From f88dee9a54926e7868b336551fbe898519d2a583 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Mon, 5 Jun 2023 16:35:29 +0200
Subject: [PATCH] feat: add cleanup job for removing old Oracle incident/trace
logs
---
.../system/cleanup_oracle_incidents.service | 35 +++++++++++++++++++
.../system/cleanup_oracle_incidents.timer | 11 ++++++
tasks/oracle/install_cleanup_jobs.yml | 20 +++++++++++
tasks/oracle/main_oracle.yml | 3 ++
4 files changed, 69 insertions(+)
create mode 100644 files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service
create mode 100644 files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer
create mode 100644 tasks/oracle/install_cleanup_jobs.yml
diff --git a/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service
new file mode 100644
index 0000000..13ae7be
--- /dev/null
+++ b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.service
@@ -0,0 +1,35 @@
+[Unit]
+Description=Cleanup Daemon for Oracle Incidents
+After=network.target
+
+[Service]
+ExecStartPre=/usr/bin/find /exlibris/app/oracle/diag/rdbms/dps/dps/incident/ -mtime 7 -delete
+ExecStart=/usr/bin/find /exlibris/app/oracle/diag/rdbms/dps/dps/trace/ -mtime 7 -delete
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+Type=simple
+
+### Security features
+# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#ProtectSystem=strict
+#ProtectHome=read-only
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+#MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
+## RemoveIPC=true
+## PrivateMounts=true
+## MountFlags=
+## SystemCallFilter is a Whitelist!!!
+#SystemCallFilter=@aio,@basic-io,@debug,@file-system,@network-io
+#SystemCallErrorNumber=1337
+
+[Install]
+WantedBy=multi-user.target
diff --git a/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer
new file mode 100644
index 0000000..55df131
--- /dev/null
+++ b/files/usr/local/lib/systemd/system/cleanup_oracle_incidents.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cleanup Daemon for Oracle Incidents
+
+[Timer]
+Unit=cleanup_oracle_incidents.service
+Persistent=true
+OnCalendar=daily
+
+[Install]
+WantedBy=default.target
+
diff --git a/tasks/oracle/install_cleanup_jobs.yml b/tasks/oracle/install_cleanup_jobs.yml
new file mode 100644
index 0000000..82f9a81
--- /dev/null
+++ b/tasks/oracle/install_cleanup_jobs.yml
@@ -0,0 +1,20 @@
+---
+- name: deploy SystemD cleanup units
+ ansible.builtin.copy:
+ src: "usr/local/lib/systemd/system/cleanup_oracle_incidents.{{ item }}"
+ dest: "/usr/local/lib/systemd/system/"
+ mode: "0644"
+ loop:
+ - "service"
+ - "timer"
+
+- name: enable & start SystemD cleanup units
+ ansible.builtin.systemd:
+ name: "cleanup_oracle_incidents.{{ item.n }}"
+ enabled: "{{ item.e | default(true) }}"
+ state: "{{ item.s | default('started') }}"
+ daemon_reload: true
+ loop:
+ - n: "service"
+ s: "stopped"
+ - n: "timer"
diff --git a/tasks/oracle/main_oracle.yml b/tasks/oracle/main_oracle.yml
index afbe4e3..f8821df 100644
--- a/tasks/oracle/main_oracle.yml
+++ b/tasks/oracle/main_oracle.yml
@@ -21,3 +21,6 @@
- name: configure logrotate
ansible.builtin.import_tasks: "oracle/configure_logrotate.yml"
tags: [oracle, logrotate]
+- name: install cleanup jobs
+ ansible.builtin.import_tasks: "oracle/install_cleanup_jobs.yml"
+ tags: [oracle, cleanup, log, alertlog]
--
GitLab