summaryrefslogtreecommitdiff
path: root/roles/whawty/auth
diff options
context:
space:
mode:
Diffstat (limited to 'roles/whawty/auth')
-rw-r--r--roles/whawty/auth/store/defaults/main.yml1
-rw-r--r--roles/whawty/auth/store/tasks/sync-client.yml10
-rw-r--r--roles/whawty/auth/store/templates/systemd.service.j23
3 files changed, 12 insertions, 2 deletions
diff --git a/roles/whawty/auth/store/defaults/main.yml b/roles/whawty/auth/store/defaults/main.yml
index c479c600..5b1ba5a6 100644
--- a/roles/whawty/auth/store/defaults/main.yml
+++ b/roles/whawty/auth/store/defaults/main.yml
@@ -25,3 +25,4 @@
# hostname: passwd.example.com
# port: 3022
# user: sync
+# prometheus: yes
diff --git a/roles/whawty/auth/store/tasks/sync-client.yml b/roles/whawty/auth/store/tasks/sync-client.yml
index a45e4727..bbd5e8c9 100644
--- a/roles/whawty/auth/store/tasks/sync-client.yml
+++ b/roles/whawty/auth/store/tasks/sync-client.yml
@@ -41,7 +41,15 @@
{% endif %}
{% endif %}
while true; do
- /usr/bin/rsync -rtW --delete --delete-delay --delay-updates --partial-dir=.tmp{{ rsync_args | join('') }} -e 'ssh -F "/etc/whawty/auth/.store-{{ item.key }}-sync/ssh_config"' 'rsync://whawty-auth-server/store' '{{ item.value.config.basedir }}'
+ /usr/bin/rsync -rtWi --delete --delete-delay --delay-updates --partial-dir=.tmp{{ rsync_args | join('') }} -e 'ssh -F "/etc/whawty/auth/.store-{{ item.key }}-sync/ssh_config"' 'rsync://whawty-auth-server/store' '{{ item.value.config.basedir }}'
+ {% if (item.value.sync.prometheus | default(False)) %}
+ result=$?
+ now=$(date +"%s")
+ cat <<EOF | sponge /var/lib/prometheus-node-exporter/textfile-collector/whawty-auth-store-sync-{{ item.key }}.prom
+ whawty_auth_store_sync_run{name="{{ item.key }}"} $now
+ whawty_auth_store_sync_exit_code{name="{{ item.key }}"} $result
+ EOF
+ {% endif %}
sleep 60
done
dest: /etc/whawty/auth/.store-{{ item.key }}-sync/run.sh
diff --git a/roles/whawty/auth/store/templates/systemd.service.j2 b/roles/whawty/auth/store/templates/systemd.service.j2
index 7e066901..4a630183 100644
--- a/roles/whawty/auth/store/templates/systemd.service.j2
+++ b/roles/whawty/auth/store/templates/systemd.service.j2
@@ -3,6 +3,7 @@ Description=sync for whawty-auth store {{ item.key }}
[Service]
Type=simple
+Restart=always
ExecStart=/etc/whawty/auth/.store-{{ item.key }}-sync/run.sh
# systemd hardening-options
@@ -20,7 +21,7 @@ ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
-ReadWritePaths={{ item.value.config.basedir }}
+ReadWritePaths={{ item.value.config.basedir }}{% if (item.value.sync.prometheus | default(False)) %} /var/lib/prometheus-node-exporter/textfile-collector/{% endif %}{{ '' }}
RemoveIPC=true
RestrictNamespaces=true
RestrictRealtime=true