bundles/cron: use MAILTO=, rework metadata syntax

This commit is contained in:
Franzi 2022-02-05 11:41:41 +01:00
parent 533f8075ca
commit 0d865c93d4
Signed by: kunsi
GPG key ID: 12E3D2136B818350
22 changed files with 113 additions and 65 deletions

View file

@ -21,8 +21,6 @@ case "$exitcode" in
echo "Upgrades skipped due to active SSH login" echo "Upgrades skipped due to active SSH login"
exit 1 exit 1
;; ;;
reboot)
;;
0) 0)
if [[ -f /var/run/reboot-required ]] if [[ -f /var/run/reboot-required ]]
then then

View file

@ -18,7 +18,7 @@ defaults = {
@metadata_reactor.provides( @metadata_reactor.provides(
'cron/upgrade-and-reboot' 'cron/jobs/upgrade-and-reboot'
) )
def patchday(metadata): def patchday(metadata):
day = metadata.get('apt/unattended-upgrades/day') day = metadata.get('apt/unattended-upgrades/day')
@ -26,10 +26,12 @@ def patchday(metadata):
return { return {
'cron': { 'cron': {
'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format( 'jobs': {
minute=node.magic_number % 30, 'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format(
hour=hour, minute=node.magic_number % 30,
day=day, hour=hour,
), day=day,
),
},
}, },
} }

View file

@ -10,7 +10,7 @@ defaults = {
@metadata_reactor.provides( @metadata_reactor.provides(
'cron/backup', 'cron/jobs/backup',
'icinga2_api/backup-client/services', 'icinga2_api/backup-client/services',
) )
def cron(metadata): def cron(metadata):
@ -19,11 +19,13 @@ def cron(metadata):
return { return {
'cron': { 'cron': {
'jobs': {
# spread backups between 00:00 and 04:59 UTC # spread backups between 00:00 and 04:59 UTC
'backup': '{} {} * * * root /usr/local/bin/generate-backup-with-retries'.format( 'backup': '{} {} * * * root /usr/local/bin/generate-backup-with-retries'.format(
(node.magic_number % 60), (node.magic_number % 60),
(node.magic_number % 4), (node.magic_number % 4),
), ),
},
}, },
'icinga2_api': { 'icinga2_api': {
'backup-client': { 'backup-client': {

View file

@ -91,7 +91,7 @@ files = {
}, },
} }
for crontab, content in node.metadata.get('cron', {}).items(): for crontab, content in node.metadata.get('cron/jobs', {}).items():
files['/etc/cron.d/{}'.format(crontab)] = { files['/etc/cron.d/{}'.format(crontab)] = {
'source': 'cron_template', 'source': 'cron_template',
'content_type': 'mako', 'content_type': 'mako',

View file

@ -33,11 +33,13 @@ def patchday(metadata):
return { return {
'cron': { 'cron': {
'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format( 'jobs': {
minute=node.magic_number % 30, 'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format(
hour=hour, minute=node.magic_number % 30,
day=day, hour=hour,
), day=day,
),
},
}, },
} }

View file

@ -1,5 +1,5 @@
@metadata_reactor.provides( @metadata_reactor.provides(
'cron/check-mail-received', 'cron/jobs/check-mail-received',
'icinga2_api/check-mail-received/services', 'icinga2_api/check-mail-received/services',
) )
def process_metadata(metadata): def process_metadata(metadata):
@ -30,7 +30,9 @@ def process_metadata(metadata):
return { return {
'cron': { 'cron': {
'check-mail-received': '\n'.join(sorted(cron)), 'jobs': {
'check-mail-received': '\n'.join(sorted(cron)),
},
}, },
'icinga2_api': { 'icinga2_api': {
'check-mail-received': { 'check-mail-received': {

View file

@ -3,5 +3,6 @@
SHELL=/bin/sh SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)}
${cron} ${cron}

View file

@ -3,6 +3,7 @@
SHELL=/bin/sh SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)}
${min} * * * * root cd / && run-parts --report /etc/cron.hourly ${min} * * * * root cd / && run-parts --report /etc/cron.hourly
${min} 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) ${min} 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

View file

@ -31,7 +31,7 @@ svc_systemd = {
}, },
} }
for crontab, content in node.metadata.get('cron', {}).items(): for crontab, content in node.metadata.get('cron/jobs', {}).items():
files['/etc/cron.d/{}'.format(crontab)] = { files['/etc/cron.d/{}'.format(crontab)] = {
'source': 'cron_template', 'source': 'cron_template',
'content_type': 'mako', 'content_type': 'mako',

View file

@ -13,10 +13,6 @@ defaults = {
}, },
}, },
}, },
'cron': {
'letsencrypt_renew': '{} 4 * * * root /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
'letsencrypt_cleanup': '{} 4 * * 0 root /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
},
'pacman': { 'pacman': {
'packages': { 'packages': {
'dehydrated': { 'dehydrated': {
@ -27,3 +23,21 @@ defaults = {
}, },
}, },
} }
@metadata_reactor.provides(
'cron/jobs/letsencrypt',
)
def cron(metadata):
if node.metadata.get('letsencrypt/domains'):
return {
'cron': {
'jobs': {
'letsencrypt': '\n'.join([
'{} 4 * * * root /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
'{} 4 * * 0 root /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
]),
},
},
}
return {}

View file

@ -22,10 +22,12 @@ defaults = {
}, },
}, },
'cron': { 'cron': {
'netbox': '{m} {h} * * * netbox /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format( 'jobs': {
m=node.magic_number%60, 'netbox': '{m} {h} * * * netbox /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format(
h=node.magic_number%4, m=node.magic_number%60,
), h=node.magic_number%4,
),
},
}, },
'postgresql': { 'postgresql': {
'databases': { 'databases': {

View file

@ -9,7 +9,9 @@ defaults = {
}, },
}, },
'cron': { 'cron': {
'restart-pppoe-if-no-public-ip': '*/5 * * * * root /usr/local/bin/restart-pppoe-if-no-public-ip', 'jobs': {
'restart-pppoe-if-no-public-ip': '*/5 * * * * root /usr/local/bin/restart-pppoe-if-no-public-ip',
},
}, },
'icinga2_api': { 'icinga2_api': {
'pppd': { 'pppd': {

View file

@ -45,7 +45,9 @@ defaults = {
}, },
}, },
'cron': { 'cron': {
'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1', 'jobs': {
'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
},
}, },
'postfix': { 'postfix': {
'aliases': { 'aliases': {

View file

@ -14,7 +14,9 @@ defaults = {
}, },
}, },
'cron': { 'cron': {
# Automatically remove files which are older than 14 days 'jobs': {
'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete', # Automatically remove files which are older than 14 days
'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
},
}, },
} }

View file

@ -83,7 +83,7 @@ def telegraf(metadata):
@metadata_reactor.provides( @metadata_reactor.provides(
'cron/smartd', 'cron/jobs/smartd',
) )
def monthly_long_test(metadata): def monthly_long_test(metadata):
lines = set() lines = set()
@ -96,6 +96,8 @@ def monthly_long_test(metadata):
return { return {
'cron': { 'cron': {
'smartd': '\n'.join(sorted(lines)), 'jobs': {
'smartd': '\n'.join(sorted(lines)),
},
}, },
} }

View file

@ -8,12 +8,14 @@ defaults = {
}, },
}, },
'cron': { 'cron': {
'unbound_refresh_root-hints': '{} {} * * {} root wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format( 'jobs': {
node.magic_number%60, 'unbound_refresh_root-hints': '{} {} * * {} root wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
node.magic_number%24, node.magic_number%60,
node.magic_number%7, node.magic_number%24,
), node.magic_number%7,
'unbound-auto-restart': '* * * * * root /usr/local/sbin/unbound-auto-restart', ),
'unbound-auto-restart': '* * * * * root /usr/local/sbin/unbound-auto-restart',
},
}, },
'nameservers': { 'nameservers': {
'127.0.0.1', '127.0.0.1',

View file

@ -35,10 +35,12 @@ defaults = {
}, },
}, },
'cron': { 'cron': {
'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily', 'jobs': {
'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly', 'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily',
'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly', 'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly',
'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly', 'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly',
'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly',
},
}, },
'icinga2_api': { 'icinga2_api': {
'zfs': { 'zfs': {
@ -103,13 +105,15 @@ if node.has_bundle('telegraf'):
@metadata_reactor.provides( @metadata_reactor.provides(
'cron/zfs-scrub', 'cron/jobs/zfs-scrub',
) )
def zfs_scrub_cronjob(metadata): def zfs_scrub_cronjob(metadata):
when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60))) when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60)))
return { return {
'cron': { 'cron': {
'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when), 'jobs': {
'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when),
},
}, },
} }

View file

@ -59,15 +59,17 @@ nodes['home.nas'] = {
# 'zfs-base': 'storage/backups', # 'zfs-base': 'storage/backups',
#}, #},
'cron': { 'cron': {
# Ensure every user is able to read and write to the NAS dataset. 'jobs': {
'nas_permissions': '0 3 * * * root ' # Ensure every user is able to read and write to the NAS dataset.
'chown -R :nas /storage/nas/ && ' 'nas_permissions': '0 3 * * * root '
'find /storage/nas/ -type d -exec chmod 0775 {} \; && ' 'chown -R :nas /storage/nas/ && '
'find /storage/nas/ -type f -exec chmod 0664 {} \;', 'find /storage/nas/ -type d -exec chmod 0775 {} \; && '
'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into( 'find /storage/nas/ -type f -exec chmod 0664 {} \;',
'0 2 * * * kunsi ' 'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into(
'cd /storage/nas/Musik/Compilations && ' '0 2 * * * kunsi '
'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'), 'cd /storage/nas/Musik/Compilations && '
'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'),
},
}, },
'groups': { 'groups': {
'nas': {}, 'nas': {},

View file

@ -47,11 +47,13 @@ nodes['home.router'] = {
}, },
}, },
'cron': { 'cron': {
# Our internet provider resets the connection if you're 'jobs': {
# connected longer than 24 hours. We install this cronjob # Our internet provider resets the connection if you're
# to make sure we don't get disconnected randomly during the # connected longer than 24 hours. We install this cronjob
# day. # to make sure we don't get disconnected randomly during the
'restart_pppd': '23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status', # day.
'restart_pppd': '23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
},
}, },
'dhcpd': { 'dhcpd': {
'subnets': { 'subnets': {

View file

@ -37,7 +37,9 @@ nodes['htz-cloud.luther'] = {
}, },
}, },
'cron': { 'cron': {
'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * * www-data /usr/bin/curl -s {}'), 'jobs': {
'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * * www-data /usr/bin/curl -s {}'),
},
}, },
'icinga_options': { 'icinga_options': {
'pretty_name': 'Lutherkirchengemeinde Pirmasens', 'pretty_name': 'Lutherkirchengemeinde Pirmasens',

View file

@ -34,7 +34,9 @@ nodes['htz-cloud.pleroma'] = {
'pretty_name': 'cybert-media.net', 'pretty_name': 'cybert-media.net',
}, },
'cron': { 'cron': {
'auto-authorize-sm-users': '* * * * * root echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null', 'jobs': {
'auto-authorize-sm-users': '* * * * * root echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null',
},
}, },
'nginx': { 'nginx': {
'vhosts': { 'vhosts': {

View file

@ -95,7 +95,9 @@ nodes['rx300'] = {
}, },
}, },
'cron': { 'cron': {
'cleanup-paste.franzi.business': '0 0 * * * kunsi /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;', 'jobs': {
'cleanup-paste.franzi.business': '0 0 * * * kunsi /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;',
},
}, },
'check-mail-received': { 'check-mail-received': {
't-online': { 't-online': {