From ee007e28fba6ee84f3939eafe1506e0b30e7e901 Mon Sep 17 00:00:00 2001
From: Alexandre CATTEAU <alex@ln1.jab.kto.black>
Date: Sun, 24 Jul 2022 20:28:08 +0200
Subject: [PATCH] Initial commit

---
 .gitignore                               |  2 +
 README.md                                | 18 +++++++++
 conts-snap.sh                            | 15 ++++++++
 docker-upgrade.sh                        | 24 ++++++++++++
 install.sh                               | 47 ++++++++++++++++++++++++
 systemd-templates/cont-snap@.service     | 14 +++++++
 systemd-templates/conts-snap.service     |  6 +++
 systemd-templates/conts-snap.timer       |  9 +++++
 systemd-templates/docker-upgrade.service |  7 ++++
 systemd-templates/docker-upgrade.timer   |  9 +++++
 systemd-templates/machines-start.timer   |  9 +++++
 variables.conf.template                  |  5 +++
 12 files changed, 165 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 conts-snap.sh
 create mode 100644 docker-upgrade.sh
 create mode 100755 install.sh
 create mode 100644 systemd-templates/cont-snap@.service
 create mode 100644 systemd-templates/conts-snap.service
 create mode 100644 systemd-templates/conts-snap.timer
 create mode 100644 systemd-templates/docker-upgrade.service
 create mode 100644 systemd-templates/docker-upgrade.timer
 create mode 100644 systemd-templates/machines-start.timer
 create mode 100644 variables.conf.template

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..99a3140
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+variables.conf
+.disabled
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..44ae67e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+# Containers management
+
+These scripts and Systemd units manage the daily snapshoting of our Nspawn containers, and update of Docker containers.
+
+### Introduction
+All running Nspawn containers are stopped, snapshoted (using Btrfs subvolumes) and restarted
+
+### Files
+* `conts-snap.sh` runs the main process, which snapshots the Nspawn containers.
+* `docker-upgrade.sh` pulls the newest version of running Docker containers.
+* `variables.conf.template` contains examples variables definitions, and should be copied locally to `variables.conf`
+  (with any required modifications).
+* `systemd-templates/` contains Systemd units templates for running the scripts unattended.
+#### Installation
+* `install.sh` script copies Systemd templates to their destination, and enables conts-snap and docker-upgrade timer.
+
+### TODO
+* RAS
diff --git a/conts-snap.sh b/conts-snap.sh
new file mode 100644
index 0000000..fe33180
--- /dev/null
+++ b/conts-snap.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+source "$(dirname "$0")/variables.conf"
+
+mount $containers_dir
+
+cd /var/lib/machines
+for filename in *; do
+  systemctl start cont-snap@$filename.service
+  btrfs subvolume delete $containers_dir/$filename/$(date -d "-15 days" +"%Y%m%d")*
+done
+
+umount $containers_dir
+
+exit 0
diff --git a/docker-upgrade.sh b/docker-upgrade.sh
new file mode 100644
index 0000000..5d9eb96
--- /dev/null
+++ b/docker-upgrade.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Upgrade CODE Docker
+code() {
+  docker pull collabora/code:latest | grep 'Image is up to date' && pulled='no' || pulled='yes'
+
+  if [[ "$pulled" = "yes" ]]; then
+    echo "$(date +%+4Y-%m-%d): Update" >> $logfile_path
+    docker stop CODE
+    docker rm CODE
+    docker run --name 'CODE' -t -d -p 9980:9980 -e 'domain=cloud\\.kto\\.black' --network host --restart always collabora/code
+  else
+    echo "$(date +%+4Y-%m-%d): No update" >> $logfile_path
+  fi
+}
+
+# Variables
+logfile_path='/home/alex/docker-upgrade.log'
+
+set -ex
+
+code
+
+exit 0
diff --git a/install.sh b/install.sh
new file mode 100755
index 0000000..0e693f5
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+run_directory=$(dirname "$0")
+user=$(whoami)
+
+source "$run_directory/variables.conf"
+
+if [ -f $run_directory/.disabled ]; then
+  echo "Installation is disabled. Exiting..."
+  exit 0
+fi
+
+echo "Copying Systemd units to system directory..."
+if [[ $user != 'root' ]]; then
+  sudo cp systemd-templates/cont-snap@.service /etc/systemd/system/
+  sudo cp systemd-templates/conts-snap.service /etc/systemd/system/
+  sudo sed -i -e "s:PH_DIRECTORY:$(pwd):g" /etc/systemd/system/conts-snap.service
+  sudo cp systemd-templates/conts-snap.timer /etc/systemd/system/
+  sudo cp systemd-templates/docker-upgrade.service /etc/systemd/system/
+  sudo sed -i -e "s:PH_DIRECTORY:$(pwd):g" /etc/systemd/system/docker-upgrade.service
+  sudo cp systemd-templates/docker-upgrade.timer /etc/systemd/system/
+  sudo cp systemd-templates/machines-start.service /etc/systemd/system/
+else
+  cp systemd-templates/cont-snap@.service /etc/systemd/system/
+  cp systemd-templates/conts-snap.service /etc/systemd/system/
+  sed -i -e "s:PH_DIRECTORY:$(pwd):g" /etc/systemd/system/conts-snap.service
+  cp systemd-templates/conts-snap.timer /etc/systemd/system/
+  cp systemd-templates/docker-upgrade.service /etc/systemd/system/
+  sed -i -e "s:PH_DIRECTORY:$(pwd):g" /etc/systemd/system/docker-upgrade.service
+  cp systemd-templates/docker-upgrade.timer /etc/systemd/system/
+  cp systemd-templates/machines-start.service /etc/systemd/system/
+fi
+echo "Reloading Systemd..."
+if [[ $user != 'root' ]]; then
+  sudo systemctl daemon-reload
+else
+  systemctl daemon-reload
+fi
+echo "Enabling timer (not starting it, either do it manually or reboot)..."
+if [[ $user != 'root' ]]; then
+  sudo systemctl enable conf-sync.timer
+else
+  systemctl enable conf-sync.timer
+fi
+
+echo "Finished install. Exiting..."
+exit 0
diff --git a/systemd-templates/cont-snap@.service b/systemd-templates/cont-snap@.service
new file mode 100644
index 0000000..8bfd28e
--- /dev/null
+++ b/systemd-templates/cont-snap@.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Snapshot %i container
+Requisite=systemd-nspawn@%i.service
+Wants=mnt-containers.mount
+After=systemd-nspawn@%i.service mnt-containers.mount
+
+[Service]
+Type=oneshot
+ExecStartPre=/usr/bin/machinectl stop %i
+# Hereunder is a bit gross, but we need to make sure container is entirely stopped / 5 sec should be sufficient, but we have a problem with mail container; perhaps this sleep is too late anyway...
+ExecStart=/usr/bin/bash -c 'sleep 10 && /usr/bin/btrfs subvolume snapshot -r /mnt/containers/%i/current /mnt/containers/%i/$$(date +%%Y%%m%%d)'
+# As we now get random issues post snap (containers do not always restart...), we add another sleep... Real gros...
+#ExecStartPost=/usr/bin/machinectl start %i
+ExecStartPost=/usr/bin/bash -c 'sleep 10 && /usr/bin/machinectl start %i'
diff --git a/systemd-templates/conts-snap.service b/systemd-templates/conts-snap.service
new file mode 100644
index 0000000..769de69
--- /dev/null
+++ b/systemd-templates/conts-snap.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Snapshot Nspawn containers
+
+[Service]
+Type=oneshot
+ExecStart=PH_DIRECTORY/conts-snap.sh
diff --git a/systemd-templates/conts-snap.timer b/systemd-templates/conts-snap.timer
new file mode 100644
index 0000000..7ecc6c9
--- /dev/null
+++ b/systemd-templates/conts-snap.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Snapshot Nspawn containers regularly
+
+[Timer]
+OnCalendar=*-*-* 04:00:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/systemd-templates/docker-upgrade.service b/systemd-templates/docker-upgrade.service
new file mode 100644
index 0000000..2fca8c5
--- /dev/null
+++ b/systemd-templates/docker-upgrade.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Upgrade Docker containers
+Requisite=docker.service
+
+[Service]
+Type=oneshot
+ExecStart=PH_DIRECTORY/docker-upgrade.sh
diff --git a/systemd-templates/docker-upgrade.timer b/systemd-templates/docker-upgrade.timer
new file mode 100644
index 0000000..15c1e73
--- /dev/null
+++ b/systemd-templates/docker-upgrade.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Upgrade Docker containers regularly
+
+[Timer]
+OnCalendar=*-*-* 04:30:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/systemd-templates/machines-start.timer b/systemd-templates/machines-start.timer
new file mode 100644
index 0000000..6383e34
--- /dev/null
+++ b/systemd-templates/machines-start.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Make sure containers are started after snapshoting
+
+[Timer]
+Unit=machines.target
+OnCalendar=*-*-* 04:15:00
+
+[Install]
+WantedBy=timers.target
diff --git a/variables.conf.template b/variables.conf.template
new file mode 100644
index 0000000..17962ef
--- /dev/null
+++ b/variables.conf.template
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+# Copy this file as variables.conf, with the correct values
+
+containers_dir="" # Path to containers subvolumes main directory