Page MenuHomePhabricator
Create Task
Maniphest T208855

tools: Hosts with local non-admin crontabs
Closed, ResolvedPublic
Actions

Description

All hosts have at least 1 crontab being identified as non-admin.

https://grafana-labs.wikimedia.org/dashboard/db/tools-basic-alerts?refresh=5m&panelId=12&fullscreen&orgId=1

[WMCS Clinic Duty]

Details

SubjectRepoBranchLines +/-
localcrontab: Add prometheus as administrative crontaboperations/puppetproduction+1 -1
Customize query in gerrit

Event Timeline

GTirloni created this task.Nov 6 2018, 3:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 6 2018, 3:00 PM
GTirloni moved this task from Inbox to Clinic Duty on the cloud-services-team (Kanban) board.Nov 6 2018, 3:00 PM
zhuyifei1999 subscribed.EditedNov 6 2018, 3:36 PM

It's prometheus (a system user):

root@tools-webgrid-lighttpd-1428:~# ls /var/spool/cron/crontabs/
prometheus  root
root@tools-webgrid-lighttpd-1428:~# cat /var/spool/cron/crontabs/prometheus 
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (- installed on Wed Jul  5 11:40:49 2017)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# HEADER: This file was autogenerated at 2017-07-05 11:40:49 +0000 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: prometheus_puppet_agent_stats
* * * * * /usr/local/bin/prometheus-puppet-agent-stats --outfile /var/lib/prometheus/node.d/puppet_agent.prom

We could perhaps whitelist it.

GTirloni added a project: Toolforge.Nov 6 2018, 4:10 PM
gerritbot subscribed.Nov 6 2018, 6:55 PM

Change 472028 had a related patch set uploaded (by GTirloni; owner: GTirloni):
[operations/puppet@production] localcrontab: Add prometheus as administrative crontab

https://gerrit.wikimedia.org/r/472028

gerritbot added a project: Patch-For-Review.Nov 6 2018, 6:55 PM
gerritbot added a comment.Nov 7 2018, 12:00 PM

Change 472028 merged by GTirloni:
[operations/puppet@production] localcrontab: Add prometheus as administrative crontab

https://gerrit.wikimedia.org/r/472028

GTirloni added a comment.Nov 7 2018, 12:31 PM

Only tools-cron-01 is showing with non-admin crontabs now, as expected.

GTirloni closed this task as Resolved.Nov 7 2018, 12:31 PM
GTirloni triaged this task as Medium priority.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL