Allow Disk1 NTFS posture transition
This commit is contained in:
@@ -74,7 +74,7 @@ Secret-Werte sind nicht enthalten. Es werden nur Secret-Namen, Env-Key-Namen und
|
|||||||
|
|
||||||
| Service | Zweck | Autoritativer Pfad | URL / Zugang | Abhaengigkeiten | Datenpfade | Backup / Restore | Traefik | Besonderheiten / TODOs |
|
| Service | Zweck | Autoritativer Pfad | URL / Zugang | Abhaengigkeiten | Datenpfade | Backup / Restore | Traefik | Besonderheiten / TODOs |
|
||||||
|---|---|---|---|---|---|---|---|---|
|
|---|---|---|---|---|---|---|---|---|
|
||||||
| `posture-check` | Host-Posture-Audit fuer Filesystem, Mover-Drift, NVMe-SMART und Fuellstand | `services/posture-check/posture-check.sh` | Unraid User-Script / Cron / Borg Pre-Hook | `findmnt`, `df`, `nvme`, optional `curl` fuer ntfy | `/mnt/user/services/posture-check/last.json` | Repo-Skript + letzter JSON-Status | nein | Muss auf dem Unraid-Host bei Boot, stuendlich und vor Borg laufen; Warning/Critical alarmieren via ntfy |
|
| `posture-check` | Host-Posture-Audit fuer Filesystem, Mover-Drift, NVMe-SMART und Fuellstand | `services/posture-check/posture-check.sh` | Unraid User-Script / Cron / Borg Pre-Hook | `findmnt`, `df`, `nvme`, optional `curl` fuer ntfy | `/mnt/user/services/posture-check/last.json` | Repo-Skript + letzter JSON-Status | nein | Muss auf dem Unraid-Host bei Boot, stuendlich und vor Borg laufen; `ALLOW_DISK1_NTFS=1` ist die dokumentierte Uebergangsausnahme bis Disk1-Migration Phase 2; Warning/Critical alarmieren via ntfy |
|
||||||
|
|
||||||
## Backup- und Restore-Hinweise
|
## Backup- und Restore-Hinweise
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ WARNING_TOPIC="${WARNING_TOPIC:-kallilab-warning}"
|
|||||||
CRITICAL_TOPIC="${CRITICAL_TOPIC:-kallilab-critical}"
|
CRITICAL_TOPIC="${CRITICAL_TOPIC:-kallilab-critical}"
|
||||||
SEND_NTFY="${SEND_NTFY:-1}"
|
SEND_NTFY="${SEND_NTFY:-1}"
|
||||||
TMP_DIR="${TMP_DIR:-/tmp/kallilab-posture-check}"
|
TMP_DIR="${TMP_DIR:-/tmp/kallilab-posture-check}"
|
||||||
|
ALLOW_DISK1_NTFS="${ALLOW_DISK1_NTFS:-1}"
|
||||||
|
|
||||||
mkdir -p "$TMP_DIR"
|
mkdir -p "$TMP_DIR"
|
||||||
RESULTS_FILE="$TMP_DIR/results.$$"
|
RESULTS_FILE="$TMP_DIR/results.$$"
|
||||||
@@ -64,15 +65,22 @@ check_fstype() {
|
|||||||
|
|
||||||
check_no_ntfs_on_core_mounts() {
|
check_no_ntfs_on_core_mounts() {
|
||||||
local hits
|
local hits
|
||||||
|
local pattern="^/mnt/(cache|disk1)(/|$)"
|
||||||
|
|
||||||
if ! command -v findmnt >/dev/null 2>&1; then
|
if ! command -v findmnt >/dev/null 2>&1; then
|
||||||
add_result "warning" "no_ntfs_core_mounts" "Cannot check NTFS mounts because findmnt is missing"
|
add_result "warning" "no_ntfs_core_mounts" "Cannot check NTFS mounts because findmnt is missing"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
hits="$(findmnt -rn -o TARGET,FSTYPE 2>/dev/null | awk '$1 ~ "^/mnt/(cache|disk1)(/|$)" && ($2 == "ntfs3" || $2 == "fuseblk") { print $1 ":" $2 }' | paste -sd ',' -)"
|
if [ "$ALLOW_DISK1_NTFS" = "1" ]; then
|
||||||
|
pattern="^/mnt/cache(/|$)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
hits="$(findmnt -rn -o TARGET,FSTYPE 2>/dev/null | awk -v pattern="$pattern" '$1 ~ pattern && ($2 == "ntfs3" || $2 == "fuseblk") { print $1 ":" $2 }' | paste -sd ',' -)"
|
||||||
if [ -n "$hits" ]; then
|
if [ -n "$hits" ]; then
|
||||||
add_result "critical" "no_ntfs_core_mounts" "NTFS-like filesystem on core mount: $hits"
|
add_result "critical" "no_ntfs_core_mounts" "NTFS-like filesystem on core mount: $hits"
|
||||||
|
elif [ "$ALLOW_DISK1_NTFS" = "1" ]; then
|
||||||
|
add_result "warning" "no_ntfs_core_mounts" "No NTFS on /mnt/cache; /mnt/disk1 NTFS is temporarily allowed until Disk1 phase 2 migration"
|
||||||
else
|
else
|
||||||
add_result "ok" "no_ntfs_core_mounts" "No ntfs3/fuseblk mounts below /mnt/cache or /mnt/disk1"
|
add_result "ok" "no_ntfs_core_mounts" "No ntfs3/fuseblk mounts below /mnt/cache or /mnt/disk1"
|
||||||
fi
|
fi
|
||||||
@@ -102,6 +110,10 @@ check_inode_usage() {
|
|||||||
add_result "warning" "$name" "Cannot read inode usage for $path"
|
add_result "warning" "$name" "Cannot read inode usage for $path"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if ! printf '%s' "$use_percent" | grep -Eq '^[0-9]+$'; then
|
||||||
|
add_result "warning" "$name" "$path inode usage unavailable (${use_percent:-unknown})"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$use_percent" -lt "$max_percent" ]; then
|
if [ "$use_percent" -lt "$max_percent" ]; then
|
||||||
add_result "ok" "$name" "$path inode usage ${use_percent}%"
|
add_result "ok" "$name" "$path inode usage ${use_percent}%"
|
||||||
@@ -246,7 +258,11 @@ main() {
|
|||||||
need_cmd awk || true
|
need_cmd awk || true
|
||||||
|
|
||||||
check_fstype "/mnt/cache" "xfs" "critical" "cache_fstype"
|
check_fstype "/mnt/cache" "xfs" "critical" "cache_fstype"
|
||||||
check_fstype "/mnt/disk1" "xfs" "critical" "disk1_fstype"
|
if [ "$ALLOW_DISK1_NTFS" = "1" ]; then
|
||||||
|
check_fstype "/mnt/disk1" "ntfs3" "warning" "disk1_fstype"
|
||||||
|
else
|
||||||
|
check_fstype "/mnt/disk1" "xfs" "critical" "disk1_fstype"
|
||||||
|
fi
|
||||||
check_no_ntfs_on_core_mounts
|
check_no_ntfs_on_core_mounts
|
||||||
check_mover_drift
|
check_mover_drift
|
||||||
check_inode_usage "/mnt/cache" 80 "cache_inode_usage"
|
check_inode_usage "/mnt/cache" 80 "cache_inode_usage"
|
||||||
|
|||||||
Reference in New Issue
Block a user