Skip to content

Commit

Permalink
Merge branch 'cherry-pick-a306d144' into 'master_2.1.x'
Browse files Browse the repository at this point in the history
Merge branch 'item_change_timers_frequency' into 'master_2.1.x'

See merge request vitam/vitam!5798
  • Loading branch information
Gabriel ARENA committed Mar 15, 2019
2 parents c824717 + efdbbb4 commit 2df5fa0
Show file tree
Hide file tree
Showing 5 changed files with 114 additions and 5 deletions.
5 changes: 5 additions & 0 deletions deployment/ansible-vitam/roles/timers/handlers/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---

- name: Daemon reload
systemd:
daemon_reload: yes
29 changes: 29 additions & 0 deletions deployment/ansible-vitam/roles/timers/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---

- name: Set Debian systemd directory
set_fact:
systemd_directory: "/lib/systemd/system"
when: ansible_os_family == "Debian"
tags:
- update_vitam_configuration
- update_timers_frequency

- name: Set Centos systemd directory
set_fact:
systemd_directory: "/usr/lib/systemd/system"
when: ansible_os_family == "RedHat"
tags:
- update_vitam_configuration
- update_timers_frequency

- name: Apply timer conf
replace:
path: "{{ systemd_directory }}/{{ item.name }}.timer"
regexp: "^\\s*OnCalendar=.*"
replace: "OnCalendar={{ item.frequency }}"
loop: "{{ timers_list }}"
tags:
- update_vitam_configuration
- update_timers_frequency
notify:
- Daemon reload
8 changes: 8 additions & 0 deletions deployment/ansible-vitam/vitam.yml
Original file line number Diff line number Diff line change
Expand Up @@ -140,11 +140,13 @@
any_errors_fatal: true
roles:
- vitam
- timers
- storage
vars:
vitam_struct: "{{ vitam.storageengine }}"
vitam_certificate_client_type: "storage"
vitam_timestamp_usage: secure-storage
timers_list: "{{ vitam_timers.storage }}"



Expand All @@ -153,20 +155,24 @@
serial: 1
roles:
- vitam
- timers
- metadata
vars:
vitam_struct: "{{ vitam.metadata }}"
timers_list: "{{ vitam_timers.metadata }}"


- hosts: hosts-logbook
any_errors_fatal: true
serial: 1
roles:
- vitam
- timers
- logbook
vars:
vitam_struct: "{{ vitam.logbook }}"
vitam_timestamp_usage: secure-logbook
timers_list: "{{ vitam_timers.logbook }}"


- hosts: hosts-workspace
Expand All @@ -182,9 +188,11 @@
serial: 1
roles:
- vitam
- timers
- functional_administration
vars:
vitam_struct: "{{ vitam.functional_administration }}"
timers_list: "{{ vitam_timers.functional_administration }}"


- hosts: hosts-security-internal
Expand Down
51 changes: 51 additions & 0 deletions deployment/environments/group_vars/all/vitam_vars.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,57 @@ classificationList: ["Non protégé","Secret Défense", "Confidentiel Défense"]
# Used in ingest, unitary update, mass-update
classificationLevelOptional: true

vitam_timers:
# systemd nomenclature
# minutely → *-*-* *:*:00
# hourly → *-*-* *:00:00
# daily → *-*-* 00:00:00
# monthly → *-*-01 00:00:00
# weekly → Mon *-*-* 00:00:00
# yearly → *-01-01 00:00:00
# quarterly → *-01,04,07,10-01 00:00:00
# semiannually → *-01,07-01 00:00:00
logbook: # all have to run on only one machine
# Sécurisation des journaux des opérations
- name: vitam-traceability-operations
frequency: "*-*-* 0/2:00:00" # each 2 hours
# Sécurisation des journaux du cycle de vie des groupes d'objets
- name: vitam-traceability-lfc-objectgroup
frequency: "*-*-* 0/4:00:00" # each 4 hours
# Sécurisation des journaux du cycle de vie des unités archivistiques
- name: vitam-traceability-lfc-unit
frequency: "*-*-* 0/3:00:00" # each 3 hours
# Audit de traçabilité
- name: vitam-traceability-audit
frequency: "*-*-* 00:00:00"
# Reconstruction
- name: vitam-logbook-reconstruction
frequency: "*-*-* *:0/5:00"
storage:
# Sauvegarde des journaux des écritures
- name: vitam-storage-accesslog-backup
frequency: "*-*-* 0/4:00:00" # each 4 hours
# Sécurisation du journal des écritures
- name: vitam-storage-log-backup
frequency: "*-*-* 0/2:00:00" # each 2 hours
# Log traceability
- name: vitam-storage-log-traceability
frequency: "*-*-* 0/2:10:00" # each 2 hours (10 minutes)
functional_administration:
- name: vitam-create-accession-register-symbolic
frequency: "*-*-* 00:00:00"
- name: vitam-functional-administration-accession-register-reconstruction
frequency: "*-*-* *:0/5:00"
- name: vitam-rule-management-audit
frequency: "*-*-* *:00:00"
- name: vitam-functional-administration-reconstruction
frequency: "*-*-* *:0/5:00"
metadata:
- name: vitam-metadata-store-graph
frequency: "*-*-* *:0/30:00"
- name: vitam-metadata-reconstruction
frequency: "*-*-* *:0/5:00"


### consul ###
# FIXME: Consul à la racine pour le moment à cause de problèmes de récursivité dans le parsing yaml
Expand Down
26 changes: 21 additions & 5 deletions doc/fr/exploitation/topics/20-batchs.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Batchs et traitements


Curator
-------
========

Il existe des jobs Curator de :

Expand All @@ -13,15 +13,15 @@ Il existe des jobs Curator de :
Ces jobs sont lancés via ``crontab`` toutes les nuits.

Sécurisation des journaux d'opérations
--------------------------------------
========================================

Un `timer` systemd a été mis au point pour réaliser ces actions :

- :ref:`systemd_timer_trc_ope`


Sécurisation des cycles de vie
------------------------------
===============================

Des `timers` systemd ont été mis au point pour réaliser ces actions :

Expand All @@ -31,9 +31,25 @@ Des `timers` systemd ont été mis au point pour réaliser ces actions :
.. TODO: faire mieux, là aussi
Sécurisation des offres de stockages
------------------------------------
=====================================

Des `timers` systemd ont été mis au point pour réaliser ces actions :

- :ref:`systemd_timer_storage_backup`
- :ref:`systemd_timer_storage_traceability`

Procédure de changement de fréquence de certains *timers* SystemD
=================================================================

Par défaut, la solution logicielle :term:`VITAM` déploie et active, selon l'usage (site primaire / site secondaire), des *timers* systemD.
Le *playbook* ansible d'installation de vitam ``ansible-vitam/vitam.yml``, permet d'uniquement modifier la fréquence des *timers* en rajoutant le tag ``update_timers_frequency``.

Pour cela, il faut éditer la section ``vitam_timers`` dans le fichier ``environments/group_vars/all/vitam_vars.yml``.

A l'issue, lancer le *playbook* avec la commande ::

ansible-playbook -i <inventaire> ansible-vitam/vitam.yml --tags update_timers_frequency --ask-vault-pass

ou bien, si vous utilisez le fichier ``vault_pass.txt`` ::

ansible-playbook -i <inventaire> ansible-vitam/vitam.yml --tags update_timers_frequency --vault-password-file vault_pass.txt

0 comments on commit 2df5fa0

Please sign in to comment.