diff options
Diffstat (limited to 'src/palhm/conf')
| -rw-r--r-- | src/palhm/conf/crontab | 6 | ||||
| -rw-r--r-- | src/palhm/conf/palhm-boot-report.service | 11 | ||||
| -rw-r--r-- | src/palhm/conf/py-debug/aws.jsonc | 163 | ||||
| l--------- | src/palhm/conf/py-debug/conf.d | 1 | ||||
| -rw-r--r-- | src/palhm/conf/py-debug/localfs.jsonc | 161 | ||||
| -rw-r--r-- | src/palhm/conf/py-debug/null.jsonc | 141 | ||||
| l--------- | src/palhm/conf/py-debug/palhm.jsonc | 1 | ||||
| -rw-r--r-- | src/palhm/conf/py-sample/conf.d/core.json | 85 | ||||
| -rw-r--r-- | src/palhm/conf/py-sample/sample.jsonc | 170 |
9 files changed, 739 insertions, 0 deletions
diff --git a/src/palhm/conf/crontab b/src/palhm/conf/crontab new file mode 100644 index 0000000..d0eeda6 --- /dev/null +++ b/src/palhm/conf/crontab @@ -0,0 +1,6 @@ +# PALHM will produce stderr on exception. Mail the output to root +MAILTO="root" +# Run default task every Sunday at midnight +0 0 * * sun root /var/lib/PALHM/src/palhm.py -q run +# Check dnssec validity every hour +# 0 * * * * root systemd-run -qP -p User=palhm -p Nice=15 -p ProtectSystem=strict -p ReadOnlyPaths=/ -p PrivateDevices=true --wait /var/lib/PALHM/src/palhm.py -q run check-dnssec diff --git a/src/palhm/conf/palhm-boot-report.service b/src/palhm/conf/palhm-boot-report.service new file mode 100644 index 0000000..0b4ba67 --- /dev/null +++ b/src/palhm/conf/palhm-boot-report.service @@ -0,0 +1,11 @@ +[Unit] +Description=PALHM send boot report mail +After=postfix.service sendmail.service exim.service dovecot.service network-online.target + +[Service] +Type=oneshot +ExecStart=/var/lib/PALHM/src/palhm.py -q boot-report +Nice=10 + +[Install] +WantedBy=multi-user.target diff --git a/src/palhm/conf/py-debug/aws.jsonc b/src/palhm/conf/py-debug/aws.jsonc new file mode 100644 index 0000000..23e8faf --- /dev/null +++ b/src/palhm/conf/py-debug/aws.jsonc @@ -0,0 +1,163 @@ +// PALHM Instance Config +{ + "include": [ "conf.d/core.json" ], + "modules": [ "aws" ], + "nb-workers": 0, // assumed $(nproc) - default + // "nb-workers": 1, // to disable concurrent task despatch + // To unlimit the number of workers. + // Does not fail on resource alloc failure. + // "nb-workers": -1, + "vl": 4, + "tasks": [ + { + "id": "backup", + "type": "backup", + "backend": "aws-s3", + "backend-param": { + // "profile": "default", + "bucket": "palhm.test", + "root": "/palhm/backup", + "prefix": { + "type": "default" + // "type": "iso8601", + // "timespec": "seconds", + // "tz": "utc" + }, + // "sink-storage-class": "STANDARD_IA", + // "rot-storage-class": "ONEZONE_IA", + "nb-copy-limit": 2, // or Infinity assumed(not in JSON spec) + "root-size-limit": "Infinity" // or Infinity assumed + }, + "object-groups": [ + { "id": "pre-start" }, + { + "id": "data-dump", + "depends": [ "pre-start" ] + }, + { + "id": "tar-media-0", + "depends": [ "data-dump" ] + }, + { + "id": "tar-media-1", + "depends": [ "data-dump" ] + } + ], + "objects": [ + { + "path": "pm-list.gz", + "group": "pre-start", + "pipeline": [ + { "type": "exec", "exec-id": "rpm-list-installed" }, + { "type": "exec", "exec-id": "filter-gzip-plain" } + ] + }, + { + "path": "lsblk.json.gz", + "group": "pre-start", + "pipeline": [ + { + "type": "exec-append", + "exec-id": "lsblk-all-json", + "argv": [ "-a" ] + }, + { "type": "exec", "exec-id": "filter-gzip-plain" } + ] + }, + { + "path": "random-dump.sql.xz", + "alloc-size": 2097152, + "group": "data-dump", + "pipeline": [ + { + "type": "exec-inline", + "argv": [ + "/bin/dd", + "if=/dev/urandom", + "bs=4096", + "count=512", + "status=none" + ] + }, + { "type": "exec", "exec-id": "filter-xz-parallel" } + ] + }, + { + "path": "random-dump.0.xz", + "alloc-size": 2097152, + "group": "tar-media-0", + "pipeline": [ + { + "type": "exec-inline", + "argv": [ + "/bin/dd", + "if=/dev/zero", + "bs=4096", + "count=512", + "status=none" + ] + }, + { "type": "exec", "exec-id": "filter-xz-parallel" } + ] + }, + { + "path": "random-dump.1.xz", + "alloc-size": 2097152, + "group": "tar-media-1", + "pipeline": [ + { + "type": "exec-inline", + "argv": [ + "/bin/dd", + "if=/dev/zero", + "bs=4096", + "count=512", + "status=none" + ] + }, + { "type": "exec", "exec-id": "filter-xz-parallel" } + ] + } + ] + }, + { + "id": "update", + "type": "routine", + "routine": [ + { + "type": "exec-inline", + "argv": [ "/bin/echo", "0" ] + }, + { + "type": "exec-inline", + "argv": [ "/bin/sleep", "1" ] + }, + { + "type": "exec-inline", + "argv": [ "/bin/echo", "1" ] + } + ] + }, + { + "id": "default", + "type": "routine", + "routine": [ + { "type": "task", "task-id": "backup" }, + { "type": "task", "task-id": "update" }, + { + // Block SIGTERM from systemd/init.d so the program is not + // affected by the reboot command. + "type": "builtin", + "builtin-id": "sigmask", + "param": [ + { "action": "block", "sig": [ "TERM" ] } + ] + }, + { + "type": "exec-inline", + "argv": [ "/bin/true" ] + } + ] + } + ] +} diff --git a/src/palhm/conf/py-debug/conf.d b/src/palhm/conf/py-debug/conf.d new file mode 120000 index 0000000..a32163d --- /dev/null +++ b/src/palhm/conf/py-debug/conf.d @@ -0,0 +1 @@ +../py-sample/conf.d
\ No newline at end of file diff --git a/src/palhm/conf/py-debug/localfs.jsonc b/src/palhm/conf/py-debug/localfs.jsonc new file mode 100644 index 0000000..80efd5d --- /dev/null +++ b/src/palhm/conf/py-debug/localfs.jsonc @@ -0,0 +1,161 @@ +// PALHM Instance Config +{ + "include": [ "conf.d/core.json" ], + "nb-workers": 0, // assumed $(nproc) - default + // "nb-workers": 1, // to disable concurrent task despatch + // To unlimit the number of workers. + // Does not fail on resource alloc failure. + // "nb-workers": -1, + "vl": 3, + "tasks": [ + { + "id": "backup", + "type": "backup", + "backend": "localfs", + "backend-param": { + "root": "/var/tmp/palhm-backup-root", + "prefix": { + "type": "default" + // "type": "iso8601", + // "timespec": "seconds", + // "tz": "utc" + }, + // "dmode": "755", + // "fmode": "644", + "nb-copy-limit": 2, + "root-size-limit": "Infinity", + "block-size": 4096 + }, + "object-groups": [ + { "id": "pre-start" }, + { + "id": "data-dump", + "depends": [ "pre-start" ] + }, + { + "id": "tar-media-0", + "depends": [ "data-dump" ] + }, + { + "id": "tar-media-1", + "depends": [ "data-dump" ] + } + ], + "objects": [ + { + "path": "pm-list.gz", + "group": "pre-start", + "pipeline": [ + { "type": "exec", "exec-id": "rpm-list-installed" }, + { "type": "exec", "exec-id": "filter-gzip-plain" } + ] + }, + { + "path": "lsblk.json.gz", + "group": "pre-start", + "pipeline": [ + { + "type": "exec-append", + "exec-id": "lsblk-all-json", + "argv": [ "-a" ] + }, + { "type": "exec", "exec-id": "filter-gzip-plain" } + ] + }, + { + "path": "random-dump.sql.xz", + "alloc-size": 2097152, + "group": "data-dump", + "pipeline": [ + { + "type": "exec-inline", + "argv": [ + "/bin/dd", + "if=/dev/urandom", + "bs=4096", + "count=512", + "status=none" + ] + }, + { "type": "exec", "exec-id": "filter-xz-parallel" } + ] + }, + { + "path": "random-dump.0.xz", + "alloc-size": 2097152, + "group": "tar-media-0", + "pipeline": [ + { + "type": "exec-inline", + "argv": [ + "/bin/dd", + "if=/dev/zero", + "bs=4096", + "count=512", + "status=none" + ] + }, + { "type": "exec", "exec-id": "filter-xz-parallel" } + ] + }, + { + "path": "random-dump.1.xz", + "alloc-size": 2097152, + "group": "tar-media-1", + "pipeline": [ + { + "type": "exec-inline", + "argv": [ + "/bin/dd", + "if=/dev/zero", + "bs=4096", + "count=512", + "status=none" + ] + }, + { "type": "exec", "exec-id": "filter-xz-parallel" } + ] + } + ] + }, + { + "id": "update", + "type": "routine", + "routine": [ + { + "type": "exec-inline", + "argv": [ "/bin/echo", "0" ] + }, + { + "type": "exec-inline", + "argv": [ "/bin/sleep", "1" ] + }, + { + "type": "exec-inline", + "argv": [ "/bin/echo", "1" ] + } + ] + }, + { + "id": "default", + "type": "routine", + "routine": [ + { "type": "task", "task-id": "backup" }, + { "type": "task", "task-id": "update" }, + { + // Block SIGTERM from systemd/init.d so the program is not + // affected by the reboot command. + "type": "builtin", + "builtin-id": "sigmask", + "param": [ + { "action": "block", "sig": [ "TERM" ] } + ] + }, + { + "type": "exec-inline", + "argv": [ "/bin/true" ] + } + ] + } + ] +} diff --git a/src/palhm/conf/py-debug/null.jsonc b/src/palhm/conf/py-debug/null.jsonc new file mode 100644 index 0000000..b5ce9f8 --- /dev/null +++ b/src/palhm/conf/py-debug/null.jsonc @@ -0,0 +1,141 @@ +{ + "include": [ "conf.d/core.json" ], + "nb-workers": 0, // assumed $(nproc) + // "nb-workers": 1, // to disable concurrent task despatch + // "nb-workers": -1, // to unlimit the number of workers. + "vl": 3, + "tasks": [ + { + "id": "backup", + "type": "backup", + "backend": "null", + "object-groups": [ + { "id": "pre-start" }, + { + "id": "data-dump", + "depends": [ "pre-start" ] + }, + { + "id": "tar-0", + "depends": [ "data-dump" ] + }, + { + "id": "tar-1", + "depends": [ "data-dump" ] + } + ], + "objects": [ + { + "path": "pm-list.zstd", + "group": "pre-start", + "pipeline": [ + { "type": "exec", "exec-id": "rpm-list-installed" }, + { "type": "exec", "exec-id": "filter-zstd-plain" } + ] + }, + { + "path": "lsblk.json.zstd", + "group": "pre-start", + "pipeline": [ + { "type": "exec", "exec-id": "lsblk-all-json" }, + { "type": "exec", "exec-id": "filter-zstd-plain" } + ] + }, + { + "path": "db.sql.zstd", + "group": "data-dump", + "pipeline": [ + { + "type": "exec-inline", + "argv": [ + "/bin/mysqldump", + "-uroot", + "--all-databases" + ] + }, + { "type": "exec", "exec-id": "filter-zstd-parallel" } + ] + }, + { + "path": "root.tar.zstd", + "group": "tar-0", + "pipeline": [ + { + "type": "exec-append", + "exec-id": "tar", + "argv": [ + "-C", + "/", + "/etc", + "/home", + "/root", + "/var" + ] + }, + { "type": "exec", "exec-id": "filter-zstd-parallel" } + ] + }, + { + "path": "srv.tar.zstd", + "group": "tar-1", + "pipeline": [ + { + "type": "exec-append", + "exec-id": "tar", + "argv": [ + "-C", + "/", + "/srv" + ] + }, + { "type": "exec", "exec-id": "filter-zstd-parallel" } + ] + } + ] + }, + { + "id": "update", + "type": "routine", + "routine": [ + { + "type": "exec-inline", + "argv": [ "/bin/dnf", "--refresh", "-yq", "update" ] + }, + { + "type": "exec-inline", + "argv": [ "/bin/sa-update" ] + } + ] + }, + { + "id": "reboot", + "type": "routine", + "routine": [ + { +/* + * Block SIGTERM from systemd/init.d so PALHM can exit gracefully after issuing + * reboot. + */ + "type": "builtin", + "builtin-id": "sigmask", + "param": [ + { "action": "block", "sig": [ "TERM" ] } + ] + }, + { + "type": "exec-inline", + "argv": [ "/sbin/reboot" ] + } + ] + }, + { + "id": "default", + "type": "routine", + "routine": [ + { "type": "task", "task-id": "backup" }, + { "type": "task", "task-id": "update" }, + { "type": "task", "task-id": "reboot" } + ] + } + ] +} diff --git a/src/palhm/conf/py-debug/palhm.jsonc b/src/palhm/conf/py-debug/palhm.jsonc new file mode 120000 index 0000000..c40e201 --- /dev/null +++ b/src/palhm/conf/py-debug/palhm.jsonc @@ -0,0 +1 @@ +../py-sample/sample.jsonc
\ No newline at end of file diff --git a/src/palhm/conf/py-sample/conf.d/core.json b/src/palhm/conf/py-sample/conf.d/core.json new file mode 100644 index 0000000..fac28a0 --- /dev/null +++ b/src/palhm/conf/py-sample/conf.d/core.json @@ -0,0 +1,85 @@ +{ + "execs": [ + { + "id": "tar", + "argv": [ + "/bin/tar", + "--xattrs", + "--selinux", + "--warning=none", + "-cf", + "-" + ], + "ec": "<2" + }, + { + "id": "filter-xz-parallel", + "argv": [ "/bin/xz", "-T0" ] + }, + { + "id": "filter-gzip-plain", + "argv": [ "/bin/gzip" ] + }, + { + "id": "filter-zstd-plain", + "argv": [ "/bin/zstd" ] + }, + { + "id": "filter-zstd-parallel", + "argv": [ "/bin/zstd", "-T0" ] + }, + { + "id": "rpm-list-installed", + "argv": [ + "/bin/rpm", + "-qa", + "--qf", + "%{name}\\t%{version}-%{release}.%{arch}\\t%{vendor}\\n" + ] + }, + { + "id": "dnf-list-userinstalled", + "argv": [ + "/bin/dnf", + "history", + "userinstalled" + ] + }, + { + "id": "dnf-group-list-installed", + "argv": [ + "/bin/dnf", + "--cacheonly", + "-q", + "group", + "list", + "--installed" + ], + "ec": " >= 0" + }, + { + "id": "dpkg-list-installed", + "argv": [ "/bin/dpkg-query", "-l" ] + }, + { + "id": "lsblk-all-json", + "argv": [ "/bin/lsblk", "-JbOa" ] + }, + { + "id": "os-release", + "argv": [ "/bin/cat", "/etc/os-release" ] + }, + { + "id": "dig-dnssec", + "argv": [ "/bin/dig", "+short", "+dnssec", "+notcp" ] + }, + { + "id": "grep-any", + "argv": [ "/bin/grep", "." ] + }, + { + "id": "null-stdout-sink", + "argv": [ "/bin/cp", "/dev/stdin", "/dev/null" ] + } + ] +} diff --git a/src/palhm/conf/py-sample/sample.jsonc b/src/palhm/conf/py-sample/sample.jsonc new file mode 100644 index 0000000..2a349c1 --- /dev/null +++ b/src/palhm/conf/py-sample/sample.jsonc @@ -0,0 +1,170 @@ +{ + "include": [ "/etc/palhm/conf.d/core.json" ], + "modules": [ "aws" ], + "nb-workers": 0, + // "vl": 4, + "boot-report": { + // "mua": "stdout", + "mua": "mailx", + // "mua": "aws-sns", + "mua-param": { + "int-opts": [ "smtp=localhost" ] + }, + "mail-to": [ "root" ], + // "subject": "Custom Boot Report Subject from {hostname}", + // "header": "Custom header content with {hostname} substitution." + // "uptime-since": true, + // "uptime": true, + // "bootid": true, + // "boot-wait": "systemd", + "delay": 5 + }, + "tasks": [ + { + "id": "backup", + "type": "backup", + "backend": "null", + "backend-param": {}, + "object-groups": [ + { "id": "meta-run" }, + { + "id": "data-dump", + "depends": [ "meta-run" ] + }, + { + "id": "tar-root", + "depends": [ "data-dump" ] + } + ], + "objects": [ + { + "path": "os-release", + "group": "meta-run", + "pipeline": [ { "type": "exec" , "exec-id": "os-release" } ] + }, + { + "path": "pm-list.zstd", + "group": "meta-run", + "pipeline": [ + { "type": "exec", "exec-id": "rpm-list-installed" }, + { "type": "exec", "exec-id": "filter-zstd-plain" } + ] + }, + { + "path": "lsblk.json.zstd", + "group": "meta-run", + "pipeline": [ + { "type": "exec", "exec-id": "lsblk-all-json" }, + { "type": "exec", "exec-id": "filter-zstd-plain" } + ] + }, + // { + // "path": "db.sql.zstd", + // "group": "data-dump", + // "pipeline": [ + // { + // "type": "exec-inline", + // "argv": [ + // "/bin/mysqldump", + // "-uroot", + // "--all-databases" + // ] + // // "ec": "<=2" // don't fail when the DB is offline + // }, + // { "type": "exec", "exec-id": "filter-zstd-parallel" } + // ] + // }, + { + "path": "root.tar.zstd", + "group": "tar-root", + "pipeline": [ + { + "type": "exec-append", + "exec-id": "tar", + "argv": [ + "-C", + "/", + "etc", + "home", + "root", + "var" + ] + }, + { "type": "exec", "exec-id": "filter-zstd-parallel" } + ] + } + ] + }, + { + "id": "update", + "type": "routine", + "routine": [ + { + "type": "exec-inline", + "argv": [ "/bin/dnf", "--refresh", "-yq", "update" ] + } + // { + // "type": "exec-inline", + // "argv": [ "/bin/sa-update" ] + // } + ] + }, + { + "id": "reboot", + "type": "routine", + "routine": [ + { +/* + * Block SIGTERM from systemd/init.d so PALHM can exit gracefully after issuing + * reboot. + */ + "type": "builtin", + "builtin-id": "sigmask", + "param": [ + { "action": "block", "sig": [ "TERM" ] } + ] + }, + { + "type": "exec-inline", + "argv": [ "/sbin/reboot" ] + } + ] + }, + { + "id": "check-dnssec", + "type": "backup", + "backend": "null", + "objects": [ + { + "path": "example.com", // Placeholder + "pipeline": [ + /* + * Check if dig can query the record with the DNSSEC + * validation flag. Empty stdout with zero return code + * means SERVFAIL. + */ + { + "type": "exec-append", + "exec-id": "dig-dnssec", + "argv": [ "ANY", "example.com" ] + }, + /* + * Trap for empty dig output grep will return non-zero if + * dig have not produced any output + */ + { "type": "exec", "exec-id": "grep-any" } + ] + } + ] + }, + { + "id": "default", + "type": "routine", + "routine": [ + { "type": "task", "task-id": "backup" }, + { "type": "task", "task-id": "update" }, + { "type": "task", "task-id": "reboot" } + ] + } + ] +} |