From 7f948a0dd5754791a76f7f59060e6cd5206c8be2 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Thu, 7 Mar 2024 20:28:22 +0100 Subject: [PATCH 1/7] Chnages to reduce load on CRIC. --- docker/frontend/Dockerfile | 4 ++++ docker/frontend/authmap-preprod.cron | 2 ++ docker/frontend/authmap-prod.cron | 2 ++ docker/frontend/authmap-test.cron | 2 ++ docker/frontend/copy_cron.sh | 17 +++++++++++++++++ docker/frontend/install.sh | 3 +++ 6 files changed, 30 insertions(+) create mode 100644 docker/frontend/authmap-preprod.cron create mode 100644 docker/frontend/authmap-prod.cron create mode 100644 docker/frontend/authmap-test.cron create mode 100644 docker/frontend/copy_cron.sh diff --git a/docker/frontend/Dockerfile b/docker/frontend/Dockerfile index 423e07dd9..f429b17c0 100644 --- a/docker/frontend/Dockerfile +++ b/docker/frontend/Dockerfile @@ -54,6 +54,10 @@ RUN crontab /data/crontab.txt ADD run.sh $WDIR/run.sh ADD monitor.sh $WDIR/monitor.sh ADD alerts.sh $WDIR/alerts.sh +COPY authmap-prod.cron /tmp/authmap-prod.cron +COPY authmap-preprod.cron /tmp/data/tools/authmap-preprod.cron +COPY authmap-test.cron /tmp/authmap-test.cron + ENV PATH="${WDIR}/cmsweb/bin:${WDIR}:${WDIR}/gopath/bin:${PATH}" diff --git a/docker/frontend/authmap-preprod.cron b/docker/frontend/authmap-preprod.cron new file mode 100644 index 000000000..947aeefbe --- /dev/null +++ b/docker/frontend/authmap-preprod.cron @@ -0,0 +1,2 @@ +*/15 * * * * sleep $((RANDOM \% 601)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh + diff --git a/docker/frontend/authmap-prod.cron b/docker/frontend/authmap-prod.cron new file mode 100644 index 000000000..947aeefbe --- /dev/null +++ b/docker/frontend/authmap-prod.cron @@ -0,0 +1,2 @@ +*/15 * * * * sleep $((RANDOM \% 601)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh + diff --git a/docker/frontend/authmap-test.cron b/docker/frontend/authmap-test.cron new file mode 100644 index 000000000..1e897b509 --- /dev/null +++ b/docker/frontend/authmap-test.cron @@ -0,0 +1,2 @@ +*/30 * * * * sleep $((RANDOM \% 901)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh + diff --git a/docker/frontend/copy_cron.sh b/docker/frontend/copy_cron.sh new file mode 100644 index 000000000..32c2f76ad --- /dev/null +++ b/docker/frontend/copy_cron.sh @@ -0,0 +1,17 @@ +if [ "$ENVIRONMENT" = "k8s-prod" ]; then + # Copy the production cron file + echo "Copying authmap-prod.cron" + cp /tmp/authmap-prod.cron /tmp/authmap.cron +elif [ "$ENVIRONMENT" = "k8s-preprod" ]; then + # Copy the development cron file + echo "Copying authmap-preprod.cron" + cp /tmp/authmap-preprod.cron /tmp/authmap.cron +elif [ "$ENVIRONMENT" = "k8s-test" ]; then + # Copy the test cron file + echo "Copying authmap-test.cron" + cp /tmp/authmap-test.cron /tmp/authmap.cron + +else + echo "Unsupported environment: $ENVIRONMENT" + exit 1 +fi diff --git a/docker/frontend/install.sh b/docker/frontend/install.sh index de0deea46..724e1686d 100755 --- a/docker/frontend/install.sh +++ b/docker/frontend/install.sh @@ -121,5 +121,8 @@ crontab -l | \ # add proxy generation via robot certificate crontab -l | egrep -v "reboot|ProxyRenew|LogArchive|ServerMonitor" > /tmp/mycron echo "0 0 * * * sudo /usr/sbin/fetch-crl" >> /tmp/mycron +chmod +x copy_cron.sh && ./copy_cron.sh && cat /tmp/authmap.cron >> /tmp/mycron +(crontab -l | grep -v "mkauthmap") | crontab - + crontab /tmp/mycron rm /tmp/mycron From 44dcc927a06f0efdd057b701dd3dcec74b669f03 Mon Sep 17 00:00:00 2001 From: Aroosha Pervaiz Date: Thu, 7 Mar 2024 20:28:44 +0100 Subject: [PATCH 2/7] Chnages to reduce load on CRIC. --- kubernetes/cmsweb/daemonset/frontend-ds.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kubernetes/cmsweb/daemonset/frontend-ds.yaml b/kubernetes/cmsweb/daemonset/frontend-ds.yaml index 055d4bfc5..78a8fdd13 100644 --- a/kubernetes/cmsweb/daemonset/frontend-ds.yaml +++ b/kubernetes/cmsweb/daemonset/frontend-ds.yaml @@ -76,6 +76,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.name + - name: ENVIRONMENT + value: k8s #k8s# ports: - containerPort: 80 name: http From f4e0835f17261e3cbf3907c28c2a90c15f7effc3 Mon Sep 17 00:00:00 2001 From: "A. Pervaiz" <77356768+arooshap@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:23:04 +0100 Subject: [PATCH 3/7] Update Dockerfile --- docker/frontend/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/frontend/Dockerfile b/docker/frontend/Dockerfile index f429b17c0..4190eb404 100644 --- a/docker/frontend/Dockerfile +++ b/docker/frontend/Dockerfile @@ -57,6 +57,8 @@ ADD alerts.sh $WDIR/alerts.sh COPY authmap-prod.cron /tmp/authmap-prod.cron COPY authmap-preprod.cron /tmp/data/tools/authmap-preprod.cron COPY authmap-test.cron /tmp/authmap-test.cron +COPY copy_cron.sh $WDIR/copy_cron.sh + ENV PATH="${WDIR}/cmsweb/bin:${WDIR}:${WDIR}/gopath/bin:${PATH}" From 22993ffbeaf9fbb1fc9ac366e9f2e517b5418894 Mon Sep 17 00:00:00 2001 From: "A. Pervaiz" <77356768+arooshap@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:50:46 +0100 Subject: [PATCH 4/7] Update install.sh --- docker/frontend/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/frontend/install.sh b/docker/frontend/install.sh index 724e1686d..cb51df534 100755 --- a/docker/frontend/install.sh +++ b/docker/frontend/install.sh @@ -121,8 +121,8 @@ crontab -l | \ # add proxy generation via robot certificate crontab -l | egrep -v "reboot|ProxyRenew|LogArchive|ServerMonitor" > /tmp/mycron echo "0 0 * * * sudo /usr/sbin/fetch-crl" >> /tmp/mycron +sed -i '/mkauthmap/d' /tmp/mycron chmod +x copy_cron.sh && ./copy_cron.sh && cat /tmp/authmap.cron >> /tmp/mycron -(crontab -l | grep -v "mkauthmap") | crontab - crontab /tmp/mycron rm /tmp/mycron From 6972f1360098eb812cca9367013e1677266b27fd Mon Sep 17 00:00:00 2001 From: "A. Pervaiz" <77356768+arooshap@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:54:33 +0100 Subject: [PATCH 5/7] Update authmap-test.cron --- docker/frontend/authmap-test.cron | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/frontend/authmap-test.cron b/docker/frontend/authmap-test.cron index 1e897b509..2575d1f78 100644 --- a/docker/frontend/authmap-test.cron +++ b/docker/frontend/authmap-test.cron @@ -1,2 +1,2 @@ -*/30 * * * * sleep $((RANDOM \% 901)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh +*/30 * * * * sleep $((RANDOM % 901)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh From c15b06672601fe45bebfdd842ba7b04e48873d21 Mon Sep 17 00:00:00 2001 From: "A. Pervaiz" <77356768+arooshap@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:54:55 +0100 Subject: [PATCH 6/7] Update authmap-preprod.cron --- docker/frontend/authmap-preprod.cron | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/frontend/authmap-preprod.cron b/docker/frontend/authmap-preprod.cron index 947aeefbe..b76717e13 100644 --- a/docker/frontend/authmap-preprod.cron +++ b/docker/frontend/authmap-preprod.cron @@ -1,2 +1,2 @@ -*/15 * * * * sleep $((RANDOM \% 601)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh +*/15 * * * * sleep $((RANDOM % 601)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh From 83e81c187a842e32bbbff506ac0b468020d5019d Mon Sep 17 00:00:00 2001 From: "A. Pervaiz" <77356768+arooshap@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:55:17 +0100 Subject: [PATCH 7/7] Update authmap-prod.cron --- docker/frontend/authmap-prod.cron | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/frontend/authmap-prod.cron b/docker/frontend/authmap-prod.cron index 947aeefbe..b76717e13 100644 --- a/docker/frontend/authmap-prod.cron +++ b/docker/frontend/authmap-prod.cron @@ -1,2 +1,2 @@ -*/15 * * * * sleep $((RANDOM \% 601)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh +*/15 * * * * sleep $((RANDOM % 601)); /data/srv/current/config/frontend/mkauthmap -c /data/srv/current/config/frontend/mkauth.conf -o /data/srv/state/frontend/etc/authmap.json --cert /etc/robots/robotcert.pem --key /etc/robots/robotkey.pem --ca-cert /etc/ssl/certs/CERN-bundle.pem ; [ $? -ne 0 ] && /bin/bash /data/alerts.sh