Page MenuHomePhabricator
Create Task
Maniphest T158649

firejail for mediawiki converter leaks to stderr: "Reading profile /etc/firejail/mediawiki-converters.profile"
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

The mediawiki-firejail-* scripts wrap various commands with firejail --profile=/etc/firejail/mediawiki-converters.profile. Firejails emits to STDERR a message stating it is loading the profile:

Reading profile /etc/firejail/mediawiki-converters.profile

Since MediaWiki does not shallow stderr (T157646), the message ends up to HHVM and thus to the hhvm log bucket in logstash causing unneeded spam.

Making firejail quiet would fix it.

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+5 -5mediawiki-firejail: explicitly signal end of options
mediawiki/corewmf/1.29.0-wmf.20+1 -1media: Capture stderr when running 'convert --version'
mediawiki/coremaster+1 -1media: Capture stderr when running 'convert --version'
operations/puppetproduction+4 -0mediawiki-firejail: quiet firejail
operations/puppetproduction+10 -5mediawiki-firejail: lint python scripts
Customize query in gerrit

Related Objects
Search...

Event Timeline

hashar created this task.Feb 21 2017, 2:52 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 21 2017, 2:52 PM
hashar added a parent task: T157646: wfShellExec errors end up in HHVM log.Feb 21 2017, 2:52 PM
hashar updated the task description. (Show Details)
hashar claimed this task.Feb 21 2017, 3:08 PM
hashar triaged this task as Low priority.
gerritbot added a subscriber: gerritbot.Feb 21 2017, 3:08 PM

Change 338978 had a related patch set uploaded (by Hashar):
mediawiki-firejail: lint python scripts

https://gerrit.wikimedia.org/r/338978

gerritbot added a project: Patch-For-Review.Feb 21 2017, 3:08 PM

Change 338979 had a related patch set uploaded (by Hashar):
mediawiki-firejail: explicitly signal end of options

https://gerrit.wikimedia.org/r/338979

gerritbot added a comment.Feb 21 2017, 3:08 PM

Change 338980 had a related patch set uploaded (by Hashar):
mediawiki-firejail: quiet firejail

https://gerrit.wikimedia.org/r/338980

demon moved this task from Untriaged to Dec2019/1.35.wmf.10+ on the Wikimedia-production-error board.Mar 1 2017, 11:52 PM
gerritbot added a comment.Apr 14 2017, 2:33 PM

Change 338978 abandoned by Hashar:
mediawiki-firejail: lint python scripts

https://gerrit.wikimedia.org/r/338978

gerritbot added a comment.Apr 14 2017, 2:33 PM

Change 338979 abandoned by Hashar:
mediawiki-firejail: explicitly signal end of options

https://gerrit.wikimedia.org/r/338979

gerritbot added a comment.Apr 14 2017, 2:33 PM

Change 338980 abandoned by Hashar:
mediawiki-firejail: quiet firejail

Reason:
Lets keep it verbose so. Maybe upstream will make the logging easier to tweak.

https://gerrit.wikimedia.org/r/338980

gerritbot added a comment.Apr 14 2017, 2:55 PM

Change 348228 had a related patch set uploaded (by Hashar):
[mediawiki/core@master] Shallow stderr when running convert --version

https://gerrit.wikimedia.org/r/348228

hashar added a comment.Apr 14 2017, 2:55 PM

I have found a straightforward case: MediaWiki invokes convert --version but lets stderr untouched. By capturing it I guess that will get rid of most of the "Reading profile /etc/firejail/mediawiki-converters.profile" log spam :}

gerritbot added a comment.Apr 15 2017, 3:56 AM

Change 348228 merged by Krinkle:
[mediawiki/core@master] media: Capture stderr when running 'convert --version'

https://gerrit.wikimedia.org/r/348228

ReleaseTaggerBot added projects: MW-1.29-release (WMF-deploy-2017-04-25_(1.29.0-wmf.21)), MW-1.29-release-notes.Apr 15 2017, 4:00 AM
hashar added a comment.Apr 16 2017, 7:51 PM

Apparently the log entry is gone from beta cluster which is encouraging.

hashar added a project: Beta-Cluster-reproducible.Apr 21 2017, 8:16 AM
hashar removed a project: Patch-For-Review.
gerritbot added a comment.Apr 25 2017, 1:31 PM

Change 350203 had a related patch set uploaded (by Hashar):
[mediawiki/core@wmf/1.29.0-wmf.20] media: Capture stderr when running 'convert --version'

https://gerrit.wikimedia.org/r/350203

gerritbot added a project: Patch-For-Review.Apr 25 2017, 1:31 PM

Change 350203 merged by Hashar:
[mediawiki/core@wmf/1.29.0-wmf.20] media: Capture stderr when running 'convert --version'

https://gerrit.wikimedia.org/r/350203

Stashbot added a subscriber: Stashbot.Apr 25 2017, 1:37 PM

Mentioned in SAL (#wikimedia-operations) [2017-04-25T13:37:11Z] <hashar@naos> Synchronized php-1.29.0-wmf.20/includes/media/TransformationalImageHandler.php: media: Capture stderr when running convert --version - T158649 (duration: 00m 47s)

hashar added a comment.Apr 25 2017, 1:37 PM

They should be gone from production cluster now.

ReleaseTaggerBot edited projects, added MW-1.29-release (WMF-deploy-2017-04-11_(1.29.0-wmf.20)); removed MW-1.29-release (WMF-deploy-2017-04-25_(1.29.0-wmf.21)).Apr 25 2017, 2:00 PM
hashar closed this task as Resolved.Apr 25 2017, 2:05 PM
gerritbot added a comment.May 2 2017, 7:46 AM

Change 338979 restored by Hashar:
mediawiki-firejail: explicitly signal end of options

https://gerrit.wikimedia.org/r/338979

gerritbot added a comment.Aug 30 2017, 8:27 PM

Change 338979 abandoned by Hashar:
mediawiki-firejail: explicitly signal end of options

https://gerrit.wikimedia.org/r/338979

Restricted Application added a project: Release-Engineering-Team (Kanban). · View Herald TranscriptAug 30 2017, 8:27 PM
Phabricator_maintenance edited projects, added RelEng-Archive-FY201718-Q1; removed Release-Engineering-Team (Kanban).Sep 26 2017, 11:46 PM
Reedy removed a project: Patch-For-Review.May 17 2019, 9:48 PM
mmodell changed the subtype of this task from "Task" to "Production Error".Aug 28 2019, 11:10 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL