From a15e70d73d584f849f8dd8c9a6bb7fd4fd5cf4a7 Mon Sep 17 00:00:00 2001 From: Tobias Reisinger Date: Sun, 6 Oct 2024 20:47:59 +0200 Subject: [PATCH] Add healthcheck pings to opentofu and add systemd cleanup to healthcheck --- modules/infrastructure/healthchecksio.tf | 16 ++++++++++++++++ modules/infrastructure/output.tf | 6 ++++++ playbooks/filter_plugins/utils.py | 11 +++++++++++ roles/healthcheck/files/data/http | 5 ++--- roles/healthcheck/files/data/matrix | 4 +--- roles/healthcheck/tasks/systemd.yml | 23 +++++++++++++++++++++-- roles/healthcheck/vars/main.yml | 6 +++--- 7 files changed, 60 insertions(+), 11 deletions(-) create mode 100644 playbooks/filter_plugins/utils.py diff --git a/modules/infrastructure/healthchecksio.tf b/modules/infrastructure/healthchecksio.tf index 748a1f1..38a9735 100644 --- a/modules/infrastructure/healthchecksio.tf +++ b/modules/infrastructure/healthchecksio.tf @@ -30,3 +30,19 @@ resource "healthchecksio_check" "backup" { timeout = 86400 grace = 1800 } + +resource "healthchecksio_check" "healthcheck" { + for_each = toset(["http", "mail", "matrix"]) + + name = "service: ${each.value}" + desc = "Monitoring for service (group) ${each.value}" + + channels = [ + data.healthchecksio_channel.email.id, + data.healthchecksio_channel.signal.id, + data.healthchecksio_channel.ntfy.id, + ] + + timeout = 300 + grace = 600 +} diff --git a/modules/infrastructure/output.tf b/modules/infrastructure/output.tf index 075f7e5..b9f2d22 100644 --- a/modules/infrastructure/output.tf +++ b/modules/infrastructure/output.tf @@ -34,6 +34,12 @@ output "healthchecksio" { "ping_url" = check.ping_url } } + healthcheck = { + for key, check in healthchecksio_check.healthcheck : key => { + "id" = check.id + "ping_url" = check.ping_url + } + } } } diff --git a/playbooks/filter_plugins/utils.py b/playbooks/filter_plugins/utils.py new file mode 100644 index 0000000..25f9354 --- /dev/null +++ b/playbooks/filter_plugins/utils.py @@ -0,0 +1,11 @@ +class FilterModule(object): + def filters(self): + return { + 'list_prefix_suffix': self.list_prefix_suffix, + } + + def list_prefix_suffix(self, values, prefix, suffix): + result = [] + for value in values: + result.append(f"{prefix}{value}{suffix}") + return result diff --git a/roles/healthcheck/files/data/http b/roles/healthcheck/files/data/http index c5ac26c..30abb45 100755 --- a/roles/healthcheck/files/data/http +++ b/roles/healthcheck/files/data/http @@ -2,7 +2,6 @@ cd /opt/ || exit -hc_url="https://hc-ping.com/$HTTP_HC_UID" services_down="" error="" @@ -46,8 +45,8 @@ check_url "www.reitanlage-oranienburg.de" if [ "$error" = "" ] then - curl_hc "$hc_url" >/dev/null + curl_hc "$HTTP_HC_URL" >/dev/null echo "ALL GOOD" else - curl_hc --data-raw "$services_down$error" "$hc_url/fail" >/dev/null + curl_hc --data-raw "$services_down$error" "$HTTP_HC_URL/fail" >/dev/null fi diff --git a/roles/healthcheck/files/data/matrix b/roles/healthcheck/files/data/matrix index f2e4ac9..55e3d04 100755 --- a/roles/healthcheck/files/data/matrix +++ b/roles/healthcheck/files/data/matrix @@ -8,10 +8,8 @@ import sys import asyncio from nio import AsyncClient, RoomMessageNotice -healthcheck_url = "https://hc-ping.com/" + os.environ['MATRIX_HC_UID'] - def send_ping(success, msg=""): - url = healthcheck_url + url = os.environ['MATRIX_HC_URL'] if not success: url += "/fail" diff --git a/roles/healthcheck/tasks/systemd.yml b/roles/healthcheck/tasks/systemd.yml index c5d6379..d063b1e 100644 --- a/roles/healthcheck/tasks/systemd.yml +++ b/roles/healthcheck/tasks/systemd.yml @@ -11,11 +11,30 @@ dest: /etc/systemd/system/healthcheck@.timer mode: "0644" become: true + +- name: Get all healthcheck timers + ansible.builtin.shell: + cmd: "systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'" + register: systemd_timers_result + changed_when: false + +- name: Generate systemd timer names + ansible.builtin.set_fact: + healthcheck_systemd_timers: "{{ healthcheck_svc.checks | list_prefix_suffix('healthcheck@', '.timer') }}" + +- name: Disable unused system timers + ansible.builtin.systemd_service: + name: "{{ item }}" + state: stopped + enabled: false + loop: "{{ systemd_timers_result.stdout_lines | difference(healthcheck_systemd_timers) }}" + become: true + - name: Enable the system timer ansible.builtin.systemd_service: - name: healthcheck@{{ item }}.timer + name: "{{ item }}" state: started enabled: true daemon_reload: true - loop: "{{ healthcheck_svc.checks }}" + loop: "{{ healthcheck_systemd_timers }}" become: true diff --git a/roles/healthcheck/vars/main.yml b/roles/healthcheck/vars/main.yml index 4dd4f9e..a1b7988 100644 --- a/roles/healthcheck/vars/main.yml +++ b/roles/healthcheck/vars/main.yml @@ -9,15 +9,15 @@ healthcheck_svc: healthcheck_env: USER_AGENT: healthcheck-bot for serguzim.net - HTTP_HC_UID: "{{ vault_healthcheck.hc_uid.http }}" + HTTP_HC_URL: "{{ opentofu.healthchecksio.healthcheck.http.ping_url }}" MATRIX_SERVER: https://matrix.serguzim.me MATRIX_SERVER_FEDTESTER: msrg.cc - MATRIX_HC_UID: "{{ vault_healthcheck.hc_uid.matrix }}" + MATRIX_HC_URL: "{{ opentofu.healthchecksio.healthcheck.matrix.ping_url }}" MATRIX_TOKEN: "{{ vault_healthcheck.matrix.token }}" MATRIX_ROOM: "{{ vault_healthcheck.matrix.room }}" - MAIL_HC_UID: "{{ vault_healthcheck.hc_uid.mail }}" + MAIL_HC_UID: "{{ opentofu.healthchecksio.healthcheck.mail.id }}" MAIL_HOST: "{{ mailer.host }}" MAIL_PORT: "{{ mailer.port }}" MAIL_USER: "{{ vault_healthcheck.mailer.user }}"