change to script user: cv4pve (#251)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#251
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2021-11-23 21:26:18 +01:00
parent 00aad73ff5
commit a730c3f6db
7 changed files with 50 additions and 43 deletions

View file

@ -5,20 +5,8 @@ Installiert [cv4pve-autosnap](https://github.com/Corsinvest/cv4pve-autosnap).
Legt einen cronjob und das Logfile an. Legt einen cronjob und das Logfile an.
### getestet auf ### getestet auf
- [x] ProxMox 6.1 - [x] ProxMox 6*
- [x] ProxMox 7*
### Variablen + Defaults ### Variablen + Defaults
##### Version - see [defaults](./defaults/main.yml)
``cv4pve_version: "v1.9.3"``
##### Cron Minute
``cv4pve_cron_minute: "39"``
##### Cron Stunde
``cv4pve_cron_hour: "5"``
##### API-Token (vorher erstellen)
``cv4pve_api_token: "XXXXXXXXXXXXXXXXXXXXXX"``
##### API-User (vorher erstellen)
``cv4pve_api_user: "root@pam!test2"``
##### VMs
``cv4pve_vmid: all``
##### Anzahl Snpshots zum aufheben
``cv4pve_keep_snapshots: 3``

View file

@ -1,8 +1,16 @@
--- ---
cv4pve_version: "v1.9.3" # when should cv4pve be run
cv4pve_cron_minute: "39" cv4pve_cron_minute: "39"
cv4pve_cron_hour: "5" cv4pve_cron_hour: "5"
# proxmox api-token and user
cv4pve_api_token: "XXXXXXXXXXXXXXXXXXXXXX" cv4pve_api_token: "XXXXXXXXXXXXXXXXXXXXXX"
cv4pve_api_user: "root@pam!test2" cv4pve_api_user: "root@pam!test2"
# which vm to snapshot
cv4pve_vmid: all cv4pve_vmid: all
# how many snapshots to keep
cv4pve_keep_snapshots: 3 cv4pve_keep_snapshots: 3
# under which user the script is run
cv4pve_user_group: cv4pve
cv4pve_user: cv4pve
# logfile path
cv4pve_logfile: /var/log/cv4pve-autosnap.log

View file

@ -1,27 +1,34 @@
--- ---
- name: include user tasks
include_tasks: user.yml
- name: create directories - name: create directories
become: yes become: yes
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: "{{ cv4pve_user }}"
group: "{{ cv4pve_user_group }}"
loop: loop:
- '/tmp/cv4pve' - '/tmp/cv4pve'
- '/usr/local/bin/cv4pve' - '/usr/local/bin/cv4pve'
- name: download archives - name: download archives
become: yes become: yes
ansible.builtin.get_url: ## hier variable für version ansible.builtin.get_url:
url: "{{ cv4pve_dl_link }}" url: "{{ cv4pve_dl_link }}"
dest: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip dest: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip
mode: '0775' mode: '0775'
- name: Extract archives - name: extract archives
become: yes become: yes
ansible.builtin.unarchive: ansible.builtin.unarchive:
src: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip src: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip
dest: /usr/local/bin/cv4pve dest: /usr/local/bin/cv4pve
remote_src: yes remote_src: yes
mode: a+x mode: a+x
owner: "{{ cv4pve_user }}"
group: "{{ cv4pve_user_group }}"
- name: copy bash-script - name: copy bash-script
become: yes become: yes
@ -29,6 +36,8 @@
src: "cv4pve-script.sh" src: "cv4pve-script.sh"
dest: "/usr/local/bin/cv4pve/cv4pve-script.sh" dest: "/usr/local/bin/cv4pve/cv4pve-script.sh"
mode: a+x mode: a+x
owner: "{{ cv4pve_user }}"
group: "{{ cv4pve_user_group }}"
- name: create cronjob - name: create cronjob
become: yes become: yes
@ -38,14 +47,15 @@
job: "/usr/local/bin/cv4pve/cv4pve-script.sh" job: "/usr/local/bin/cv4pve/cv4pve-script.sh"
minute: "{{ cv4pve_cron_minute }}" minute: "{{ cv4pve_cron_minute }}"
hour: "{{ cv4pve_cron_hour }}" hour: "{{ cv4pve_cron_hour }}"
user: "{{ cv4pve_user }}"
- name: Create log - name: create log
become: true become: true
ansible.builtin.file: ansible.builtin.file:
path: /var/log/cv4pve-autosnap.log path: /var/log/cv4pve-autosnap.log
state: touch state: touch
owner: root owner: "{{ cv4pve_user }}"
group: root group: "{{ cv4pve_user_group }}"
mode: 0640 mode: 0640
access_time: preserve access_time: preserve
modification_time: preserve modification_time: preserve
@ -55,6 +65,6 @@
ansible.builtin.template: ansible.builtin.template:
src: logrotate_cv4pve src: logrotate_cv4pve
dest: /etc/logrotate.d/cv4pve-autosnap dest: /etc/logrotate.d/cv4pve-autosnap
owner: root owner: "{{ cv4pve_user }}"
group: root group: "{{ cv4pve_user_group }}"
mode: 0644 mode: 0644

View file

@ -0,0 +1,18 @@
---
- name: ensure group exists
become: true
ansible.builtin.group:
name: "{{ cv4pve_user_group }}"
state: present
when:
- cv4pve_user_group is defined
- name: ensure user exists
become: true
ansible.builtin.user:
name: "{{ cv4pve_user }}"
group: "{{ cv4pve_user_group }}"
shell: /usr/sbin/nologin
when:
- cv4pve_user_group is defined
- cv4pve_user is defined

View file

@ -1,24 +1,7 @@
#!/bin/bash #!/bin/bash
{{ file_header | default () }} {{ file_header | default () }}
LOCKDIR=${HOME}/.cache
function exlock() {
exec {lock_fd}>${LOCKDIR}/$(basename $0).lock
flock -nx "$lock_fd"
if [[ $? == 1 ]]; then
exit 1
fi
}
function unlock() {
rm "${LOCKDIR}/$(basename $0).lock"
[[ -n $1 ]] && exit $1
exit
}
exlock
( (
/usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="{{ cv4pve_vmid }}" snap --label='daily' --keep="{{ cv4pve_keep_snapshots }}" --state | ts '%Y-%m-%d - %H-%M-%S' /usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="{{ cv4pve_vmid }}" snap --label='daily' --keep="{{ cv4pve_keep_snapshots }}" --state | ts '%Y-%m-%d - %H-%M-%S'
/usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="all" status | ts '%Y-%m-%d - %H-%M-%S' /usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="all" status | ts '%Y-%m-%d - %H-%M-%S'
) >> /var/log/cv4pve-autosnap.log 2>&1 ) >> {{ cv4pve_logfile }} 2>&1
unlock

View file

@ -1,5 +1,5 @@
{{ file_header | default () }} {{ file_header | default () }}
/var/log/cv4pve-autosnap.log { {{ cv4pve_logfile }} {
su root root su root root
create 0640 root root create 0640 root root
rotate 4 rotate 4