From d2c425f014197add2c30043a9dce4bd73788b87e Mon Sep 17 00:00:00 2001
From: mg <michael.grote@posteo.de>
Date: Tue, 23 Nov 2021 21:51:18 +0100
Subject: [PATCH] change to script user: smart (#252)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/252
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
---
 group_vars/proxmox.yml                        |  4 --
 playbooks/on-off/remove_smart.yml             | 52 -------------------
 roles/mgrote.smart/README.md                  | 38 ++++++++------
 roles/mgrote.smart/defaults/main.yml          |  9 ++--
 roles/mgrote.smart/handlers/main.yml          |  2 +-
 roles/mgrote.smart/tasks/main.yml             | 42 ++++++---------
 roles/mgrote.smart/tasks/user.yml             | 18 +++++++
 roles/mgrote.smart/templates/smartctl_mail.sh |  5 --
 roles/mgrote.smart/templates/smartmontools    |  2 +-
 9 files changed, 64 insertions(+), 108 deletions(-)
 delete mode 100644 playbooks/on-off/remove_smart.yml
 create mode 100644 roles/mgrote.smart/tasks/user.yml
 delete mode 100644 roles/mgrote.smart/templates/smartctl_mail.sh

diff --git a/group_vars/proxmox.yml b/group_vars/proxmox.yml
index f7565ce3..d0e3a48e 100644
--- a/group_vars/proxmox.yml
+++ b/group_vars/proxmox.yml
@@ -3,10 +3,6 @@
   apt_packages_extra:
     - ifupdown2
     - bmon
-  ### mgrote.smart
-  smart_smartctlmail_cron_minutes: "15"
-  smart_smartctlmail_cron_hours: "6"
-  smart_smartctlmail_cron_weekday: "3"
   ### geerlingguy.munin-node
   munin_node_disabled_plugins:
     - name: meminfo # zu hohe last
diff --git a/playbooks/on-off/remove_smart.yml b/playbooks/on-off/remove_smart.yml
deleted file mode 100644
index 545fd068..00000000
--- a/playbooks/on-off/remove_smart.yml
+++ /dev/null
@@ -1,52 +0,0 @@
----
-- hosts: proxmox
-  become: yes
-
-  tasks:
-    - name: smartmontools kopieren
-      become: yes
-      ansible.builtin.file:
-        path: "/etc/default/smartmontools"
-        state: absent
-
-    - name: smartd.conf kopieren
-      become: yes
-      ansible.builtin.file:
-        path: "/etc/smartd.conf"
-        state: absent
-
-    - name: smartctl_mail.sh kopieren
-      become: yes
-      ansible.builtin.file:
-        path: "/usr/local/bin/smartctl_mail.sh"
-        state: absent
-
-
-    - name: smart_status.sh kopieren
-      become: yes
-      ansible.builtin.file:
-        path: "/usr/local/bin/smart_status.sh"
-        state: absent
-
-  # smartctl output als mail
-    - name: cronjob fuer smartctl-mail
-      become: yes
-      ansible.builtin.cron:
-        name: smart-mail
-        state: absent
-        job: "/usr/local/bin/smartctl_mail.sh"
-        minute: "{{ smart_smartctlmail_cron_minutes }}"
-        hour: "{{ smart_smartctlmail_cron_hours }}"
-        weekday: "{{ smart_smartctlmail_cron_weekday }}"
-
-    - name: smartctl_mail.sh kopieren
-      become: yes
-      ansible.builtin.file:
-        path: "/root/smart/smartctl_mail.sh"
-        state: absent
-
-    - name: smartctl_mail.sh kopieren
-      become: yes
-      ansible.builtin.file:
-        path: "/root/smart/"
-        state: absent
diff --git a/roles/mgrote.smart/README.md b/roles/mgrote.smart/README.md
index 6779f3ef..45547caf 100644
--- a/roles/mgrote.smart/README.md
+++ b/roles/mgrote.smart/README.md
@@ -1,22 +1,30 @@
 ## mgrote.smart
 
 ### Beschreibung
-Installiert und konfiguriert smartmontools + Mail-Benachrichtigungen.
-Es laesst sich konfigurieren wann die kompletten SMART-Werte versendet werden.
+Installiert und konfiguriert smartmontools + Mail-Benachrichtigungen.(Mail muss extra konfiguriert werden.)
+
+Stellt `smart_status.sh` bereit.
+Ausgabe:
+```shell
+mg@pve2 ~
+> sudo smart_status.sh
+Device Model:     SAMSUNG MZ7LH960HAJR-00005
+SMART test result: PASSED
+Device Model:     SAMSUNG MZ7LH960HAJR-00005
+SMART test result: PASSED
+Device Model:     WDC WD80EZAZ-11TDBA0
+SMART test result: PASSED
+Device Model:     WDC WD80EZAZ-11TDBA0
+SMART test result: PASSED
+Device Model:     WDC WD80EZAZ-11TDBA0
+SMART test result: PASSED
+Device Model:     MTFDDAK256MBF-1AN15ABHA
+SMART test result: PASSED
+```
 
 ### getestet auf
-- [ ] Ubuntu (>=18.04)
-- [ ] Debian
-- [x] ProxMox 6.1
+- [x] ProxMox 6*
+- [x] ProxMox 7*
 
 ### Variablen + Defaults
-##### Wer soll die Mail bekommen
-``empfaenger_mail: michael.grote@posteo.de``
-##### Wann sollen die SMART-Werte verschickt werden.(Minuten)
-``smart_smartctlmail_cron_minutes``
-##### Wann sollen die SMART-Werte verschickt werden.(Stunden)
-``smart_smartctlmail_cron_hours``
-##### Wann sollen die SMART-Werte verschickt werden.(Wochentag)
-``smart_smartctlmail_cron_weekday``
-##### Pfad zu smartctl
-``smart_smartctl_mail_pfad_smartctl: "/usr/sbin/smartctl"``
+- see [defaults](./defaults/main.yml)
diff --git a/roles/mgrote.smart/defaults/main.yml b/roles/mgrote.smart/defaults/main.yml
index 53c015df..e9b13e4f 100644
--- a/roles/mgrote.smart/defaults/main.yml
+++ b/roles/mgrote.smart/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
-  smart_smartctlmail_cron_minutes: 15
-  smart_smartctlmail_cron_hours: 6
-  smart_smartctlmail_cron_weekday: 3
-  smart_smartctl_mail_pfad_smartctl: "/usr/sbin/smartctl"
+  # path to smartctl
+  smart_smartctl_path: "/usr/sbin/smartctl"
+  # under which user the script is run
+  smart_user_group: "root"
+  smart_user: "smart"
diff --git a/roles/mgrote.smart/handlers/main.yml b/roles/mgrote.smart/handlers/main.yml
index ed4866eb..f868b805 100644
--- a/roles/mgrote.smart/handlers/main.yml
+++ b/roles/mgrote.smart/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
-  - name: smartmontools_starten_aktivieren
+  - name: restart smartmontools
     become: yes
     systemd:
       name: smartmontools
diff --git a/roles/mgrote.smart/tasks/main.yml b/roles/mgrote.smart/tasks/main.yml
index 11128f12..59031543 100644
--- a/roles/mgrote.smart/tasks/main.yml
+++ b/roles/mgrote.smart/tasks/main.yml
@@ -1,46 +1,36 @@
 ---
-  #Blockdevice/Festplatten muessen haendisch in "templates" eingetragen werden
-  - name: smartmontools installieren
+  - name: include user tasks
+    include_tasks: user.yml
+
+  - name: ensure smartmontools are installed
     become: yes
     ansible.builtin.package:
       name: smartmontools
       state: present
 
-  - name: smartmontools kopieren
+  - name: template smartmontools config
     become: yes
     ansible.builtin.template:
       src: "smartmontools"
       dest: "/etc/default/smartmontools"
-    notify: smartmontools_starten_aktivieren
+      owner: "{{ smart_user }}"
+      group: "{{ smart_user_group }}"
+    notify: restart smartmontools
 
-  - name: smartd.conf kopieren
+  - name: template smartd.conf
     become: yes
     ansible.builtin.template:
       src: "smartd.conf"
       dest: "/etc/smartd.conf"
-    notify: smartmontools_starten_aktivieren
+      owner: "{{ smart_user }}"
+      group: "{{ smart_user_group }}"
+    notify: restart smartmontools
 
-  - name: smartctl_mail.sh kopieren
-    become: yes
-    ansible.builtin.template:
-      src: "smartctl_mail.sh"
-      dest: "/usr/local/bin/smartctl_mail.sh"
-      mode: a+x
-
-  - name: smart_status.sh kopieren
+  - name: copy smart_status.sh
     become: yes
     ansible.builtin.template:
       src: "smart_status.sh"
       dest: "/usr/local/bin/smart_status.sh"
-      mode: a+x
-
-# smartctl output als mail
-  - name: cronjob fuer smartctl-mail
-    become: yes
-    ansible.builtin.cron:
-      name: smart-mail
-      state: present
-      job: "/usr/local/bin/smartctl_mail.sh"
-      minute: "{{ smart_smartctlmail_cron_minutes }}"
-      hour: "{{ smart_smartctlmail_cron_hours }}"
-      weekday: "{{ smart_smartctlmail_cron_weekday }}"
+      owner: "{{ smart_user }}"
+      group: "{{ smart_user_group }}"
+      mode: 0744
diff --git a/roles/mgrote.smart/tasks/user.yml b/roles/mgrote.smart/tasks/user.yml
new file mode 100644
index 00000000..3b8d2d9b
--- /dev/null
+++ b/roles/mgrote.smart/tasks/user.yml
@@ -0,0 +1,18 @@
+---
+  - name: ensure group exists
+    become: true
+    ansible.builtin.group:
+      name: "{{ smart_user_group }}"
+      state: present
+    when:
+      - smart_user_group is defined
+
+  - name: ensure user exists
+    become: true
+    ansible.builtin.user:
+      name: "{{ smart_user }}"
+      group: "{{ smart_user_group }}"
+      shell: /usr/sbin/nologin
+    when:
+      - smart_user_group is defined
+      - smart_user is defined
diff --git a/roles/mgrote.smart/templates/smartctl_mail.sh b/roles/mgrote.smart/templates/smartctl_mail.sh
deleted file mode 100644
index 940930fe..00000000
--- a/roles/mgrote.smart/templates/smartctl_mail.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-{{ file_header | default () }}
-for i in {a..z}; do
-    {{ smart_smartctl_mail_pfad_smartctl }} /dev/sd$i -a
-done
diff --git a/roles/mgrote.smart/templates/smartmontools b/roles/mgrote.smart/templates/smartmontools
index 7a9c1a1f..5de9f9d9 100644
--- a/roles/mgrote.smart/templates/smartmontools
+++ b/roles/mgrote.smart/templates/smartmontools
@@ -1,3 +1,3 @@
-enable_smart="/dev/sda /dev/sdb /dev/sdc /dev/sdd /dev/sde /dev/sdf /dev/sdg /dev/sdh /dev/sdi /dev/sdj /dev/sdk /dev/sdl /dev/sdm /dev/sdn /dev/sdo /dev/sdp"
+enable_smart="/dev/sda /dev/sdb /dev/sdc /dev/sdd /dev/sde /dev/sdf /dev/sdg /dev/sdh /dev/sdi /dev/sdj /dev/sdk /dev/sdl /dev/sdm /dev/sdn /dev/sdo /dev/sdp /dev/sdq /dev/sdr /dev/sds /dev/sdt /dev/sdu /dev/sdw /dev/sdv /dev/sdx /dev/sdy /dev/sdz"
 start_smartd=yes
 smartd_opts="--interval=14400"