chnage to script user: sanoid (#250)

Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#250 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de>
2021-11-23 21:04:03 +01:00 · 2021-11-23 21:04:03 +01:00 · 00aad73ff5
commit 00aad73ff5
parent 9fa56807e1
8 changed files with 62 additions and 67 deletions
--- a/host_vars/pve2.grote.lan.yml
+++ b/host_vars/pve2.grote.lan.yml
@ -174,14 +174,6 @@
      dnodesize: auto
      atime: on
      snapdir: hidden
-    - dataset: hdd_data_raidz/s3
-      state: absent
-      compression: zstd
-      sync: disabled
-      xattr: sa
-      dnodesize: auto
-      atime: on
-      snapdir: hidden
  zfs_extra_arc_max_size: "8589934592" # 8GB in Bytes
  zfs_extra_zfs_pools:
    - name: "rpool"
@ -259,10 +251,6 @@
      recursive: 'no'
      snapshots: true
      template: '14tage'
-    - path: hdd_data_raidz/s3
-      recursive: 'no'
-      snapshots: true
-      template: '3tage'

  sanoid_templates:
    - name: '31tage'
--- a/playbooks/on-off/remove_sanoid.yml
+++ b/playbooks/on-off/remove_sanoid.yml
@ -39,7 +39,7 @@
    - name: Create Sanoid Log
      become: true
      ansible.builtin.file:
-        path: /var/log/sanoid-cron.log
+        path: "{{ sanoid_log_file }}"
        state: absent

    - name: Add Sanoid Log to be Rotated
--- a/roles/mgrote.zfs_sanoid/README.md
+++ b/roles/mgrote.zfs_sanoid/README.md
@ -4,10 +4,8 @@
 Installiert und konfiguriert sanoid.

 ### getestet auf
- [x] ProxMox 6.1
+- [x] ProxMox 6*
+- [x] ProxMox 7*

 ### Variablen + Defaults
- Siehe "defaults"
-
-## Sonstiges
-Logfile wird nach ``"/var/log/sanoid-cron.log"`` geschrieben.
+- see [defaults](./defaults/main.yml)
--- a/roles/mgrote.zfs_sanoid/defaults/main.yml
+++ b/roles/mgrote.zfs_sanoid/defaults/main.yml
@ -1,14 +1,25 @@
 ---
-  ### Wann soll das sanoid-script mit cron ausgeführt werden?
+  ### under which user the script is run
+  sanoid_user_group: "root"
+  sanoid_user: "sanoid"
+
+  ### where to store the logfile
+  sanoid_log_file: "/var/log/sanoid-cron.log"
+
+  ###where to download the binary + config
+  sanoid_dl_url: "https://raw.githubusercontent.com/jimsalterjrs/sanoid/master/sanoid"
+  sanoid_dl_conf_url: "https://raw.githubusercontent.com/jimsalterjrs/sanoid/master/sanoid.defaults.conf"
+
+  ### when should the script be run
  sanoid_cron_hours: '*'
  sanoid_cron_minutes: '*'

  ### "Default" Datasets
-  sanoid_datasets:
-    - path: 'hdd_data_raidz/data'
-      template: 'fiveminutes'
-      recursive: 'no'
-      snapshots: true
+  sanoid_datasets: # dictionary
+    - path: 'hdd_data_raidz/data' # path to dataset; without leading /
+      template: 'fiveminutes' # name
+      recursive: 'no' # recursive snapshotting
+      snapshots: true # (de)activate; can be used to disable snapshotting of subdatasets if recursive is set
    - path: 'hdd_data_raidz/videos'
      template: 'hourly'
      recursive: 'yes'
--- a/roles/mgrote.zfs_sanoid/tasks/main.yml
+++ b/roles/mgrote.zfs_sanoid/tasks/main.yml
@ -1,4 +1,7 @@
 ---
+  - name: include user tasks
+    include_tasks: user.yml
+
  - name: Install Required Packages
    become: true
    ansible.builtin.package:
@ -19,8 +22,8 @@
    ansible.builtin.file:
      path: "{{ item }}"
      state: directory
-      owner: root
-      group: root
+      owner: "{{ sanoid_user }}"
+      group: "{{ sanoid_user_group }}"
      recurse: true
    with_items:
      - /usr/local/bin
@ -29,19 +32,19 @@
  - name: Install Sanoid Binary
    become: true
    ansible.builtin.get_url:
-      url: https://raw.githubusercontent.com/jimsalterjrs/sanoid/master/sanoid
+      url: "{{ sanoid_dl_url }}"
      dest: /usr/local/bin/sanoid
-      owner: root
-      group: root
+      owner: "{{ sanoid_user }}"
+      group: "{{ sanoid_user_group }}"
      mode: 0755

  - name: Install Sanoid Defaults Configuration
    become: true
    ansible.builtin.get_url:
-      url: https://raw.githubusercontent.com/jimsalterjrs/sanoid/master/sanoid.defaults.conf
+      url: "{{ sanoid_dl_conf_url }}"
      dest: /etc/sanoid/sanoid.defaults.conf
-      owner: root
-      group: root
+      owner: "{{ sanoid_user }}"
+      group: "{{ sanoid_user_group }}"
      mode: 0644

  - name: Generate Sanoid Configuration
@ -49,17 +52,17 @@
    ansible.builtin.template:
      src: sanoid.conf.j2
      dest: /etc/sanoid/sanoid.conf
-      owner: root
-      group: root
+      owner: "{{ sanoid_user }}"
+      group: "{{ sanoid_user_group }}"
      mode: 0644

  - name: Create Sanoid Log
    become: true
    ansible.builtin.file:
-      path: /var/log/sanoid-cron.log
+      path: "{{ sanoid_log_file }}"
      state: touch
-      owner: root
-      group: root
+      owner: "{{ sanoid_user }}"
+      group: "{{ sanoid_user_group }}"
      mode: 0644
      access_time: preserve
      modification_time: preserve
@ -69,8 +72,8 @@
    ansible.builtin.template:
      src: logrotate_sanoid
      dest: /etc/logrotate.d/sanoid
-      owner: root
-      group: root
+      owner: "{{ sanoid_user }}"
+      group: "{{ sanoid_user_group }}"
      mode: 0644

  - name: Generate Sanoid Cron Scripts
@ -78,8 +81,8 @@
    ansible.builtin.template:
      src: sanoid-cron.sh
      dest: /usr/local/bin/sanoid-cron.sh
-      owner: root
-      group: root
+      owner: "{{ sanoid_user }}"
+      group: "{{ sanoid_user_group }}"
      mode: 0755

  - name: Configure Sanoid Cron Job
@ -89,5 +92,5 @@
      job: /usr/local/bin/sanoid-cron.sh
      minute: "{{ sanoid_cron_minutes }}"
      hour: "{{ sanoid_cron_hours }}"
-      user: root
+      user: "{{ sanoid_user }}"
      state: present
--- a/roles/mgrote.zfs_sanoid/tasks/user.yml
+++ b/roles/mgrote.zfs_sanoid/tasks/user.yml
@ -0,0 +1,18 @@
+---
+  - name: ensure group exists
+    become: true
+    ansible.builtin.group:
+      name: "{{ sanoid_user_group }}"
+      state: present
+    when:
+      - sanoid_user_group is defined
+
+  - name: ensure user exists
+    become: true
+    ansible.builtin.user:
+      name: "{{ sanoid_user }}"
+      group: "{{ sanoid_user_group }}"
+      shell: /usr/sbin/nologin
+    when:
+      - sanoid_user_group is defined
+      - sanoid_user is defined
--- a/roles/mgrote.zfs_sanoid/templates/logrotate_sanoid
+++ b/roles/mgrote.zfs_sanoid/templates/logrotate_sanoid
@ -1,5 +1,5 @@
 {{ file_header | default () }}
-/var/log/sanoid-cron.log {
+{{ sanoid_log_file }} {
  su root root
  create 0644 root root
  rotate 4
--- a/roles/mgrote.zfs_sanoid/templates/sanoid-cron.sh
+++ b/roles/mgrote.zfs_sanoid/templates/sanoid-cron.sh
@ -2,27 +2,4 @@
 {{ file_header | default () }}
 export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

-LOCKDIR=${HOME}/.cache
-# Get an exclusive lock or exit
-function exlock() {
-    exec {lock_fd}>${LOCKDIR}/$(basename $0).lock
-    flock -nx "$lock_fd"
-    if [[ $? == 1 ]]; then
-        exit 1
-    fi
-}
-# Cleanup lock file and exit
-function unlock() {
-    rm "${LOCKDIR}/$(basename $0).lock"
-    [[ -n $1 ]] && exit $1
-    exit 0
-}
-
-
-# Damit prueft ob das Script ob es schon laeuft
-exlock
-
-/usr/local/bin/sanoid --cron --verbose  | ts '%Y-%m-%d - %H-%M-%S' >> /var/log/sanoid-cron.log 2>&1 &
-
-#Hiermit wird die Lockdatei geloescht
-unlock
+/usr/local/bin/sanoid --cron --verbose  | ts '%Y-%m-%d - %H-%M-%S' >> {{ sanoid_log_file }} 2>&1 &