From 9deb25bfa3308a8a07854bce9702e5a32b779240 Mon Sep 17 00:00:00 2001 From: = Date: Tue, 22 Nov 2022 14:50:41 +0100 Subject: [PATCH] added gotify alerts on image updates --- .../files/check_image_updates.service.jinja | 10 +++++ podman/files/check_image_updates.sh.jinja | 35 ++++++++++++++++ podman/files/check_image_updates.timer.jinja | 9 ++++ podman/init.sls | 41 +++++++++++++++++++ 4 files changed, 95 insertions(+) create mode 100644 podman/files/check_image_updates.service.jinja create mode 100644 podman/files/check_image_updates.sh.jinja create mode 100644 podman/files/check_image_updates.timer.jinja diff --git a/podman/files/check_image_updates.service.jinja b/podman/files/check_image_updates.service.jinja new file mode 100644 index 0000000..137baf5 --- /dev/null +++ b/podman/files/check_image_updates.service.jinja @@ -0,0 +1,10 @@ +[Unit] +Description=Check for image updates on configured podman containers + +[Service] +Type=oneshot +User={{ pillar.podman.user }} +ExecStart={{ salt['user.info'](pillar.podman.user).home }}/bin/check_image_updates.sh + +[Install] +WantedBy=default.target diff --git a/podman/files/check_image_updates.sh.jinja b/podman/files/check_image_updates.sh.jinja new file mode 100644 index 0000000..277cdcc --- /dev/null +++ b/podman/files/check_image_updates.sh.jinja @@ -0,0 +1,35 @@ +#!/usr/bin/env bash + +URL="{{ pillar['podman']['gotify']['url'] }}" +TOKEN="{{ pillar['podman']['gotify']['token'] }}" +TITLE="Updates on $HOSTNAME" +PRIORITY="{{ pillar['podman']['gotify']['priority'] }}" + +{% raw -%} +function check_update(){ + IFS=',' read -r -a container_info <<< "$(podman container inspect $1 --format '{{ .Name }},{{ .ImageName }},{{ .Image }}')" + + podman pull "${container_info[1]}" + if [[ "$(podman image inspect "${container_info[1]}" --format "{{.Id}}")" != "${container_info[2]}" ]];then + containers[${#containers[@]}]="${container_info[0]}" + fi +} + + +IFS=$'\n' +for line in $(podman container ls -q); do + check_update "$line" +done +if [[ "${#containers[@]}" == "0" ]]; then + exit +fi + +MESSAGE=$(cat << EOM +Following ${#containers[@]} container(s) has updates: +${containers[*]} +EOM +) + +curl "$URL/message?token=$TOKEN" -F "title=$TITLE" -F "priority=$PRIORITY" -F "message=$MESSAGE" +echo " " +{% endraw -%} diff --git a/podman/files/check_image_updates.timer.jinja b/podman/files/check_image_updates.timer.jinja new file mode 100644 index 0000000..23a5b92 --- /dev/null +++ b/podman/files/check_image_updates.timer.jinja @@ -0,0 +1,9 @@ +[Unit] +Description=Restic backup timer + +[Timer] +OnCalendar=Sun, 12:00 +Unit=check_image_updates.service + +[Install] +WantedBy=timers.target diff --git a/podman/init.sls b/podman/init.sls index 9cc0bff..520036c 100644 --- a/podman/init.sls +++ b/podman/init.sls @@ -1,4 +1,6 @@ {% set user = salt['pillar.get']('podman:user', 'root') %} +{% set home = salt['user.info'](user).home %} + Install packages needed for podman: pkg.installed: @@ -10,6 +12,45 @@ Set linger for user {{ user }}: - name: loginctl enable-linger {{ user }} - unless: test -e /var/lib/systemd/linger/{{ user }} +Copy check image update script: + file.managed: + - name: {{ home }}/bin/check_image_updates.sh + - source: salt://podman/files/check_image_updates.sh.jinja + - template: jinja + - user: {{ user }} + - group: {{ user }} + - mode: 0700 + +Create check image update service: + file.managed: + - name: /etc/systemd/system/check_image_updates.service + - source: salt://podman/files/check_image_updates.service.jinja + - template: jinja + - user: root + - group: root + - mode: "0644" + +Create check image update timer: + file.managed: + - name: /etc/systemd/system/check_image_updates.timer + - source: salt://podman/files/check_image_updates.timer.jinja + - template: jinja + - user: root + - group: root + - mode: "0644" + +Systemd daemon reload for image update: + cmd.run: + - name: systemctl daemon-reload + - onchanges: + - file: Create check image update service + - file: Create check image update timer + +Start check image update timer: + service.running: + - name: check_image_updates.timer + - enable: True + {% if pillar.containers is defined %} include: {%- for container, args in pillar.containers.items() %}