Marostegui has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/328352 )
Change subject: Reporting tests with the private data script ...................................................................... Reporting tests with the private data script * For now just run the private data script and email me once something is found so it can be polished. * Scheduled to run once per week now: every Monday. Ideally it should be an icinga check eventually. Bug: T153680 Change-Id: I7796d6860f70c34b1758655f18a4ed8196724e97 --- A modules/role/files/mariadb/check_private_data_report M modules/role/manifests/labs/db/check_private_data.pp 2 files changed, 48 insertions(+), 0 deletions(-) Approvals: Marostegui: Looks good to me, approved jenkins-bot: Verified Volans: Looks good to me, but someone else must approve diff --git a/modules/role/files/mariadb/check_private_data_report b/modules/role/files/mariadb/check_private_data_report new file mode 100755 index 0000000..fa232f6 --- /dev/null +++ b/modules/role/files/mariadb/check_private_data_report @@ -0,0 +1,28 @@ +#!/bin/bash +set -e + +PRIVATE_DATA="/usr/local/sbin/check_private_data.py" +REPORT_PATH="/var/log/private_data_report_${HOSTNAME}.log" + +if [ ! -f "$PRIVATE_DATA" ] +then + echo "$PRIVATE_DATA is not present" + exit 1 +fi + +# run the script + +if [ "$HOSTNAME" == "db1069" ] +then + echo "This script will not work on db1069 as it has multiple instances" + exit 1 +fi +echo "Start time: $(date)" > "$REPORT_PATH" +$PRIVATE_DATA >> "$REPORT_PATH" 2>&1 + +DATA=$(/bin/egrep -v "^--|^Start time" -c "$REPORT_PATH") + +if [ "$DATA" -gt "0" ] +then + echo "Private data detected at $HOSTNAME check: $REPORT_PATH" | /usr/bin/mail -s "Private data found at $HOSTNAME" maroste...@wikimedia.org +fi diff --git a/modules/role/manifests/labs/db/check_private_data.pp b/modules/role/manifests/labs/db/check_private_data.pp index 0859bbc..fb5fe03 100644 --- a/modules/role/manifests/labs/db/check_private_data.pp +++ b/modules/role/manifests/labs/db/check_private_data.pp @@ -30,4 +30,24 @@ File['/etc/mysql/private_tables.txt'], ], } + + file { '/usr/local/sbin/check_private_data_report': + ensure => file, + source => 'puppet:///modules/role/mariadb/check_private_data_report', + owner => 'root', + group => 'root', + mode => '0744', + } + + cron { 'check-private-data': + minute => 0, + hour => 5, + weekday => 1, + user => 'root', + command => '/usr/local/sbin/check_private_data_report > /dev/null 2>&1', + require => [File['/usr/local/sbin/check_private_data_report'], + File['/usr/local/sbin/check_private_data.py'], + ], + } + } -- To view, visit https://gerrit.wikimedia.org/r/328352 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I7796d6860f70c34b1758655f18a4ed8196724e97 Gerrit-PatchSet: 15 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Marostegui <maroste...@wikimedia.org> Gerrit-Reviewer: Jcrespo <jcre...@wikimedia.org> Gerrit-Reviewer: Marostegui <maroste...@wikimedia.org> Gerrit-Reviewer: Volans <rcocci...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits