From a846ca19fac37262651ecb510d88ad34de70619f Mon Sep 17 00:00:00 2001
From: Jens Steidl <Jens.Steidl@slub-dresden.de>
Date: Mon, 19 May 2025 12:18:07 +0200
Subject: [PATCH] feat: added (maintenance) timers for nfs timeout
 notifications

---
 tasks/rosetta/configure_nfs_monitoring.yml    | 12 +++++--
 .../nfs_timeout_notification_start.timer.j2   | 17 +++++++++
 .../nfs_timeout_notification_stop.service.j2  | 36 +++++++++++++++++++
 .../nfs_timeout_notification_stop.timer.j2    | 17 +++++++++
 4 files changed, 79 insertions(+), 3 deletions(-)
 create mode 100644 templates/usr/local/lib/systemd/system/nfs_timeout_notification_start.timer.j2
 create mode 100644 templates/usr/local/lib/systemd/system/nfs_timeout_notification_stop.service.j2
 create mode 100644 templates/usr/local/lib/systemd/system/nfs_timeout_notification_stop.timer.j2

diff --git a/tasks/rosetta/configure_nfs_monitoring.yml b/tasks/rosetta/configure_nfs_monitoring.yml
index 76c5ef2..643c25c 100644
--- a/tasks/rosetta/configure_nfs_monitoring.yml
+++ b/tasks/rosetta/configure_nfs_monitoring.yml
@@ -20,7 +20,7 @@
       loop:
         - "nfs_timeout_notification.service.sh"
 
-    - name: install NFS monitoring services (2/3) - copy service unit
+    - name: install NFS monitoring services (2/3) - copy service units & timers
       ansible.builtin.template:
         src: "usr/local/lib/systemd/system/{{ item }}.j2"
         dest: "/usr/local/lib/systemd/system/{{ item }}"
@@ -29,13 +29,19 @@
         group: "root"
       loop:
         - "nfs_timeout_notification.service"
+        - "nfs_timeout_notification_stop.service"
+        - "nfs_timeout_notification_start.timer"
+        - "nfs_timeout_notification_stop.timer"
       notify: daemon-reload
 
-    - name: install NFS monitoring services (3/3) - enable service
+    - name: install NFS monitoring services (3/3) - enable services & timers
       ansible.builtin.systemd_service:
         name: "{{ item.name }}"
         enabled: "{{ item.enabled | default(true) }}"
         state: "{{ item.state | default('started') }}"
         daemon_reload: true
       loop:
-        - name: "nfs_timeout_notification.service"
+        - { name: "nfs_timeout_notification.service" }
+        - { name: "nfs_timeout_notification_stop.service", state: "stopped" }
+        - { name: "nfs_timeout_notification_start.timer" }
+        - { name: "nfs_timeout_notification_stop.timer" }
\ No newline at end of file
diff --git a/templates/usr/local/lib/systemd/system/nfs_timeout_notification_start.timer.j2 b/templates/usr/local/lib/systemd/system/nfs_timeout_notification_start.timer.j2
new file mode 100644
index 0000000..48e1a58
--- /dev/null
+++ b/templates/usr/local/lib/systemd/system/nfs_timeout_notification_start.timer.j2
@@ -0,0 +1,17 @@
+[Unit]
+Description=timer for nfs_timeout_notification.service
+
+[Timer]
+# run on the 1st Tuesday of each month
+# You can validate your calendar expressions using `systemd-analyze calendar EXPR`.
+# Of course, the expression we use on our Debian systems won't work on the
+# jurassic RHEL versions of systemd 219, because the ".." syntax for timespans
+# in calendar events isn't supported yet. Instead, we have to use the older
+# syntax that explicitly lists all days separated by commas.
+# One more reason for RHEL to fuck ALL THE WAY OFF!
+# OnCalendar=Tue *-*-01..07 08:00:00    # NOT THIS on RHEL 7!
+OnCalendar=Tue *-*-01,02,03,04,05,06,07 15:00:00
+Unit=nfs_timeout_notification.service
+
+[Install]
+WantedBy=default.target
diff --git a/templates/usr/local/lib/systemd/system/nfs_timeout_notification_stop.service.j2 b/templates/usr/local/lib/systemd/system/nfs_timeout_notification_stop.service.j2
new file mode 100644
index 0000000..a10d9af
--- /dev/null
+++ b/templates/usr/local/lib/systemd/system/nfs_timeout_notification_stop.service.j2
@@ -0,0 +1,36 @@
+[Unit]
+Description=stop monitor journal for NFS timeouts and notify staff
+After=remote-fs.target
+Conflicts=nfs_timeout_notification.service
+
+[Service]
+Type=simple
+Restart=no
+ExecStart=/usr/bin/true
+User={{ vault_nfs_timeout_notification_service.owner }}
+Group={{ vault_nfs_timeout_notification_service.group }}
+
+### Security features
+# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+# or at `man (5) systemd.exec`
+ProtectSystem=full
+ProtectHome=read-only
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+#MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
+## RemoveIPC=true
+## PrivateMounts=true
+## MountFlags=
+## SystemCallFilter is a Whitelist!!!
+#SystemCallFilter=@debug,@file-system
+#SystemCallErrorNumber=1337
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/usr/local/lib/systemd/system/nfs_timeout_notification_stop.timer.j2 b/templates/usr/local/lib/systemd/system/nfs_timeout_notification_stop.timer.j2
new file mode 100644
index 0000000..6cd5804
--- /dev/null
+++ b/templates/usr/local/lib/systemd/system/nfs_timeout_notification_stop.timer.j2
@@ -0,0 +1,17 @@
+[Unit]
+Description=timer for nfs_timeout_notification_stop.service
+
+[Timer]
+# run on the 1st Tuesday of each month
+# You can validate your calendar expressions using `systemd-analyze calendar EXPR`.
+# Of course, the expression we use on our Debian systems won't work on the
+# jurassic RHEL versions of systemd 219, because the ".." syntax for timespans
+# in calendar events isn't supported yet. Instead, we have to use the older
+# syntax that explicitly lists all days separated by commas.
+# One more reason for RHEL to fuck ALL THE WAY OFF!
+# OnCalendar=Tue *-*-01..07 08:00:00    # NOT THIS on RHEL 7!
+OnCalendar=Tue *-*-01,02,03,04,05,06,07 07:55:00
+Unit=nfs_timeout_notification.service
+
+[Install]
+WantedBy=default.target
-- 
GitLab