[MediaWiki-commits] [Gerrit] operations/puppet[production]: Reporting tests with the private data script

[Marostegui (Code Review)]

Marostegui has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/328352 )

Change subject: Reporting tests with the private data script
......................................................................


Reporting tests with the private data script

* For now just run the private data script and  email me
once something is found so it can be polished.
* Scheduled to run once per week now: every Monday.

Ideally it should be an icinga check eventually.

Bug: T153680
Change-Id: I7796d6860f70c34b1758655f18a4ed8196724e97
---
A modules/role/files/mariadb/check_private_data_report
M modules/role/manifests/labs/db/check_private_data.pp
2 files changed, 48 insertions(+), 0 deletions(-)

Approvals:
  Marostegui: Looks good to me, approved
  jenkins-bot: Verified
  Volans: Looks good to me, but someone else must approve



diff --git a/modules/role/files/mariadb/check_private_data_report 
b/modules/role/files/mariadb/check_private_data_report
new file mode 100755
index 0000000..fa232f6
--- /dev/null
+++ b/modules/role/files/mariadb/check_private_data_report
@@ -0,0 +1,28 @@
+#!/bin/bash
+set -e
+
+PRIVATE_DATA="/usr/local/sbin/check_private_data.py"
+REPORT_PATH="/var/log/private_data_report_${HOSTNAME}.log"
+
+if [ ! -f "$PRIVATE_DATA" ]
+then
+    echo "$PRIVATE_DATA is not present"
+    exit 1
+fi
+
+# run the script
+
+if [ "$HOSTNAME" == "db1069" ]
+then
+    echo "This script will not work on db1069 as it has multiple instances"
+    exit 1
+fi
+echo "Start time: $(date)" > "$REPORT_PATH"
+$PRIVATE_DATA >> "$REPORT_PATH" 2>&1
+
+DATA=$(/bin/egrep -v "^--|^Start time" -c "$REPORT_PATH")
+
+if [ "$DATA" -gt "0" ]
+then
+    echo "Private data detected at $HOSTNAME check: $REPORT_PATH" | 
/usr/bin/mail -s "Private data found at $HOSTNAME" maroste...@wikimedia.org
+fi
diff --git a/modules/role/manifests/labs/db/check_private_data.pp 
b/modules/role/manifests/labs/db/check_private_data.pp
index 0859bbc..fb5fe03 100644
--- a/modules/role/manifests/labs/db/check_private_data.pp
+++ b/modules/role/manifests/labs/db/check_private_data.pp
@@ -30,4 +30,24 @@
                     File['/etc/mysql/private_tables.txt'],
         ],
     }
+
+    file { '/usr/local/sbin/check_private_data_report':
+        ensure => file,
+        source => 'puppet:///modules/role/mariadb/check_private_data_report',
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0744',
+    }
+
+    cron { 'check-private-data':
+        minute  => 0,
+        hour    => 5,
+        weekday => 1,
+        user    => 'root',
+        command => '/usr/local/sbin/check_private_data_report > /dev/null 
2>&1',
+        require => [File['/usr/local/sbin/check_private_data_report'],
+                    File['/usr/local/sbin/check_private_data.py'],
+        ],
+    }
+
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/328352
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7796d6860f70c34b1758655f18a4ed8196724e97
Gerrit-PatchSet: 15
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Marostegui <maroste...@wikimedia.org>
Gerrit-Reviewer: Jcrespo <jcre...@wikimedia.org>
Gerrit-Reviewer: Marostegui <maroste...@wikimedia.org>
Gerrit-Reviewer: Volans <rcocci...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits