Page MenuHomePhabricator

Disable peek for the Security Team
Closed, ResolvedPublic

Description

The Security-Team would like to disable (though not entirely decommission, if possible) the peek system that Chase had built to aid in project management across disparate systems. It's a basic python app that lives on peek2001.codfw.wmnet. The simplest way to deal with this, for now, is to probably disable the automation within its cron.pp. I'm not entirely sure though - should we just blank/delete the puppet file or set the minute, hour, monthday/weekday values to whatever would disable those runs? Or would SRE strongly advise disabling more functionality or the entire server?

Review by: 2021-09-20

Details

Event Timeline

sbassett triaged this task as Medium priority.Jun 1 2021, 4:44 PM
sbassett moved this task from Incoming to In Progress on the Security-Team board.

It depends the plans for peek I'd say. https://gerrit.wikimedia.org/r/697628 should be enough to silence the crons. We can keep the rest of the Puppet code in the tree if the plan is to continue to use it later on. Same for the VM. If you rather plan to replace Peek with something else, then it probably makes more sense to just remove the VM and start from scratch later on with the latest Debian revision whenever that happens.

sbassett changed the task status from Open to Stalled.Jun 1 2021, 4:58 PM
sbassett claimed this task.

@MoritzMuehlenhoff - ok, sounds good. +1 to the patch above, not sure about that Tox CI error though, seems unrelated to the patch. Would you or another SRE be able to puppet deploy that for us? Regarding a larger decommission of the VM - I'd like to self-assign this task and stall it on a date next quarter. If the Security-Team either decides to decommission the VM by then or hasn't made a decisions by then, we can go ahead and decommission it. Does that sound reasonable?

sbassett lowered the priority of this task from Medium to Low.Jun 1 2021, 4:59 PM
sbassett added a project: user-sbassett.
sbassett updated the task description. (Show Details)

@MoritzMuehlenhoff - ok, sounds good. +1 to the patch above, not sure about that Tox CI error though, seems unrelated to the patch. Would you or another SRE be able to puppet deploy that for us?

Sure thing, I'll deploy this tomorrow.

Regarding a larger decommission of the VM - I'd like to self-assign this task and stall it on a date next quarter. If the Security-Team either decides to decommission the VM by then or hasn't made a decisions by then, we can go ahead and decommission it. Does that sound reasonable?

Sounds good!

Change 697628 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Disable peek crons

https://gerrit.wikimedia.org/r/697628

Change 697628 merged by Muehlenhoff:

[operations/puppet@production] Disable peek crons

https://gerrit.wikimedia.org/r/697628

It depends the plans for peek I'd say. https://gerrit.wikimedia.org/r/697628 should be enough to silence the crons.

These are removed now.

Aklapper set Due Date to Sep 19 2021, 10:00 PM.Jul 11 2021, 6:32 PM
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett moved this task from Backlog to Done on the user-sbassett board.

Change 730867 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] peek: replace crons with timers

https://gerrit.wikimedia.org/r/730867

Change 730867 merged by Dzahn:

[operations/puppet@production] peek: drop cron class

https://gerrit.wikimedia.org/r/730867