Add a protection into master crontab

Author: eldy

doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc

@@ -690,19 +690,19 @@ Create directories required to store data, backups and archives:
 
 * Create the directory */mnt/diskbackup/backup*:
 
-If an optional dedicated disk was created for the backup (different than disk for home):
+If you have not a dedicated disk for backup:
 
 [source, bash]
 ---------------
-mkdir /mnt/diskbackup/backup
+mkdir /mnt/diskhome/backup; chown admin /mnt/diskhome/backup;
+ln -fs /mnt/diskhome/backup /mnt/diskbackup
 ---------------
 
-If you have not a dedicated disk for backup:
+And if an optional dedicated disk was created for the backup (different than disk for home):
 
 [source, bash]
 ---------------
-mkdir /mnt/diskhome/backup; chown admin /mnt/diskhome/backup;
-ln -fs /mnt/diskhome/backup /mnt/diskbackup
+mkdir /mnt/diskbackup/backup
 ---------------
 
 * Create the other directories on the *Deployment* servers:
@@ -3676,15 +3676,15 @@ You must have inside the cron of user *admin* (You can view the cron with *cront
 ---------------
 # m h  dom mon dow   command
 # cron master admin
-*/10 * * * * /home/admin/wwwroot/dolibarr/scripts/cron/cron_run_jobs.php <securitykeydefinedinscheduledjobsetup> anonymousbatch >> /home/admin/wwwroot/dolibarr_documents/cron_run_jobs.php.log 2>&1
+*/10 * * * * [ "$(hostname -I | awk '{print $1}')" = "ip.of.master.server" ] && /home/admin/wwwroot/dolibarr/scripts/cron/cron_run_jobs.php <securitykeydefinedinscheduledjobsetup> anonymousbatch >> /home/admin/wwwroot/dolibarr_documents/cron_run_jobs.php.log 2>&1
 5 5 * * * /home/admin/wwwroot/dolibarr/htdocs/custom/sellyoursaas/scripts/batch_customers.php updatestatsonly >> /home/admin/logs/batch_customers-updatedatabase.log 2>&1
 7 7 * * * /home/admin/wwwroot/dolibarr/htdocs/custom/sellyoursaas/scripts/git_update_sources.sh /home/admin/wwwroot/dolibarr_documents/sellyoursaas/git >> /home/admin/logs/git_update_sources.log 2>&1
 # cron master and deployment admin
 #7 7 * * * /home/admin/wwwroot/dolibarr/htdocs/custom/sellyoursaas/scripts/git_update_sellyoursaas.sh /home/admin/wwwroot >> /home/admin/logs/git_update_sellyoursaas.log 2>&1
 5 0 * * * /home/admin/wwwroot/dolibarr/htdocs/custom/sellyoursaas/scripts/batch_customers.php backupdelete >> /home/admin/logs/batch_customers-backup.log 2>&1
 ---------------
 
-Note: *securitykeydefinedinscheduledjobsetup* is the value of the key to decide. And *anonymousbatch* is the user dedicated for batch processing. You will set them
+Note: *ip.of.master.server* is the IP of the server so if you clone the server on another instance with another IP, you are sure the batch won't be executed on the new server without a manual change here, *securitykeydefinedinscheduledjobsetup* is the value of the key to decide. And *anonymousbatch* is the user dedicated for batch processing. You will set them
 later on the Dolibarr master.
 
 
@@ -3714,6 +3714,19 @@ You must have inside the cron of user *admin* (You can view the cron with *cront
 ---------------
 
 
+==== On master and deployment server
+
+Add a protection to disable cron tasks if IP of server has changed so if you clone the server on another instance with another IP, you are sure the batch won't be executed on the new server without a manual change here.
+
+Create a link to the service file */etc/systemd/system/sellyoursaas-disable-cron-if-wrong-ip.service*:
+
+[source,bash]
+---------------
+cd /etc/systemd/system;
+ln -fs /home/admin/wwwroot/dolibarr/htdocs/custom/sellyoursaas/etc/systemd/system/sellyoursaas-disable-cron-if-wrong-ip.service
+---------------
+
+
 ==== Check that launching of cron is ok
 
 Take from */etc/crontab* the commands for testing daily, weekly and monthly crontab launches and test by launching manually. For example, with:
@@ -4792,13 +4805,43 @@ glance image-download --file image-myfile-server1.qcow2 aaab785d-8a34-40f5-bdcd-
    ou   openstack image save --file image-myfile-server1.qcow2 aaab785d-8a34-40f5-bdcd-0a3c3c350c5a
 ---------------
 
+To make image smaller
+
+[source,bash]
+---------------
+qemu-img info image-myfile-server1.qcow2
+
+modprobe nbd max_part=16
+qemu-nbd -c /dev/nbd0 image-myfile-server1.qcow2
+
+fdisk -l /dev/nbd0
+mkdir /mnt/myimg; 
+
+mount /dev/nbd0p1 /mnt/myimg
+rm -rf /mnt/myimg/tmp/*
+rm -f /mnt/myimg/var/log/*.gz /mnt/myimg/var/log/*.log /mnt/myimg/var/log/journal/*
+umount /mnt/myimg
+
+zerofree -v /dev/nbd0p1
+
+mount /dev/nbd0p1 /mnt/myimg
+ls /mnt/myimg
+umount /mnt/myimg
+
+qemu-nbd -d /dev/nbd0
+qemu-img convert -O qcow2 -c image-myfile-server1.qcow2 image-myfile-server1-compacted.qcow2
+qemu-img info image-myfile-server1.qcow2
+---------------
+
+
 To push an instance's image on a project:
 
 [source,bash]
 ---------------
 source openrctarget.sh
 export OS_REGION_NAME=SBG1
 glance image-create --name nom_image_snaphot_new_server --disk-format qcow2 --container-format bare --file mon_fichier_snap_serveur1.qcow2
+   ou    openstack image create --disk-format qcow2 --container-format bare --file votre_image_compacte.qcow2 --public "Nom de votre image"
 ---------------
 
 To build a volume image, you need to create it from the detached volume (can't use a snapshot)
@@ -4825,6 +4868,7 @@ To push an image on a project:
 
 
 - To restore
+
 openstack server create --flavor FLAVOR_ID --image BACKUP_IMAGE_ID --nic net-id=NETWORK_ID INSTANCE_NAME
 
 

etc/systemd/system/sellyoursaas-disable-cron-if-wrong-ip.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Disable cron if IP is not allowed
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/bash -c '
+IP=$(hostname -I | awk "{print \$1}");
+if [ "$IP" != "1.2.3.4" ]; then
+  systemctl stop cron;
+  echo "Cron stopped by service /etc/systemd/system/sellyoursaas-disable-cron-if-wrong-ip.service due to wrong IP: $IP" >> /var/log/cron_disabled.log;
+fi
+'
+
+[Install]
+WantedBy=multi-user.target