From fb588a346ce9be0b6f202187652cf2bdedb9364a Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 17 Nov 2023 16:53:56 +0100 Subject: [PATCH] implemented check for anonymous volumes --- README.md | 2 +- group_vars/all | 5 +-- .../templates/docker-compose.yml.j2 | 3 ++ roles/docker/meta/main.yml | 3 +- roles/health-docker-container/Readme.md | 21 ++++++++++++ .../files/health-docker-container.sh} | 0 .../health-docker-container/handlers/main.yml | 11 +++++++ .../meta/main.yml | 0 roles/health-docker-container/tasks/main.yml | 22 +++++++++++++ .../health-docker-container.service.j2 | 7 ++++ .../health-docker-container.timer.j2 | 10 ++++++ roles/health-docker-container/vars/main.yml | 1 + roles/health-docker-volumes/README.md | 24 ++++++++++++++ .../files/health-docker-volumes.sh | 32 +++++++++++++++++++ roles/health-docker-volumes/handlers/main.yml | 11 +++++++ roles/health-docker-volumes/meta/main.yml | 2 ++ roles/health-docker-volumes/tasks/main.yml | 22 +++++++++++++ .../health-docker-volumes.service.j2} | 2 +- .../templates/health-docker-volumes.timer.j2} | 4 +-- roles/health-docker-volumes/vars/main.yml | 1 + roles/health-docker/handlers/main.yml | 11 ------- roles/health-docker/tasks/main.yml | 22 ------------- roles/health-docker/vars/main.yml | 1 - .../templates/homepage.nginx.conf.j2 | 2 +- 24 files changed, 177 insertions(+), 42 deletions(-) create mode 100644 roles/health-docker-container/Readme.md rename roles/{health-docker/files/health-docker.sh => health-docker-container/files/health-docker-container.sh} (100%) create mode 100644 roles/health-docker-container/handlers/main.yml rename roles/{health-docker => health-docker-container}/meta/main.yml (100%) create mode 100644 roles/health-docker-container/tasks/main.yml create mode 100644 roles/health-docker-container/templates/health-docker-container.service.j2 create mode 100644 roles/health-docker-container/templates/health-docker-container.timer.j2 create mode 100644 roles/health-docker-container/vars/main.yml create mode 100644 roles/health-docker-volumes/README.md create mode 100644 roles/health-docker-volumes/files/health-docker-volumes.sh create mode 100644 roles/health-docker-volumes/handlers/main.yml create mode 100644 roles/health-docker-volumes/meta/main.yml create mode 100644 roles/health-docker-volumes/tasks/main.yml rename roles/{health-docker/templates/health-docker.service.j2 => health-docker-volumes/templates/health-docker-volumes.service.j2} (57%) rename roles/{health-docker/templates/health-docker.timer.j2 => health-docker-volumes/templates/health-docker-volumes.timer.j2} (53%) create mode 100644 roles/health-docker-volumes/vars/main.yml delete mode 100644 roles/health-docker/handlers/main.yml delete mode 100644 roles/health-docker/tasks/main.yml delete mode 100644 roles/health-docker/vars/main.yml diff --git a/README.md b/README.md index b4d8f009..5f42e8d7 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ This software allows to setup the docker following applications: This software shipts the following tools which are natively setup on the server: - [Backups Cleanup](./roles/cleanup-backups-timer/README.md) - Cleans up old backups - [Btrfs Health Check](./roles/health-btrfs/README.md) - Checks the health of Btrfs file systems -- [Docker Health Check](./roles/health-docker/) - Checks the health of docker containers +- [Docker Health Check](./roles/health-docker-container/) - Checks the health of docker containers - [Docker Reverse Proxy](./roles/docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution - [Docker Volume Backup](./roles/backup-docker-to-local/) - Backup Solution for Docker Volumes - [Pull Primary Backups](./roles/backup-remote-to-local/README.md) - Pulls the backups from another server and stores them diff --git a/group_vars/all b/group_vars/all index e10cb9df..27f0135b 100644 --- a/group_vars/all +++ b/group_vars/all @@ -7,8 +7,9 @@ randomized_delay_sec: "15min" on_calendar_health_btrfs: "*-*-* 00:00:00" on_calendar_health_journalctl: "*-*-* 00:00:00" on_calendar_health_disc_space: "*-*-* 06,12,18,00:00:00" -on_calendar_health_docker: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:00:00" -on_calendar_health_nginx: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:15:00" +on_calendar_health_docker_container: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:00:00" +on_calendar_health_docker_volumes: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:15:00" +on_calendar_health_nginx: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:45:00" on_calendar_cleanup_backups: "*-*-* 06,12,18,00:30:00" on_calendar_cleanup_disc_space: "*-*-* 07,13,19,01:30:00" diff --git a/roles/docker-matomo/templates/docker-compose.yml.j2 b/roles/docker-matomo/templates/docker-compose.yml.j2 index 9f8e85ee..7c6a7fe0 100644 --- a/roles/docker-matomo/templates/docker-compose.yml.j2 +++ b/roles/docker-matomo/templates/docker-compose.yml.j2 @@ -18,6 +18,8 @@ services: - database depends_on: - database + volumes: + - data:/var/www/html database: logging: driver: journald @@ -38,6 +40,7 @@ services: retries: 5 volumes: database: + data: networks: default: driver: bridge diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml index 85ce8157..0a837198 100644 --- a/roles/docker/meta/main.yml +++ b/roles/docker/meta/main.yml @@ -1,5 +1,6 @@ dependencies: - backup-docker-to-local - user-administrator - - health-docker + - health-docker-container + - health-docker-volumes - heal-docker diff --git a/roles/health-docker-container/Readme.md b/roles/health-docker-container/Readme.md new file mode 100644 index 00000000..ce326a76 --- /dev/null +++ b/roles/health-docker-container/Readme.md @@ -0,0 +1,21 @@ +# Health Check for Docker Containers + +## Description + +This Ansible role is designed to ensure the health of Docker containers running on a system. It includes a script that checks for unhealthy or exited Docker containers and sets up a systemd service and timer to regularly execute this check. + +## Files + +- `vars/main.yml`: Variable definitions for the script's directory. +- `handlers/main.yml`: Handlers to reload and restart the systemd service and timer. +- `files/health-docker-container.sh`: The script that checks the container health. +- `tasks/main.yml`: Tasks to create necessary directories, copy scripts, and create systemd service and timer. +- `templates/health-docker-container.service.j2`: Systemd service template. +- `templates/health-docker-container.timer.j2`: Systemd timer template. +- `meta/main.yml`: Meta information declaring dependencies for the role. + +## Usage + +To use this role, include it in your playbook and set the `path_administrator_scripts` variable to the desired path for the health check scripts. + +Ensure that the `systemd_notifier` dependency is satisfied for error notifications. \ No newline at end of file diff --git a/roles/health-docker/files/health-docker.sh b/roles/health-docker-container/files/health-docker-container.sh similarity index 100% rename from roles/health-docker/files/health-docker.sh rename to roles/health-docker-container/files/health-docker-container.sh diff --git a/roles/health-docker-container/handlers/main.yml b/roles/health-docker-container/handlers/main.yml new file mode 100644 index 00000000..92799520 --- /dev/null +++ b/roles/health-docker-container/handlers/main.yml @@ -0,0 +1,11 @@ +- name: "reload health-docker-container.service" + systemd: + name: health-docker-container.service + enabled: yes + daemon_reload: yes +- name: "restart health-docker-container.timer" + systemd: + name: health-docker-container.timer + state: restarted + enabled: yes + daemon_reload: yes diff --git a/roles/health-docker/meta/main.yml b/roles/health-docker-container/meta/main.yml similarity index 100% rename from roles/health-docker/meta/main.yml rename to roles/health-docker-container/meta/main.yml diff --git a/roles/health-docker-container/tasks/main.yml b/roles/health-docker-container/tasks/main.yml new file mode 100644 index 00000000..ae0ba794 --- /dev/null +++ b/roles/health-docker-container/tasks/main.yml @@ -0,0 +1,22 @@ +- name: "create {{health_docker_container_folder}}" + file: + path: "{{health_docker_container_folder}}" + state: directory + mode: 0755 + +- name: create health-docker-container.sh + copy: + src: health-docker-container.sh + dest: "{{health_docker_container_folder}}health-docker-container.sh" + +- name: create health-docker-container.service + template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service + notify: reload health-docker-container.service + +- name: create health-docker-container.timer + template: + src: health-docker-container.timer.j2 + dest: "/etc/systemd/system/health-docker-container.timer" + register: health_docker_container_timer + changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool + notify: restart health-docker-container.timer diff --git a/roles/health-docker-container/templates/health-docker-container.service.j2 b/roles/health-docker-container/templates/health-docker-container.service.j2 new file mode 100644 index 00000000..30dc4ec6 --- /dev/null +++ b/roles/health-docker-container/templates/health-docker-container.service.j2 @@ -0,0 +1,7 @@ +[Unit] +Description=Checking docker health +OnFailure=systemd-notifier@%n.service + +[Service] +Type=oneshot +ExecStart=/bin/bash {{health_docker_container_folder}}health-docker-container.sh diff --git a/roles/health-docker-container/templates/health-docker-container.timer.j2 b/roles/health-docker-container/templates/health-docker-container.timer.j2 new file mode 100644 index 00000000..3ae7d663 --- /dev/null +++ b/roles/health-docker-container/templates/health-docker-container.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=starts health-docker-container.service + +[Timer] +OnCalendar={{on_calendar_health_docker_container}} +RandomizedDelaySec={{randomized_delay_sec}} +Persistent=false + +[Install] +WantedBy=timers.target diff --git a/roles/health-docker-container/vars/main.yml b/roles/health-docker-container/vars/main.yml new file mode 100644 index 00000000..8f0a5891 --- /dev/null +++ b/roles/health-docker-container/vars/main.yml @@ -0,0 +1 @@ +health_docker_container_folder: "{{path_administrator_scripts}}health-docker-container/" \ No newline at end of file diff --git a/roles/health-docker-volumes/README.md b/roles/health-docker-volumes/README.md new file mode 100644 index 00000000..8350a5e3 --- /dev/null +++ b/roles/health-docker-volumes/README.md @@ -0,0 +1,24 @@ +# Health Check for Docker Volumes + +## Description + +This role checks for anonymous Docker volumes that are not bound to a container and may be left over from previous operations. It provides a cleanup mechanism by identifying such volumes and possibly taking action against them. + +## Files + +- `vars/main.yml`: Variable definitions for the script's directory. +- `handlers/main.yml`: Handlers to reload and restart the systemd service and timer. +- `files/health-docker-volumes.sh`: The script that checks for anonymous Docker volumes. +- `tasks/main.yml`: Tasks to create necessary directories, copy scripts, and create systemd service and timer. +- `templates/health-docker-volumes.service.j2`: Systemd service template. +- `templates/health-docker-volumes.timer.j2`: Systemd timer template. +- `meta/main.yml`: Meta information declaring dependencies for the role. + +## Usage + +This role can be included in your playbook. Set the `path_administrator_scripts` variable to determine where the health check scripts should reside. + +The role uses `systemd_notifier` for failure notifications, so ensure this dependency is present in your environment. + +## Created with AI +This script was created with the help of AI. The full conversation you find [here](https://chat.openai.com/share/1fa829f1-f001-4111-b1d4-1b2e3d583da2). \ No newline at end of file diff --git a/roles/health-docker-volumes/files/health-docker-volumes.sh b/roles/health-docker-volumes/files/health-docker-volumes.sh new file mode 100644 index 00000000..880b644b --- /dev/null +++ b/roles/health-docker-volumes/files/health-docker-volumes.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +anonymous_volumes=$(docker volume ls --format "{{.Name}}" | grep -E '^[a-f0-9]{64}$') + +if [ -z "$anonymous_volumes" ]; then + echo "No anonymous volumes found." + exit 0 +fi + +echo "Anonymous volumes found:" + +for volume in $anonymous_volumes; do + container_ids=$(docker ps -aq --filter volume=$volume) + + if [ -z "$container_ids" ]; then + echo "Volume $volume is not used by any running containers." + continue + fi + + for container_id in $container_ids; do + container_name=$(docker inspect --format '{{ .Name }}' $container_id | sed 's#^/##') + mount_path=$(docker inspect --format "{{ range .Mounts }}{{ if eq .Name \"$volume\" }}{{ .Destination }}{{ end }}{{ end }}" $container_id) + + if [ -n "$mount_path" ]; then + echo "Volume $volume is used by container $container_name at mount path $mount_path" + else + echo "Volume $volume is used by container $container_name, but mount path could not be determined." + fi + done +done + +exit 1 diff --git a/roles/health-docker-volumes/handlers/main.yml b/roles/health-docker-volumes/handlers/main.yml new file mode 100644 index 00000000..a1983127 --- /dev/null +++ b/roles/health-docker-volumes/handlers/main.yml @@ -0,0 +1,11 @@ +- name: "reload health-docker-volumes.service" + systemd: + name: health-docker-volumes.service + enabled: yes + daemon_reload: yes +- name: "restart health-docker-volumes.timer" + systemd: + name: health-docker-volumes.timer + state: restarted + enabled: yes + daemon_reload: yes diff --git a/roles/health-docker-volumes/meta/main.yml b/roles/health-docker-volumes/meta/main.yml new file mode 100644 index 00000000..b001f0d8 --- /dev/null +++ b/roles/health-docker-volumes/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - systemd_notifier diff --git a/roles/health-docker-volumes/tasks/main.yml b/roles/health-docker-volumes/tasks/main.yml new file mode 100644 index 00000000..016bea8e --- /dev/null +++ b/roles/health-docker-volumes/tasks/main.yml @@ -0,0 +1,22 @@ +- name: "create {{health_docker_volumes_folder}}" + file: + path: "{{health_docker_volumes_folder}}" + state: directory + mode: 0755 + +- name: create health-docker-volumes.sh + copy: + src: health-docker-volumes.sh + dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh" + +- name: create health-docker-volumes.service + template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service + notify: reload health-docker-volumes.service + +- name: create health-docker-volumes.timer + template: + src: health-docker-volumes.timer.j2 + dest: "/etc/systemd/system/health-docker-volumes.timer" + register: health_docker_volumes_timer + changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool + notify: restart health-docker-volumes.timer diff --git a/roles/health-docker/templates/health-docker.service.j2 b/roles/health-docker-volumes/templates/health-docker-volumes.service.j2 similarity index 57% rename from roles/health-docker/templates/health-docker.service.j2 rename to roles/health-docker-volumes/templates/health-docker-volumes.service.j2 index 3fefbcbd..4ff79212 100644 --- a/roles/health-docker/templates/health-docker.service.j2 +++ b/roles/health-docker-volumes/templates/health-docker-volumes.service.j2 @@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service [Service] Type=oneshot -ExecStart=/bin/bash {{health_docker_folder}}health-docker.sh +ExecStart=/bin/bash {{health_docker_volumes_folder}}health-docker-volumes.sh diff --git a/roles/health-docker/templates/health-docker.timer.j2 b/roles/health-docker-volumes/templates/health-docker-volumes.timer.j2 similarity index 53% rename from roles/health-docker/templates/health-docker.timer.j2 rename to roles/health-docker-volumes/templates/health-docker-volumes.timer.j2 index 9979c910..634e603c 100644 --- a/roles/health-docker/templates/health-docker.timer.j2 +++ b/roles/health-docker-volumes/templates/health-docker-volumes.timer.j2 @@ -1,8 +1,8 @@ [Unit] -Description=starts health-docker.service +Description=starts health-docker-volumes.service [Timer] -OnCalendar={{on_calendar_health_docker}} +OnCalendar={{on_calendar_health_docker_volumes}} RandomizedDelaySec={{randomized_delay_sec}} Persistent=false diff --git a/roles/health-docker-volumes/vars/main.yml b/roles/health-docker-volumes/vars/main.yml new file mode 100644 index 00000000..85cb1ffb --- /dev/null +++ b/roles/health-docker-volumes/vars/main.yml @@ -0,0 +1 @@ +health_docker_volumes_folder: "{{path_administrator_scripts}}health-docker-volumes/" \ No newline at end of file diff --git a/roles/health-docker/handlers/main.yml b/roles/health-docker/handlers/main.yml deleted file mode 100644 index 0bb7286f..00000000 --- a/roles/health-docker/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: "reload health-docker.service" - systemd: - name: health-docker.service - enabled: yes - daemon_reload: yes -- name: "restart health-docker.timer" - systemd: - name: health-docker.timer - state: restarted - enabled: yes - daemon_reload: yes diff --git a/roles/health-docker/tasks/main.yml b/roles/health-docker/tasks/main.yml deleted file mode 100644 index a85a4e0b..00000000 --- a/roles/health-docker/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -- name: "create {{health_docker_folder}}" - file: - path: "{{health_docker_folder}}" - state: directory - mode: 0755 - -- name: create health-docker.sh - copy: - src: health-docker.sh - dest: "{{health_docker_folder}}health-docker.sh" - -- name: create health-docker.service - template: src=health-docker.service.j2 dest=/etc/systemd/system/health-docker.service - notify: reload health-docker.service - -- name: create health-docker.timer - template: - src: health-docker.timer.j2 - dest: "/etc/systemd/system/health-docker.timer" - register: health_docker_timer - changed_when: health_docker_timer.changed or activate_all_timers | default(false) | bool - notify: restart health-docker.timer diff --git a/roles/health-docker/vars/main.yml b/roles/health-docker/vars/main.yml deleted file mode 100644 index ab960b7d..00000000 --- a/roles/health-docker/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -health_docker_folder: "{{path_administrator_scripts}}health-docker/" \ No newline at end of file diff --git a/roles/nginx-homepage/templates/homepage.nginx.conf.j2 b/roles/nginx-homepage/templates/homepage.nginx.conf.j2 index 1646850c..ccd9a399 100644 --- a/roles/nginx-homepage/templates/homepage.nginx.conf.j2 +++ b/roles/nginx-homepage/templates/homepage.nginx.conf.j2 @@ -9,7 +9,7 @@ server location / { - root /usr/share/nginx/homepage; + root {{nginx_homepage_root}}; index index.html index.htm; } }