feat: add systemd timer to run "manage.py remove-pending-sources" daily #6826
Conversation
cfm
force-pushed
the
stg-6788-remove-pending-sources-nightly
branch
from
d9eaa4a to
352754c
Compare
securedrop/debian/app-code/lib/systemd/system/securedrop-remove-pending-sources.service
Outdated
Show resolved
Hide resolved
|
Completed first portion of test plan this afternoon:
Going to allow the nighty timers to fire overnight and will return to complete the remainder of the test plan tomorrow. |
cfm
force-pushed
the
stg-6788-remove-pending-sources-nightly
branch
from
352754c to
6f780c6
Compare
|
Thanks, @nathandyer! If you have time, you should be able to rebuild from 6f780c6 and shove it into your system without any other changes or extra testing steps, mainly for #6826 (comment). But it's such a trivial diff I wouldn't worry about it if it's not convenient for your testing. :-) |
|
@cfm Not a problem at all to test with the latest changes from 6f780c6! I am running into something a bit odd, and I think it's just from me not setting things up correctly somehow. From my Admin Workstation, I cloned the SecureDrop git repo and checked out the stg-6788-remove-pending-sources-nightly branch. From there, I did the standard procedure, including a The odd thing is, when I look on my app server itself, Is there some other method I should be using to get the newer |
|
Discussed
<#6826 (comment)>
out of band with @nathandyer and clarified the test plan to reflect both
<#6826 (comment)>
and the need to install a securedrop-app-code package built via "make
build-debs" on this branch.
|
|
Thank you @cfm! Happy to report I successfully built the Debian packages and installed them on my server. Verified that I should have definitive results first thing in the morning. |
There was a problem hiding this comment.
Happy to report that overnight the timer fired as expected and removed 10 of the pending sources, leaving only 100 on the server.
- Confirm that only 100 "pending" sources remain on the server.
Using systemctl I can see the timer is still active and running, and will be triggered again tonight.
This gets my approval, although since I'm not a maintainer we'll still need a final official "Approve" action.
|
Thanks Nathan! Merging |
Status
Ready for review
Description of Changes
Closes #6788.
NB. Per #6780 (comment), we are trusting that well-formed systemd units will Do the Right Thing without specific test cases.
Testing
securedrop-app-codebuilt viamake build-debson this branch into a production or staging installation.loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0Check that no OSSEC alert was logged when the(obsoleted by feat: add systemd timer to run "manage.py remove-pending-sources" daily #6826 (comment))securedrop-remove-pending-sourcestimer fired (i.e., its standard output was suppressed).manage.py remove-pending-sourcesso that it will raise an exception.securedrop-remove-pending-sourcestimer fired(i.e., its standard error was not suppressed), because OSSEC triggered on a log message containing the stringerror. (clarified per feat: add systemd timer to run "manage.py remove-pending-sources" daily #6826 (comment))Deployment
No deployment considerations, but it's worth documenting this behavior for administrators and flagging it in release notes, as noted below.
Checklist
If you made changes to the server application code:
make lint) and tests (make test) pass in the development containerIf you made changes to
securedrop-admin:make -C admin test) pass in the admin development containerIf you made changes to the system configuration:
If you made non-trivial code changes:
Choose one of the following: