Page MenuHomePhabricator
Create Task
Maniphest T284090

Disable peek for the Security Team
Closed, ResolvedPublic
Actions

Description

The Security-Team would like to disable (though not entirely decommission, if possible) the peek system that Chase had built to aid in project management across disparate systems. It's a basic python app that lives on peek2001.codfw.wmnet. The simplest way to deal with this, for now, is to probably disable the automation within its cron.pp. I'm not entirely sure though - should we just blank/delete the puppet file or set the minute, hour, monthday/weekday values to whatever would disable those runs? Or would SRE strongly advise disabling more functionality or the entire server?

Review by: 2021-09-20

Details

Due Date
Sep 19 2021, 10:00 PM
SubjectRepoBranchLines +/-
peek: drop cron classoperations/puppetproduction+5 -23
Disable peek cronsoperations/puppetproduction+2 -0
Customize query in gerrit

Related Objects

Event Timeline

sbassett created this task.Jun 1 2021, 4:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 1 2021, 4:31 PM
sbassett added a project: Peek.Jun 1 2021, 4:32 PM
sbassett triaged this task as Medium priority.Jun 1 2021, 4:44 PM
sbassett moved this task from Incoming to In Progress on the Security-Team board.
MoritzMuehlenhoff subscribed.Jun 1 2021, 4:45 PM

It depends the plans for peek I'd say. https://gerrit.wikimedia.org/r/697628 should be enough to silence the crons. We can keep the rest of the Puppet code in the tree if the plan is to continue to use it later on. Same for the VM. If you rather plan to replace Peek with something else, then it probably makes more sense to just remove the VM and start from scratch later on with the latest Debian revision whenever that happens.

sbassett mentioned this in T273401: peek does a deprecated API call.Jun 1 2021, 4:45 PM
sbassett changed the task status from Open to Stalled.Jun 1 2021, 4:58 PM
sbassett claimed this task.

@MoritzMuehlenhoff - ok, sounds good. +1 to the patch above, not sure about that Tox CI error though, seems unrelated to the patch. Would you or another SRE be able to puppet deploy that for us? Regarding a larger decommission of the VM - I'd like to self-assign this task and stall it on a date next quarter. If the Security-Team either decides to decommission the VM by then or hasn't made a decisions by then, we can go ahead and decommission it. Does that sound reasonable?

sbassett lowered the priority of this task from Medium to Low.Jun 1 2021, 4:59 PM
sbassett added a project: user-sbassett.
sbassett updated the task description. (Show Details)
MoritzMuehlenhoff added a comment.Jun 1 2021, 5:03 PM
In T284090#7126792, @sbassett wrote:

@MoritzMuehlenhoff - ok, sounds good. +1 to the patch above, not sure about that Tox CI error though, seems unrelated to the patch. Would you or another SRE be able to puppet deploy that for us?

Sure thing, I'll deploy this tomorrow.

Regarding a larger decommission of the VM - I'd like to self-assign this task and stall it on a date next quarter. If the Security-Team either decides to decommission the VM by then or hasn't made a decisions by then, we can go ahead and decommission it. Does that sound reasonable?

Sounds good!

RhinosF1 subscribed.Jun 1 2021, 5:09 PM
gerritbot added a comment.Jun 1 2021, 5:34 PM

Change 697628 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Disable peek crons

https://gerrit.wikimedia.org/r/697628

gerritbot added a project: Patch-For-Review.Jun 1 2021, 5:34 PM
gerritbot added a comment.Jun 1 2021, 5:41 PM

Change 697628 merged by Muehlenhoff:

[operations/puppet@production] Disable peek crons

https://gerrit.wikimedia.org/r/697628

MoritzMuehlenhoff added a comment.Jun 1 2021, 5:46 PM
In T284090#7126752, @MoritzMuehlenhoff wrote:

It depends the plans for peek I'd say. https://gerrit.wikimedia.org/r/697628 should be enough to silence the crons.

These are removed now.

sbassett added a comment.Jun 1 2021, 6:01 PM

Thanks, @MoritzMuehlenhoff.

Maintenance_bot removed a project: Patch-For-Review.Jun 1 2021, 6:10 PM
Aklapper set Due Date to Sep 19 2021, 10:00 PM.Jul 11 2021, 6:32 PM
sbassett closed this task as Resolved.Aug 4 2021, 7:09 PM
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett moved this task from Backlog to Done on the user-sbassett board.
sbassett mentioned this in T288290: Decommission peek2001 VM.Aug 5 2021, 8:34 PM
gerritbot added a comment.Oct 15 2021, 8:44 PM

Change 730867 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] peek: replace crons with timers

https://gerrit.wikimedia.org/r/730867

gerritbot added a project: Patch-For-Review.Oct 15 2021, 8:44 PM
gerritbot added a comment.Oct 15 2021, 9:32 PM

Change 730867 merged by Dzahn:

[operations/puppet@production] peek: drop cron class

https://gerrit.wikimedia.org/r/730867

Maintenance_bot removed a project: Patch-For-Review.Oct 15 2021, 10:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL