From f88dee9a54926e7868b336551fbe898519d2a583 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Mon, 5 Jun 2023 16:35:29 +0200
Subject: [PATCH] feat: add cleanup job for removing old Oracle incident/trace
 logs

---
 .../system/cleanup_oracle_incidents.service   | 35 +++++++++++++++++++
 .../system/cleanup_oracle_incidents.timer     | 11 ++++++
 tasks/oracle/install_cleanup_jobs.yml         | 20 +++++++++++
 tasks/oracle/main_oracle.yml                  |  3 ++
 4 files changed, 69 insertions(+)
 create mode 100644 files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service
 create mode 100644 files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer
 create mode 100644 tasks/oracle/install_cleanup_jobs.yml

diff --git a/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service
new file mode 100644
index 0000000..13ae7be
--- /dev/null
+++ b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service
@@ -0,0 +1,35 @@
+[Unit]
+Description=Cleanup Daemon for Oracle Incidents
+After=network.target
+
+[Service]
+ExecStartPre=/usr/bin/find /exlibris/app/oracle/diag/rdbms/dps/dps/incident/ -mtime 7 -delete
+ExecStart=/usr/bin/find /exlibris/app/oracle/diag/rdbms/dps/dps/trace/ -mtime 7 -delete
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+Type=simple
+
+### Security features
+# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#ProtectSystem=strict
+#ProtectHome=read-only
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+#MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
+## RemoveIPC=true
+## PrivateMounts=true
+## MountFlags=
+## SystemCallFilter is a Whitelist!!!
+#SystemCallFilter=@aio,@basic-io,@debug,@file-system,@network-io
+#SystemCallErrorNumber=1337
+
+[Install]
+WantedBy=multi-user.target
diff --git a/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer
new file mode 100644
index 0000000..55df131
--- /dev/null
+++ b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cleanup Daemon for Oracle Incidents
+
+[Timer]
+Unit=cleanup_oracle_incidents.service
+Persistent=true
+OnCalendar=daily
+
+[Install]
+WantedBy=default.target
+
diff --git a/tasks/oracle/install_cleanup_jobs.yml b/tasks/oracle/install_cleanup_jobs.yml
new file mode 100644
index 0000000..82f9a81
--- /dev/null
+++ b/tasks/oracle/install_cleanup_jobs.yml
@@ -0,0 +1,20 @@
+---
+- name: deploy SystemD cleanup units
+  ansible.builtin.copy:
+    src: "usr/local/lib/systemd/system/cleanup_oracle_incidents.{{ item }}"
+    dest: "/usr/local/lib/systemd/system/"
+    mode: "0644"
+  loop:
+    - "service"
+    - "timer"
+
+- name: enable & start SystemD cleanup units
+  ansible.builtin.systemd:
+    name: "cleanup_oracle_incidents.{{ item.n }}"
+    enabled: "{{ item.e | default(true) }}"
+    state: "{{ item.s | default('started') }}"
+    daemon_reload: true
+  loop:
+    - n: "service"
+      s: "stopped"
+    - n: "timer"
diff --git a/tasks/oracle/main_oracle.yml b/tasks/oracle/main_oracle.yml
index afbe4e3..f8821df 100644
--- a/tasks/oracle/main_oracle.yml
+++ b/tasks/oracle/main_oracle.yml
@@ -21,3 +21,6 @@
 - name: configure logrotate
   ansible.builtin.import_tasks: "oracle/configure_logrotate.yml"
   tags: [oracle, logrotate]
+- name: install cleanup jobs
+  ansible.builtin.import_tasks: "oracle/install_cleanup_jobs.yml"
+  tags: [oracle, cleanup, log, alertlog]
-- 
GitLab