Page MenuHomePhabricator
Create Task
Maniphest T254127

peek is incorrectly configured to run every minute every 1st of the month, creating large amounts of cronspam
Closed, ResolvedPublic
Actions

Details

SubjectRepoBranchLines +/-
peek: Reenable cron with correct paramsoperations/puppetproduction+12 -8
peek: Disable cron executionoperations/puppetproduction+2 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

jcrespo created this task.Jun 1 2020, 6:31 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 1 2020, 6:31 AM
gerritbot added a comment.Jun 1 2020, 6:31 AM

Change 601170 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] peek: Disable cron execution

https://gerrit.wikimedia.org/r/601170

gerritbot added a project: Patch-For-Review.Jun 1 2020, 6:31 AM
jcrespo added a parent task: T132324: Tracking and Reducing cron-spam to root@ .Jun 1 2020, 6:33 AM
gerritbot added a comment.Jun 1 2020, 6:44 AM

Change 601170 merged by Jcrespo:
[operations/puppet@production] peek: Disable cron execution

https://gerrit.wikimedia.org/r/601170

DannyS712 removed a project: Patch-For-Review.Jun 1 2020, 6:44 AM
gerritbot added a comment.Jun 1 2020, 6:53 AM

Change 601173 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] peek: Reenable cron with the correct configuration

https://gerrit.wikimedia.org/r/601173

gerritbot added a project: Patch-For-Review.Jun 1 2020, 6:53 AM
jcrespo triaged this task as High priority.EditedJun 1 2020, 6:55 AM

812 reports were sent today 1st June.

The scheduling seems an unintended mixup with cron parameters (* * instead of, e.g. 0 1). It is unclear to me, however, the intention of reporting output, is an email sent by the script and the stdout to root on purpose? Shouldn't the cron be better configured with a systemd timer T210818 and monitor systemd status?

I chose to disable it given it is a report and it could affect Phabricator performance, reenabling can be done at: https://gerrit.wikimedia.org/r/c/operations/puppet/+/601173 but needs Security-Team input (@chasemp).

jcrespo moved this task from Backlog to Radar on the SRE board.Jun 1 2020, 6:56 AM
chasemp claimed this task.Jun 1 2020, 11:22 AM
chasemp added a project: Security-Team.

Thanks for disabling @jcrespo, sorry for the avalanche. Systemd timer seems like a sane idea.

chasemp moved this task from Incoming to In Progress on the Security-Team board.Jun 1 2020, 11:22 AM
chasemp lowered the priority of this task from High to Medium.Jun 1 2020, 3:06 PM
chasemp edited projects, added Peek; removed Security.Jun 1 2020, 3:09 PM
gerritbot added a comment.Jun 10 2020, 4:22 PM

Change 601173 merged by Rush:
[operations/puppet@production] peek: Reenable cron with correct params

https://gerrit.wikimedia.org/r/601173

chasemp moved this task from In Progress to Our Part Is Done on the Security-Team board.Jun 10 2020, 4:31 PM
sudo -u peek crontab -l
# HEADER: This file was autogenerated at 2020-06-10 16:26:11 +0000 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: peek_monthly
MAILTO=security-team@wikimedia.org
0 0 1 * * . $HOME/.profile; /var/lib/peek/git/peek.py -c /etc/peek/config/base.conf,/etc/peek/config/monthly.conf -s > /dev/null
# Puppet Name: peek_weekly
MAILTO=security-team@wikimedia.org
0 0 * * 1 . $HOME/.profile; /var/lib/peek/git/peek.py -c /etc/peek/config/base.conf,/etc/peek/config/weekly.conf -s > /dev/null
chasemp closed this task as Resolved.Jun 10 2020, 4:31 PM
jcrespo awarded a token.Jun 10 2020, 5:10 PM
Maintenance_bot removed a project: Patch-For-Review.Jun 10 2020, 5:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL