The mediawiki-firejail-* scripts wrap various commands with firejail --profile=/etc/firejail/mediawiki-converters.profile. Firejails emits to STDERR a message stating it is loading the profile:
Reading profile /etc/firejail/mediawiki-converters.profile
Since MediaWiki does not shallow stderr (T157646), the message ends up to HHVM and thus to the hhvm log bucket in logstash causing unneeded spam.
Making firejail quiet would fix it.
| operations/puppet : production | mediawiki-firejail: explicitly signal end of options |
| mediawiki/core : wmf/1.29.0-wmf.20 | media: Capture stderr when running 'convert --version' |
| mediawiki/core : master | media: Capture stderr when running 'convert --version' |
| operations/puppet : production | mediawiki-firejail: quiet firejail |
| operations/puppet : production | mediawiki-firejail: lint python scripts |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T157644 Shell error from "pdftotext" and "pdfinfo" commands (e.g. "Syntax Error: Invalid XRef entry") | |||
| Open | None | T157850 Interacting with Wikimedia logs should be a pleasant experience | |||
| Resolved | MaxSem | T157646 wfShellExec errors end up in HHVM log | |||
| Resolved | • hashar | T158649 firejail for mediawiki converter leaks to stderr: "Reading profile /etc/firejail/mediawiki-converters.profile" |
Change 338978 had a related patch set uploaded (by Hashar):
mediawiki-firejail: lint python scripts
Change 338979 had a related patch set uploaded (by Hashar):
mediawiki-firejail: explicitly signal end of options
Change 338980 had a related patch set uploaded (by Hashar):
mediawiki-firejail: quiet firejail
Change 338979 abandoned by Hashar:
mediawiki-firejail: explicitly signal end of options
Change 338980 abandoned by Hashar:
mediawiki-firejail: quiet firejail
Reason:
Lets keep it verbose so. Maybe upstream will make the logging easier to tweak.
Change 348228 had a related patch set uploaded (by Hashar):
[mediawiki/core@master] Shallow stderr when running convert --version
I have found a straightforward case: MediaWiki invokes convert --version but lets stderr untouched. By capturing it I guess that will get rid of most of the "Reading profile /etc/firejail/mediawiki-converters.profile" log spam :}
Change 348228 merged by Krinkle:
[mediawiki/core@master] media: Capture stderr when running 'convert --version'
Change 350203 had a related patch set uploaded (by Hashar):
[mediawiki/core@wmf/1.29.0-wmf.20] media: Capture stderr when running 'convert --version'
Change 350203 merged by Hashar:
[mediawiki/core@wmf/1.29.0-wmf.20] media: Capture stderr when running 'convert --version'
Mentioned in SAL (#wikimedia-operations) [2017-04-25T13:37:11Z] <hashar@naos> Synchronized php-1.29.0-wmf.20/includes/media/TransformationalImageHandler.php: media: Capture stderr when running convert --version - T158649 (duration: 00m 47s)
Change 338979 restored by Hashar:
mediawiki-firejail: explicitly signal end of options
Change 338979 abandoned by Hashar:
mediawiki-firejail: explicitly signal end of options