Fix clamonacc service timeout

JimMadge commented 3 months ago

:white_check_mark: Checklist

[ ] You have given your pull request a meaningful title (e.g. Enable foobar integration rather than 515 foobar).
[ ] You are targeting the appropriate branch. If you're not certain which one this is, it should be develop.
[ ] Your branch is up-to-date with the target branch (it probably was when you started, but it may have changed since then).

:vertical_traffic_light: Depends on

:arrow_heading_up: Summary

:closed_umbrella: Related issues

Closes #2099

:microscope: Tests

Needs testing in a fresh deployment (or at least with clamd.ctl deleted and the clamd service stopped)

github-actions[bot] commented 3 months ago

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
data_safe_haven/config
config_sections.py
Project Total

This report was generated by python-coverage-comment-action

JimMadge commented 3 months ago

Tested on a fresh deployment.

Aug 08 15:13:31 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Copy ClamAV daemon configuration] ****************************************
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 python3[39631]: ansible-ansible.legacy.stat Invoked with path=/etc/clamav/clamd.conf follow=False get_checksum=True checksum_algorithm=sha1 get_md5=False get_mime=True get_attributes=True
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 python3[39645]: ansible-ansible.legacy.copy Invoked with src=/root/.ansible/tmp/ansible-tmp-1723130011.8822916-39612-3430369636064/source dest=/etc/clamav/clamd.conf mode=0444 owner=clamav group=adm _original_basename=clamd.conf follow=False checksum=0e716e596ce314a753e135d48b06bc76bddd805d backup=False force=True unsafe_writes=False content=NOT_LOGGING_PARAMETER validate=None directory_mode=None remote_src=None local_follow=None seuser=None serole=None selevel=None setype=None attributes=None
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost]
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Enable and start ClamAV daemon] ******************************************
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 python3[39671]: ansible-ansible.builtin.systemd Invoked with name=clamav-daemon enabled=True state=started daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None user=None
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost]
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Restart ClamAV daemon] ***************************************************
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 python3[39700]: ansible-ansible.builtin.systemd Invoked with name=clamav-daemon state=restarted daemon_reload=False daemon_reexec=False scope=system no_block=False enabled=None force=None masked=None user=None
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost]
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Set freshclam private mirror] ********************************************
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 python3[39728]: ansible-ansible.builtin.lineinfile Invoked with path=/etc/clamav/freshclam.conf line=PrivateMirror clamav.hojo.daimyo.develop.turingsafehaven.ac.uk state=present backrefs=False create=False backup=False firstmatch=False unsafe_writes=False regexp=None insertafter=None insertbefore=None validate=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost]
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Initial freshclam run] ***************************************************
Aug 08 15:13:32 shm-daimyo-sre-hojo-vm-workspace-01 python3[39754]: ansible-ansible.legacy.command Invoked with creates=/var/lib/clamav/main.{c[vl]d,inc} _raw_params=systemctl stop clamav-freshclam && freshclam && systemctl start clamav-freshclam _uses_shell=True warn=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None removes=None stdin=None
Aug 08 15:13:58 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost]
Aug 08 15:13:58 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Install ClamAV services and timer] ***************************************
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 python3[39799]: ansible-ansible.legacy.stat Invoked with path=/etc/systemd/system/clamav-clamdscan.service follow=False get_checksum=True checksum_algorithm=sha1 get_md5=False get_mime=True get_attributes=True
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 python3[39811]: ansible-ansible.legacy.copy Invoked with src=/root/.ansible/tmp/ansible-tmp-1723130038.9435208-39780-247490219043515/source dest=/etc/systemd/system/ mode=0644 _original_basename=clamav-clamdscan.service follow=False checksum=d31ea2bb959da04bc6c1dc7b57122f03fb46ceba backup=False force=True unsafe_writes=False content=NOT_LOGGING_PARAMETER validate=None directory_mode=None remote_src=None local_follow=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost] => (item=/desired_state/files/etc/systemd/system/clamav-clamdscan.service)
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 python3[39836]: ansible-ansible.legacy.stat Invoked with path=/etc/systemd/system/clamav-clamdscan.timer follow=False get_checksum=True checksum_algorithm=sha1 get_md5=False get_mime=True get_attributes=True
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 python3[39848]: ansible-ansible.legacy.copy Invoked with src=/root/.ansible/tmp/ansible-tmp-1723130039.2041848-39780-261233360882204/source dest=/etc/systemd/system/ mode=0644 _original_basename=clamav-clamdscan.timer follow=False checksum=1021066ffc70135f7b4548a978285695d5e02984 backup=False force=True unsafe_writes=False content=NOT_LOGGING_PARAMETER validate=None directory_mode=None remote_src=None local_follow=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost] => (item=/desired_state/files/etc/systemd/system/clamav-clamdscan.timer)
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 python3[39872]: ansible-ansible.legacy.stat Invoked with path=/etc/systemd/system/clamav-clamonacc.service follow=False get_checksum=True checksum_algorithm=sha1 get_md5=False get_mime=True get_attributes=True
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 python3[39884]: ansible-ansible.legacy.copy Invoked with src=/root/.ansible/tmp/ansible-tmp-1723130039.4515016-39780-103785207880044/source dest=/etc/systemd/system/ mode=0644 _original_basename=clamav-clamonacc.service follow=False checksum=010d0571d5a0f0a7fb0b8350cd6b00628b27e92b backup=False force=True unsafe_writes=False content=NOT_LOGGING_PARAMETER validate=None directory_mode=None remote_src=None local_follow=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost] => (item=/desired_state/files/etc/systemd/system/clamav-clamonacc.service)
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Enable and start freshclam] **********************************************
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 python3[39909]: ansible-ansible.builtin.systemd Invoked with name=clamav-freshclam state=started enabled=True daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None user=None
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: ok: [localhost]
Aug 08 15:13:59 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Enable and start ClamAV on access scan] **********************************
Aug 08 15:14:00 shm-daimyo-sre-hojo-vm-workspace-01 python3[39937]: ansible-ansible.builtin.systemd Invoked with name=clamav-clamonacc enabled=True state=started daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None user=None
Aug 08 15:14:15 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost]
Aug 08 15:14:15 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: TASK [Enable and start ClamAV timer] *******************************************
Aug 08 15:14:15 shm-daimyo-sre-hojo-vm-workspace-01 python3[40028]: ansible-ansible.builtin.systemd Invoked with name=clamav-clamdscan.timer enabled=True state=started daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None user=None
Aug 08 15:14:15 shm-daimyo-sre-hojo-vm-workspace-01 desired_state.sh[5120]: changed: [localhost]

jemrobinson commented 3 months ago

This also merges #2087 - I guess that was accidental, but I think it's not a bad thing to do anyway. In future, we should make sure to start merges to this branch from this branch though.

alan-turing-institute / data-safe-haven