Myceliandre
/
myc-manage
3
2
Fork 1
Code Issues 1 Pull Requests 2 Releases Wiki Activity
Browse Source

new: [send] add send cmd, request auth on install and update, add vps check backup function and cron

Boris Gallet 2 months ago
parent
83c41f54f2
commit
85635ba98a
6 changed files with 277 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 55
      bin/myc-install
  2. 58
      bin/myc-update
  3. 93
      bin/send
  4. 69
      bin/vps
  5. 4
      etc/cron.d/check-backup
  6. BIN
      etc/ssh/ntfy-key

55
bin/myc-install
View File

@ -145,6 +145,59 @@ pip install ovh ||
docker pull docker.0k.io/php:7.4-myc && docker tag docker.0k.io/php:7.4-myc myc_frontend &&
docker pull docker.0k.io/cron:jessie && docker tag docker.0k.io/cron:jessie myc_cron &&
## Copy Ntfy key to root/.ssh/
umask 066
ntfy_key="/opt/apps/myc-manage/etc/ssh/ntfy-key"
if [ ! -f "$ntfy_key" ]; then
echo "Error: ntfy key not found" >&2
exit 1
fi
if [ ! -f "/root/.ssh/ntfy-key" ]; then
cat $ntfy_key | gpg -d --batch --yes --passphrase 'uniquepass' > /root/.ssh/ntfy-key || >&2 echo "Error while copying ntfy key to root"
fi
## Request token to ntfy server and add to config file
ntfy_host="core-01.0k.io"
if ! ssh-keygen -F $ntfy_host -f /root/.ssh/known_hosts >/dev/null; then
ssh-keyscan -H $ntfy_host >> /root/.ssh/known_hosts || >&2 echo "Error while adding ntfy server to known_hosts"
fi
## if the config file doesn’t exist and LOGIN PASSWORD ARE not in we request them
config_file="/etc/ntfy/ntfy.conf"
mkdir -p "${config_file%/*}"
if [ -f "$config_file" ] || touch $config_file || {
echo "Error: couldn’t create config file $config_file" >&2;
exit 1
}; then
## if the config file is not complete we request new credentials
if ! grep -qE '^LOGIN=' "$config_file" || ! grep -qE '^PASSWORD=' "$config_file"; then
cred=$(ssh -i /root/.ssh/ntfy-key ntfy@core-01.0k.io request-token) || >&2 echo "Error while requesting token to ntfy server"
login_ntfy=$(printf "%s" "${cred%$'\n'*}")
password_ntfy=$(printf "%s" "${cred#$'\n'*}")
if [ -z "$login_ntfy" ] || [[ "$login_ntfy" == *$'\n'* ]]; then
echo "Error: couldn’t infer credential from ntfy server" >&2;
printf "%s" "$cred" | sed -r 's/^ |/g' >&2;
exit 1
fi
if grep -qE '^LOGIN=' "$config_file"; then
sed -i "s/^LOGIN=.*/LOGIN='$login'/" "$config_file"
else
echo "LOGIN='$login'" >> "$config_file"
fi
if grep -qE '^PASSWORD=' "$config_file"; then
sed -i "s/^PASSWORD=.*/PASSWORD='$password'/" "$config_file"
else
echo "PASSWORD='$password'" >> "$config_file"
fi
else
echo "NTFY Config file is already complete" >&2;
fi
fi
## Marker to probe if this script finished it's job
echo "done" > /var/run/myc-installer.0k.io.state
echo "done" > /var/run/myc-installer.0k.io.state

58
bin/myc-update
View File

@ -96,7 +96,7 @@ for d in /etc/cron.{d,daily,hourly,monthly,weekly}; do
ln -sfn "/opt/apps/myc-manage\$d/"* "\$d/" &&
find -L "\$d" -maxdepth 1 -type l -ilname "/opt/apps/myc-manage\$d/"\* -delete
done
EOF
EOF
Wrap -d "Updating sysctl scripts" <<EOF || exit 1
for d in /etc/sysctl.d; do
@ -113,6 +113,62 @@ sed -ri 's/^# (export LS_OPTIONS=.--color=auto.)/\1/;
EOF
fi
Wrap -d "Update authorization to send to ntfy server " <<'EOF' || exit 1
mkdir -p /root/.ssh
## Copy Ntfy key to root/.ssh/
umask 066
ntfy_key="/opt/apps/myc-manage/etc/ssh/ntfy-key"
if [ ! -f "$ntfy_key" ]; then
echo "Error: ntfy key not found" >&2
exit 1
fi
if [ ! -f "/root/.ssh/ntfy-key" ]; then
cat $ntfy_key | gpg -d --batch --yes --passphrase 'uniquepass' > /root/.ssh/ntfy-key || >&2 echo "Error while copying ntfy key to root"
fi
## Request token to ntfy server and add to config file
ntfy_host="core-01.0k.io"
if ! ssh-keygen -F $ntfy_host -f /root/.ssh/known_hosts >/dev/null; then
ssh-keyscan -H $ntfy_host >> /root/.ssh/known_hosts || >&2 echo "Error while adding ntfy server to known_hosts"
fi
## if the config file doesn’t exist and LOGIN PASSWORD ARE not in we request them
config_file="/etc/ntfy/ntfy.conf"
mkdir -p "${config_file%/*}"
if [ -f "$config_file" ] || touch $config_file || {
echo "Error: couldn’t create config file $config_file" >&2;
exit 1
}; then
## if the config file is not complete we request new credentials
if ! grep -qE '^LOGIN=' "$config_file" || ! grep -qE '^PASSWORD=' "$config_file"; then
cred=$(ssh -i /root/.ssh/ntfy-key ntfy@core-01.0k.io request-token) || >&2 echo "Error while requesting token to ntfy server"
login_ntfy=$(printf "%s" "${cred%$'\n'*}")
password_ntfy=$(printf "%s" "${cred#$'\n'*}")
if [ -z "$login_ntfy" ] || [[ "$login_ntfy" == *$'\n'* ]]; then
echo "Error: couldn’t infer credential from ntfy server" >&2;
printf "%s" "$cred" | sed -r 's/^ |/g' >&2;
exit 1
fi
if grep -qE '^LOGIN=' "$config_file"; then
sed -i "s/^LOGIN=.*/LOGIN='$login'/" "$config_file"
else
echo "LOGIN='$login'" >> "$config_file"
fi
if grep -qE '^PASSWORD=' "$config_file"; then
sed -i "s/^PASSWORD=.*/PASSWORD='$password'/" "$config_file"
else
echo "PASSWORD='$password'" >> "$config_file"
fi
else
echo "NTFY Config file is already complete" >&2;
fi
fi
EOF
for keyfile in {/root,/home/debian}/.ssh/authorized_keys; do
[ -e "$keyfile" ] || continue

93
bin/send
View File

@ -0,0 +1,93 @@
#!/bin/bash
## Send a notification with NTFY and check if the config file is complete
if [[ "$UID" == "0" ]]; then
NTFY_CONFIG_FILE="/etc/ntfy/ntfy.conf"
else
NTFY_CONFIG_FILE=~/.config/ntfy/ntfy.conf
fi
SERVER="https://ntfy.0k.io/"
if ! [ -e "$NTFY_CONFIG_FILE" ]; then
mkdir -p "${NTFY_CONFIG_FILE%/*}"
## default option to change if needed
echo "SERVER=$SERVER" > "$NTFY_CONFIG_FILE"
elif ! grep -q "^SERVER=" "$NTFY_CONFIG_FILE"; then
echo "SERVER=$SERVER" >> "$NTFY_CONFIG_FILE"
fi
source "$NTFY_CONFIG_FILE"
for var in SERVER LOGIN PASSWORD; do
if ! [ -v "$var" ]; then
echo "Error: missing $var in $NTFY_CONFIG_FILE"
exit 1
fi
done
exname=${0##*/}
channel="main"
usage="Usage: $exname [-c CHANNEL] [-t TITLE ] MESSAGE
----------------------------------------------
--- Send MESSAGE with TITLE to the specified CHANNEL. ---
----------------------------------------------
If no CHANNEL is provided, the message will be sent to the default channel
Default CHANNEL is format as follow : ConfiguredLOGIN_${default_channel}
If no TITLE is provided, the message will be sent with the hostname as title."
while [[ $# -gt 0 ]]; do
arg="$1"
shift
case "$arg" in
-h|--help)
echo "$usage"
exit 0
;;
-c|--channel)
channel="$1"
[ -z "$channel" ] || {
echo "Error: no argument for channel option." >&2
echo "$usage" >&2
exit 1
}
shift
;;
-t|--title)
title="$1"
[ -z "$title" ] || {
echo "Error: no argument for title option." >&2
echo "$usage" >&2
exit 1
}
shift
;;
*)
[ -z "$message" ] && { message="$arg"; continue; }
echo "Error : Unexpected positional argument '$arg'." >&2
echo "$usage" >&2
exit 1
;;
esac
done
[ -n "$message" ] || {
echo "Error: missing message." >&2
echo "$usage" >&2
exit 1
}
curl_opts=(
-s
-u "$LOGIN:$PASSWORD"
-d "$message"
)
if [ -n "$title" ]; then
curl_opts+=(-H "Title: [$(hostname)] $title")
fi
curl "${curl_opts[@]}" "$SERVER/${LOGIN}_$channel" > /dev/null

69
bin/vps
View File

@ -2615,4 +2615,73 @@ cmdline.spec:monujo:cmd:set-version:run() {
}
cmdline.spec::cmd:check:run() {
:
}
cmdline.spec.gnu check
cmdline.spec:check:cmd:backup:run() {
: :optfla: --notify,-n "Send result through notify"
: :optval: --service,-s "The backup service name (defaults to 'rsync-backup')"
## Check on daily bases if backup exist in config and when is the last backup done :
## ALERT if backup is set and last backup is older than 24h
local STATE_FILE="/var/run/myc-manage/backup.state"
mkdir -p "${STATE_FILE%/*}"
service=${opt_service:-rsync-backup}
project_name=$(compose:project_name) || exit 1
## check if service exists in compose.yml
if ! compose:service:exists "$project_name" "$service"; then
warn "no service ${DARKYELLOW}$service${NORMAL}. Ignoring."
return 0
fi
last_backup_datetime=$(
cat /srv/datastore/data/cron/var/log/cron/*rsync-backup_script{_*,}.log | grep "total size is" | sort | tail -n 1 | cut -f -2 -d " ")
last_backup_ts=$(date -d "$last_backup_datetime" +%s)
max_ts=$(date -d "24 hours ago" +%s)
state="ok"
if [ "$last_backup_ts" -lt "$max_ts" ]; then
state="ko"
fi
if [ -z "$opt_notify" ]; then
if [ "$state" == "ok" ]; then
info "Everything is ${GREEN}ok${NORMAL}. (last backup: ${DARKCYAN}$last_backup_datetime${NORMAL})"
return 0
fi
warn "Last backup older than 1 day. (last backup: ${DARKCYAN}$last_backup_datetime${NORMAL})"
return 1
fi
## notify
last_state=$(cat "$STATE_FILE" 2>/dev/null) || true
if [ "$state" == "$last_state" ]; then
[ "$state" == "ko" ] || return 0
is_old=$(find "$STATE_FILE" -type f -mtime +2) || return 1
[ -n "$is_old" ] || return 0
fi
echo "$state" > "$STATE_FILE"
message="[$(hostname)]: WARNING no backup done in the last 24h (No backup since $days days and $hours hours)"
timestamp=$(date +%s)
time_difference=$((timestamp - last_backup_ts))
days=$((time_difference / 86400))
hours=$((time_difference % 86400 / 3600))
message="WARNING: no backup done in the last 24h (No backup since $days days and $hours hours)"
send -t "ALERT Backup" "$message"
}
cmdline::parse "$@"

4
etc/cron.d/check-backup
View File

@ -0,0 +1,4 @@
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
12 * * * * root vps check backup -n 2>&1 | logger -t stats

BIN
etc/ssh/ntfy-key
View File

Write Preview
Loading…
Cancel
Save