refactor tmpreaper to separate module

fix bug 961697
 remove jenkins tmpreaper cron
 create tmpreaper module which can be included by any class
 for now, only jenkins_slave class actually includes it

Change-Id: I3388cbfb9b97c00cde8f4c2a2ebe60a4d76736d7
This commit is contained in:
Devananda van der Veen 2012-03-29 08:44:16 -07:00
parent 5b32163857
commit 4079d25387
5 changed files with 190 additions and 9 deletions

View File

@ -76,6 +76,7 @@ class openstack_server ($iptables_public_tcp_ports) {
}
class openstack_jenkins_slave {
include tmpreaper
class { 'openstack_server':
iptables_public_tcp_ports => []
}

View File

@ -66,7 +66,6 @@ class jenkins_slave($ssh_key) {
"socat",
"sqlite3",
"swig",
"tmpreaper",
"unzip",
"vlan",
"wget"]
@ -107,15 +106,18 @@ class jenkins_slave($ssh_key) {
cron { "tmpreaper":
user => jenkins,
minute => '0',
hour => '1',
command => "/usr/sbin/tmpreaper --runtime 1200 --delay 600 1d /tmp 2>&1 | grep -v 'failed: Permission denied'",
require => [ Package[tmpreaper], File[jenkinshome] ],
}
file { 'tmpreaper-cron.daily':
name => '/etc/cron.daily/tmpreaper',
ensure => 'absent',
}
file { 'jenkinslogs':
name => '/var/log/jenkins/tmpreaper.log*',
ensure => 'absent',
}
file { 'jenkinslogdir':
name => '/var/log/jenkins',
ensure => 'absent',
force => true,
}
}

View File

@ -0,0 +1,109 @@
#!/bin/sh
PATH=/usr/sbin:/usr/bin:/sbin:/bin
# in case of `dpkg -r' leaving conffile.
if ! [ -x /usr/sbin/tmpreaper ]; then
exit 0
fi
# Remove `/tmp/...' files not accessed in X time (configured in
# /etc/tmpreaper.conf, default 7 days), protecting the .X, .ICE, .iroha and
# .ki2 files; but removing symlinks. For directories not the access time, but
# the modification time is used (--mtime-dir), as reading a directory to check
# the contents will update the access time!
#
# In the default, /tmp/. is used, not the plain /tmp you might expect, as this
# accomodates the situation where /tmp is a symlink to some other place.
#
# Note that the sockets are safe even without the `--protect', unless `--all'
# is given, and the `.X*-lock' files would be safe also, as long as they have
# no write permissions, so this particular protect is mainly illustrative, and
# redundant. For best results, don't try to get fancy with the moustache
# expansions. KISS. Always --test your protect patterns.
#
# Immutable files (such as ext3fs' .journal) are not (cannot be) removed;
# when such a file is encountered when trying to remove it, no error is given
# unless you use the --verbose option in which case a message is given.
#
# In case you're wondering: .iroha is for cannaserver and .ki2 is for kinput2
# (japanese software, lock files).
# journal.dat is for (older) ext3 filesystems
# quota.user, quota.group is for (duh) quotas.
# Set config defaults
SHOWWARNING=''
# get the TMPREAPER_TIME value from /etc/default/rcS
if grep '^TMPTIME=' /etc/default/rcS >/dev/null 2>&1; then
eval $(grep '^TMPTIME=' /etc/default/rcS)
if [ -n "$TMPTIME" ]; then
# Don't clean files if TMPTIME is negative or 'infinite'
# to mimic the way /lib/init/bootclean.sh works.
case "$TMPTIME" in
-*|infinite|infinity)
# don't use this as default
;;
*)
if [ "$TMPTIME" -gt 0 ]; then
TMPREAPER_TIME=${TMPTIME}d
else
TMPREAPER_TIME=7d
fi
;;
esac
fi
fi
# ! Important ! The "set -f" below prevents the shell from expanding
# file paths, which is vital for the configuration below to work.
set -f
# preserve environment setting of TMPREAPER_DELAY to allow manual override when
# running the cron.daily script by hand:
if [ -n "$TMPREAPER_DELAY" ]; then
# check for digits only
case "$TMPREAPER_DELAY" in
[0-9]*) TMPREAPER_DELAY_SAVED="$TMPREAPER_DELAY";;
*) ;;
esac
fi
if [ -s /etc/tmpreaper.conf ]; then
. /etc/tmpreaper.conf
fi
# Now restore the saved value of TMPREAPER_DELAY (if any):
if [ -n "$TMPREAPER_DELAY_SAVED" ]; then
TMPREAPER_DELAY="$TMPREAPER_DELAY_SAVED"
else
# set default in case it's not given in tmpreaper.conf:
TMPREAPER_DELAY=${TMPREAPER_DELAY:-256}
fi
if [ "$SHOWWARNING" = true ]; then
echo "Please read /usr/share/doc/tmpreaper/README.security.gz first;"
echo "edit /etc/tmpreaper.conf to remove this message (look for SHOWWARNING)."
exit 0
fi
# Verify that these variables are set, and if not, set them to default values
# This will work even if the required lines are not specified in the included
# file above, but the file itself does exist.
TMPREAPER_TIME=${TMPREAPER_TIME:-7d}
TMPREAPER_PROTECT_EXTRA=${TMPREAPER_PROTECT_EXTRA:-''}
TMPREAPER_DIRS=${TMPREAPER_DIRS:-'/tmp/.'}
nice -n10 tmpreaper --delay=$TMPREAPER_DELAY --mtime-dir --symlinks $TMPREAPER_TIME \
$TMPREAPER_ADDITIONALOPTIONS \
--ctime \
--protect '/tmp/.X*-{lock,unix,unix/*}' \
--protect '/tmp/.ICE-{unix,unix/*}' \
--protect '/tmp/.iroha_{unix,unix/*}' \
--protect '/tmp/.ki2-{unix,unix/*}' \
--protect '/tmp/lost+found' \
--protect '/tmp/journal.dat' \
--protect '/tmp/quota.{user,group}' \
`for i in $TMPREAPER_PROTECT_EXTRA; do echo --protect "$i"; done` \
$TMPREAPER_DIRS

View File

@ -0,0 +1,46 @@
# tmpreaper.conf
# - local configuration for tmpreaper's daily run
#
# This is only used if /etc/cron.daily/tmpreaper was also updated,
# i.e. there's a line ". /etc/tmpreaper.conf" in that file.
# The shell code that used to be here (pre version 1.6.7) is now
# in the cron.daily script.
# Remove the next line if you understand the possible security implications of
# having tmpreaper run automatically;
# see /usr/share/doc/tmpreaper/README.security.gz
# SHOWWARNING=true
#
# TMPREAPER_TIME
# is the max. age of files before they're removed.
# default:
# the TMPTIME value in /etc/default/rcS if it's there, else
# TMPREAPER_TIME=7d (for 7 days)
# I recommend setting the value in /etc/default/rcS, as
# that is used to clean out /tmp whenever the system is booted.
#
# TMPREAPER_PROTECT_EXTRA
# are extra patterns that you may want to protect.
# Example:
# TMPREAPER_PROTECT_EXTRA='/tmp/isdnctrl* /tmp/important*'
#
# TMPREAPER_DIRS
# are the directories to clean up.
# *never* supply / here! That will wipe most of your system!
# Example:
# TMPREAPER_DIRS='/tmp/. /var/tmp/.'
#
# TMPREAPER_DELAY
# defines the maximum (randomized) delay before starting processing.
# See the manpage entry for --delay. Default is 256.
# Example:
# TMPREAPER_DELAY='256'
#
# TMPREAPER_ADDITIONALOPTIONS
# extra options that are passed to tmpreaper, e.g. --all
TMPREAPER_PROTECT_EXTRA=''
TMPREAPER_DIRS='/tmp/.'
TMPREAPER_DELAY='256'
TMPREAPER_ADDITIONALOPTIONS=''
TMPREAPER_TIME=1d

View File

@ -0,0 +1,23 @@
class tmpreaper() {
package { 'tmpreaper':
ensure => present,
}
file { 'tmpreaper-cron.daily':
name => '/etc/cron.daily/tmpreaper',
ensure => 'present',
owner => 'root',
group => 'root',
mode => 755,
source => 'puppet:///modules/tmpreaper/tmpreaper-cron.daily',
}
file { 'tmpreaper.conf':
name => '/etc/tmpreaper.conf',
ensure => 'present',
owner => 'root',
group => 'root',
mode => 644,
source => 'puppet:///modules/tmpreaper/tmpreaper.conf',
}
}