Kvm/snapshot

.gitignore

@@ -42,3 +42,4 @@ devops/roles/icos.postgresql/postgis_restore_log.txt
 devops/roles/icos.postgresql/rdflog_restore_log.txt
 devops/roles/icos.restheart/restheart_restore_log.txt
 
+**/.DS_Store

devops/get_onlyoffice_container_id.yml

@@ -0,0 +1,62 @@
+---
+#
+# Overview:     Get onlyoffice container id  
+# Ver:          251103
+# Updated:      
+#
+# get_onlyoffice_container_id_and_load_fonts.yml
+
+- hosts: fsicos2
+  become: true
+  gather_facts: false
+
+  vars:
+    container_name: "onlyoffice"
+    host_fonts_dir: "/docker/nextcloud/onlyoffice-fonts/aptos_fonts"
+    container_fonts_dir: "/usr/share/fonts/truetype/custom"
+
+  tasks:
+    - name: Detect ONLYOFFICE container ID (short)
+      check_mode: no
+      shell: >
+        docker ps -q --filter "name={{ container_name }}" | head -n1
+      args:
+        executable: /bin/bash
+      register: container_id
+      changed_when: false
+
+    - name: Fail if container not found
+      assert:
+        that: container_id.stdout | trim | length > 0
+        fail_msg: "ONLYOFFICE container not found (name={{ container_name }})."
+
+    - name: Ensure fonts directory exists inside the container
+      check_mode: no
+      shell: >
+        docker exec -u 0 {{ container_id.stdout | trim }}
+        bash -lc 'mkdir -p {{ container_fonts_dir }}'
+      args:
+        executable: /bin/bash
+      changed_when: false
+
+    - name: Copy fonts into the container
+      check_mode: no
+      shell: >
+        docker cp {{ host_fonts_dir }}/.
+        {{ container_id.stdout | trim }}:{{ container_fonts_dir }}/
+      args:
+        executable: /bin/bash
+      changed_when: false
+
+    - name: Refresh font caches and ONLYOFFICE metadata
+      check_mode: no
+      shell: >
+        docker exec -u 0 {{ container_id.stdout | trim }}
+        bash -lc 'fc-cache -f -v && /usr/bin/documentserver-generate-allfonts.sh'
+      args:
+        executable: /bin/bash
+      changed_when: false
+
+    - name: Print container ID
+      debug:
+        msg: "{{ container_id.stdout | trim }}"

devops/icos-kronos-kvm.yml

@@ -0,0 +1,4 @@
+- hosts: icos-kronos
+  roles:
+    - role: icos.kvm_snapshot
+      tags: kvm_snapshot

devops/roles/icos.kvm_snapshot/README.md

@@ -0,0 +1,9 @@
+
+# Change PATH to your working git path:
+
+# Example
+cd <PATH>/git-icos/infrastructure/devops
+
+# For just command run (Note: Omitting C parameter):
+    just play icos-kronos-kvm -t kvm_snapshot -e domain=icos-srv1 -D -i ~/ansible/inventory.ini
+

devops/roles/icos.kvm_snapshot/defaults/main.yml

@@ -0,0 +1,5 @@
+  vm_domain: "{{ domain }}"
+  snapshot_name: "snapshot"
+  snapshot_description: "Snapshot for {{ vm_domain }}."
+  shutdown_timeout: 120
+  start_timeout: 60

devops/roles/icos.kvm_snapshot/tasks/main.yml

@@ -0,0 +1,74 @@
+    - name: Generate unique snapshot name
+      set_fact:
+        snapshot_name: "snapshot-{{ lookup('pipe', 'date +%Y-%m-%d_%H-%M-%S') }}"
+
+    - name: Validate domain parameter is provided
+      fail:
+        msg: "You must provide a domain name using -e domain=<vm-name>"
+      when: domain is not defined
+
+    - name: Check if vm exists and is running
+      command:
+        cmd: virsh domstate {{ vm_domain }}
+      register: vm_state
+      changed_when: false
+      check_mode: false
+
+    - name: Display current VM state
+      debug:
+        msg: "VM {{ vm_domain }} is currently: {{ vm_state.stdout | trim }}"
+
+    - name: Shutdown running vm
+      command:
+        cmd: virsh shutdown {{ vm_domain }}
+      when: vm_state.stdout | trim == "running"
+
+    - name: Wait for VM to shut down
+      command:
+        cmd: virsh domstate {{ vm_domain }}
+      register: vm_shutdown_state
+      until: vm_shutdown_state.stdout | trim == "shut off"
+      retries: "{{ (shutdown_timeout / 5) | int }}"
+      delay: 20
+      changed_when: false
+      when: vm_state.stdout | trim == "running"
+
+    - name: Create snapshot
+      command:
+        cmd: >
+          virsh snapshot-create-as
+          --domain {{ vm_domain }}
+          --name "{{ snapshot_name }}"
+          --description "{{ snapshot_description }}"
+      register: snapshot_result
+
+    - name: Verify snapshot was created
+      command:
+        cmd: virsh snapshot-list {{ vm_domain }}
+      register: snapshot_list
+      changed_when: false
+      check_mode: false
+
+    - name: Fail if snapshot not found
+      fail:
+        msg: "Snapshot {{ snapshot_name }} was not created successfully"
+      when: snapshot_name not in snapshot_list.stdout
+
+    - name: Start vm
+      command:
+        cmd: virsh start {{ vm_domain }}
+
+    - name: Wait for vm to be running
+      command:
+        cmd: virsh domstate {{ vm_domain }}
+      register: vm_running_state
+      until: vm_running_state.stdout | trim == "running"
+      retries: "{{ (start_timeout / 5) | int }}"
+      delay: 20
+      changed_when: false
+
+    - name: Show status information
+      debug:
+        msg:
+          - "Snapshot '{{ snapshot_name }}' created for {{ vm_domain }}"
+          - "VM {{ vm_domain }} is now: {{ vm_running_state.stdout | trim }}"

devops/roles/icos.nextcloud/README.md

@@ -43,7 +43,10 @@
   - [ ] Calendar functionality
   - [ ] General mounting points
   - [ ] External storage
+<<<<<<< HEAD
   - [ ] OnlyOffice connectivity/document editing
+=======
+>>>>>>> robert-devel
 - [ ] Check system warnings in admin panel
 - [ ] Review error logs
 
@@ -125,7 +128,11 @@ apt-get install -y docker-compose-plugin
 docker compose exec -u www-data app php occ maintenance:mode --on || true
 
 # Make a backup
+<<<<<<< HEAD
 /docker/nextcloud/bbclient/bin/bbclient-coldbackup
+=======
+docker-compose exec -u 33 db pg_dump -U nextcloud nextcloud > backup_29.0.11_$(date +%Y%m%d).sql
+>>>>>>> robert-devel
 
 # Continue with
 docker compose stop app

devops/roles/icos.zabbix_agent/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# Zabbix variables
+zabbix_scripts_dir: /etc/zabbix/scripts
+zabbix_agent_conf_file: /etc/zabbix/zabbix_agent2.conf
+zabbix_agent_service: zabbix-agent2
+zabbix_server_host: icos-zbx1,127.0.0.1
+

devops/roles/icos.zabbix_agent/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart zabbix-agent2
+  systemd:
+    name: "{{ zabbix_agent_service }}"
+    state: restarted
+    daemon_reload: yes

devops/roles/icos.zabbix_agent/tasks/main.yml

@@ -0,0 +1,74 @@
+---
+- name: Install Zabbix repository package on fsicos2 and fsicos3
+  when: ansible_hostname in ['fsicos2', 'fsicos3']
+  block:
+    - name: Copy Zabbix release package to /root/
+      copy:
+        src: files/zabbix-release_7.0-2+ubuntu22.04_all.deb
+        dest: /root/zabbix-release_7.0-2+ubuntu22.04_all.deb
+        owner: root
+        group: root
+        mode: '0644'
+      check_mode: no  
+
+    - name: Install Zabbix repository package
+      apt:
+        deb: /root/zabbix-release_7.0-2+ubuntu22.04_all.deb
+        state: present
+
+    - name: Update apt cache after adding Zabbix repository
+      apt:
+        update_cache: yes
+
+
+- name: Install Zabbix agent2
+  apt:
+    name: zabbix-agent2
+    state: present
+    update_cache: yes
+
+- name: Configure Zabbix agent2 - Set Server parameter
+  lineinfile:
+    path: "{{ zabbix_agent_conf_file }}"
+    regexp: '^Server=.*$'
+    line: 'Server={{ zabbix_server_host }}'
+  register: server_changed
+
+
+
+
+- name: Configure Zabbix agent2 - Set ServerActive parameter
+  lineinfile:
+    path: "{{ zabbix_agent_conf_file }}"
+    regexp: '^ServerActive=.*$'
+    line: 'ServerActive={{ zabbix_server_host }}'
+  register: serveractive_changed
+
+- name: Configure Zabbix agent2 - Set Hostname parameter
+  lineinfile:
+    path: "{{ zabbix_agent_conf_file }}"
+    regexp: '^Hostname=Zabbix server$'
+    line: "Hostname={{ ansible_hostname }}"
+  register: hostname_changed
+
+- name: Create Zabbix scripts directory
+  file:
+    path: "{{ zabbix_scripts_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Trigger restart if configuration changed
+  debug:
+    msg: "Zabbix agent2 configuration has been modified"
+  when: server_changed.changed or serveractive_changed.changed or hostname_changed.changed
+  notify: restart zabbix-agent2
+  changed_when: true
+
+- name: Ensure Zabbix agent2 service is started and enabled
+  systemd:
+    name: "{{ zabbix_agent_service }}"
+    state: started
+    enabled: yes
+    daemon_reload: yes

devops/roles/icos.zabbix_custom_checks/README.md

@@ -0,0 +1,73 @@
+# Ansible Role: icos.zabbix_custom_checks
+
+This Ansible role deploys custom Zabbix monitoring checks to specific hosts (fsicos2 and fsicos3).
+
+## Role Structure
+
+```
+icos.zabbix_custom_checks/
+├── defaults/
+│   └── main.yml           # Default variables
+├── handlers/
+│   └── main.yml           # Service restart handlers
+├── tasks/
+│   └── main.yml           # Main tasks with blocks and tags
+├── files/
+│   ├── fsicos2/           # Files specific to fsicos2
+│   │   ├── check_*.sh     # Shell check scripts
+│   │   ├── check_*.py     # Python check scripts
+│   │   ├── custom_*.conf  # Custom configuration files
+│   │   └── zabbix         # Sudoers file (optional)
+│   └── fsicos3/           # Files specific to fsicos3
+│       ├── check_*.sh     # Shell check scripts
+│       ├── check_*.py     # Python check scripts
+│       ├── custom_*.conf  # Custom configuration files
+│       └── zabbix         # Sudoers file (optional)
+└── README.md              # This file
+```
+
+## Variables
+
+The following variables are defined in `defaults/main.yml`:
+
+- `zabbix_scripts_dir`: Directory for Zabbix scripts (default: `/etc/zabbix/scripts`)
+- `zabbix_custom_dir`: Directory for custom configurations (default: `/etc/zabbix/zabbix_agent2.d`)
+- `zabbix_sudoers_dir`: Directory for sudoers files (default: `/etc/sudoers.d`)
+- `zabbix_agent_service`: Zabbix agent service name (default: `zabbix-agent2`)
+
+## Tags
+
+The role uses the following tags for selective deployment:
+
+- `fsicos2-custom`: Deploy only fsicos2 custom checks
+- `fsicos3-custom`: Deploy only fsicos3 custom checks
+- `zabbix-custom`: Deploy all custom checks
+
+## Usage
+
+### Deploy only to fsicos2
+```
+just play server-fsicos2 -t fsicos2-custom -D
+```
+
+### Deploy only to fsicos3
+```
+just play server-fsicos3 -t fsicos3-custom -D
+```
+
+## Features
+
+1. **Automatic directory creation**: Creates necessary Zabbix directories if they don't exist
+2. **Proper file permissions**: Sets correct ownership and permissions for all files
+3. **Conditional deployment**: Uses blocks with conditions to deploy files only to appropriate hosts
+4. **Sudoers validation**: Validates sudoers files before deployment
+5. **Service restart**: Automatically restarts Zabbix agent after file changes
+6. **Tag-based deployment**: Allows selective deployment using tags
+
+## Notes
+
+- The role checks if the host is named 'fsicos2' or 'fsicos3' or belongs to corresponding groups
+- All check scripts are made executable (mode 0755)
+- Configuration files are deployed with read permissions (mode 0644)
+- The Zabbix agent service is restarted only when files are changed
+

devops/roles/icos.zabbix_custom_checks/defaults/main.yml

@@ -0,0 +1,5 @@
+# Zabbix variables
+zabbix_scripts_dir: /etc/zabbix/scripts
+zabbix_custom_dir: /etc/zabbix/zabbix_agent2.d
+zabbix_sudoers_dir: /etc/sudoers.d
+zabbix_agent_service: zabbix-agent2

devops/roles/icos.zabbix_custom_checks/files/fsicos2/check_borg_backup.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Ver: 2025-09-21 by Robert
+#
+export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
+export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
+
+REPO_BASE_DIR=$1
+REPO_DIR=$(eval echo "$REPO_BASE_DIR")
+repos=$(ls "$REPO_DIR" 2>/dev/null)
+current_time=$(date +%Y-%m-%d)
+
+# Check each repository
+for repo in $repos; do
+    [[ "$repo" == "." || "$repo" == ".." ]] && continue
+    [[ "$repo" == "prometheus.repo" ]] && continue
+
+    latest_archive=$(borg list --format '{time:%Y-%m-%d} {name}' --last=1 "$REPO_BASE_DIR/$repo" 2>/dev/null)
+    if [[ $? -eq 0 && "$latest_archive" != "" ]]; then
+        backup_date=$(echo "$latest_archive" | cut -c1-10)
+        if [[ "$backup_date" != "$current_time" ]]; then
+            echo "FAILURE1: Outdated backup in repo $repo"
+            exit 0  # Important: exit 0 so Zabbix gets the data
+        fi
+    else
+        echo "FAILURE2: Cannot check repo $repo"
+        exit 0  # Important: exit 0 so Zabbix gets the data
+    fi
+done
+
+echo "SUCCESS: All repositories have backups for today ($current_time)"
+exit 0
+