Page MenuHomePhabricator
Create Task
Maniphest T252171

Automate the detection of netcat listen port in transfer.py
Closed, ResolvedPublic
Actions

Description

The transfer.py file which is used for database backup and recovery needs a port to be passed for netcat to listen. Finding a free port by the user may not be convenient. Automating this would ease the use.

Details

SubjectRepoBranchLines +/-
transfer.py: Add the ability to auto-detect free port for netcat to listenoperations/software/wmfmariadbpymaster+113 -3
Add comments to Firewall, MariaDB and transfer modulesoperations/software/wmfmariadbpymaster+58 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Privacybatm created this task.May 7 2020, 9:17 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 7 2020, 9:17 PM
Marostegui moved this task from Triage to Pending comment on the DBA board.May 8 2020, 5:20 AM
jcrespo triaged this task as Medium priority.May 8 2020, 5:53 AM
jcrespo added a comment.May 8 2020, 6:11 AM

Remember to send a patch, even if not finished, sooner than later- it is easier to talk about patches than empty code :-D.

Privacybatm updated the task description. (Show Details)May 8 2020, 2:45 PM
gerritbot added a comment.May 11 2020, 12:34 PM

Change 595516 had a related patch set uploaded (by Privacybatm; owner: Privacybatm):
[operations/software/wmfmariadbpy@master] transfer.py: Add the ability to auto-detect free port for netcat to listen

https://gerrit.wikimedia.org/r/595516

gerritbot added a project: Patch-For-Review.May 11 2020, 12:34 PM
jcrespo added a comment.May 14 2020, 4:12 PM

Regarding the ss issue: I was able to reproduce this:

# lsmod | wc -l
90
# netstat -tlpn > /dev/null
# lsmod | wc -l
90
# ss -tlpn > /dev/null
# lsmod | wc -l
92

So unless netstat is not available, I think I would stick to it or things will get more complicated, security-wise (remember what we talked about always trying to minimize side effects).

If we want more flexibility, we can make this a method of Firewall.py so we know were we can alter it later (external commands in a separate class).

Privacybatm added a comment.May 14 2020, 8:07 PM

Oh okay, Thank you for the update!

gerritbot added a comment.May 18 2020, 8:28 PM

Change 597158 had a related patch set uploaded (by Privacybatm; owner: Privacybatm):
[operations/software/wmfmariadbpy@master] Add comments to Firewall, MariaDB and transfer modules

https://gerrit.wikimedia.org/r/597158

gerritbot added a comment.May 20 2020, 3:39 PM

Change 597158 merged by Jcrespo:
[operations/software/wmfmariadbpy@master] Add comments to Firewall, MariaDB and transfer modules

https://gerrit.wikimedia.org/r/597158

gerritbot added a comment.May 20 2020, 3:52 PM

Change 595516 merged by Jcrespo:
[operations/software/wmfmariadbpy@master] transfer.py: Add the ability to auto-detect free port for netcat to listen

https://gerrit.wikimedia.org/r/595516

jcrespo added a comment.May 20 2020, 4:03 PM

Aside from solving the issues I mention on the patch, the other thing we should not forget to update is the documentation. This is what it says now:

--port PORT           Port used for netcat listening on the source. By default, 4444, but it must be changed if more 
                      than 1 transfer to the same host happen at the same time, or the second copy will fail top open
                      the socket again. This port has its firewall disabled during transfer automatically with an extra
                      iptables rule.

This is not true anymore, default right now is 4400 and it is smarter, but we can wait until we have a final implementation for the documentation as the last step.

jcrespo added a subtask: T252950: kill_job function in remote execution module of transfer framework does not close the ports instantly.May 20 2020, 4:06 PM

^updating the hierarchy to reflect that we need to solve T252950 before closing this :-D. In other words, T252171 depends on T252950.

jcrespo mentioned this in T253219: Add more information to --help option of transfer.py.May 20 2020, 4:10 PM
Maintenance_bot removed a project: Patch-For-Review.May 20 2020, 4:10 PM
jcrespo moved this task from Pending comment to GSOC2020 on the DBA board.May 25 2020, 1:48 PM
jcrespo closed this task as Resolved.Jun 4 2020, 9:11 AM
jcrespo closed subtask T252950: kill_job function in remote execution module of transfer framework does not close the ports instantly as Resolved.

This is now resolved, default port it now 4400, but will open a higher port if the port is in use.

--port still works, but it will fail if the port is not available.

In the future we may be able to configure the range to check.

Good work.

Privacybatm mentioned this in rOSWB19a914fb8e25: Add comments to Firewall, MariaDB and transfer modules.Sep 1 2020, 8:36 AM
Privacybatm mentioned this in rOSWB3f9329ad9942: transfer.py: Add the ability to auto-detect free port for netcat to listen.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits