From a730c3f6dbcaf301a32a35336e071f3f1db6a0c7 Mon Sep 17 00:00:00 2001 From: mg Date: Tue, 23 Nov 2021 21:26:18 +0100 Subject: [PATCH] change to script user: cv4pve (#251) Co-authored-by: Michael Grote Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/251 Co-authored-by: mg Co-committed-by: mg --- roles/mgrote.cv4pve-autosnap/README.md | 18 +++----------- .../mgrote.cv4pve-autosnap/defaults/main.yml | 10 +++++++- roles/mgrote.cv4pve-autosnap/tasks/main.yml | 24 +++++++++++++------ roles/mgrote.cv4pve-autosnap/tasks/user.yml | 18 ++++++++++++++ .../templates/cv4pve-script.sh | 19 +-------------- .../templates/logrotate_cv4pve | 2 +- roles/mgrote.zfs_sanoid/defaults/main.yml | 2 +- 7 files changed, 50 insertions(+), 43 deletions(-) create mode 100644 roles/mgrote.cv4pve-autosnap/tasks/user.yml diff --git a/roles/mgrote.cv4pve-autosnap/README.md b/roles/mgrote.cv4pve-autosnap/README.md index feed5965..3c389643 100644 --- a/roles/mgrote.cv4pve-autosnap/README.md +++ b/roles/mgrote.cv4pve-autosnap/README.md @@ -5,20 +5,8 @@ Installiert [cv4pve-autosnap](https://github.com/Corsinvest/cv4pve-autosnap). Legt einen cronjob und das Logfile an. ### getestet auf -- [x] ProxMox 6.1 +- [x] ProxMox 6* +- [x] ProxMox 7* ### Variablen + Defaults -##### Version - ``cv4pve_version: "v1.9.3"`` -##### Cron Minute - ``cv4pve_cron_minute: "39"`` -##### Cron Stunde - ``cv4pve_cron_hour: "5"`` -##### API-Token (vorher erstellen) - ``cv4pve_api_token: "XXXXXXXXXXXXXXXXXXXXXX"`` -##### API-User (vorher erstellen) - ``cv4pve_api_user: "root@pam!test2"`` -##### VMs - ``cv4pve_vmid: all`` -##### Anzahl Snpshots zum aufheben - ``cv4pve_keep_snapshots: 3`` +- see [defaults](./defaults/main.yml) diff --git a/roles/mgrote.cv4pve-autosnap/defaults/main.yml b/roles/mgrote.cv4pve-autosnap/defaults/main.yml index 371ed8cb..4012dcc2 100644 --- a/roles/mgrote.cv4pve-autosnap/defaults/main.yml +++ b/roles/mgrote.cv4pve-autosnap/defaults/main.yml @@ -1,8 +1,16 @@ --- - cv4pve_version: "v1.9.3" + # when should cv4pve be run cv4pve_cron_minute: "39" cv4pve_cron_hour: "5" + # proxmox api-token and user cv4pve_api_token: "XXXXXXXXXXXXXXXXXXXXXX" cv4pve_api_user: "root@pam!test2" + # which vm to snapshot cv4pve_vmid: all + # how many snapshots to keep cv4pve_keep_snapshots: 3 + # under which user the script is run + cv4pve_user_group: cv4pve + cv4pve_user: cv4pve + # logfile path + cv4pve_logfile: /var/log/cv4pve-autosnap.log diff --git a/roles/mgrote.cv4pve-autosnap/tasks/main.yml b/roles/mgrote.cv4pve-autosnap/tasks/main.yml index 4ccb1463..fbfe0a29 100644 --- a/roles/mgrote.cv4pve-autosnap/tasks/main.yml +++ b/roles/mgrote.cv4pve-autosnap/tasks/main.yml @@ -1,27 +1,34 @@ --- + - name: include user tasks + include_tasks: user.yml + - name: create directories become: yes ansible.builtin.file: path: "{{ item }}" state: directory + owner: "{{ cv4pve_user }}" + group: "{{ cv4pve_user_group }}" loop: - '/tmp/cv4pve' - '/usr/local/bin/cv4pve' - name: download archives become: yes - ansible.builtin.get_url: ## hier variable für version + ansible.builtin.get_url: url: "{{ cv4pve_dl_link }}" dest: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip mode: '0775' - - name: Extract archives + - name: extract archives become: yes ansible.builtin.unarchive: src: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip dest: /usr/local/bin/cv4pve remote_src: yes mode: a+x + owner: "{{ cv4pve_user }}" + group: "{{ cv4pve_user_group }}" - name: copy bash-script become: yes @@ -29,6 +36,8 @@ src: "cv4pve-script.sh" dest: "/usr/local/bin/cv4pve/cv4pve-script.sh" mode: a+x + owner: "{{ cv4pve_user }}" + group: "{{ cv4pve_user_group }}" - name: create cronjob become: yes @@ -38,14 +47,15 @@ job: "/usr/local/bin/cv4pve/cv4pve-script.sh" minute: "{{ cv4pve_cron_minute }}" hour: "{{ cv4pve_cron_hour }}" + user: "{{ cv4pve_user }}" - - name: Create log + - name: create log become: true ansible.builtin.file: path: /var/log/cv4pve-autosnap.log state: touch - owner: root - group: root + owner: "{{ cv4pve_user }}" + group: "{{ cv4pve_user_group }}" mode: 0640 access_time: preserve modification_time: preserve @@ -55,6 +65,6 @@ ansible.builtin.template: src: logrotate_cv4pve dest: /etc/logrotate.d/cv4pve-autosnap - owner: root - group: root + owner: "{{ cv4pve_user }}" + group: "{{ cv4pve_user_group }}" mode: 0644 diff --git a/roles/mgrote.cv4pve-autosnap/tasks/user.yml b/roles/mgrote.cv4pve-autosnap/tasks/user.yml new file mode 100644 index 00000000..38456937 --- /dev/null +++ b/roles/mgrote.cv4pve-autosnap/tasks/user.yml @@ -0,0 +1,18 @@ +--- + - name: ensure group exists + become: true + ansible.builtin.group: + name: "{{ cv4pve_user_group }}" + state: present + when: + - cv4pve_user_group is defined + + - name: ensure user exists + become: true + ansible.builtin.user: + name: "{{ cv4pve_user }}" + group: "{{ cv4pve_user_group }}" + shell: /usr/sbin/nologin + when: + - cv4pve_user_group is defined + - cv4pve_user is defined diff --git a/roles/mgrote.cv4pve-autosnap/templates/cv4pve-script.sh b/roles/mgrote.cv4pve-autosnap/templates/cv4pve-script.sh index 4fb751d8..48bd4199 100644 --- a/roles/mgrote.cv4pve-autosnap/templates/cv4pve-script.sh +++ b/roles/mgrote.cv4pve-autosnap/templates/cv4pve-script.sh @@ -1,24 +1,7 @@ #!/bin/bash {{ file_header | default () }} -LOCKDIR=${HOME}/.cache -function exlock() { - exec {lock_fd}>${LOCKDIR}/$(basename $0).lock - flock -nx "$lock_fd" - if [[ $? == 1 ]]; then - exit 1 - fi -} -function unlock() { - rm "${LOCKDIR}/$(basename $0).lock" - [[ -n $1 ]] && exit $1 - exit -} -exlock ( - /usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="{{ cv4pve_vmid }}" snap --label='daily' --keep="{{ cv4pve_keep_snapshots }}" --state | ts '%Y-%m-%d - %H-%M-%S' /usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="all" status | ts '%Y-%m-%d - %H-%M-%S' -) >> /var/log/cv4pve-autosnap.log 2>&1 - -unlock +) >> {{ cv4pve_logfile }} 2>&1 diff --git a/roles/mgrote.cv4pve-autosnap/templates/logrotate_cv4pve b/roles/mgrote.cv4pve-autosnap/templates/logrotate_cv4pve index ce4bf639..a20ad8e8 100644 --- a/roles/mgrote.cv4pve-autosnap/templates/logrotate_cv4pve +++ b/roles/mgrote.cv4pve-autosnap/templates/logrotate_cv4pve @@ -1,5 +1,5 @@ {{ file_header | default () }} -/var/log/cv4pve-autosnap.log { +{{ cv4pve_logfile }} { su root root create 0640 root root rotate 4 diff --git a/roles/mgrote.zfs_sanoid/defaults/main.yml b/roles/mgrote.zfs_sanoid/defaults/main.yml index 59318241..fbb95540 100644 --- a/roles/mgrote.zfs_sanoid/defaults/main.yml +++ b/roles/mgrote.zfs_sanoid/defaults/main.yml @@ -6,7 +6,7 @@ ### where to store the logfile sanoid_log_file: "/var/log/sanoid-cron.log" - ###where to download the binary + config + ### where to download the binary + config sanoid_dl_url: "https://raw.githubusercontent.com/jimsalterjrs/sanoid/master/sanoid" sanoid_dl_conf_url: "https://raw.githubusercontent.com/jimsalterjrs/sanoid/master/sanoid.defaults.conf"