fix: make check_ie_sample and move_old_logs services usable

files/usr/local/bin/move_old_logs.sh

@@ -8,7 +8,10 @@ START_YEAR="2015"
 CURRENT_YEAR="$( date +%Y )"
 PREVIOUS_YEAR="$(( CURRENT_YEAR - 1 ))"
 
-for APP in disapp subapp subapp_ws; do
+[[ -n ${1} ]] && APP=${1}
+[[ (! ${APP} =~ "disapp") && (! ${APP} =~ "subapp") && (! ${APP} =~ "subapp_webservice") ]] && \
+	echo 'ERROR: $1 needs to be one of "disapp", "subapp" or "subapp_webservice"'
+
 cd "/var/log/$APP/" || exit 1
 
 # create directories for old logfiles
@@ -18,11 +21,20 @@ for APP in disapp subapp subapp_ws; do
 
 # move all old logfiles
 for YEAR in $( seq ${START_YEAR} ${PREVIOUS_YEAR} ); do
+	if [[ "${APP}" == "disapp" ]]; then
+		if [[ -n $( find ./ -maxdepth 1 -name "disapp.log.${YEAR}-*.lz" ) ]]; then mv disapp.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+	fi
+
+	if [[ "${APP}" == "subapp" ]]; then
 		if [[ -n $( find ./ -maxdepth 1 -name "Protokoll_SLUBArchiv_Erfolgreich-${YEAR}*.log" ) ]]; then mv Protokoll_SLUBArchiv_Erfolgreich-${YEAR}*.log "old/${YEAR}/"; fi
 		if [[ -n $( find ./ -maxdepth 1 -name "Protokoll_SLUBArchiv_FEHLER-${YEAR}*.log" ) ]]; then mv Protokoll_SLUBArchiv_FEHLER-${YEAR}*.log "old/${YEAR}/"; fi
 		if [[ -n $( find ./ -maxdepth 1 -name "sips.log.${YEAR}-*.lz" ) ]]; then mv sips.log.${YEAR}-*.lz "old/${YEAR}/"; fi
-		if [[ -n $( find ./ -maxdepth 1 -name "disapp.log.${YEAR}-*.lz" ) ]]; then mv disapp.log.${YEAR}-*.lz "old/${YEAR}/"; fi
 		if [[ -n $( find ./ -maxdepth 1 -name "subapp.log.${YEAR}-*.lz" ) ]]; then mv subapp.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+		if [[ -n $( find ./ -maxdepth 1 -name "producer_mails.log.${YEAR}-*.lz" ) ]]; then mv producer_mails.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+		if [[ -n $( find ./ -maxdepth 1 -name "staff_mails.log.${YEAR}-*.lz" ) ]]; then mv staff_mails.log.${YEAR}-*.lz "old/${YEAR}/"; fi
+	fi
+
+	if [[ "${APP}" == "subapp_webservice" ]]; then
 		if [[ -n $( find ./ -maxdepth 1 -name "webservice.log.${YEAR}-*.lz" ) ]]; then mv webservice.log.${YEAR}-*.lz "old/${YEAR}/"; fi
-	done
+	fi
 done

files/etc/systemd/user/move_old_logs.timer → files/usr/local/lib/systemd/system/move_old_logs.timer

 [Unit]
-Description=timer for move_old_logs.service
+Description=timer for move_old_logs_@.service
 
 [Timer]
 # run once a year, on the 1st of January at 05:00:00am.
 OnCalendar=*-1-1 05:00:00
-Unit=move_old_logs.service
+Unit=move_old_logs_@.service
 
 [Install]
 WantedBy=default.target

tasks/install_move_logs.yml

 ---
+- name: disable legacy SystemD units
+  ansible.builtin.systemd:
+    unit: "{{ item }}"
+    state: stopped
+    enabled: false
+  loop:
+    - "move_old_logs.service"
+    - "move_old_logs.timer"
+  ignore_errors: true
+- name: remove legacy timer/service/script
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "/etc/systemd/user/move_old_logs.timer"
+    - "/etc/systemd/user/move_old_logs.service"
+    - "/usr/local/bin/move_old_logs.sh"
+
+####################################################################################################################
+
+- name: create SystemD unit directory
+  ansible.builtin.file:
+    path: "/usr/local/lib/systemd/system/"
+    state: directory
+    mode: "0755"
+
 - name: install timer and script for moving old logs to archive
   ansible.builtin.copy:
     src: "{{ item.path }}"
@@ -7,7 +33,7 @@
     owner: "{{ item.owner | default('root') }}"
     group: "{{ item.group | default('root') }}"
   loop:
-    - path: "etc/systemd/user/move_old_logs.timer"
+    - path: "usr/local/lib/systemd/system/move_old_logs.timer"
       mode: "0644"
     - path: "usr/local/bin/move_old_logs.sh"
       mode: "0755"
@@ -15,37 +41,49 @@
 
 - name: install service for moving old logs to archive
   ansible.builtin.template:
-    src: "etc/systemd/user/move_old_logs.service.j2"
-    dest: "/etc/systemd/user/move_old_logs.service"
+    src: "usr/local/lib/systemd/system/move_old_logs_@.service.j2"
+    dest: "/usr/local/lib/systemd/system/move_old_logs_@.service"
     mode: "0755"
     owner: "root"
     group: "root"
+  notify: daemon-reload
 
-- name: find move_old_logs systemd units so we don't have to hardcode their names in the loops
-  ansible.builtin.find:
-    path: "/etc/systemd/user/"
-    pattern: "move_old_logs.*"
-  register: move_old_logs_units
-
-- name: check if move_old_logs units are already enabled
-  ansible.builtin.command: "systemctl is-enabled {{ item.path | basename }}"
-  loop: "{{ move_old_logs_units.files }}"
-  register: move_old_logs_enabled
-  changed_when: false
-  failed_when:
-    - move_old_logs_enabled.stdout != "enabled"
-    - move_old_logs_enabled.stdout != "disabled"
-    - '"No such file or directory" not in move_old_logs_enabled.stderr'
-
-- name: manually enable move_old_logs.service, because it cannot be found by the ansible.builtin.systemd module when the timer is located below "/etc/systemd/user/"
-  ansible.builtin.command: "systemctl enable {{ item.item.path }}"
-  loop: "{{ move_old_logs_enabled.results }}"
-  when:
-    - item.stdout != "enabled"
-  register: move_old_logs_enablecmd
-  changed_when: move_old_logs_enablecmd.stdout in "Created symlink"
+- name: enable move_old_logs services
+  ansible.builtin.systemd:
+    name: "move_old_logs_@{{ item }}.service"
+    daemon_reload: true
+    enabled: true
+  loop:
+    - "disapp"
+    - "subapp"
+    - "subapp_webservice"
 
 - name: start timer for moving old logs to archive (the service is triggered by the timer and doesn't need to be started separately)
   ansible.builtin.systemd:
     name: "move_old_logs.timer"
+    enabled: true
     state: started
+
+#- name: find move_old_logs systemd units so we don't have to hardcode their names in the loops
+#  ansible.builtin.find:
+#    path: "/usr/local/lib/systemd/system/"
+#    pattern: "move_old_logs.*"
+#  register: move_old_logs_units
+#
+#- name: check if move_old_logs units are already enabled
+#  ansible.builtin.command: "systemctl is-enabled {{ item.path | basename }}"
+#  loop: "{{ move_old_logs_units.files }}"
+#  register: move_old_logs_enabled
+#  changed_when: false
+#  failed_when:
+#    - move_old_logs_enabled.stdout != "enabled"
+#    - move_old_logs_enabled.stdout != "disabled"
+#    - '"No such file or directory" not in move_old_logs_enabled.stderr'
+#
+#- name: manually enable move_old_logs.service, because it cannot be found by the ansible.builtin.systemd module when the timer is located below "/etc/systemd/user/"
+#  ansible.builtin.command: "systemctl enable {{ item.item.path }}"
+#  loop: "{{ move_old_logs_enabled.results }}"
+#  when:
+#    - item.stdout != "enabled"
+#  register: move_old_logs_enablecmd
+#  changed_when: move_old_logs_enablecmd.stdout in "Created symlink"

tasks/install_subapp.yml

@@ -254,11 +254,13 @@
         - "/etc/systemd/user/stichprobe-daily-report.timer"
         - "/etc/systemd/user/stichprobe-daily-report.service"
         - "/home/{{ vault_subapp_user }}/.subapp/stichprobe.ini"
+        - "/etc/systemd/user/check_ie_sample.timer"
+        - "/etc/systemd/user/check_ie_sample.service"
 
-- name: check_ie_sample Timer
+- name: deploy check_ie_sample Service
   ansible.builtin.template:
-    src: "check_ie_sample.timer.j2"
-    dest: "/etc/systemd/user/check_ie_sample.timer"
+    src: "usr/local/lib/systemd/system/check_ie_sample.service.j2"
+    dest: "/usr/local/lib/systemd/system/check_ie_sample.service"
     owner: "root"
     group: "root"
     mode: "0644"
@@ -266,10 +268,10 @@
   when: ansible_hostname == item.key
   no_log: true
 
-- name: check_ie_sample Service
+- name: deploy check_ie_sample Timer
   ansible.builtin.template:
-    src: "check_ie_sample.service.j2"
-    dest: "/etc/systemd/user/check_ie_sample.service"
+    src: "usr/local/lib/systemd/system/check_ie_sample.timer.j2"
+    dest: "/usr/local/lib/systemd/system/check_ie_sample.timer"
     owner: "root"
     group: "root"
     mode: "0644"
@@ -277,22 +279,21 @@
   when: ansible_hostname == item.key
   no_log: true
 
-# - name: enable check_ie_sample Service
-#   ansible.builtin.command: "systemctl enable /etc/systemd/user/check_ie_sample.service"
-#   loop: "{{ lookup('dict', vault_stichprobe_hosts) }}"
-#   when: ansible_hostname == item.key
-#   no_log: true
-#
-# - name: enable check_ie_sample Timers
-#   ansible.builtin.command: "systemctl enable /etc/systemd/user/check_ie_sample.timer"
-#   loop: "{{ lookup('dict', vault_stichprobe_hosts) }}"
-#   when: ansible_hostname == item.key
-#   no_log: true
-#
-# - name: restart check_ie_sample Timers
-#   ansible.builtin.systemd:
-#     name: "check_ie_sample.timer"
-#     state: restarted
-#   loop: "{{ lookup('dict', vault_stichprobe_hosts) }}"
-#   when: ansible_hostname == item.key
-#   ignore_errors: true
+- name: enable check_ie_sample Service
+  ansible.builtin.systemd:
+    unit: "check_ie_sample.service"
+    enabled: true
+    daemon_reload: true
+  loop: "{{ lookup('dict', vault_check_ie_sample_hosts) }}"
+  when: ansible_hostname == item.key
+  no_log: true
+
+- name: enable & start check_ie_sample Timer
+  ansible.builtin.systemd:
+    unit: "check_ie_sample.timer"
+    enabled: true
+    state: restarted
+    daemon_reload: true
+  loop: "{{ lookup('dict', vault_check_ie_sample_hosts) }}"
+  when: ansible_hostname == item.key
+  no_log: true

templates/check_ie_sample.service.j2 → templates/usr/local/lib/systemd/system/check_ie_sample.service.j2

 [Unit]
-Description=service: daily report from stichprobe, institute {{ item.value.institute_name }}
+Description=service: daily report for sampling {{ item.value.institute_name }} workflows
 Documentation=perldoc /usr/local/bin/check_ie_sample.pl
 
 [Service]
 Type=oneshot
 Restart=no
-ExecStart=/usr/bin/perl -I /usr/local/perl /usr/local/bin/check_ie_sample.pl --institute {{ item.value.institute_name }} --email langzeitarchiv@slub-dresden.de --host {{ item.value.rosetta_host }} --user {{ item.value.user }} --password {{ item.value.password }} --sampling_factor 0.001
+ExecStart=/usr/bin/perl -I /usr/local/perl /usr/local/bin/check_ie_sample.pl --institute {{ item.value.institute_name }} --email langzeitarchiv@slub-dresden.de --host {{ item.value.rosetta_host }}.slub-dresden.de --user {{ item.value.user }} --password {{ item.value.password }} --sampling_factor 0.0000274
+# Sampling factor = 1/100/365
 User={{ vault_subapp_user }}
 Group={{ vault_subapp_group }}
 

templates/check_ie_sample.timer.j2 → templates/usr/local/lib/systemd/system/check_ie_sample.timer.j2

 [Unit]
-Description=timer: daily report for stichprobe {{ item.value.institute_name }} workflows
+Description=timer: daily report for sampling {{ item.value.institute_name }} workflows
 Documentation=perldoc /usr/local/bin/check_ie_sample.pl
 
 [Timer]
-OnCalendar=monthly
+OnCalendar=daily
 #RandomizedDelaySec=14400
-# run every x minutes/hours/days
-#OnUnitActiveSec={{ item.value.timer_interval }}
 #Wake system from suspend mode
 WakeSystem=true
 #When activated, it triggers the service immediately if it missed the last start time, for example due to the system being powered off
 Persistent=true
 #Unit to activate when the timer elapses. (default is set to the same name as the timer unit, except for the suffix)
-Unit=stichprobe-daily-report.service
+Unit=check_ie_sample.service
 
 [Install]
 #is requires to activate the timer permanently

templates/etc/systemd/user/move_old_logs.service.j2 → templates/usr/local/lib/systemd/system/move_old_logs_@.service.j2

 [Unit]
-Description=move_old_logs.sh
+Description=Daemon to move old logfiles from previous year to archive (%i)
 After=remote-fs.target
 
 [Service]
 Type=simple
-ExecStart=/usr/local/bin/move_old_logs.sh
-User={{ vault_subapp_user }}
-Group={{ vault_subapp_group }}
+ExecStart=/usr/local/bin/move_old_logs.sh %i
+User=root
+Group=root
 
 ### Security features
 # documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html

vars/stichprobe.vault.example

@@ -13,16 +13,10 @@ vault_stichprobe_hosts:
 #  <name-of-subapp-server>:
 #    host: "<Rosetta-Webservice-API-Hostname>"
 #    user: "<Rosetta-Submission-Agent-Username>"
-#    password: !vault |
-#      $ANSIBLE_VAULT;1.1;AES256
-#      11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
+#    password: "Sw0rdF!5h"
 #    email: "recipients@example.com"
 #    institute_name: "<name-of-institution-as-given-in-Rosetta>"
 #    institute_code: "<code-of-institution-as-given-in-Rosetta>"
 #    institute_dead_ref_process_id: "<Rosetta-Process-ID-for Dead-Reference-Identification-Job>"
 #    institute_fixity_check_process_id: "<Rosetta-Process-ID-for-Fixity-Check-Job>"
 #    institute_department: "<space-separated-list-of-Rosetta-Departments-like-CONSORTIUM.INS.DEPT>"
-#    timer_interval: "<timer-interval-in-systemd-time-syntax>"
-#    # timer_interval: "{{ ( (24 * 60 * 60) / (<Number_of-IEs> / 36500) ) + 1 | round(0,'floor') | int }} seconds"
-#    # timer_interval: "{{ ( (24h * 60min * 60sec) / (<Number-of-IEs> / (365days / 100)) ) + 1 | round(0,'floor') | int }} seconds"           # Timer Interval explained
-#      # documented at https://www.freedesktop.org/software/systemd/man/systemd.time.html