mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-26 06:31:04 +01:00
Compare commits
No commits in common. "3f62c8e58369fb36a28534b0bcd8010a9fed521f" and "1ad6c6110a839a8149dc784d08d59b4d594d02fe" have entirely different histories.
3f62c8e583
...
1ad6c6110a
@ -40,7 +40,6 @@ Enhances system security with roles focused on security measures, user configura
|
|||||||
- **[User Alarm](./roles/user-alarm/)**: Manages the alarm user.
|
- **[User Alarm](./roles/user-alarm/)**: Manages the alarm user.
|
||||||
- **[PC SSH](./roles/pc-ssh/)**: Configuration of SSH for secure remote access.
|
- **[PC SSH](./roles/pc-ssh/)**: Configuration of SSH for secure remote access.
|
||||||
- **[SSHD](./roles/sshd/)**: Configures SSH daemon settings.
|
- **[SSHD](./roles/sshd/)**: Configures SSH daemon settings.
|
||||||
- **[System Maintenance Service Freezer](./roles/system-maintenance-service-freezer)**: Freezes and defrost maintenance services to prevent dangerous inteactions between services
|
|
||||||
|
|
||||||
## Virtual Private Network (VPN)
|
## Virtual Private Network (VPN)
|
||||||
Centers on VPN configurations for secure and efficient network connectivity, particularly crucial for remote server access and end-users needing secure connections.
|
Centers on VPN configurations for secure and efficient network connectivity, particularly crucial for remote server access and end-users needing secure connections.
|
||||||
|
@ -74,7 +74,7 @@ Contact me for more details:
|
|||||||
## Showcases
|
## Showcases
|
||||||
The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup:
|
The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup:
|
||||||
|
|
||||||
[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton),[System Maintenance Service Freezer](./roles/system-maintenance-service-freezer)...
|
[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton)...
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
@ -35,8 +35,8 @@ path_system_maintenance_service_freezer_script: "{{path_administrator_scripts}}s
|
|||||||
# Runtime Variables
|
# Runtime Variables
|
||||||
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
|
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
|
||||||
nginx_matomo_tracking: false # Activates matomo tracking on all html pages
|
nginx_matomo_tracking: false # Activates matomo tracking on all html pages
|
||||||
|
nginx_www_redirect: true # Implements an redirect from all www. domains to the main domain
|
||||||
execute_updates: true # Executes updates
|
execute_updates: true # Executes updates
|
||||||
force_backup_before_update: true # Activates the backup before the update procedure
|
|
||||||
|
|
||||||
# Domain Names
|
# Domain Names
|
||||||
domain_akaunting: "akaunting.{{top_domain}}"
|
domain_akaunting: "akaunting.{{top_domain}}"
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=backup docker volumes to local folder
|
Description=docker volume backup
|
||||||
OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
|
OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services }}" --ignore "backup-docker-to-local,backup-remote-to-local,backup-data-to-usb" --max_attempts 600'
|
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "backup-docker-to-local") | join(',') }}"'
|
||||||
ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py
|
ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py
|
||||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
@ -4,6 +4,6 @@ OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services }}" --ignore "backup-docker-to-local,backup-remote-to-local,backup-data-to-usb" --max_attempts 600'
|
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "backup-remote-to-local") | join(',') }}"'
|
||||||
ExecStart=/usr/bin/bash {{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh
|
ExecStart=/usr/bin/bash {{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh
|
||||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
||||||
|
@ -6,7 +6,7 @@ services:
|
|||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
environment:
|
||||||
- "POSTGRES_HOST_AUTH_METHOD=trust"
|
- "POSTGRES_HOST_AUTH_METHOD=trust"
|
||||||
image: postgres:15-alpine
|
image: postgres:alpine
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/postgresql/data
|
- database:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ x-application-defaults: &application-defaults
|
|||||||
- TZ=Etc/UTC
|
- TZ=Etc/UTC
|
||||||
|
|
||||||
x-database-defaults: &database-defaults
|
x-database-defaults: &database-defaults
|
||||||
image: postgres:13-alpine
|
image: postgres:alpine
|
||||||
ports:
|
ports:
|
||||||
- "9432:5432"
|
- "9432:5432"
|
||||||
networks:
|
networks:
|
||||||
|
@ -2,7 +2,7 @@ version: '3'
|
|||||||
services:
|
services:
|
||||||
database:
|
database:
|
||||||
restart: always
|
restart: always
|
||||||
image: postgres:14-alpine
|
image: postgres:alpine
|
||||||
shm_size: 256mb
|
shm_size: 256mb
|
||||||
networks:
|
networks:
|
||||||
- internal_network
|
- internal_network
|
||||||
|
@ -4,7 +4,7 @@ services:
|
|||||||
|
|
||||||
synapse:
|
synapse:
|
||||||
image: matrixdotorg/synapse:latest
|
image: matrixdotorg/synapse:latest
|
||||||
restart: always
|
restart: unless-stopped
|
||||||
logging:
|
logging:
|
||||||
driver: journald
|
driver: journald
|
||||||
volumes:
|
volumes:
|
||||||
@ -18,24 +18,24 @@ services:
|
|||||||
- "127.0.0.1:{{http_port}}:8008"
|
- "127.0.0.1:{{http_port}}:8008"
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
|
|
||||||
database:
|
database:
|
||||||
logging:
|
logging:
|
||||||
driver: journald
|
driver: journald
|
||||||
image: mariadb
|
image: postgres:alpine
|
||||||
restart: always
|
restart: unless-stopped
|
||||||
environment:
|
|
||||||
MYSQL_DATABASE: "matrix"
|
|
||||||
MYSQL_USER: "matrix"
|
|
||||||
MYSQL_PASSWORD: "{{matrix_database_password}}"
|
|
||||||
MYSQL_ROOT_PASSWORD: "{{matrix_database_password}}"
|
|
||||||
MARIADB_AUTO_UPGRADE: "1"
|
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/mysql
|
- database:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
- POSTGRES_DB=matrix
|
||||||
|
- POSTGRES_USER=matrix
|
||||||
|
- POSTGRES_PASSWORD={{matrix_database_password}}
|
||||||
|
- POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: "/usr/bin/mariadb --user=matrix --password={{matrix_database_password}} --execute \"SHOW DATABASES;\""
|
test: ["CMD-SHELL", "pg_isready -U matrix"]
|
||||||
interval: 3s
|
interval: 10s
|
||||||
timeout: 1s
|
timeout: 5s
|
||||||
retries: 5
|
retries: 6
|
||||||
|
|
||||||
# bridges
|
# bridges
|
||||||
#mautrix-telegram:
|
#mautrix-telegram:
|
||||||
|
@ -9,7 +9,7 @@ listeners:
|
|||||||
- names: [client, federation]
|
- names: [client, federation]
|
||||||
compress: false
|
compress: false
|
||||||
database:
|
database:
|
||||||
name: mysql
|
name: psycopg2
|
||||||
args:
|
args:
|
||||||
user: matrix
|
user: matrix
|
||||||
password: {{matrix_database_password}}
|
password: {{matrix_database_password}}
|
||||||
|
@ -28,21 +28,21 @@ services:
|
|||||||
database:
|
database:
|
||||||
logging:
|
logging:
|
||||||
driver: journald
|
driver: journald
|
||||||
image: mariadb
|
options:
|
||||||
restart: always
|
tag: "mybb_database"
|
||||||
environment:
|
environment:
|
||||||
MYSQL_DATABASE: "mybb"
|
POSTGRES_DB: mybb
|
||||||
MYSQL_USER: "mybb"
|
POSTGRES_PASSWORD: "{{mybb_database_password}}"
|
||||||
MYSQL_PASSWORD: "{{mybb_database_password}}"
|
POSTGRES_USER: mybb
|
||||||
MYSQL_ROOT_PASSWORD: "{{mybb_database_password}}"
|
image: postgres:alpine
|
||||||
MARIADB_AUTO_UPGRADE: "1"
|
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/mysql
|
- database:/var/lib/postgresql/data:rw
|
||||||
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: "/usr/bin/mariadb --user=mybb --password={{mybb_database_password}} --execute \"SHOW DATABASES;\""
|
test: ["CMD-SHELL", "pg_isready -U mybb"]
|
||||||
interval: 3s
|
interval: 10s
|
||||||
timeout: 1s
|
timeout: 5s
|
||||||
retries: 5
|
retries: 6
|
||||||
volumes:
|
volumes:
|
||||||
database:
|
database:
|
||||||
data:
|
data:
|
||||||
|
@ -17,7 +17,7 @@ services:
|
|||||||
- redis
|
- redis
|
||||||
restart: "always"
|
restart: "always"
|
||||||
database:
|
database:
|
||||||
image: postgres:13-alpine
|
image: postgres:alpine
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -1,90 +1,71 @@
|
|||||||
import argparse
|
import argparse
|
||||||
import subprocess
|
import subprocess
|
||||||
import time
|
import time
|
||||||
import os
|
|
||||||
|
|
||||||
def service_file_exists(service_name, service_type="service"):
|
|
||||||
"""Check if a systemd service file exists."""
|
|
||||||
# Paths where service files can be stored
|
|
||||||
path = "/etc/systemd/system/"
|
|
||||||
service_file_name = service_name + "." + service_type
|
|
||||||
full_path = os.path.join(path, service_file_name)
|
|
||||||
|
|
||||||
print(f"Checking {full_path}") # Added debug output
|
|
||||||
if os.path.isfile(full_path):
|
|
||||||
return True
|
|
||||||
else:
|
|
||||||
print(f"File not found.") # Debug output if file is not found
|
|
||||||
|
|
||||||
def check_service_active(service_name):
|
def check_service_active(service_name):
|
||||||
"""Check if a service is active or activating."""
|
"""Check if a service is active."""
|
||||||
result = subprocess.run(['systemctl', 'is-active', service_name], stdout=subprocess.PIPE)
|
result = subprocess.run(['systemctl', 'is-active', service_name], stdout=subprocess.PIPE)
|
||||||
service_status = result.stdout.decode('utf-8').strip()
|
return result.stdout.decode('utf-8').strip() == 'active'
|
||||||
return service_status in ['active', 'activating']
|
|
||||||
|
|
||||||
def freeze(services_to_wait_for, ignored_services, max_attempts):
|
def service_exists(service_name):
|
||||||
|
"""Check if a service exists."""
|
||||||
|
result = subprocess.run(['systemctl', 'status', service_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||||
|
return result.returncode == 0
|
||||||
|
|
||||||
|
def freeze(services_to_wait_for, ignored_services):
|
||||||
# Filter services that exist and are not in the ignored list
|
# Filter services that exist and are not in the ignored list
|
||||||
for service in services_to_wait_for:
|
active_services = [service for service in services_to_wait_for if service_exists(service) and service not in ignored_services]
|
||||||
print(f"\nFreezing: {service}")
|
|
||||||
if service in ignored_services:
|
while active_services:
|
||||||
print(f"{service} will be ignored.")
|
for service in active_services:
|
||||||
else:
|
if not check_service_active(service):
|
||||||
attempt=0
|
print(f"{service} stopped.")
|
||||||
break_time_sec=5
|
# Disable the service
|
||||||
while check_service_active(service):
|
subprocess.run(['systemctl', 'disable', service])
|
||||||
attempt += 1
|
print(f"{service} disabled.")
|
||||||
print(f"({attempt}/{max_attempts}) Waiting for {break_time_sec} seconds for {service} to stop...")
|
|
||||||
time.sleep(break_time_sec)
|
|
||||||
if attempt > max_attempts:
|
|
||||||
raise Exception(f"Error: Maximum attempts ({max_attempts}) reached. Exit.")
|
|
||||||
|
|
||||||
# Stop and disable the corresponding timer, if it exists
|
# Stop and disable the corresponding timer, if it exists
|
||||||
if service_file_exists(service,"timer"):
|
|
||||||
timer_name = service + ".timer"
|
timer_name = service + ".timer"
|
||||||
|
timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE)
|
||||||
|
if timer_name in timer_check.stdout.decode():
|
||||||
subprocess.run(['systemctl', 'stop', timer_name])
|
subprocess.run(['systemctl', 'stop', timer_name])
|
||||||
subprocess.run(['systemctl', 'disable', timer_name])
|
subprocess.run(['systemctl', 'disable', timer_name])
|
||||||
print(f"{timer_name} stopped and disabled.")
|
print(f"{timer_name} stopped and disabled.")
|
||||||
|
active_services.remove(service)
|
||||||
else:
|
else:
|
||||||
print(f"Skipped.")
|
print(f"Waiting for {service} to stop...")
|
||||||
|
time.sleep(5)
|
||||||
print("\nAll required services have stopped.")
|
print("All required services have stopped.")
|
||||||
|
|
||||||
def defrost(services_to_wait_for, ignored_services):
|
def defrost(services_to_wait_for, ignored_services):
|
||||||
for service in services_to_wait_for:
|
for service in services_to_wait_for:
|
||||||
print(f"\nUnfreezing: {service}")
|
if service not in ignored_services and service_exists(service):
|
||||||
if service in ignored_services:
|
# Enable the service
|
||||||
print(f"{service} will be ignored.")
|
subprocess.run(['systemctl', 'enable', service])
|
||||||
elif service_file_exists(service,"timer"):
|
print(f"{service} enabled.")
|
||||||
|
|
||||||
# Start and enable the corresponding timer, if it exists
|
# Start and enable the corresponding timer, if it exists
|
||||||
timer_name = service + ".timer"
|
timer_name = service + ".timer"
|
||||||
|
timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE)
|
||||||
|
if timer_name in timer_check.stdout.decode():
|
||||||
subprocess.run(['systemctl', 'start', timer_name])
|
subprocess.run(['systemctl', 'start', timer_name])
|
||||||
subprocess.run(['systemctl', 'enable', timer_name])
|
subprocess.run(['systemctl', 'enable', timer_name])
|
||||||
print(f"{timer_name} started and enabled.")
|
print(f"{timer_name} started and enabled.")
|
||||||
else:
|
|
||||||
print(f"Skipped.")
|
|
||||||
print("\nAll required services are started.")
|
|
||||||
|
|
||||||
def main(services_to_wait_for, ignored_services, action, max_attempts):
|
def main(services_to_wait_for, ignored_services, action):
|
||||||
print(f"Services to wait for: {services_to_wait_for}")
|
|
||||||
print(f"Services to ignore: {ignored_services}")
|
|
||||||
if action == 'freeze':
|
if action == 'freeze':
|
||||||
print("Freezing services.");
|
# Code to handle freeze action
|
||||||
freeze(services_to_wait_for, ignored_services, max_attempts)
|
freeze(services_to_wait_for, ignored_services)
|
||||||
elif action == 'defrost':
|
elif action == 'defrost':
|
||||||
print("Unfreezing services.");
|
|
||||||
defrost(services_to_wait_for, ignored_services)
|
defrost(services_to_wait_for, ignored_services)
|
||||||
print('\nOverview:')
|
|
||||||
subprocess.run(['systemctl', 'list-timers'])
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
parser = argparse.ArgumentParser(description='freezes and defrost systemctl services and timers')
|
parser = argparse.ArgumentParser(description='freezes and defrost systemctl services and timers')
|
||||||
parser.add_argument('action', choices=['freeze', 'defrost'], help='Action to perform: freeze or defrost services.')
|
parser.add_argument('action', choices=['freeze', 'defrost'], help='Action to perform: freeze or defrost services.')
|
||||||
parser.add_argument('services', help='Comma-separated list of services to apply the action to')
|
parser.add_argument('services', help='Comma-separated list of services to apply the action to')
|
||||||
parser.add_argument('--ignore', help='Comma-separated list of services to ignore in the action', default='')
|
parser.add_argument('--ignore', help='Comma-separated list of services to ignore in the action', default='')
|
||||||
parser.add_argument('--max_attempts', type=int, default=60, help='Maximum number of attempts for freezing services')
|
|
||||||
|
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
services_to_wait_for = args.services.split(',')
|
services_to_wait_for = args.services.split(',')
|
||||||
ignored_services = args.ignore.split(',') if args.ignore else []
|
ignored_services = args.ignore.split(',') if args.ignore else []
|
||||||
max_attempts = args.max_attempts
|
main(services_to_wait_for, ignored_services,args.action)
|
||||||
main(services_to_wait_for, ignored_services,args.action,max_attempts)
|
|
||||||
|
@ -0,0 +1,9 @@
|
|||||||
|
- name: "reload system-maintenance-service-freeze.service"
|
||||||
|
systemd:
|
||||||
|
name: system-maintenance-service-freeze.service
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: "reload system-maintenance-service-defrost.service"
|
||||||
|
systemd:
|
||||||
|
name: system-maintenance-service-defrost.service
|
||||||
|
daemon_reload: yes
|
@ -5,6 +5,16 @@
|
|||||||
dest: "{{path_system_maintenance_service_freezer_script}}"
|
dest: "{{path_system_maintenance_service_freezer_script}}"
|
||||||
when: run_once_system_maintenance_service_freeze is not defined
|
when: run_once_system_maintenance_service_freeze is not defined
|
||||||
|
|
||||||
|
- name: Configure system-maintenance-service for each action
|
||||||
|
loop:
|
||||||
|
- freeze
|
||||||
|
- defrost
|
||||||
|
template:
|
||||||
|
src: system-maintenance-service-freezer.service.j2
|
||||||
|
dest: "/etc/systemd/system/system-maintenance-service-{{ item }}.service"
|
||||||
|
notify: "reload system-maintenance-service-{{ item }} service"
|
||||||
|
when: run_once_system_maintenance_service_freeze is not defined
|
||||||
|
|
||||||
- name: run the system_maintenance_service_freezer tasks once
|
- name: run the system_maintenance_service_freezer tasks once
|
||||||
set_fact:
|
set_fact:
|
||||||
run_once_system_maintenance_service_freeze: true
|
run_once_system_maintenance_service_freeze: true
|
||||||
@ -13,7 +23,7 @@
|
|||||||
- name: "restart system-maintenance-service.service"
|
- name: "restart system-maintenance-service.service"
|
||||||
systemd:
|
systemd:
|
||||||
name: system-maintenance-service-{{system_maintenance_service_freeze_action}}.service
|
name: system-maintenance-service-{{system_maintenance_service_freeze_action}}.service
|
||||||
state: restarted
|
state: restart
|
||||||
enabled: yes
|
enabled: yes
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
when: maintenance_service_freeze_action_last is not defined or maintenance_service_freeze_action_last != system_maintenance_service_freeze_action
|
when: maintenance_service_freeze_action_last is not defined or maintenance_service_freeze_action_last != system_maintenance_service_freeze_action
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description={{item}} systemctl maintenance services
|
Description={{item}} systemctl maintanance services
|
||||||
OnFailure=systemd-notifier@%n.service
|
OnFailure=systemd-notifier@%n.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -4,7 +4,6 @@ OnFailure=systemd-notifier@%n.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
{% if force_backup_before_update | bool %}ExecStartPre=/bin/sh -c 'systemctl start backup-docker-to-local.service'{% endif %}
|
|
||||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "update-docker") | join(',') }}"'
|
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "update-docker") | join(',') }}"'
|
||||||
ExecStart=/bin/sh -c '/usr/bin/python {{update_docker_script}} {{path_docker_compose_instances}}'
|
ExecStart=/bin/sh -c '/usr/bin/python {{update_docker_script}} {{path_docker_compose_instances}}'
|
||||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
@ -236,9 +236,10 @@
|
|||||||
domain_mappings: "{{redirect_domain_mappings}}"
|
domain_mappings: "{{redirect_domain_mappings}}"
|
||||||
|
|
||||||
- name: setup www redirect
|
- name: setup www redirect
|
||||||
hosts: www_redirect
|
hosts: all
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- role: nginx-www-redirect
|
- role: nginx-www-redirect
|
||||||
|
when: nginx_www_redirect | bool
|
||||||
|
|
||||||
- import_playbook: destructor.yml
|
- import_playbook: destructor.yml
|
||||||
|
Loading…
Reference in New Issue
Block a user