bundles/cron: use MAILTO=, rework metadata syntax
This commit is contained in:
parent
533f8075ca
commit
0d865c93d4
22 changed files with 113 additions and 65 deletions
|
@ -21,8 +21,6 @@ case "$exitcode" in
|
||||||
echo "Upgrades skipped due to active SSH login"
|
echo "Upgrades skipped due to active SSH login"
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
reboot)
|
|
||||||
;;
|
|
||||||
0)
|
0)
|
||||||
if [[ -f /var/run/reboot-required ]]
|
if [[ -f /var/run/reboot-required ]]
|
||||||
then
|
then
|
||||||
|
|
|
@ -18,7 +18,7 @@ defaults = {
|
||||||
|
|
||||||
|
|
||||||
@metadata_reactor.provides(
|
@metadata_reactor.provides(
|
||||||
'cron/upgrade-and-reboot'
|
'cron/jobs/upgrade-and-reboot'
|
||||||
)
|
)
|
||||||
def patchday(metadata):
|
def patchday(metadata):
|
||||||
day = metadata.get('apt/unattended-upgrades/day')
|
day = metadata.get('apt/unattended-upgrades/day')
|
||||||
|
@ -26,10 +26,12 @@ def patchday(metadata):
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'cron': {
|
'cron': {
|
||||||
'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format(
|
'jobs': {
|
||||||
minute=node.magic_number % 30,
|
'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format(
|
||||||
hour=hour,
|
minute=node.magic_number % 30,
|
||||||
day=day,
|
hour=hour,
|
||||||
),
|
day=day,
|
||||||
|
),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,7 @@ defaults = {
|
||||||
|
|
||||||
|
|
||||||
@metadata_reactor.provides(
|
@metadata_reactor.provides(
|
||||||
'cron/backup',
|
'cron/jobs/backup',
|
||||||
'icinga2_api/backup-client/services',
|
'icinga2_api/backup-client/services',
|
||||||
)
|
)
|
||||||
def cron(metadata):
|
def cron(metadata):
|
||||||
|
@ -19,11 +19,13 @@ def cron(metadata):
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'cron': {
|
'cron': {
|
||||||
|
'jobs': {
|
||||||
# spread backups between 00:00 and 04:59 UTC
|
# spread backups between 00:00 and 04:59 UTC
|
||||||
'backup': '{} {} * * * root /usr/local/bin/generate-backup-with-retries'.format(
|
'backup': '{} {} * * * root /usr/local/bin/generate-backup-with-retries'.format(
|
||||||
(node.magic_number % 60),
|
(node.magic_number % 60),
|
||||||
(node.magic_number % 4),
|
(node.magic_number % 4),
|
||||||
),
|
),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'icinga2_api': {
|
'icinga2_api': {
|
||||||
'backup-client': {
|
'backup-client': {
|
||||||
|
|
|
@ -91,7 +91,7 @@ files = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for crontab, content in node.metadata.get('cron', {}).items():
|
for crontab, content in node.metadata.get('cron/jobs', {}).items():
|
||||||
files['/etc/cron.d/{}'.format(crontab)] = {
|
files['/etc/cron.d/{}'.format(crontab)] = {
|
||||||
'source': 'cron_template',
|
'source': 'cron_template',
|
||||||
'content_type': 'mako',
|
'content_type': 'mako',
|
||||||
|
|
|
@ -33,11 +33,13 @@ def patchday(metadata):
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'cron': {
|
'cron': {
|
||||||
'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format(
|
'jobs': {
|
||||||
minute=node.magic_number % 30,
|
'upgrade-and-reboot': '{minute} {hour} * * {day} root /usr/local/sbin/upgrade-and-reboot'.format(
|
||||||
hour=hour,
|
minute=node.magic_number % 30,
|
||||||
day=day,
|
hour=hour,
|
||||||
),
|
day=day,
|
||||||
|
),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
@metadata_reactor.provides(
|
@metadata_reactor.provides(
|
||||||
'cron/check-mail-received',
|
'cron/jobs/check-mail-received',
|
||||||
'icinga2_api/check-mail-received/services',
|
'icinga2_api/check-mail-received/services',
|
||||||
)
|
)
|
||||||
def process_metadata(metadata):
|
def process_metadata(metadata):
|
||||||
|
@ -30,7 +30,9 @@ def process_metadata(metadata):
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'cron': {
|
'cron': {
|
||||||
'check-mail-received': '\n'.join(sorted(cron)),
|
'jobs': {
|
||||||
|
'check-mail-received': '\n'.join(sorted(cron)),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'icinga2_api': {
|
'icinga2_api': {
|
||||||
'check-mail-received': {
|
'check-mail-received': {
|
||||||
|
|
|
@ -3,5 +3,6 @@
|
||||||
|
|
||||||
SHELL=/bin/sh
|
SHELL=/bin/sh
|
||||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)}
|
||||||
|
|
||||||
${cron}
|
${cron}
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
SHELL=/bin/sh
|
SHELL=/bin/sh
|
||||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)}
|
||||||
|
|
||||||
${min} * * * * root cd / && run-parts --report /etc/cron.hourly
|
${min} * * * * root cd / && run-parts --report /etc/cron.hourly
|
||||||
${min} 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
|
${min} 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
|
||||||
|
|
|
@ -31,7 +31,7 @@ svc_systemd = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for crontab, content in node.metadata.get('cron', {}).items():
|
for crontab, content in node.metadata.get('cron/jobs', {}).items():
|
||||||
files['/etc/cron.d/{}'.format(crontab)] = {
|
files['/etc/cron.d/{}'.format(crontab)] = {
|
||||||
'source': 'cron_template',
|
'source': 'cron_template',
|
||||||
'content_type': 'mako',
|
'content_type': 'mako',
|
||||||
|
|
|
@ -13,10 +13,6 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
|
||||||
'letsencrypt_renew': '{} 4 * * * root /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
|
|
||||||
'letsencrypt_cleanup': '{} 4 * * 0 root /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
|
|
||||||
},
|
|
||||||
'pacman': {
|
'pacman': {
|
||||||
'packages': {
|
'packages': {
|
||||||
'dehydrated': {
|
'dehydrated': {
|
||||||
|
@ -27,3 +23,21 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'cron/jobs/letsencrypt',
|
||||||
|
)
|
||||||
|
def cron(metadata):
|
||||||
|
if node.metadata.get('letsencrypt/domains'):
|
||||||
|
return {
|
||||||
|
'cron': {
|
||||||
|
'jobs': {
|
||||||
|
'letsencrypt': '\n'.join([
|
||||||
|
'{} 4 * * * root /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
|
||||||
|
'{} 4 * * 0 root /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
|
||||||
|
]),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
return {}
|
||||||
|
|
|
@ -22,10 +22,12 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
'netbox': '{m} {h} * * * netbox /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format(
|
'jobs': {
|
||||||
m=node.magic_number%60,
|
'netbox': '{m} {h} * * * netbox /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format(
|
||||||
h=node.magic_number%4,
|
m=node.magic_number%60,
|
||||||
),
|
h=node.magic_number%4,
|
||||||
|
),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'postgresql': {
|
'postgresql': {
|
||||||
'databases': {
|
'databases': {
|
||||||
|
|
|
@ -9,7 +9,9 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
'restart-pppoe-if-no-public-ip': '*/5 * * * * root /usr/local/bin/restart-pppoe-if-no-public-ip',
|
'jobs': {
|
||||||
|
'restart-pppoe-if-no-public-ip': '*/5 * * * * root /usr/local/bin/restart-pppoe-if-no-public-ip',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'icinga2_api': {
|
'icinga2_api': {
|
||||||
'pppd': {
|
'pppd': {
|
||||||
|
|
|
@ -45,7 +45,9 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
|
'jobs': {
|
||||||
|
'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'postfix': {
|
'postfix': {
|
||||||
'aliases': {
|
'aliases': {
|
||||||
|
|
|
@ -14,7 +14,9 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
# Automatically remove files which are older than 14 days
|
'jobs': {
|
||||||
'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
|
# Automatically remove files which are older than 14 days
|
||||||
|
'scansnap_cleanup': '00 00 * * * root /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -83,7 +83,7 @@ def telegraf(metadata):
|
||||||
|
|
||||||
|
|
||||||
@metadata_reactor.provides(
|
@metadata_reactor.provides(
|
||||||
'cron/smartd',
|
'cron/jobs/smartd',
|
||||||
)
|
)
|
||||||
def monthly_long_test(metadata):
|
def monthly_long_test(metadata):
|
||||||
lines = set()
|
lines = set()
|
||||||
|
@ -96,6 +96,8 @@ def monthly_long_test(metadata):
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'cron': {
|
'cron': {
|
||||||
'smartd': '\n'.join(sorted(lines)),
|
'jobs': {
|
||||||
|
'smartd': '\n'.join(sorted(lines)),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,12 +8,14 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
'unbound_refresh_root-hints': '{} {} * * {} root wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
|
'jobs': {
|
||||||
node.magic_number%60,
|
'unbound_refresh_root-hints': '{} {} * * {} root wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
|
||||||
node.magic_number%24,
|
node.magic_number%60,
|
||||||
node.magic_number%7,
|
node.magic_number%24,
|
||||||
),
|
node.magic_number%7,
|
||||||
'unbound-auto-restart': '* * * * * root /usr/local/sbin/unbound-auto-restart',
|
),
|
||||||
|
'unbound-auto-restart': '* * * * * root /usr/local/sbin/unbound-auto-restart',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'nameservers': {
|
'nameservers': {
|
||||||
'127.0.0.1',
|
'127.0.0.1',
|
||||||
|
|
|
@ -35,10 +35,12 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily',
|
'jobs': {
|
||||||
'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly',
|
'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily',
|
||||||
'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly',
|
'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly',
|
||||||
'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly',
|
'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly',
|
||||||
|
'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'icinga2_api': {
|
'icinga2_api': {
|
||||||
'zfs': {
|
'zfs': {
|
||||||
|
@ -103,13 +105,15 @@ if node.has_bundle('telegraf'):
|
||||||
|
|
||||||
|
|
||||||
@metadata_reactor.provides(
|
@metadata_reactor.provides(
|
||||||
'cron/zfs-scrub',
|
'cron/jobs/zfs-scrub',
|
||||||
)
|
)
|
||||||
def zfs_scrub_cronjob(metadata):
|
def zfs_scrub_cronjob(metadata):
|
||||||
when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60)))
|
when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60)))
|
||||||
return {
|
return {
|
||||||
'cron': {
|
'cron': {
|
||||||
'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when),
|
'jobs': {
|
||||||
|
'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -59,15 +59,17 @@ nodes['home.nas'] = {
|
||||||
# 'zfs-base': 'storage/backups',
|
# 'zfs-base': 'storage/backups',
|
||||||
#},
|
#},
|
||||||
'cron': {
|
'cron': {
|
||||||
# Ensure every user is able to read and write to the NAS dataset.
|
'jobs': {
|
||||||
'nas_permissions': '0 3 * * * root '
|
# Ensure every user is able to read and write to the NAS dataset.
|
||||||
'chown -R :nas /storage/nas/ && '
|
'nas_permissions': '0 3 * * * root '
|
||||||
'find /storage/nas/ -type d -exec chmod 0775 {} \; && '
|
'chown -R :nas /storage/nas/ && '
|
||||||
'find /storage/nas/ -type f -exec chmod 0664 {} \;',
|
'find /storage/nas/ -type d -exec chmod 0775 {} \; && '
|
||||||
'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into(
|
'find /storage/nas/ -type f -exec chmod 0664 {} \;',
|
||||||
'0 2 * * * kunsi '
|
'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into(
|
||||||
'cd /storage/nas/Musik/Compilations && '
|
'0 2 * * * kunsi '
|
||||||
'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'),
|
'cd /storage/nas/Musik/Compilations && '
|
||||||
|
'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'groups': {
|
'groups': {
|
||||||
'nas': {},
|
'nas': {},
|
||||||
|
|
|
@ -47,11 +47,13 @@ nodes['home.router'] = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
# Our internet provider resets the connection if you're
|
'jobs': {
|
||||||
# connected longer than 24 hours. We install this cronjob
|
# Our internet provider resets the connection if you're
|
||||||
# to make sure we don't get disconnected randomly during the
|
# connected longer than 24 hours. We install this cronjob
|
||||||
# day.
|
# to make sure we don't get disconnected randomly during the
|
||||||
'restart_pppd': '23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
|
# day.
|
||||||
|
'restart_pppd': '23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'dhcpd': {
|
'dhcpd': {
|
||||||
'subnets': {
|
'subnets': {
|
||||||
|
|
|
@ -37,7 +37,9 @@ nodes['htz-cloud.luther'] = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * * www-data /usr/bin/curl -s {}'),
|
'jobs': {
|
||||||
|
'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * * www-data /usr/bin/curl -s {}'),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'icinga_options': {
|
'icinga_options': {
|
||||||
'pretty_name': 'Lutherkirchengemeinde Pirmasens',
|
'pretty_name': 'Lutherkirchengemeinde Pirmasens',
|
||||||
|
|
|
@ -34,7 +34,9 @@ nodes['htz-cloud.pleroma'] = {
|
||||||
'pretty_name': 'cybert-media.net',
|
'pretty_name': 'cybert-media.net',
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
'auto-authorize-sm-users': '* * * * * root echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null',
|
'jobs': {
|
||||||
|
'auto-authorize-sm-users': '* * * * * root echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'nginx': {
|
'nginx': {
|
||||||
'vhosts': {
|
'vhosts': {
|
||||||
|
|
|
@ -95,7 +95,9 @@ nodes['rx300'] = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
'cleanup-paste.franzi.business': '0 0 * * * kunsi /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;',
|
'jobs': {
|
||||||
|
'cleanup-paste.franzi.business': '0 0 * * * kunsi /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'check-mail-received': {
|
'check-mail-received': {
|
||||||
't-online': {
|
't-online': {
|
||||||
|
|
Loading…
Reference in a new issue