From 9d57fa97597ec176a8357d6620ab9e670ee19f4e Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Mon, 3 May 2021 15:20:04 -0700 Subject: [PATCH] puppet: Use pgrep -x to avoid accidental matches. Matching the full process name (-x without -f) or full command line (-xf) is less prone to mistakes like matching a random substring of some other command line or pgrep matching itself. Signed-off-by: Anders Kaseorg --- .../files/nagios_plugins/zulip_app_frontend/check_worker_memory | 2 +- puppet/zulip/manifests/profile/rabbitmq.pp | 2 +- puppet/zulip/manifests/supervisor.pp | 2 +- puppet/zulip_ops/files/cron.d/camo | 2 +- scripts/restart-server | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_worker_memory b/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_worker_memory index c1a8d69375..2a37461509 100755 --- a/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_worker_memory +++ b/puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_worker_memory @@ -4,7 +4,7 @@ datafile=$(mktemp) # We expect other Nagios checks to monitor for whether no queue # workers are running, so we give that condition a pass -processes=$(pgrep -f '^python.* /home/zulip/deployments/current/manage.py process_queue') +processes=$(pgrep -xf 'python.* /home/zulip/deployments/current/manage.py process_queue .*') if [ -z "$processes" ]; then echo "No workers running" exit 0 diff --git a/puppet/zulip/manifests/profile/rabbitmq.pp b/puppet/zulip/manifests/profile/rabbitmq.pp index f78c9559ba..0a3dd4c4e0 100644 --- a/puppet/zulip/manifests/profile/rabbitmq.pp +++ b/puppet/zulip/manifests/profile/rabbitmq.pp @@ -59,7 +59,7 @@ class zulip::profile::rabbitmq { # running and exits if so. exec { 'epmd': command => 'epmd -daemon', - unless => 'which pgrep && pgrep -f [e]pmd >/dev/null', + unless => 'which pgrep && pgrep -x epmd >/dev/null', require => Package[$erlang], path => '/usr/bin/:/bin/', } diff --git a/puppet/zulip/manifests/supervisor.pp b/puppet/zulip/manifests/supervisor.pp index db650a8be3..3b2d1a4016 100644 --- a/puppet/zulip/manifests/supervisor.pp +++ b/puppet/zulip/manifests/supervisor.pp @@ -85,7 +85,7 @@ class zulip::supervisor { # don't match. hasrestart => true, # lint:ignore:140chars - restart => "bash -c 'if pgrep -f supervisor[d] >/dev/null; then supervisorctl reread && supervisorctl update; else ${zulip::common::supervisor_start}; fi'", + restart => "bash -c 'if pgrep -x supervisord >/dev/null; then supervisorctl reread && supervisorctl update; else ${zulip::common::supervisor_start}; fi'", # lint:endignore } exec { 'supervisor-restart': diff --git a/puppet/zulip_ops/files/cron.d/camo b/puppet/zulip_ops/files/cron.d/camo index a3208f8d60..6df9b01401 100644 --- a/puppet/zulip_ops/files/cron.d/camo +++ b/puppet/zulip_ops/files/cron.d/camo @@ -1 +1 @@ -* * * * * root /bin/bash -c '(pgrep -u nobody -f camo || /etc/init.d/camo restart) 2>&1 >>/var/log/camo/restart-log' +* * * * * root /bin/bash -c '(pgrep -u nobody -F /var/run/camo.pid || /etc/init.d/camo restart) 2>&1 >>/var/log/camo/restart-log' diff --git a/scripts/restart-server b/scripts/restart-server index fcefe81907..b243057c27 100755 --- a/scripts/restart-server +++ b/scripts/restart-server @@ -138,7 +138,7 @@ if action == "start" or args.less_graceful: using_sso = subprocess.check_output(["./scripts/get-django-setting", "USING_APACHE_SSO"]) if using_sso.strip() == b"True": logging.info("Restarting Apache WSGI process...") - subprocess.check_call(["pkill", "-f", "apache2", "-u", "zulip"]) + subprocess.check_call(["pkill", "-x", "apache2", "-u", "zulip"]) logging.info("Done!") print(OKGREEN + f"Zulip {action}ed successfully!" + ENDC)