From a7d52b4e8b659adf776381a131877c436b1c3e81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Fri, 15 May 2026 19:28:36 +0200
Subject: [PATCH] consul: add check for launchd job status
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Variables in defaults were copied from systemd timer role but their
usage was never implemented. Also renamed task file to match other roles.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 defaults/main.yml |  2 --
 files/check.sh    | 75 +++++++++++++++++++++++++++++++++++++++++++++++
 tasks/check.yml   | 11 -------
 tasks/consul.yml  | 25 ++++++++++++++++
 tasks/main.yml    |  2 +-
 5 files changed, 101 insertions(+), 14 deletions(-)
 create mode 100644 files/check.sh
 delete mode 100644 tasks/check.yml
 create mode 100644 tasks/consul.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index ee91697..d4e6e65 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -31,8 +31,6 @@ launchd_timer_consul_service_id: '{{ launchd_timer_consul_service_name }}'
 launchd_timer_consul_check_path: '/usr/local/bin/check-timer-status.sh'
 launchd_timer_consul_address: '{{ ansible_local.wireguard.vpn_ip }}'
 launchd_timer_consul_warning: false
-
-# Tags
 launchd_timer_consul_extra_tags: []
 launchd_timer_consul_default_tags: ['timer']
 launchd_timer_consul_tags: |
diff --git a/files/check.sh b/files/check.sh
new file mode 100644
index 0000000..c882dbe
--- /dev/null
+++ b/files/check.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# vim: ft=bash
+set -uo pipefail
+
+NAME=""
+DOMAIN="system"
+WARNING=0
+DISABLED=0
+
+# Parse CLI flags
+while (($#)); do
+  case "$1" in
+    --name=*)   NAME="${1#*=}" ;;
+    --user)     DOMAIN="user/$(id -u)" ;;
+    --disabled) DISABLED=1 ;;
+    --warning)  WARNING=1 ;;
+    -*|--*)     echo "ERROR unknown option: $1"; exit 1;;
+  esac
+  shift
+done
+
+[[ -z "${NAME}" ]] && { echo "No job name provided!"; exit 1; }
+
+if [[ -z "${DOMAIN}" ]]; then
+  if [[ "$(id -u)" -eq 0 ]]; then
+    DOMAIN="system"
+  else
+    DOMAIN="gui/$(id -u)"
+  fi
+fi
+
+TARGET="${DOMAIN}/${NAME}"
+
+JOB_STATUS="MISSING"
+JOB_SWITCH="UNKNOWN"
+JOB_HEALTH="UNKNOWN"
+LAST_EXIT_CODE="UNKNOWN"
+
+if JOB_OUT="$(launchctl print "${TARGET}" 2>/dev/null)"; then
+  JOB_STATUS="LOADED"
+
+  JOB_HEALTH=$(
+    awk -F'= ' '
+      /^[[:space:]]*state = / { print $2; found=1; exit }
+      END { if (!found) print "unknown" }
+    ' <<< "${JOB_OUT}"
+  )
+
+  LAST_EXIT_CODE=$(
+    awk -F'= ' '
+      /^[[:space:]]*last exit code = / { print $2; found=1; exit }
+      END { if (!found) print "0" }
+    ' <<< "${JOB_OUT}"
+  )
+fi
+
+DISABLED_OUT="$(launchctl print-disabled "${DOMAIN}" 2>/dev/null || true)"
+
+if grep -Eq "\"${NAME}\"[[:space:]]*=>[[:space:]]*disabled" <<< "${DISABLED_OUT}"; then
+  JOB_SWITCH="DISABLED"
+else
+  JOB_SWITCH="ENABLED"
+fi
+
+# Print current state.
+echo "${NAME}: ${JOB_STATUS}, ${JOB_SWITCH}, ${JOB_HEALTH}, last_exit_code=${LAST_EXIT_CODE}"
+
+function fail { [[ "${WARNING}" == 1 ]] && exit 1 || exit 2; }
+
+# Verify health.
+if [[ "${DISABLED}" -ne 1 ]]; then
+    [[ "${JOB_STATUS}" != "LOADED" ]]   && fail
+    [[ "${JOB_SWITCH}" == "DISABLED" ]] && fail
+    [[ "${LAST_EXIT_CODE}" != "0" ]]    && fail
+fi
diff --git a/tasks/check.yml b/tasks/check.yml
deleted file mode 100644
index 56648a8..0000000
--- a/tasks/check.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Create Consul service definition
-  include_role: name=infra-role-consul-service
-  vars:
-    consul_config_name: '{{ launchd_timer_consul_service_id }}'
-    consul_services:
-      - id:   '{{ launchd_timer_consul_service_id }}'
-        name: '{{ launchd_timer_consul_service_name }}'
-        tags: '{{ launchd_timer_consul_tags }}'
-        meta: '{{ launchd_timer_consul_meta }}'
-        address: '{{ launchd_timer_consul_address }}'
diff --git a/tasks/consul.yml b/tasks/consul.yml
new file mode 100644
index 0000000..824e813
--- /dev/null
+++ b/tasks/consul.yml
@@ -0,0 +1,25 @@
+---
+- name: '{{ launchd_timer_name }} Create check script'
+  copy:
+    src:  'check.sh'
+    dest: '{{ launchd_timer_consul_check_path }}'
+    mode: 0755
+
+- name: Create Consul service definition
+  include_role: name=infra-role-consul-service
+  vars:
+    consul_config_name: '{{ launchd_timer_consul_service_id }}'
+    consul_services:
+      - id:      '{{ launchd_timer_consul_service_id }}'
+        name:    '{{ launchd_timer_consul_service_name }}'
+        tags:    '{{ launchd_timer_consul_tags }}'
+        meta:    '{{ launchd_timer_consul_meta }}'
+        address: '{{ launchd_timer_consul_address }}'
+        checks:
+          - name: '{{ beacon_node_consul_service_name }}-rest-health'
+            type: 'script'
+            script: >-
+              {{ launchd_timer_consul_check_path }}
+              {%- if launchd_timer_consul_warning %} --warning{% endif %}
+              {%- if not launchd_timer_enabled %} --disabled{% endif %}
+              --name={{ launchd_timer_name }}
diff --git a/tasks/main.yml b/tasks/main.yml
index 7dbf5d7..66220b4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,4 +2,4 @@
 - include_tasks: script.yml
   when: launchd_timer_script_content is not none
 - include_tasks: timer.yml
-- include_tasks: check.yml
+- include_tasks: consul.yml