Marostegui has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/328352 )
Change subject: Reporting tests with the private data script
......................................................................
Reporting tests with the private data script
* For now just run the private data script and email me
once something is found so it can be polished.
* Scheduled to run once per week now: every Monday.
Ideally it should be an icinga check eventually.
Bug: T153680
Change-Id: I7796d6860f70c34b1758655f18a4ed8196724e97
---
A modules/role/files/mariadb/check_private_data_report
M modules/role/manifests/labs/db/check_private_data.pp
2 files changed, 48 insertions(+), 0 deletions(-)
Approvals:
Marostegui: Looks good to me, approved
jenkins-bot: Verified
Volans: Looks good to me, but someone else must approve
diff --git a/modules/role/files/mariadb/check_private_data_report
b/modules/role/files/mariadb/check_private_data_report
new file mode 100755
index 0000000..fa232f6
--- /dev/null
+++ b/modules/role/files/mariadb/check_private_data_report
@@ -0,0 +1,28 @@
+#!/bin/bash
+set -e
+
+PRIVATE_DATA="/usr/local/sbin/check_private_data.py"
+REPORT_PATH="/var/log/private_data_report_${HOSTNAME}.log"
+
+if [ ! -f "$PRIVATE_DATA" ]
+then
+ echo "$PRIVATE_DATA is not present"
+ exit 1
+fi
+
+# run the script
+
+if [ "$HOSTNAME" == "db1069" ]
+then
+ echo "This script will not work on db1069 as it has multiple instances"
+ exit 1
+fi
+echo "Start time: $(date)" > "$REPORT_PATH"
+$PRIVATE_DATA >> "$REPORT_PATH" 2>&1
+
+DATA=$(/bin/egrep -v "^--|^Start time" -c "$REPORT_PATH")
+
+if [ "$DATA" -gt "0" ]
+then
+ echo "Private data detected at $HOSTNAME check: $REPORT_PATH" |
/usr/bin/mail -s "Private data found at $HOSTNAME" maroste...@wikimedia.org
+fi
diff --git a/modules/role/manifests/labs/db/check_private_data.pp
b/modules/role/manifests/labs/db/check_private_data.pp
index 0859bbc..fb5fe03 100644
--- a/modules/role/manifests/labs/db/check_private_data.pp
+++ b/modules/role/manifests/labs/db/check_private_data.pp
@@ -30,4 +30,24 @@
File['/etc/mysql/private_tables.txt'],
],
}
+
+ file { '/usr/local/sbin/check_private_data_report':
+ ensure => file,
+ source => 'puppet:///modules/role/mariadb/check_private_data_report',
+ owner => 'root',
+ group => 'root',
+ mode => '0744',
+ }
+
+ cron { 'check-private-data':
+ minute => 0,
+ hour => 5,
+ weekday => 1,
+ user => 'root',
+ command => '/usr/local/sbin/check_private_data_report > /dev/null
2>&1',
+ require => [File['/usr/local/sbin/check_private_data_report'],
+ File['/usr/local/sbin/check_private_data.py'],
+ ],
+ }
+
}
--
To view, visit https://gerrit.wikimedia.org/r/328352
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I7796d6860f70c34b1758655f18a4ed8196724e97
Gerrit-PatchSet: 15
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Marostegui <maroste...@wikimedia.org>
Gerrit-Reviewer: Jcrespo <jcre...@wikimedia.org>
Gerrit-Reviewer: Marostegui <maroste...@wikimedia.org>
Gerrit-Reviewer: Volans <rcocci...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
