Export scheduled shutdowns to the web

Move logic from dsa2_shutdown nrpe command to a separate script, and use
it to let http(s) clients know a shutdown is scheduled.

diff --git a/modules/apache2/files/cron-export-scheduled-shutdown b/modules/apache2/files/cron-export-scheduled-shutdown
new file mode 100644 (file)
index 0000000..213aa80
--- /dev/null
+++ b/modules/apache2/files/cron-export-scheduled-shutdown
@@ -0,0 +1,2 @@
+PATH=/usr/local/bin:/usr/bin:/bin
+*/2    root    if dsa-is-shutdown-scheduled; then echo 'system-in-shutdown' > /srv/www/default.debian.org/htdocs/shutdown-in-progress ; else rm -f /srv/www/default.debian.org/htdocs/shutdown-in-progress; fi

diff --git a/modules/apache2/files/local-scheduled-shutdown b/modules/apache2/files/local-scheduled-shutdown
new file mode 100644 (file)
index 0000000..5303871
--- /dev/null
+++ b/modules/apache2/files/local-scheduled-shutdown
@@ -0,0 +1 @@
+Alias /shutdown-in-progress /srv/www/default.debian.org/htdocs/shutdown-in-progress

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index 129c9d5..4f07934 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -185,4 +185,11 @@ class apache2 {
                content => template('apache2/ssl-key-pins.erb'),
                notify  => Exec['service apache2 reload'],
        }
+
+       file { '/etc/cron.d/puppet-export-scheduled-shutdown':
+               source  => 'puppet:///modules/apache2/cron-export-scheduled-shutdown',
+       }
+       apache2::config { 'local-scheduled-shutdown':
+               source  => 'puppet:///modules/apache2/local-scheduled-shutdown',
+       }
 }

diff --git a/modules/debian_org/files/dsa-is-shutdown-scheduled b/modules/debian_org/files/dsa-is-shutdown-scheduled
new file mode 100644 (file)
index 0000000..c23f2f2
--- /dev/null
+++ b/modules/debian_org/files/dsa-is-shutdown-scheduled
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# sysvinit
+if /usr/lib/nagios/plugins/check_procs -w 1: -u root -C shutdown > /dev/null; then
+       exit 0
+fi
+# jessie
+if /usr/lib/nagios/plugins/check_procs -w 1: -u root -a /lib/systemd/systemd-shutdownd > /dev/null; then
+       exit 0
+fi
+# stretch
+if busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager ScheduledShutdown 2> /dev/null | awk '$3 > 0 { t=$3 } END { exit (t == 0)}'; then
+       exit 0
+fi
+exit 1

diff --git a/modules/debian_org/manifests/init.pp b/modules/debian_org/manifests/init.pp
index fdb2135..6226813 100644 (file)
--- a/modules/debian_org/manifests/init.pp
+++ b/modules/debian_org/manifests/init.pp
@@ -251,6 +251,10 @@ class debian_org {
                owner  => root,
                group  => root,
        }
+       file { '/usr/local/bin/dsa-is-shutdown-in-progress':
+               source  => 'puppet:///modules/debian_org/dsa-is-shutdown-in-progress',
+               mode    => '0555',
+       }
 
        exec { 'dpkg-reconfigure tzdata -pcritical -fnoninteractive':
                path        => '/usr/bin:/usr/sbin:/bin:/sbin',

diff --git a/modules/nagios/templates/inc-debian.org.erb b/modules/nagios/templates/inc-debian.org.erb
index 817366e..8217866 100644 (file)
--- a/modules/nagios/templates/inc-debian.org.erb
+++ b/modules/nagios/templates/inc-debian.org.erb
@@ -22,7 +22,7 @@ out
 # if a system is running shutdown.  We do not use check_nrpe's
 # exit code as that does not reliably tell us if the check could
 # not connect to the nrpe server or if the remote check returned not-null.
-command[dsa2_shutdown]=if /usr/lib/nagios/plugins/check_procs -w 1: -u root -C shutdown > /dev/null || /usr/lib/nagios/plugins/check_procs -w 1: -u root -a /lib/systemd/systemd-shutdownd > /dev/null || ( busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager ScheduledShutdown 2> /dev/null | awk '$3 > 0 { t=$3; } END { exit (t == 0)}' ); then echo 'system-in-shutdown'; else echo 'no shutdown running' ; fi
+command[dsa2_shutdown]=if /usr/local/bin/dsa-is-shutdown-scheduled; then echo 'system-in-shutdown'; else echo 'no shutdown running' ; fi
 command[restart-ekey]=sudo /usr/sbin/service ekeyd-egd-linux restart
 command[restart-samhain]=sudo /usr/sbin/service samhain restart
 command[restart-ekey]=sudo /usr/sbin/service ekeyd-egd-linux restart