diff --git a/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service new file mode 100644 index 0000000000000000000000000000000000000000..13ae7beea193c56220e458033dfe42f4adff28ba --- /dev/null +++ b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service @@ -0,0 +1,35 @@ +[Unit] +Description=Cleanup Daemon for Oracle Incidents +After=network.target + +[Service] +ExecStartPre=/usr/bin/find /exlibris/app/oracle/diag/rdbms/dps/dps/incident/ -mtime 7 -delete +ExecStart=/usr/bin/find /exlibris/app/oracle/diag/rdbms/dps/dps/trace/ -mtime 7 -delete +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +Type=simple + +### Security features +# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html +#ProtectSystem=strict +#ProtectHome=read-only +#ProtectHostname=true +#ProtectClock=true +#ProtectKernelTunables=true +#ProtectKernelModules=true +#ProtectKernelLogs=true +#ProtectControlGroups=true +#LockPersonality=true +#MemoryDenyWriteExecute=true +#RestrictRealtime=true +#RestrictSUIDSGID=true +## RemoveIPC=true +## PrivateMounts=true +## MountFlags= +## SystemCallFilter is a Whitelist!!! +#SystemCallFilter=@aio,@basic-io,@debug,@file-system,@network-io +#SystemCallErrorNumber=1337 + +[Install] +WantedBy=multi-user.target diff --git a/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer new file mode 100644 index 0000000000000000000000000000000000000000..55df131553bc3a45080bab7a121eda22edad0087 --- /dev/null +++ b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Cleanup Daemon for Oracle Incidents + +[Timer] +Unit=cleanup_oracle_incidents.service +Persistent=true +OnCalendar=daily + +[Install] +WantedBy=default.target + diff --git a/tasks/oracle/install_cleanup_jobs.yml b/tasks/oracle/install_cleanup_jobs.yml new file mode 100644 index 0000000000000000000000000000000000000000..82f9a81cf1c8b345b32741a3798c7530b4cfb45f --- /dev/null +++ b/tasks/oracle/install_cleanup_jobs.yml @@ -0,0 +1,20 @@ +--- +- name: deploy SystemD cleanup units + ansible.builtin.copy: + src: "usr/local/lib/systemd/system/cleanup_oracle_incidents.{{ item }}" + dest: "/usr/local/lib/systemd/system/" + mode: "0644" + loop: + - "service" + - "timer" + +- name: enable & start SystemD cleanup units + ansible.builtin.systemd: + name: "cleanup_oracle_incidents.{{ item.n }}" + enabled: "{{ item.e | default(true) }}" + state: "{{ item.s | default('started') }}" + daemon_reload: true + loop: + - n: "service" + s: "stopped" + - n: "timer" diff --git a/tasks/oracle/main_oracle.yml b/tasks/oracle/main_oracle.yml index afbe4e36bf276461f0ba7d0999aa31683492ef96..f8821df2aec2bd4c32d0efcbf9e689d6ce39cdd9 100644 --- a/tasks/oracle/main_oracle.yml +++ b/tasks/oracle/main_oracle.yml @@ -21,3 +21,6 @@ - name: configure logrotate ansible.builtin.import_tasks: "oracle/configure_logrotate.yml" tags: [oracle, logrotate] +- name: install cleanup jobs + ansible.builtin.import_tasks: "oracle/install_cleanup_jobs.yml" + tags: [oracle, cleanup, log, alertlog]