From befa371fdca313d6a7e88d35d0513a75f85ef077 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Wed, 24 Mar 2021 05:48:04 +0000
Subject: [PATCH] nfs-server: Allow role/home autocreation run more often

1. Implemented locking for scripts so only one instance is running
   simultaneously. This will also remove stale lock file if found.

2. Use LDAP contextCSN value to determine if we need to run script
   at all. Previous contextCSN is stored in state file which will
   be cleaned during reboots. If state file is not found direcotries
   are scanned in normal way.
---
 roles/nfs-server/files/mknfshomedir.sh | 39 ++++++++++++++++++++++++++
 roles/nfs-server/files/mknfsroledir.sh | 39 ++++++++++++++++++++++++++
 roles/nfs-server/tasks/main.yml        |  1 -
 3 files changed, 78 insertions(+), 1 deletion(-)

diff --git a/roles/nfs-server/files/mknfshomedir.sh b/roles/nfs-server/files/mknfshomedir.sh
index 4bf7ff3..b243028 100755
--- a/roles/nfs-server/files/mknfshomedir.sh
+++ b/roles/nfs-server/files/mknfshomedir.sh
@@ -2,6 +2,9 @@
 
 set -e
 
+LOCKFILE="/run/$(basename "$0").pid"
+STATEFILE="/run/$(basename "$0").state"
+
 _basedn="$(awk '{ if ($1 == "BASE") print $2 }' /etc/openldap/ldap.conf)"
 if [ -z "$_basedn" ]; then
     logger -i -t "$(basename "$0")" -p user.error -s \
@@ -18,6 +21,40 @@ else
     exit 1
 fi
 
+if [ -f "$LOCKFILE" ]; then
+    if kill -0 "$(cat "${LOCKFILE}")" ; then
+        _started=" ($(stat --format='%y' ${LOCKFILE}))"
+        logger -i -t "$(basename "$0")" -p user.notice -s \
+            "ERROR: Lockfile exists${_started}"
+        exit 1
+    else
+        logger -i -t "$(basename "$0")" -p user.notice -s \
+            "WARN: Removing stale lock file"
+    fi
+fi
+trap 'rm -f ${LOCKFILE}' INT TERM EXIT
+echo "$$" > "$LOCKFILE"
+
+_state="$(
+    ldapsearch -Q -LLL -s base contextCSN | awk '
+        BEGIN { csn=0 }
+        {
+            if ($1 == "contextCSN:") {
+                val=substr($2, 0, 21);
+                if (val > csn) {
+                    csn = val
+                }
+            }
+        }
+        END { print csn }
+    '
+)"
+if [ -f "$STATEFILE" ]; then
+    if [ "$_state" == "$(cat "$STATEFILE")" ]; then
+        exit 0
+    fi
+fi
+
 ldapsearch -Q -LLL -b "ou=People,${_basedn}" "$_filter" automountInformation | \
     awk -v_hostname="$(hostname -f)" '{
         if ($1 == "automountInformation:") {
@@ -54,3 +91,5 @@ ldapsearch -Q -LLL -b "ou=People,${_basedn}" "$_filter" automountInformation | \
         install -d -o "$_user" -g "$_user" -m 0700 "$_target"
         su "$_user" -s /bin/bash -c "umask 077 ; cp -r /etc/skel/. '${_target}'"
     done
+
+echo "$_state" > "$STATEFILE"
diff --git a/roles/nfs-server/files/mknfsroledir.sh b/roles/nfs-server/files/mknfsroledir.sh
index 9c7df21..fd9e93d 100755
--- a/roles/nfs-server/files/mknfsroledir.sh
+++ b/roles/nfs-server/files/mknfsroledir.sh
@@ -2,6 +2,9 @@
 
 set -e
 
+LOCKFILE="/run/$(basename "$0").pid"
+STATEFILE="/run/$(basename "$0").state"
+
 _basedn="$(awk '{ if ($1 == "BASE") print $2 }' /etc/openldap/ldap.conf)"
 if [ -z "$_basedn" ]; then
     logger -i -t "$(basename "$0")" -p user.error -s \
@@ -18,6 +21,40 @@ else
     exit 1
 fi
 
+if [ -f "$LOCKFILE" ]; then
+    if kill -0 "$(cat "${LOCKFILE}")" ; then
+        _started=" ($(stat --format='%y' ${LOCKFILE}))"
+        logger -i -t "$(basename "$0")" -p user.notice -s \
+            "ERROR: Lockfile exists${_started}"
+        exit 1
+    else
+        logger -i -t "$(basename "$0")" -p user.notice -s \
+            "WARN: Removing stale lock file"
+    fi
+fi
+trap 'rm -f ${LOCKFILE}' INT TERM EXIT
+echo "$$" > "$LOCKFILE"
+
+_state="$(
+    ldapsearch -Q -LLL -s base contextCSN | awk '
+        BEGIN { csn=0 }
+        {
+            if ($1 == "contextCSN:") {
+                val=substr($2, 0, 21);
+                if (val > csn) {
+                    csn = val
+                }
+            }
+        }
+        END { print csn }
+    '
+)"
+if [ -f "$STATEFILE" ]; then
+    if [ "$_state" == "$(cat "$STATEFILE")" ]; then
+        exit 0
+    fi
+fi
+
 ldapsearch -Q -LLL -b "ou=Groups,${_basedn}" "$_filter" automountInformation | \
     awk -v_hostname="$(hostname -f)" '{
         if ($1 == "automountInformation:") {
@@ -52,3 +89,5 @@ ldapsearch -Q -LLL -b "ou=Groups,${_basedn}" "$_filter" automountInformation | \
         install -d -o root -g "$_role" -m 2770 "${_target}/library"
         install -d -o root -g "$_role" -m 2775 "${_target}/public"
     done
+
+echo "$_state" > "$STATEFILE"
diff --git a/roles/nfs-server/tasks/main.yml b/roles/nfs-server/tasks/main.yml
index d2cf66d..473b01c 100644
--- a/roles/nfs-server/tasks/main.yml
+++ b/roles/nfs-server/tasks/main.yml
@@ -32,7 +32,6 @@
   cron:
     name: "{{ item }}"
     user: root
-    minute: "*/15"
     job: "/usr/local/sbin/{{ item }}"
   with_items:
     - mknfshomedir