_freezer tasks once @@ -23,7 +23,7 @@ - name: "restart system-maintenance-service.service" systemd: name: system-maintenance-service-{{system_maintenance_service_freeze_action}}.service - state: restart + state: restarted enabled: yes daemon_reload: yes when: maintenance_service_freeze_action_last is not defined or maintenance_service_freeze_action_last != system_maintenance_service_freeze_action diff --git a/roles/system-maintenance-service-freezer/templates/system-maintenance-service-freezer.service.j2 b/roles/system-maintenance-service-freezer/templates/system-maintenance-service-freezer.service.j2 index 3e821867..6dd42f0c 100644 --- a/roles/system-maintenance-service-freezer/templates/system-maintenance-service-freezer.service.j2 +++ b/roles/system-maintenance-service-freezer/templates/system-maintenance-service-freezer.service.j2 @@ -1,5 +1,5 @@ [Unit] -Description={{item}} systemctl maintanance services +Description={{item}} systemctl maintenance services OnFailure=systemd-notifier@%n.service [Service]