Page MenuHomePhabricator
Create Task
Maniphest T266300

Establish a systemd timer to remove long-running processes on the bastion in a random and somewhat friendly way
Closed, ResolvedPublic
Actions

Description

To have a task to link against, I started making a script to do weighted attacks against processes that are operating outside of recommended uses for the bastions. So far, it gathers the older processes that are running (configurable how old we need), uses the age as a weight and then selects a number of them at random to kill. This was an effort to allow things to sometimes finish if it is just a long-running action that is reasonable but to make it not-so-good. That way people are more likely to use the job grid or k8s while we can improve services overall on the bastions for legitimate uses.

This may also allow relieving some of the trouble caused by using such tight limits on highly shared servers (T218338)

Details

SubjectRepoBranchLines +/-
wmcs_wheel_of_misfortune: avoid race condition with proc infooperations/puppetproduction+4 -1
wmcs_wheel_of_misfortune: add mysql to exempt shellsoperations/puppetproduction+1 -0
wmcs_wheel_of_misfortune: dont fail for empty listsoperations/puppetproduction+4 -0
toolforge bastion: improve the killer a bitoperations/puppetproduction+13 -14
toolforge bastion: safelist shells and related procs for the killeroperations/puppetproduction+22 -0
toolforge bastion: reduce number of wheel-of-misfortune runsoperations/puppetproduction+1 -1
toolforge bastion: tweak email wording for process killeroperations/puppetproduction+8 -3
toolsforge bastion: fix an error in the killer scriptoperations/puppetproduction+3 -3
toolforge bastion: fix the wmcs_wheel_of_misfortune script for py3.5operations/puppetproduction+48 -13
toolforge: script to make long-running processes on bastions less goodoperations/puppetproduction+325 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Bstorm triaged this task as Low priority.Oct 22 2020, 11:58 PM
Bstorm created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 22 2020, 11:58 PM
gerritbot added a comment.Oct 22 2020, 11:58 PM

Change 635888 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge: script to make long-running processes on bastions less good

https://gerrit.wikimedia.org/r/635888

gerritbot added a project: Patch-For-Review.Oct 22 2020, 11:58 PM
RhinosF1 subscribed.Oct 26 2020, 7:32 PM
gerritbot added a comment.Oct 29 2020, 3:16 PM

Change 635888 merged by Bstorm:
[operations/puppet@production] toolforge: script to make long-running processes on bastions less good

https://gerrit.wikimedia.org/r/635888

Maintenance_bot removed a project: Patch-For-Review.Oct 29 2020, 4:10 PM
gerritbot added a comment.Oct 29 2020, 4:49 PM

Change 637535 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge bastion: fix the wmcs_wheel_of_misfortune script for py3.5

https://gerrit.wikimedia.org/r/637535

gerritbot added a project: Patch-For-Review.Oct 29 2020, 4:49 PM
gerritbot added a comment.Oct 29 2020, 5:39 PM

Change 637535 merged by Bstorm:
[operations/puppet@production] toolforge bastion: fix the wmcs_wheel_of_misfortune script for py3.5

https://gerrit.wikimedia.org/r/637535

Maintenance_bot removed a project: Patch-For-Review.Oct 29 2020, 6:10 PM
gerritbot added a comment.Nov 4 2020, 6:04 PM

Change 639224 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolsforge bastion: fix an error in the killer script

https://gerrit.wikimedia.org/r/639224

gerritbot added a project: Patch-For-Review.Nov 4 2020, 6:04 PM
gerritbot added a comment.Nov 4 2020, 6:11 PM

Change 639224 merged by Bstorm:
[operations/puppet@production] toolsforge bastion: fix an error in the killer script

https://gerrit.wikimedia.org/r/639224

Maintenance_bot removed a project: Patch-For-Review.Nov 4 2020, 6:11 PM
Bstorm added a comment.Nov 4 2020, 6:24 PM

I've been running a screen session on the main bastion, so I'm hoping to see my process get killed.

Bstorm added a subscriber: Multichill.Nov 5 2020, 7:48 PM

Feedback from @Multichill: screen is a part of his workflow and would like to be able to keep a screen session open without it getting squashed by this service. I think that might be a good point.

Screen and tmux themselves aren't the problem. It's whatever might be running for days inside a screen session, if something is.

Bstorm added a comment.Nov 5 2020, 7:49 PM

Of course a quirk there is shells.

gerritbot added a comment.Nov 5 2020, 8:09 PM

Change 639617 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge bastion: safelist shells and related procs for the killer

https://gerrit.wikimedia.org/r/639617

gerritbot added a project: Patch-For-Review.Nov 5 2020, 8:09 PM
gerritbot added a comment.Nov 5 2020, 8:19 PM

Change 639620 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[operations/puppet@production] toolforge bastion: tweak email wording for process killer

https://gerrit.wikimedia.org/r/639620

Bstorm updated the task description. (Show Details)Nov 6 2020, 12:02 AM
gerritbot added a comment.Nov 6 2020, 12:08 AM

Change 639641 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge bastion: reduce number of wheel-of-misfortune runs

https://gerrit.wikimedia.org/r/639641

gerritbot added a comment.Nov 6 2020, 12:21 AM

Change 639620 merged by Bstorm:
[operations/puppet@production] toolforge bastion: tweak email wording for process killer

https://gerrit.wikimedia.org/r/639620

gerritbot added a comment.Nov 6 2020, 3:05 PM

Change 639641 merged by Bstorm:
[operations/puppet@production] toolforge bastion: reduce number of wheel-of-misfortune runs

https://gerrit.wikimedia.org/r/639641

gerritbot added a comment.Nov 6 2020, 4:23 PM

Change 639617 merged by Bstorm:
[operations/puppet@production] toolforge bastion: safelist shells and related procs for the killer

https://gerrit.wikimedia.org/r/639617

gerritbot added a comment.Nov 6 2020, 4:49 PM

Change 639796 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge bastion: improve the killer a bit

https://gerrit.wikimedia.org/r/639796

gerritbot added a comment.Nov 6 2020, 5:02 PM

Change 639796 merged by Bstorm:
[operations/puppet@production] toolforge bastion: improve the killer a bit

https://gerrit.wikimedia.org/r/639796

Maintenance_bot removed a project: Patch-For-Review.Nov 6 2020, 5:11 PM
Bstorm added a subscriber: zhuyifei1999.EditedNov 6 2020, 5:31 PM

At this point, a dryrun only comes up with one sftp session (at least I think that's what I'm looking at). I'm thinking sftp sessions don't need to be kept open for days on end, so that seems ok. Everything else that would have been killed, probably already has been. Screens will be exempt from this service's behavior.

The next round of changes on this likely should focus on https://psutil.readthedocs.io/en/latest/#psutil.cpu_times
It is possible on Linux to check out what the process has been doing and use that instead of wall clock time to kick processes off. When this goes through the proclist in the spin_the_wheel function, it could start by logging things that might be killed on the basis of, say, excessive iowait or user time. That would allow safe experimentation with that kind of algorithm. @zhuyifei1999 if you have any interest in tweaking that sort of setting here, I'll happily review it 😁 I think this might be pretty stable for now, though.

Multichill added a comment.Nov 7 2020, 2:01 PM

Thanks for adding screen. Can you add /usr/bin/mysql to the whitelist too? Just the client part. Mariadb server will auto disconnect any long open sessions and the client will just reconnect when a session is needed again.

Bstorm added a comment.Nov 24 2020, 7:30 PM

Coming back around to this, mysql is one that could definitely be used inappropriately because you could effectively run a bot as mysql. However, it wouldn't daemonize at least. We could maybe add it since we already monitor for crons and there is a query/session killer.

That said, the script needs at least one more improvement I've noticed. It crashes when there's nothing to consider for killing because of the way we implemented the random.choices() function (stolen from python 3.6).

gerritbot added a comment.Nov 24 2020, 7:43 PM

Change 643336 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] wmcs_wheel_of_misfortune: dont fail for empty lists

https://gerrit.wikimedia.org/r/643336

gerritbot added a project: Patch-For-Review.Nov 24 2020, 7:43 PM
gerritbot added a comment.Nov 24 2020, 7:53 PM

Change 643337 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] wmcs_wheel_of_misfortune: add mysql to exempt shells

https://gerrit.wikimedia.org/r/643337

gerritbot added a comment.Nov 24 2020, 8:13 PM

Change 643336 merged by Bstorm:
[operations/puppet@production] wmcs_wheel_of_misfortune: dont fail for empty lists

https://gerrit.wikimedia.org/r/643336

gerritbot added a comment.Dec 2 2020, 5:27 PM

Change 643337 merged by Bstorm:
[operations/puppet@production] wmcs_wheel_of_misfortune: add mysql to exempt shells

https://gerrit.wikimedia.org/r/643337

gerritbot added a comment.Dec 2 2020, 5:44 PM

Change 644878 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] wmcs_wheel_of_misfortune: avoid race condition with proc info

https://gerrit.wikimedia.org/r/644878

gerritbot added a comment.Dec 2 2020, 11:43 PM

Change 644878 merged by Bstorm:
[operations/puppet@production] wmcs_wheel_of_misfortune: avoid race condition with proc info

https://gerrit.wikimedia.org/r/644878

Bstorm added a subtask: T282949: Wheel of Misfortune should provide bastion host details.May 18 2021, 11:36 PM
Xqt subscribed.Jan 9 2022, 6:41 PM
taavi closed this task as Resolved.Jan 20 2022, 11:54 AM
taavi closed subtask T282949: Wheel of Misfortune should provide bastion host details as Resolved.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL