Closed Bug 1562731 Opened 5 years ago Closed 5 years ago

Upgrade pulseguardian to python 3

Categories

(Taskcluster :: Operations and Service Requests, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: dustin, Assigned: dustin, Mentored)

Details

This is a pretty simple Flask app and most (all?) of its dependencies are available in Py3. So it should be pretty quick to upgrade the app itself.

Site: https://pulseguardian.mozilla.org/
Repo: https://github.com/mozilla-services/pulseguardian

This is a somewhat un-owned application at Mozilla that is currently the responsibility of a team full of Go and JS programmers, so we could use some help from someone skilled in Python. I'll be happy to help!

Looks like flask-secure-headers is an upstream dep that also needs porting or replacing/removing as a dependency. It looks like some Mozillians have attempted to port it: https://github.com/twaldear/flask-secure-headers/pull/9

That looks very unmaintained (no changes in 4 years). Likely we'll need to do what @jeffbryner did and set the relevant headers "manually".

Coop I can take a look at the code bits of this during our "break". Maybe I get something done, maybe not :)

Assignee: nobody → dustin

Aki, can you take a peek at https://github.com/mozilla-services/pulseguardian/pull/246? You're not in the org so I couldn't flag you for review..

Flags: needinfo?(aki)

This now blocks https://github.com/mozilla-services/pulseguardian/pull/242 because gunicorn 20.0.0 doesn't support python 2.7.

Flags: needinfo?(aki)

Stamping. If you need deeper flask review, that may not be me.

(I do see diffs if I clone Tarek's master into flask_secure_headers. The 3 patches after the vendor seem sane.)

Deployment thoughts:

  • for the webapp, rollback is pretty easy and we can just QA "manually"
  • for the backend queue-monitoring bit, we can deploy it in a read-only fashion and see what it logs, thereby avoiding the risk of some subtle bug causing it to delete everyone's queues or something crazy.

https://github.com/mozilla-services/pulseguardian/pull/249 is the best I can think of for "read-only fashion". Coop, what do you think about that patch? How about timing?

Flags: needinfo?(coop)

(In reply to Dustin J. Mitchell [:dustin] (he/him) from comment #7)

https://github.com/mozilla-services/pulseguardian/pull/249 is the best I can think of for "read-only fashion". Coop, what do you think about that patch? How about timing?

The approach is sane and non-destructive. I don't think we're beholden to any particular timing here since this service really is off to the side.

If you're around and can peek at the logs, I'd be happy to roll this out this morning.

Flags: needinfo?(coop)

..I got a queue length warning..

..and it successfuly deleted that queue.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.