Bug 1476379 - [RFE] Add randomness to SCAP client runs to avoid DDOS of the server
[RFE] Add randomness to SCAP client runs to avoid DDOS of the server
Status: NEW
Product: Red Hat Satellite 6
Classification: Red Hat
Component: SCAP Plugin (Show other bugs)
Unspecified
Unspecified Unspecified
unspecified Severity medium (vote)
: Unspecified
: --
Assigned To: satellite6-bugs
: FutureFeature, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-28 14:22 EDT by Rich Jerrido
Modified: 2018-04-25 02:00 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 20449 None None None 2017-07-31 04:38 EDT

  None (edit)
Description Rich Jerrido 2017-07-28 14:22:30 EDT
Description of problem:


As a user, I may have hundreds or potentially thousands of systems associated with a hostgroup. 

As OpenSCAP policies in Satellite are associated with hostgroups, if I have a large number of clients in a hostgroup and an OpenSCAP policy is defined, ALL of  the clients will attempt to upload their OpenSCAP reports at the same time. 


Ideally, I'd like to see some randomness added into the cron job, which allows the clients to splay their reporting. 


Today, an example cron job on a client is 

# HEADER: This file was autogenerated at 2017-07-25 14:19:34 -0400 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: foreman_scap_client_1
0 1 * * 1 /usr/bin/foreman_scap_client 1

I'd like it to be similar to the below (which adds a 30-600 second random delay) 

# HEADER: This file was autogenerated at 2017-07-25 14:19:34 -0400 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: foreman_scap_client_1
0 1 * * 1 python -c 'from random import randint; from time import sleep; sleep(randint(30,600))' ; /usr/bin/foreman_scap_client 1

lastly, I'd want the range of randomness configurable by the end-user.
Comment 1 Ondřej Pražák 2017-07-31 04:38:36 EDT
Created redmine issue http://projects.theforeman.org/issues/20449 from this bug
Comment 2 Marek Hulan 2017-08-07 09:08:06 EDT
The number can be configured by puppet-foreman_scap_client with default value to 600 so user could still change the configuration by overriding this smart class parameter. The only thing I don't like on this approach is the python code. Maybe we could improve the foreman_scap_client to use sleep function from ruby. We'd pass the interval as optional second argument.
Comment 3 Rich Jerrido 2017-08-22 05:42:56 EDT
(In reply to Marek Hulan from comment #2)
> The number can be configured by puppet-foreman_scap_client with default
> value to 600 so user could still change the configuration by overriding this
> smart class parameter. The only thing I don't like on this approach is the
> python code. Maybe we could improve the foreman_scap_client to use sleep
> function from ruby. We'd pass the interval as optional second argument.

Doens't have to be python. That was just an example.

Note You need to log in before you can comment on or make changes to this bug.