From eaf82a092087e37bfd1e43c100c367147f387f54 Mon Sep 17 00:00:00 2001
From: Arnaud DABY-SEESARAM <ds-ac@crans.org>
Date: Tue, 27 Dec 2022 18:16:32 +0100
Subject: [PATCH] [untested] prototype cron -> systemd timers

---
 roles/sdcron/tasks/main.yml                   | 52 +++++++++++++++
 .../systemd/system/failuremail@.service.j2    | 10 +++
 .../etc/systemd/system/sdcron.service.j2      |  9 +++
 .../etc/systemd/system/sdcron.timer.j2        | 15 +++++
 .../systemd/system/successmail@.service.j2    |  9 +++
 roles/sdcron/templates/tmppass.j2             |  1 +
 .../templates/var/local/sendstatusmail.sh.j2  | 65 +++++++++++++++++++
 7 files changed, 161 insertions(+)
 create mode 100644 roles/sdcron/tasks/main.yml
 create mode 100644 roles/sdcron/templates/etc/systemd/system/failuremail@.service.j2
 create mode 100644 roles/sdcron/templates/etc/systemd/system/sdcron.service.j2
 create mode 100644 roles/sdcron/templates/etc/systemd/system/sdcron.timer.j2
 create mode 100644 roles/sdcron/templates/etc/systemd/system/successmail@.service.j2
 create mode 100644 roles/sdcron/templates/tmppass.j2
 create mode 100644 roles/sdcron/templates/var/local/sendstatusmail.sh.j2

diff --git a/roles/sdcron/tasks/main.yml b/roles/sdcron/tasks/main.yml
new file mode 100644
index 00000000..ea90b6b8
--- /dev/null
+++ b/roles/sdcron/tasks/main.yml
@@ -0,0 +1,52 @@
+---
+- name: Temporarily store the password of the SMTP user
+  template:
+    src: tmppass.j2
+    dst: /tmp/sdcron_pass
+    owner: root
+    group: root
+
+- name: Launch systemd-creds encrypt on the password for sdcron, and store the result in a variable
+  command: systemd-creds --pretty --name=smtppass encrypt /tmp/sdcron_pass -
+  register: creds
+
+- name: Delete the password of the SMTP user
+  file:
+    state: absent
+    path: /tmp/sdcron_pass
+
+- name: Adding services to send status emails
+  template:
+    src: etc/systemd/system/{{ item }}@.service.j2
+    dst: /etc/systemd/system/{{ item }}@.service
+    owner: root
+    group: root
+  loop:
+    - successmail
+    - failuremail
+
+- name: Deploy the status-sender
+  template:
+    src: var/local/sendstatusmail.sh.j2
+    dst: /var/local/sendstatusmail.sh
+    owner: root
+    group: root
+    mode: '0500'
+
+- name: Install sdcron timers
+  template:
+    src: etc/systemd/system/sdcron.timer.j2
+    dst: etc/systemd/system/{{ item.name }}.timer
+  loop: "{{ sdcron.tasks }}"
+
+- name: Install sdcron services
+  template:
+    src: etc/systemd/system/sdcron.service.j2
+    dst: etc/systemd/system/{{ item.name }}.service
+  loop: "{{ sdcron.tasks }}"
+
+- name: Enable sdcron timers
+  systemd:
+    name: {{ item.name }}.timer
+    enabled: yes
+  loop: "{{ sdcron.tasks }}"
diff --git a/roles/sdcron/templates/etc/systemd/system/failuremail@.service.j2 b/roles/sdcron/templates/etc/systemd/system/failuremail@.service.j2
new file mode 100644
index 00000000..4fd00b34
--- /dev/null
+++ b/roles/sdcron/templates/etc/systemd/system/failuremail@.service.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Sends failure mail for service %i
+
+[Service]
+Type=oneshot
+ExecStart=/var/local/sendstatusmail.sh failure %i
+Environment="SMTP_PORT=465" "SMTP_USER=sdcron"
+{{{ creds.stdout_lines }}}
+# User / Group = ce qu'on veut en vrai
+
diff --git a/roles/sdcron/templates/etc/systemd/system/sdcron.service.j2 b/roles/sdcron/templates/etc/systemd/system/sdcron.service.j2
new file mode 100644
index 00000000..e0644e0b
--- /dev/null
+++ b/roles/sdcron/templates/etc/systemd/system/sdcron.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Service for {{ item.name }}
+OnFailure=failuremail@%n.service
+OnSuccess=successmail@%n.service
+
+[Service]
+Type=oneshot
+ExecStart={{ item.command }}
+
diff --git a/roles/sdcron/templates/etc/systemd/system/sdcron.timer.j2 b/roles/sdcron/templates/etc/systemd/system/sdcron.timer.j2
new file mode 100644
index 00000000..7edb2007
--- /dev/null
+++ b/roles/sdcron/templates/etc/systemd/system/sdcron.timer.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=Timer for {{ item.name }}.
+
+[Timer]
+{% if item.type == "intervalbased" %}
+OnBootSec=5m
+OnUnitInactiveSec={{ item.interval }}
+{% else %}
+OnCalendar={{ item.calendar }}
+{% endif %}
+Unit={{ item.name }}.service
+
+[Install]
+WantedBy=timers.target
+
diff --git a/roles/sdcron/templates/etc/systemd/system/successmail@.service.j2 b/roles/sdcron/templates/etc/systemd/system/successmail@.service.j2
new file mode 100644
index 00000000..4fa6154b
--- /dev/null
+++ b/roles/sdcron/templates/etc/systemd/system/successmail@.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Sends success mail for service %i
+
+[Service]
+Type=oneshot
+ExecStart=/var/local/sendstatusmail.sh success %i
+Environment="SMTP_PORT=465" "SMTP_USER=sdcron"
+{{{ creds.stdout_lines }}}
+# User / Group = ce qu'on veut en vrai
diff --git a/roles/sdcron/templates/tmppass.j2 b/roles/sdcron/templates/tmppass.j2
new file mode 100644
index 00000000..a1e90c8d
--- /dev/null
+++ b/roles/sdcron/templates/tmppass.j2
@@ -0,0 +1 @@
+{{{ vault.sdcron.smtp_pass }}}
diff --git a/roles/sdcron/templates/var/local/sendstatusmail.sh.j2 b/roles/sdcron/templates/var/local/sendstatusmail.sh.j2
new file mode 100644
index 00000000..3f1fd74f
--- /dev/null
+++ b/roles/sdcron/templates/var/local/sendstatusmail.sh.j2
@@ -0,0 +1,65 @@
+#!/usr/bin/bash -ue
+
+
+# The script assumes that:
+# - SMTP_PORT and SMTP_USER are environment variables to store the port and account to use on the SMTP server.
+# - if authentication is to be used, credentials called smtppass and smtpuser is passed by sd.
+
+
+status="${1}"
+service_name="${2}"
+
+
+
+## identification to use fot the mail server:
+#    identifyme is set to 1 if authentication is possible, 0 otherwise
+
+identifyme=1
+smtp_pass=$(systemd-creds cat smtppass) || identifyme=0
+smtp_user=$SMTP_USER
+smtp_port=$SMTP_PORT
+
+smtp_server="redisdead.crans.org"
+smtp_rcpt="nounous@crans.org"
+email="sdcron@crans.org"
+
+
+## Write the email in a temporary file
+tmp=$(mktemp /tmp/mail.XXXXX)
+
+echo "From: sdcron <sdcron@crans.org>
+To: nounous@crans.org
+Subject: ${status} of the service ${service_name}.
+Date: $(date -R)
+
+Salut, tout est dans le sujet $\ddot\smile$!
+
+--
+Cordialement
+
+sdcron
+
+" | tee "$tmp"
+
+
+
+## Send the email
+case identifyme in
+    0 ) 
+        curl --ssl-reqd \
+                --url "smtps://${smtp_server}:${smtp_port}" \
+                --mail-from "${email}" \
+                --mail-rcpt "${smtp_rcpt}" \
+                --upload-file "$tmp"
+        ;;
+    1 )
+        curl --ssl-reqd \
+                --url "smtps://${smtp_server}:${smtp_port}" \
+                --user "${smtp_user}:${smtp_pass}" \
+                --mail-from "${email}" \
+                --mail-rcpt "${smtp_rcpt}" \
+                --upload-file "$tmp"
+        ;;
+esac
+
+rm "$tmp"