Skip to content
Snippets Groups Projects
Commit 97295748 authored by Jörg Sachse's avatar Jörg Sachse
Browse files

feat: add cleanup service for old (15 days) validation logs

parent 14dde3fd
No related branches found
No related tags found
No related merge requests found
...@@ -121,6 +121,8 @@ ...@@ -121,6 +121,8 @@
owner: "root" owner: "root"
group: "root" group: "root"
loop: loop:
- "cleanup_daemon_@.service"
- "cleanup_daemon.timer"
- "validation_daemon_any@.service" - "validation_daemon_any@.service"
- "validation_daemon_any.socket" - "validation_daemon_any.socket"
- "validation_daemon_@.service" # Daemon service - "validation_daemon_@.service" # Daemon service
...@@ -139,6 +141,22 @@ ...@@ -139,6 +141,22 @@
- "save" - "save"
changed_when: false changed_when: false
- name: enable & start cleanup daemon
ansible.builtin.systemd:
unit: "{{ item.u }}"
daemon_reload: true
enabled: true
state: "{{ item.s | default(omit) }}" # this can never be idempotent
loop:
- u: "cleanup_daemon.timer"
s: "restarted"
- u: "cleanup_daemon_@ddz.service"
- u: "cleanup_daemon_@digas.service"
- u: "cleanup_daemon_@fotothek.service"
- u: "cleanup_daemon_@mediathek.service"
- u: "cleanup_daemon_@save.service"
changed_when: false
- name: enable & start validation Webservice - name: enable & start validation Webservice
ansible.builtin.systemd: ansible.builtin.systemd:
name: "validation_daemon_any.{{ item }}" name: "validation_daemon_any.{{ item }}"
......
[Unit]
Description=Cleanup Daemon for Validation Tool (%i)
[Timer]
Unit=cleanup_daemon_@.service
Persistent=true
OnCalendar=daily
[Install]
WantedBy=default.target
[Unit]
Description=Cleanup Daemon for Validation Tool (%i)
After=network.target
[Service]
ExecStart=/bin/bash -c 'find "/mnt/lza_repair_%i/validate/results/" -type f -mtime +15 -exec rm {} \\;'
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
User={{ vault_service_user }}
Group={{ vault_service_group }}
Type=simple
### Security features
# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html
#ProtectSystem=strict
#ProtectHome=read-only
#ProtectHostname=true
#ProtectClock=true
#ProtectKernelTunables=true
#ProtectKernelModules=true
#ProtectKernelLogs=true
#ProtectControlGroups=true
#LockPersonality=true
#MemoryDenyWriteExecute=true
#RestrictRealtime=true
#RestrictSUIDSGID=true
## RemoveIPC=true
## PrivateMounts=true
## MountFlags=
## SystemCallFilter is a Whitelist!!!
#SystemCallFilter=@aio,@basic-io,@debug,@file-system,@network-io
#SystemCallErrorNumber=1337
[Install]
WantedBy=multi-user.target
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment