evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Add role for automatically deploying autosysadmin

Browse source
This commit is contained in:
Mathieu Trossevin 2023-12-18 16:50:04 +01:00
parent 9e67db57e5
commit 62c596046d
Signed by: mtrossevin
GPG key ID: D1DBB7EA828374E9
36 changed files with 1970 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -23,6 +23,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* webapps/nextcloud: Add condition for config tasks
* remount-usr: do not try to remount /usr RW if /usr is not a mounted partition
* minifirewall: Fix nagios check for old versions of minifirewall
* autosysadmin: Add a role to automatically deploy autosysadmin on evolixisation
### Changed

22
autosysadmin/defaults/main.yml Normal file
View file

@ -0,0 +1,22 @@
---
general_scripts_dir: "/usr/share/scripts"
autosysadmin_dir: "{{ general_scripts_dir }}/autosysadmin"
# Default values for enabled checks
repair_amavis: 'on'
repair_disk: 'on'
repair_elasticsearch: 'on'
repair_http: 'on'
repair_mysql: 'on'
repair_opendkim: 'off'
repair_php_fpm56: 'off'
repair_php_fpm70: 'off'
repair_php_fpm73: 'off'
repair_php_fpm74: 'off'
repair_php_fpm80: 'off'
repair_php_fpm81: 'off'
repair_php_fpm82: 'off'
repair_php_fpm83: 'off'
repair_redis: 'off'
repair_tomcat_instance: 'off'

13
autosysadmin/files/logrotate_autosysadmin.conf Normal file
View file

@ -0,0 +1,13 @@
/var/log/autosysadmin.log {
daily
missingok
rotate 365
compress
nodelaycompress
notifempty
dateext
dateformat .%Y-%m-%d
dateyesterday
copytruncate
create 0640 root adm
}

3
autosysadmin/files/rsyslog_autosysadmin.conf Normal file
View file

@ -0,0 +1,3 @@
$template autosysadmin, "/var/log/autosysadmin.log"
if $programname contains 'autosysadmin' then ?autosysadmin
& stop

478
autosysadmin/files/scripts/functions.sh Normal file
View file

@ -0,0 +1,478 @@
#!/bin/bash
get_system() {
uname -s
}
get_fqdn() {
if [ "$(get_system)" = "Linux" ]; then
hostname --fqdn
elif [ "$(get_system)" = "OpenBSD" ]; then
hostname
else
log_error_exit "OS not detected!"
fi
}
get_complete_hostname() {
REAL_HOSTNAME="$(get_fqdn)"
if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
echo "${HOSTNAME}"
else
echo "${HOSTNAME} (${REAL_HOSTNAME})"
fi
}
get_evomaintenance_mail() {
email="$(grep "EVOMAINTMAIL=" /etc/evomaintenance.cf | cut -d '=' -f2)"
if [[ -z "$email" ]]; then
email='alert5@evolix.fr'
fi
echo "${email}"
}
arguments="${*}"
get_argument() {
no_found=1
for argument in ${arguments} ; do
if [ "${argument}" = "${1}" ] ;
then
no_found=0
fi
done
return ${no_found}
}
internal_info() {
INTERNAL_INFO="$(printf '%b\n%s' "${INTERNAL_INFO}" "$*")"
}
log_action() {
log "Action : $*"
ACTIONS="$(printf '%s\n%s' "${ACTIONS}" "$*")"
}
log() {
INTERNAL_LOG="$(printf '%s\n%s %s %s %s' "${INTERNAL_LOG}" "$(date -Isec)" "$(hostname)" "$(basename "$0")" "$*")"
printf '%s %s %s %s\n' "$(date -Isec)" "$(hostname)" "$(basename "$0")" "$*" | tee -a "${LOG_DIR}/autosysadmin.log"
echo "$*" | /usr/bin/logger -p local0.notice -t autosysadmin."$0"
}
log_error_exit() {
log "ERROR : $*"
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: $*" --no-commit --no-mail
exit 1
}
log_check_php_fpm() {
# Extraire seulement les chiffres du nom du script exécuté
# ./repair_php_fpm81.sh ==> 81
PHP_VERSION="${0//[^0-9]/}"
PHP_PATH_POOL=$(find /var/lib/lxc/php"${PHP_VERSION}"/ -type d -name "pool.d")
/usr/local/lib/nagios/plugins/check_phpfpm_multi "${PHP_PATH_POOL}" > "${LOG_DIR}/nrpe.txt"
}
log_system_status() {
DUMP_SERVER_STATE_BIN="$(command -v dump-server-state || command -v backup-server-state)"
if [ -z "${DUMP_SERVER_STATE_BIN}" ]; then
log "Warning: dump-server-state is not present. No server state recorded...."
fi
if [ -x "${DUMP_SERVER_STATE_BIN}" ]; then
# NOTE We don't want the logging to take too much time, so we kill it
# if it take more than 20 seconds.
timeout --signal 9 20 \
"${DUMP_SERVER_STATE_BIN}" \
--dump-dir="$LOG_DIR" \
--df \
--dmesg \
--iptables \
--lxc \
--netcfg \
--netstat \
--uname \
--processes \
--systemctl \
--uptime \
--virsh \
--disks \
--mysql-processes \
--no-apt-states \
--no-apt-config \
--no-dpkg-full \
--no-dpkg-status \
--no-mount \
--no-packages \
--no-sysctl \
--no-etc
log "System status logged in ${LOG_DIR}"
fi
}
read_log_system_status(){
files="df.txt dmesg.txt lxc-list.txt netstat-legacy.txt netstat-ss.txt pstree.txt ps.txt systemctl-failed-services.txt"
echo -e "\n\n#### Détails de dump-server-state"
for file in ${files} ; do
echo -e "\n### cat ${LOG_DIR}/${file} :"
tail -n 1000 "${LOG_DIR}"/"${file}"
done
}
ensure_no_active_users_or_exit() {
if is_debug; then return; fi
# Is there any active user ?
for user in $(LC_ALL=C who --users|awk '{print $1}'); do
idle_time="$(LC_ALL=C who --users | grep "${user}" | awk '{ print $6}')"
for sameusertime in $(LC_ALL=C who --users | grep "${user}" | awk '{ print $6}'); do
if is_active_user "$sameusertime"; then
hook_mail abort_active_users
log_error_exit 'At least one user was recently active. That requires human intervention. Nothing to do here!'
fi
done
done
}
is_active_user() {
# Check if a user was active in the last 30 minutes
idle_time="$1"
if [ "${idle_time}" = "old" ];
then
return 1
elif [ "${idle_time}" = "." ];
then
return 0
else
hh="$(echo "${idle_time}" | awk -F':' '{print $1}')"
mm="$(echo "${idle_time}" | awk -F':' '{print $2}')"
idle_minutes="$(( 60 * "${hh}" + "${mm}" ))"
if [ "${idle_minutes}" -ge 30 ];
then
return 1
else
return 0
fi
fi
}
is_debug() {
debug_file="/etc/evolinux/autosysadmin.debug"
if [ -e "${debug_file}" ]; then
last_change=$(stat -c %Z "${debug_file}")
limit_date=$(date --date "14400 seconds ago" +"%s")
if [ $(( last_change - limit_date )) -le "0" ]; then
rm "${debug_file}"
else
return 0
fi
fi
return 1
}
check_nrpe() {
check="$1"
list_command_nrpe=$( grep --exclude=*~ -E "\[${check}\]" -r /etc/nagios/ | grep -v '#command' )
command_nrpe_primary=$( echo "${list_command_nrpe}" | grep "/etc/nagios/nrpe.d/evolix.cfg" | cut -d'=' -f2- )
command_nrpe_secondary=$( echo "${list_command_nrpe}" | head -n1 | cut -d'=' -f2- )
if [ -z "${command_nrpe_primary}" ] && [ -z "${command_nrpe_secondary}" ]
then
return 1
else
if [ -n "${command_nrpe_primary}" ]
then
${command_nrpe_primary}
else
${command_nrpe_secondary}
fi
fi
}
acquire_lock_or_exit() {
lockfile="$1"
waittime="$2"
# si le temps dattente nest pas compréhensible par sleep(1), il vaut 0
if ! echo "${waittime}" | grep -Eq '^[0-9]+[smhd]?$'
then
waittime=0
fi
# si le temps dattente est supérieur à 0 et si le lock existe, on attend
if test "${waittime}" -gt 0 && test -f "${lockfile}"
then
sleep "${waittime}"
fi
# si le lock existe, on sarrête
if test -f "${lockfile}"
then
log_error_exit "lock file ${lockfile} exists"
fi
touch "${lockfile}"
}
is_too_soon() {
if is_debug; then return; fi
witness="/tmp/autosysadmin_witness_$(basename "$0")"
if test -f "${witness}"
then
compare="$(($(date +%s)-$(stat -c "%Y" "${witness}")))"
if [ "${compare}" -lt 1800 ];
then
log_error_exit 'already executed less than 30 minutes ago'
fi
rm "${witness}"
fi
touch "${witness}"
}
init_autosysadmin() {
PATH="${PATH}":/usr/sbin:/sbin↩
unset ACTIONS
SCRIPTNAME=$(basename "$0")
PROGNAME=${SCRIPTNAME%.sh}
RUN_ID="$(date +"%Y-%m-%d_%H-%M")_${SCRIPTNAME}_$(openssl rand -hex 6)"
LOG_DIR="/var/log/autosysadmin/${RUN_ID}"
mkdir -p "${LOG_DIR}"
log "Autosysadmin : Script ${SCRIPTNAME} triggered"
# Detect operating system name, version and release↩
detect_os
}
load_conf() {
# Load conf and enable script by default.
# To disable script locally, set "$PROGNAME"=off in /etc/evolinux/autosysadmin.
# To disable script globally, set "$PROGNAME"=off in the script, after load_conf() call.
declare -g "$PROGNAME"=on # dynamic variable assignment ($PROGNAME == repair_*)
# Source configuration file
# shellcheck source=../roles/deploy_autosysadmin/templates/autosysadmin.cfg.j2
test -f /etc/evolinux/autosysadmin && source /etc/evolinux/autosysadmin
}
detect_os() {
# OS detection
DEBIAN_RELEASE=""
LSB_RELEASE_BIN="$(command -v lsb_release)"
if [ -e /etc/debian_version ]; then
DEBIAN_VERSION="$(cut -d "." -f 1 < /etc/debian_version)"
if [ -x "${LSB_RELEASE_BIN}" ]; then
DEBIAN_RELEASE="$("${LSB_RELEASE_BIN}" --codename --short)"
else
case "${DEBIAN_VERSION}" in
8) DEBIAN_RELEASE="jessie";;
9) DEBIAN_RELEASE="stretch";;
10) DEBIAN_RELEASE="buster";;
11) DEBIAN_RELEASE="bullseye";;
esac
fi
fi
}
is_debian_jessie() {
test "${DEBIAN_RELEASE}" = "jessie"
}
is_debian_stretch() {
test "${DEBIAN_RELEASE}" = "stretch"
}
is_debian_buster() {
test "${DEBIAN_RELEASE}" = "buster"
}
is_debian_bullseye() {
test "${DEBIAN_RELEASE}" = "bullseye"
}
systemd_list_service_failed() {
systemctl list-units --failed --no-legend --full --type=service "$1" |
awk '{print $1}'
}
systemd_list_units_enabled() {
list_units_enabled=$(systemctl list-unit-files --state=enabled --no-legend | awk "/$1/{print \$1}")
if [ -z "${list_units_enabled}" ]
then
return 1
else
echo "${list_units_enabled}"
fi
}
format_mail_success() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <equipe+autosysadmin@evolix.net>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: $(basename "$0")
X-RunId: ${RUN_ID}
To: ${EMAIL_CLIENT:-alert5@evolix.fr}
Cc: autosysadmin@evolix.fr
Subject: [autosysadmin] Intervention sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatique vient de se terminer.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
### Renseignements sur l'intervention
${ACTIONS}
### Réagir à cette intervention
Vous pouvez répondre à ce message (sur l'adresse mail equipe@evolix.net).
En cas d'urgence, utilisez l'adresse maintenance@evolix.fr ou
notre téléphone portable d'astreinte (04.26.99.99.26)
--
Votre AutoSysadmin
EOTEMPLATE
}
format_mail_abort_active_users() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <equipe+autosysadmin@evolix.net>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: $(basename "$0")
X-RunId: ${RUN_ID}
To: ${EMAIL_CLIENT:-alert5@evolix.fr}
Cc: autosysadmin@evolix.fr
Subject: [autosysadmin] Intervention interrompue sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatique a été interrompue en raison
d'un utilisateur actuellement actif sur le serveur.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
### Utilisateur(s) connecté(s)
$(w)
--
Votre AutoSysadmin
EOTEMPLATE
}
format_mail_internal_info() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <equipe+autosysadmin@evolix.net>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: $(basename "$0")
X-RunId: ${RUN_ID}
To: autosysadmin@evolix.fr
Subject: [autosysadmin] Complements (interne) - Intervention sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatique vient de se terminer.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
Script déclenché : $(basename "$0")
### Actions effectuées
${ACTIONS}
### Logs autosysadmin
${INTERNAL_LOG}
### Utilisateur(s) connecté(s)
$(w)
### Informations additionnelles données par le script $(basename "$0")
${INTERNAL_INFO}
--
Votre AutoSysadmin
EOTEMPLATE
}
hook_mail() {
if is_debug; then return; fi
HOSTNAME="${HOSTNAME:-"$(get_fqdn)"}"
HOSTNAME_TEXT="$(get_complete_hostname)"
EMAIL_CLIENT="$(get_evomaintenance_mail)"
MAIL_CONTENT="$(format_mail_"$1")"
SENDMAIL_BIN="$(command -v sendmail)"
if [ -z "${SENDMAIL_BIN}" ]; then
log "No \`sendmail' command has been found, can't send mail."
fi
if [ -x "${SENDMAIL_BIN}" ]; then
echo "${MAIL_CONTENT}" | "${SENDMAIL_BIN}" -oi -t -f "equipe@evolix.net"
fi
}
# We need stable output for gcal, so we force some language environment variables
export TZ=Europe/Paris
export LANGUAGE=fr_FR.UTF-8
is_holiday() {
# gcal mark today as a holiday by surrounding with < and > the day
# of the month of that holiday line. For exemple if today is 2022-05-01 we'll
# get among other lines:
# Fête du Travail (FR) + Di, < 1>Mai 2022
# Jour de la Victoire (FR) + Di, : 8:Mai 2022 = +7 jours
gcal --cc-holidays=fr --holiday-list=short | grep -E '<[0-9 ]{2}>' --quiet
}
is_weekend() {
day_of_week=$(date +%u)
if [ "$day_of_week" != 6 ] && [ "$day_of_week" != 7 ]; then
return 1
fi
}
is_workday() {
if is_holiday || is_weekend; then
return 1
fi
}
is_worktime() {
if ! is_workday; then
return 1
fi
hour=$(date +%H)
if [ "${hour}" -lt 9 ] || { [ "${hour}" -ge 12 ] && [ "${hour}" -lt 14 ] ; } || [ "${hour}" -ge 18 ]; then
return 1
fi
}

33
autosysadmin/files/scripts/repair_amavis.sh Normal file
View file

@ -0,0 +1,33 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
# shellcheck source=./restart_amavis.sh
source /usr/share/scripts/autosysadmin/restart_amavis.sh
init_autosysadmin
load_conf
test "${repair_amavis:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Verify if check_nrpe are not OK
check_nrpe "check_amavis" && log_error_exit 'check_amavis is OK, nothing to do here!'
# Has it recently been run?
get_argument "--no-delay" || is_too_soon
lockfile="/run/lock/repair_amavis"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
# The actual work starts below !
restart_amavis
hook_mail success
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

173
autosysadmin/files/scripts/repair_disk.sh Normal file
View file

@ -0,0 +1,173 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_disk:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_disk"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
# The actual work starts below !
get_mountpoints() {
# the $(...) get the check_disk1 command
# the cut command selects the critical part of the check_disk1 output
# the grep command extracts the mountpoints and available disk space
# the last cut command selects the mountpoints
$(grep check_disk1 /etc/nagios/nrpe.d/evolix.cfg | cut -d'=' -f2-) -e | cut -d'|' -f1 | grep -Eo '/[[:graph:]]* [0-9]+ [A-Z][A-Z]' | cut -f1 -d' '
}
is_reserved-blocks() {
fs_type="$(findmnt -n --output=fstype "$1")"
if [ "${fs_type}" = "ext4" ];
then
device="$(findmnt -n --output=source "$1")"
reserved_block_count="$(tune2fs -l "${device}" | grep 'Reserved block count' | awk -F':' '{ gsub (" ", "", $0); print $2}')"
block_count="$(tune2fs -l "${device}" | grep 'Block count' | awk -F':' '{ gsub (" ", "", $0); print $2}')"
percentage=$(awk "BEGIN { pc=100*${reserved_block_count}/${block_count}; i=int(pc); print (pc-i<0.5)?i:i+1 }")
log "Reserved blocks for $1 is curently at $percentage%"
if [ "${percentage}" -gt "1" ]
then
log "Allowing tune2fs action to reduce the number of reserved blocks"
return 0
else
log "Reserved blocks already at or bellow 1%, no automatic action possible"
return 1
fi
else
log "Filesystem for $1 partition is not ext4"
return 1
fi
}
change_reserved-blocks() {
# We alwasy keep some reserved blocks to avoid missing some logs
# https://gitea.evolix.org/evolix/autosysadmin/issues/22
tune2fs -m 1 "$(findmnt -n --output=source "$1")"
log_action "Reserved blocks for $1 changed to 1 percent"
}
is_tmp_to_delete() {
size="$(find /var/log/ -type f -ctime +1 -exec du {} \+ | awk '{s+=$1}END{print s / 1024}')"
if [ -n "${size}" ]
then
return 0
else
return 1
fi
}
is_log_to_delete() {
size="$(find /var/log/ -type f -mtime +365 -exec du {} \+ | awk '{s+=$1}END{print s / 1024}')"
if [ -n "${size}" ]
then
return 0
else
return 1
fi
}
clean_apt_cache() {
for lxc in $(du -ax /var | sort -nr | head -n10 | grep -E '/var/lib/lxc/php[0-9]+/rootfs/var/cache$' | grep -Eo 'php[0-9]+')
do
lxc-attach --name "${lxc}" -- apt-get clean
log_action '[lxc/'"${lxc}"'] Clean apt cache'
done
case "$(du -sx /var/* | sort -rn | sed 's/^[0-9]\+[[:space:]]\+//;q')" in
'/var/cache')
apt-get clean
log_action 'Clean apt cache'
;;
esac
}
clean_amavis_virusmails() {
if du --inodes /var/lib/* | sort -n | tail -n3 | grep -q 'virusmails$'
then
find /var/lib/amavis/virusmails/ -type f -atime +30 -delete
log_action 'Clean /var/lib/amavis/virusmails'
fi
}
for mountpoint in $(get_mountpoints)
do
case "${mountpoint}" in
/var)
#if is_log_to_delete
#then
# find /var/log/ -type f -mtime +365 -delete
# log_action "$size Mo of disk space freed in /var"
#fi
if is_reserved-blocks /var
then
change_reserved-blocks /var
clean_apt_cache
clean_amavis_virusmails
hook_mail success
fi
;;
/tmp)
#if is_tmp_to_delete
#then
# find /tmp/ -type f -ctime +1 -delete
# log_action "$size Mo of disk space freed in /tmp"
#fi
if is_reserved-blocks /tmp
then
change_reserved-blocks /tmp
hook_mail success
fi
;;
/home)
if is_reserved-blocks /home
then
change_reserved-blocks /home
hook_mail success
fi
;;
/srv)
if is_reserved-blocks /srv
then
change_reserved-blocks /srv
hook_mail success
fi
;;
/filer)
if is_reserved-blocks /filer
then
change_reserved-blocks /filer
hook_mail success
fi
;;
/)
if is_reserved-blocks /
then
change_reserved-blocks /
hook_mail success
# Suggest remove old kernel ?
fi
;;
*)
# unknown
log 'Unknown partition (or weird case) or nothing to do'
;;
esac
done
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

57
autosysadmin/files/scripts/repair_elasticsearch.sh Normal file
View file

@ -0,0 +1,57 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_elasticsearch:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_elasticsearch"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
# The actual work starts below !
elasticsearch_is_enabled() {
systemd_list_units_enabled "elasticsearch.service"
}
elasticsearch_restart() {
if ! timeout 60 systemctl restart elasticsearch.service > /dev/null
then
log_error_exit 'failed to restart elasticsearch'
fi
}
# Test functions
test_elasticsearch_process_present() {
pgrep -u elasticsearch > /dev/null
}
if elasticsearch_is_enabled
then
if ! test_elasticsearch_process_present
then
log_action "Redémarrage de elasticsearch"
elasticsearch_restart
hook_mail success
else
log_error_exit "Elasticsearch process alive. Aborting"
fi
else
log_error_exit "Elasticsearch is not enabled. Aborting"
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

141
autosysadmin/files/scripts/repair_http.sh Normal file
View file

@ -0,0 +1,141 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_http:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
http_detect_service() {
# check whether nginx, apache or both are supposed to be running
if is_debian_jessie; then
find /etc/rc2.d/
else
systemctl list-unit-files --state=enabled
fi | awk '/nginx/ { nginx = 1 } /apache2/ { apache2 = 1 } END { if (nginx && apache2) { print "both" } else if (nginx) { print "nginx" } else if (apache2) { print "apache2" } }'
# The previous awk command looks for two patterns: "nginx"
# and "apache2". If a line matches the patterns, a variable
# "nginx" or "apache2" is set to 1 (true). The "END" checks
# if one or both patterns has been found.
}
http_handle_apache() {
# check syntax
if ! apache2ctl -t > /dev/null 2> /dev/null
then
log_error_exit 'apache2 configuration syntax is not valid'
fi
# try restart
if ! timeout 20 systemctl restart apache2.service > /dev/null 2> /dev/null
then
log_error_exit 'failed to restart apache2'
fi
log_action "Redémarrage de Apache"
internal_info "#### grep $(LANG=en_US.UTF-8 date '+%b %d') /home/*/log/error.log /var/log/apache2/*error.log (avec filtrage)"
ERROR_LOG=$(grep "$(LANG=en_US.UTF-8 date '+%b %d')" /home/*/log/error.log /var/log/apache2/*error.log | grep -v -e "Got error 'PHP message:" -e "No matching DirectoryIndex" -e "client denied by server configuration" -e "server certificate does NOT include an ID which matches the server name" )
internal_info "$ERROR_LOG"
}
http_handle_nginx() {
# check syntax
if ! nginx -t > /dev/null 2> /dev/null
then
log_error_exit 'nginx configuration syntax is not valid'
fi
# try restart
if ! timeout 20 systemctl restart nginx.service > /dev/null 2> /dev/null
then
log_error_exit 'failed to restart nginx'
fi
log_action "Redémarrage de Nginx"
}
http_handle_lxc_php() {
# check whether containers are used for PHP and reboot them if so
if systemd_list_units_enabled 'lxc'
then
for php in $(lxc-ls | grep 'php'); do
lxc-stop -n "$php"
lxc-start --daemon -n "$php"
log_action "lxc-fpm - Redémarrage container ${php}"
done
fi
}
http_handle_fpm_php() {
# check whether php-fpm is installed and restart it if so
if enabled_units="$(systemd_list_units_enabled "php.*-fpm")"
then
systemctl restart "${enabled_units}"
log_action 'php-fpm - Redémarrage de php-fpm'
fi
}
case "$(http_detect_service)" in
nginx)
http_handle_nginx
http_handle_lxc_php
http_handle_fpm_php
hook_mail success
hook_mail internal_info
;;
apache2)
http_handle_apache
http_handle_lxc_php
http_handle_fpm_php
hook_mail success
hook_mail internal_info
;;
both)
http_handle_nginx
http_handle_apache
http_handle_lxc_php
http_handle_fpm_php
hook_mail success
hook_mail internal_info
;;
*)
# unknown
log 'nothing to do'
;;
esac
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

71
autosysadmin/files/scripts/repair_mysql.sh Normal file
View file

@ -0,0 +1,71 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_mysql:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_mysql"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
mysql_is_enabled() {
if is_debian_jessie
then
find /etc/rc2.d/ -name '*mysql*' > /dev/null
else
systemd_list_units_enabled "mysql.service"
fi
}
mysql_restart() {
if is_debian_jessie
then
if ! timeout 60 /etc/init.d/mysql restart > /dev/null
then
log_error_exit 'failed to restart mysql'
fi
else
if ! timeout 60 systemctl restart mysql.service > /dev/null
then
log_error_exit 'failed to restart mysql'
fi
fi
}
# Test functions
test_mysql_process_present() {
pgrep -u mysql mysqld > /dev/null
}
if mysql_is_enabled
then
if ! test_mysql_process_present
then
log_action "Redémarrage de MySQL"
mysql_restart
hook_mail success
else
log_error_exit "mysqld process alive. Aborting"
fi
else
log_error_exit "MySQL/MariaDB not enabled. Aborting"
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

61
autosysadmin/files/scripts/repair_opendkim.sh Normal file
View file

@ -0,0 +1,61 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_opendkim:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_opendkim"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
log_system_status
# Functions dedicated to this repair script
opendkim_is_enabled() {
systemd_list_units_enabled "opendkim.service"
}
opendkim_restart() {
if ! timeout 60 systemctl restart opendkim.service > /dev/null
then
log_error_exit 'failed to restart opendkim'
fi
}
opendkim_test_process_present() {
pgrep -u opendkim > /dev/null
}
# Main logic
if opendkim_is_enabled
then
if ! opendkim_test_process_present
then
log_action "Redémarrage de opendkim"
opendkim_restart
hook_mail success
else
log_error_exit "opendkim process alive. Aborting"
fi
else
log_error_exit "opendkim is not enabled. Aborting"
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_php_fpm56.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_php_fpm56:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}" 15s
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
log_check_php_fpm
if systemd_list_units_enabled 'lxc'
then
if lxc-ls | grep -q php56
then
lxc-stop -n php56
lxc-start --daemon -n php56
log_action "lxc-fpm - Redémarrage container php56"
internal_info "#### tail /var/lib/lxc/php56/rootfs/var/log/php5-fpm.log"
FPM_LOG=$(tail /var/lib/lxc/php56/rootfs/var/log/php5-fpm.log)
internal_info "$FPM_LOG" "$(read_log_system_status)"
hook_mail success
hook_mail internal_info
else
log 'Not possible :v'
fi
else
log 'Error, not a multi-php install'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_php_fpm70.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_php_fpm70:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}" 15s
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
log_check_php_fpm
if systemd_list_units_enabled 'lxc'
then
if lxc-ls | grep -q php70
then
lxc-stop -n php70
lxc-start --daemon -n php70
log_action "lxc-fpm - Redémarrage container php70"
internal_info "#### tail /var/lib/lxc/php70/rootfs/var/log/php7.0-fpm.log"
FPM_LOG=$(tail /var/lib/lxc/php70/rootfs/var/log/php7.0-fpm.log)
internal_info "$FPM_LOG" "$(read_log_system_status)"
hook_mail success
hook_mail internal_info
else
log 'Not possible :v'
fi
else
log 'Error, not a multi-php install'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_php_fpm73.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_php_fpm73:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}" 15s
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
log_check_php_fpm
if systemd_list_units_enabled 'lxc'
then
if lxc-ls | grep -q php73
then
lxc-stop -n php73
lxc-start --daemon -n php73
log_action "lxc-fpm - Redémarrage container php73"
internal_info "#### tail /var/lib/lxc/php73/rootfs/var/log/php7.3-fpm.log"
FPM_LOG=$(tail /var/lib/lxc/php73/rootfs/var/log/php7.3-fpm.log)
internal_info "$FPM_LOG" "$(read_log_system_status)"
hook_mail success
hook_mail internal_info
else
log 'Not possible :v'
fi
else
log 'Error, not a multi-php install'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_php_fpm74.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_php_fpm74:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}" 15s
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
log_check_php_fpm
if systemd_list_units_enabled 'lxc'
then
if lxc-ls | grep -q php74
then
lxc-stop -n php74
lxc-start --daemon -n php74
log_action "lxc-fpm - Redémarrage container php74"
internal_info "#### tail /var/lib/lxc/php74/rootfs/var/log/php7.4-fpm.log"
FPM_LOG=$(tail /var/lib/lxc/php74/rootfs/var/log/php7.4-fpm.log)
internal_info "$FPM_LOG" "$(read_log_system_status)"
hook_mail success
hook_mail internal_info
else
log 'Not possible :v'
fi
else
log 'Error, not a multi-php install'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_php_fpm80.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_php_fpm80:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}" 15s
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
log_check_php_fpm
if systemd_list_units_enabled 'lxc'
then
if lxc-ls | grep -q php80
then
lxc-stop -n php80
lxc-start --daemon -n php80
log_action "lxc-fpm - Redémarrage container php80"
internal_info "#### tail /var/lib/lxc/php80/rootfs/var/log/php8.0-fpm.log"
FPM_LOG=$(tail /var/lib/lxc/php80/rootfs/var/log/php8.0-fpm.log)
internal_info "$FPM_LOG" "$(read_log_system_status)"
hook_mail success
hook_mail internal_info
else
log 'Not possible :v'
fi
else
log 'Error, not a multi-php install'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_php_fpm81.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_php_fpm81:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}" 15s
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
log_check_php_fpm
if systemd_list_units_enabled 'lxc'
then
if lxc-ls | grep -q php81
then
lxc-stop -n php81
lxc-start --daemon -n php81
log_action "lxc-fpm - Redémarrage container php81"
internal_info "#### tail /var/lib/lxc/php81/rootfs/var/log/php8.1-fpm.log"
FPM_LOG=$(tail /var/lib/lxc/php81/rootfs/var/log/php8.1-fpm.log)
internal_info "$FPM_LOG" "$(read_log_system_status)"
hook_mail success
hook_mail internal_info
else
log 'Not possible :v'
fi
else
log 'Error, not a multi-php install'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_php_fpm82.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_php_fpm82:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}" 15s
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
log_check_php_fpm
if systemd_list_units_enabled 'lxc'
then
if lxc-ls | grep -q php82
then
lxc-stop -n php82
lxc-start --daemon -n php82
log_action "lxc-fpm - Redémarrage container php82"
internal_info "#### tail /var/lib/lxc/php82/rootfs/var/log/php8.2-fpm.log"
FPM_LOG=$(tail /var/lib/lxc/php82/rootfs/var/log/php8.2-fpm.log)
internal_info "$FPM_LOG" "$(read_log_system_status)"
hook_mail success
hook_mail internal_info
else
log 'Not possible :v'
fi
else
log 'Error, not a multi-php install'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_php_fpm83.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_php_fpm83:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_http"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}" 15s
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
log_check_php_fpm
if systemd_list_units_enabled 'lxc'
then
if lxc-ls | grep -q php83
then
lxc-stop -n php83
lxc-start --daemon -n php83
log_action "lxc-fpm - Redémarrage container php83"
internal_info "#### tail /var/lib/lxc/php83/rootfs/var/log/php8.3-fpm.log"
FPM_LOG=$(tail /var/lib/lxc/php83/rootfs/var/log/php8.3-fpm.log)
internal_info "$FPM_LOG" "$(read_log_system_status)"
hook_mail success
hook_mail internal_info
else
log 'Not possible :v'
fi
else
log 'Error, not a multi-php install'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

58
autosysadmin/files/scripts/repair_redis.sh Normal file
View file

@ -0,0 +1,58 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_redis:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_redis"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
# The actual work starts below !
handle_redis() {
for service in $(systemd_list_service_failed redis*)
do
# ne rien faire si le service est désactivé
if ! systemctl is-enabled --quiet "${service}"
then
continue
fi
# ne rien faire si le service est actif
if systemctl is-active --quiet "${service}"
then
continue
fi
if ! timeout 20 systemctl restart redis.service > /dev/null 2> /dev/null
then
log_error_exit "failed to restart redis ${service}"
fi
log_action "Redémarrer service ${service}"
done
}
if ( systemd_list_units_enabled 'redis.*\.service$' ) > /dev/null
then
handle_redis
hook_mail success
else
log 'Error: redis service is not enabled'
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

63
autosysadmin/files/scripts/repair_template.sh Normal file
View file

@ -0,0 +1,63 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
# Comment this line to enable
repair_template=off
test "${repair_template:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_template"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
log_system_status
# Functions dedicated to this repair script
template_is_enabled() {
systemd_list_units_enabled "template.service"
}
template_restart() {
if ! timeout 60 systemctl restart template.service > /dev/null
then
log_error_exit 'failed to restart template'
fi
}
template_test_process_present() {
pgrep -u template > /dev/null
}
# Main logic
if template_is_enabled
then
if ! template_test_process_present
then
log_action "Redémarrage de template"
template_restart
hook_mail success
else
log_error_exit "template process alive. Aborting"
fi
else
log_error_exit "template is not enabled. Aborting"
fi
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

53
autosysadmin/files/scripts/repair_tomcat_instance.sh Normal file
View file

@ -0,0 +1,53 @@
#!/bin/bash
# Source functions file
# shellcheck source=./functions.sh
source /usr/share/scripts/autosysadmin/functions.sh
init_autosysadmin
load_conf
test "${repair_tomcat_instance:=off}" = off && log_error_exit 'Script disabled, nothing to do here!'
# Has it recently been run?
is_too_soon
lockfile="/run/lock/repair_tomcat_instance"
cleanup() {
rm -f "${lockfile}"
}
trap 'cleanup' 0
acquire_lock_or_exit "${lockfile}"
ensure_no_active_users_or_exit
# The actual work starts below !
log_system_status
repair_tomcat_instance_handle_tomcat() {
if /bin/su - "${1}" -c "/bin/systemctl --quiet --user is-active tomcat.service" ; then
if ! /bin/su - "${1}" -c "/usr/bin/timeout 20 /bin/systemctl --quiet --user restart tomcat.service"
then
log_error_exit "Echec de redémarrage instance tomcat utilisateur ${1}"
else
log_action "Redémarrage instance tomcat utilisateur ${1}"
fi
elif /bin/systemctl --quiet is-active "${1}".service ; then
if ! /usr/bin/timeout 20 systemctl --quiet restart "${1}".service
then
log_error_exit "Echec de redémarrage instance tomcat ${1}"
else
log_action "Redémarrage instance tomcat ${1}"
fi
fi
}
for instance in $( /usr/local/lib/nagios/plugins/check_tomcat_instance.sh |grep CRITICAL |awk '{print $3}' |sed '1d') ;
do
repair_tomcat_instance_handle_tomcat "${instance}"
done
AUTOSYSADMIN=1 /usr/share/scripts/evomaintenance.sh -m "$0: done" --no-commit --no-mail

35
autosysadmin/files/scripts/restart_amavis.sh Normal file
View file

@ -0,0 +1,35 @@
#!/bin/bash
restart_amavis() {
/etc/init.d/amavis stop 2>/dev/null
/etc/init.d/clamav-freshclam stop 2>/dev/null
/etc/init.d/clamav-daemon stop 2>/dev/null
if systemctl is-enabled --quiet 'clamav-freshclam.service'
then
freshclam
log_action "Mise à jour des définitions antivirus"
fi
if systemctl is-enabled --quiet 'clamav-daemon.service'
then
/etc/init.d/clamav-daemon start
log_action "Redémarrage de clamav-daemon"
else
log 'Error, clamav not installed'
fi
if systemctl is-enabled --quiet 'clamav-freshclam.service'
then
/etc/init.d/clamav-freshclam start
log_action "Redémarrage de clamav-freshclam"
fi
if systemctl is-enabled --quiet 'amavis.service'
then
/etc/init.d/amavis start
log_action "Redémarrage de amavis"
else
log 'Error, amavis not installed'
fi
}

16
autosysadmin/handlers/main.yml Normal file
View file

@ -0,0 +1,16 @@
---
- name: Restart nagios-nrpe-server
ansible.builtin.service:
name: nagios-nrpe-server
state: restarted
- name: Restart nrpe
ansible.builtin.service:
name: nrpe
state: restarted
- name: Restart rsyslog
ansible.builtin.service:
name: rsyslog
state: restarted

61
autosysadmin/tasks/autosysadmin_scripts.yml Normal file
View file

@ -0,0 +1,61 @@
---
- name: "Remount /usr if needed"
ansible.builtin.import_role:
name: remount-usr
- name: Create autosysadmin directory
ansible.builtin.file:
path: "{{ autosysadmin_dir }}"
state: directory
owner: "root"
group: "root"
mode: "0750"
tags:
- autosysadmin
- name: Copy scripts
ansible.builtin.copy:
src: "files/scripts/{{ item }}"
dest: "{{ autosysadmin_dir }}/{{ item }}"
owner: root
group: root
mode: "0750"
loop:
- "functions.sh"
- "restart_amavis.sh"
- "repair_amavis.sh"
- "repair_disk.sh"
- "repair_elasticsearch.sh"
- "repair_http.sh"
- "repair_mysql.sh"
- "repair_php_fpm56.sh"
- "repair_php_fpm70.sh"
- "repair_php_fpm73.sh"
- "repair_php_fpm74.sh"
- "repair_php_fpm80.sh"
- "repair_php_fpm81.sh"
- "repair_php_fpm82.sh"
- "repair_php_fpm83.sh"
- "repair_tomcat_instance.sh"
tags:
- autosysadmin
- name: Ensure /etc/evolinux folder exists
ansible.builtin.file:
path: "/etc/evolinux"
state: directory
owner: "root"
group: "root"
mode: "0700"
tags:
- autosysadmin
- name: Copy the configuration file
ansible.builtin.template:
src: "autosysadmin.cf.j2"
dest: "/etc/evolinux/autosysadmin"
owner: root
group: root
mode: "0640"
tags:
- autosysadmin

4
autosysadmin/tasks/dependencies.yml Normal file
View file

@ -0,0 +1,4 @@
---
- name: Install gcal
ansible.builtin.apt:
name: gcal

10
autosysadmin/tasks/logrotate.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Copy logrotate configuration for autosysadmin
ansible.builtin.copy:
src: "files/logrotate_autosysadmin.conf"
dest: "/etc/logrotate.d/autosysadmin"
owner: root
group: root
mode: "0644"
tags:
- autosysadmin

37
autosysadmin/tasks/main.yml Normal file
View file

@ -0,0 +1,37 @@
---
- name: Install dependencies
ansible.builtin.import_tasks: dependencies.yml
tags:
- autosysadmin
- name: Install autosysadmin scripts
ansible.builtin.import_tasks: autosysadmin_scripts.yml
tags:
- autosysadmin
- name: Amend NRPE configuration
ansible.builtin.import_tasks: nrpe.yml
tags:
- autosysadmin
- name: Amend sudo configuration
ansible.builtin.import_tasks: sudo.yml
tags:
- autosysadmin
- name: Amend rsyslog configuration
ansible.builtin.import_tasks: rsyslog.yml
tags:
- autosysadmin
- name: Amend logrotate configuration
ansible.builtin.import_tasks: logrotate.yml
tags:
- autosysadmin
- name: Install last version of dump-server-state
ansible.builtin.import_role:
name: evolinux-base
tasks_from: dump-server-state.yml
tags:
- autosysadmin

11
autosysadmin/tasks/nrpe.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: Custom configuration is present
ansible.builtin.template:
src: autosysadmin.cfg.j2
dest: /etc/nagios/nrpe.d/autosysadmin.cfg
group: nagios
mode: "0640"
force: true
notify: Restart nagios-nrpe-server
tags:
- autosysadmin

11
autosysadmin/tasks/rsyslog.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: Copy rsyslog configuration for autosysadmin
ansible.builtin.copy:
src: "files/rsyslog_autosysadmin.conf"
dest: "/etc/rsyslog.d/autosysadmin.conf"
owner: root
group: root
mode: "0644"
notify: Restart rsyslog
tags:
- autosysadmin

9
autosysadmin/tasks/sudo.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: Add autosysadmin sudoers file
ansible.builtin.template:
src: sudoers.j2
dest: /etc/sudoers.d/autosysadmin
mode: "0600"
validate: "visudo -cf %s"
tags:
- autosysadmin

74
autosysadmin/templates/autosysadmin.cf.j2 Normal file
View file

@ -0,0 +1,74 @@
#
# Ansible managed - DO NOT MODIFY, your changes will be **overwritten** !
#
# Update the hosts_vars/group_vars on the autosysadmin project
# https://gitea.evolix.org/evolix/autosysadmin/src/branch/master
#
# Configuration for autosysadmin
# Use this file to change configuration values defined in repair scripts
# Ex : repair_http=off
{% if repair_amavis == "off" %}
repair_amavis=off
{% endif %}
{% if repair_disk == "off" %}
repair_disk=off
{% endif %}
{% if repair_elasticsearch == "off" %}
repair_elasticsearch=off
{% endif %}
{% if repair_http == "off" %}
repair_http=off
{% endif %}
{% if repair_mysql == "off" %}
repair_mysql=off
{% endif %}
{% if repair_opendkim == "off" %}
repair_opendkim=off
{% endif %}
{% if repair_php_fpm56 == "off" %}
repair_php_fpm56=off
{% endif %}
{% if repair_php_fpm70 == "off" %}
repair_php_fpm70=off
{% endif %}
{% if repair_php_fpm73 == "off" %}
repair_php_fpm73=off
{% endif %}
{% if repair_php_fpm74 == "off" %}
repair_php_fpm74=off
{% endif %}
{% if repair_php_fpm80 == "off" %}
repair_php_fpm80=off
{% endif %}
{% if repair_php_fpm81 == "off" %}
repair_php_fpm81=off
{% endif %}
{% if repair_php_fpm82 == "off" %}
repair_php_fpm82=off
{% endif %}
{% if repair_php_fpm83 == "off" %}
repair_php_fpm83=off
{% endif %}
{% if repair_redis == "off" %}
repair_redis=off
{% endif %}
{% if repair_tomcat_instance == "off" %}
repair_tomcat_instance=off
{% endif %}

22
autosysadmin/templates/autosysadmin.cfg.j2 Normal file
View file

@ -0,0 +1,22 @@
#
# Ansible managed - DO NOT MODIFY, your changes will be overwritten !
#
# Autosysadmin repair commands
command[repair_amavis]=sudo {{ autosysadmin_dir }}/repair_amavis.sh
command[repair_disk]=sudo {{ autosysadmin_dir }}/repair_disk.sh
command[repair_elasticsearch]=sudo {{ autosysadmin_dir }}/repair_elasticsearch.sh
command[repair_http]=sudo {{ autosysadmin_dir }}/repair_http.sh
command[repair_mysql]=sudo {{ autosysadmin_dir }}/repair_mysql.sh
command[repair_opendkim]=sudo {{ autosysadmin_dir }}/repair_opendkim.sh
command[repair_php_fpm56]=sudo {{ autosysadmin_dir }}/repair_php_fpm56.sh
command[repair_php_fpm70]=sudo {{ autosysadmin_dir }}/repair_php_fpm70.sh
command[repair_php_fpm73]=sudo {{ autosysadmin_dir }}/repair_php_fpm73.sh
command[repair_php_fpm74]=sudo {{ autosysadmin_dir }}/repair_php_fpm74.sh
command[repair_php_fpm80]=sudo {{ autosysadmin_dir }}/repair_php_fpm80.sh
command[repair_php_fpm81]=sudo {{ autosysadmin_dir }}/repair_php_fpm81.sh
command[repair_php_fpm82]=sudo {{ autosysadmin_dir }}/repair_php_fpm82.sh
command[repair_php_fpm83]=sudo {{ autosysadmin_dir }}/repair_php_fpm83.sh
command[repair_redis]=sudo {{ autosysadmin_dir }}/repair_redis.sh
command[repair_tomcat_instance]=sudo {{ autosysadmin_dir }}/repair_tomcat_instance.sh

21
autosysadmin/templates/sudoers.j2 Normal file
View file

@ -0,0 +1,21 @@
#
# Ansible managed - DO NOT MODIFY, your changes will be overwritten !
#
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_amavis.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_disk.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_elasticsearch.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_http.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_mysql.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_opendkim.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_php_fpm56.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_php_fpm70.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_php_fpm73.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_php_fpm74.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_php_fpm80.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_php_fpm81.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_php_fpm82.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_php_fpm83.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_redis.sh
nagios ALL = NOPASSWD: {{ autosysadmin_dir }}/repair_tomcat_instance.sh

3
evolinux-base/defaults/main.yml
View file

@ -235,3 +235,6 @@ evolinux_motd_include: True
# Utils
evolinux_utils_include: True
# Autosysadmin
evolinux_autosysadmin_include: false

5
evolinux-base/tasks/main.yml
View file

@ -127,6 +127,11 @@
name: evolix/nagios-nrpe
when: evolinux_nagios_nrpe_include | bool
- name: Autosysadmin
ansible.builtin.include_role:
name: 'evolix/autosysadmin'
when: evolinux_autosysadmin_include | bool
- name: fail2ban
ansible.builtin.include_role:
name: evolix/fail2ban