*: decrease frequency of background tasks, smear tasks based on name and fqdn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2159
This commit is contained in:
Jens Langhammer 2022-04-20 18:42:56 +02:00
parent 1328c3e62c
commit 1a1434bfda
9 changed files with 37 additions and 17 deletions

View file

@ -1,10 +1,12 @@
"""authentik admin settings""" """authentik admin settings"""
from celery.schedules import crontab from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"admin_latest_version": { "admin_latest_version": {
"task": "authentik.admin.tasks.update_latest_version", "task": "authentik.admin.tasks.update_latest_version",
"schedule": crontab(minute="*/60"), # Run every hour "schedule": crontab(minute=fqdn_rand("admin_latest_version", 60), hour="*"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
} }
} }

View file

@ -1,10 +1,12 @@
"""Crypto task Settings""" """Crypto task Settings"""
from celery.schedules import crontab from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"crypto_certificate_discovery": { "crypto_certificate_discovery": {
"task": "authentik.crypto.tasks.certificate_discovery", "task": "authentik.crypto.tasks.certificate_discovery",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute=fqdn_rand("crypto_certificate_discovery", 60), hour="*"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
} }

View file

@ -1,6 +1,10 @@
"""Time utilities""" """Time utilities"""
import datetime import datetime
from hashlib import sha256
from random import randrange, seed
from socket import getfqdn
from celery.schedules import crontab
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
@ -38,3 +42,12 @@ def timedelta_from_string(expr: str) -> datetime.timedelta:
if len(kwargs) < 1: if len(kwargs) < 1:
raise ValueError("No valid keys to pass to timedelta") raise ValueError("No valid keys to pass to timedelta")
return datetime.timedelta(**kwargs) return datetime.timedelta(**kwargs)
def fqdn_rand(task: str, max: int) -> int:
"""Get a random number within max based on the FQDN and task name"""
entropy = f"{getfqdn()}:{task}"
hasher = sha256()
hasher.update(entropy.encode("utf-8"))
seed(hasher.hexdigest())
return randrange(0, max) # nosec

View file

@ -1,10 +1,12 @@
"""managed Settings""" """managed Settings"""
from celery.schedules import crontab from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"managed_reconcile": { "managed_reconcile": {
"task": "authentik.managed.tasks.managed_reconcile", "task": "authentik.managed.tasks.managed_reconcile",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute=fqdn_rand("managed_reconcile", 60), hour="*/4"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
} }

View file

@ -1,25 +1,27 @@
"""Outposts Settings""" """Outposts Settings"""
from celery.schedules import crontab from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"outposts_controller": { "outposts_controller": {
"task": "authentik.outposts.tasks.outpost_controller_all", "task": "authentik.outposts.tasks.outpost_controller_all",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute=fqdn_rand("outposts_controller", 60), hour="*/4"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
"outposts_service_connection_check": { "outposts_service_connection_check": {
"task": "authentik.outposts.tasks.outpost_service_connection_monitor", "task": "authentik.outposts.tasks.outpost_service_connection_monitor",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute="3-59/15"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
"outpost_token_ensurer": { "outpost_token_ensurer": {
"task": "authentik.outposts.tasks.outpost_token_ensurer", "task": "authentik.outposts.tasks.outpost_token_ensurer",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute=fqdn_rand("outpost_token_ensurer", 60), hour="*/8"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
"outpost_local_connection": { "outpost_local_connection": {
"task": "authentik.outposts.tasks.outpost_local_connection", "task": "authentik.outposts.tasks.outpost_local_connection",
"schedule": crontab(minute="*/60"), "schedule": crontab(minute=fqdn_rand("outpost_local_connection", 60), hour="*/8"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
} }

View file

@ -4,7 +4,7 @@ from celery.schedules import crontab
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"policies_reputation_save": { "policies_reputation_save": {
"task": "authentik.policies.reputation.tasks.save_reputation", "task": "authentik.policies.reputation.tasks.save_reputation",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute="1-59/5"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
} }

View file

@ -337,17 +337,12 @@ CELERY_WORKER_MAX_TASKS_PER_CHILD = 50
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"clean_expired_models": { "clean_expired_models": {
"task": "authentik.core.tasks.clean_expired_models", "task": "authentik.core.tasks.clean_expired_models",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute="2-59/5"),
"options": {"queue": "authentik_scheduled"},
},
"db_backup": {
"task": "authentik.core.tasks.backup_database",
"schedule": crontab(hour="*/24", minute=0),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
"user_cleanup": { "user_cleanup": {
"task": "authentik.core.tasks.clean_temporary_users", "task": "authentik.core.tasks.clean_temporary_users",
"schedule": crontab(minute="*/5"), "schedule": crontab(minute="9-59/5"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
} }

View file

@ -1,10 +1,12 @@
"""LDAP Settings""" """LDAP Settings"""
from celery.schedules import crontab from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"sources_ldap_sync": { "sources_ldap_sync": {
"task": "authentik.sources.ldap.tasks.ldap_sync_all", "task": "authentik.sources.ldap.tasks.ldap_sync_all",
"schedule": crontab(minute="*/120"), # Run every other hour "schedule": crontab(minute=fqdn_rand("sources_ldap_sync", 60), hour="*/2"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
} }
} }

View file

@ -1,10 +1,12 @@
"""Plex source settings""" """Plex source settings"""
from celery.schedules import crontab from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"check_plex_token": { "check_plex_token": {
"task": "authentik.sources.plex.tasks.check_plex_token_all", "task": "authentik.sources.plex.tasks.check_plex_token_all",
"schedule": crontab(minute="31", hour="*/3"), "schedule": crontab(minute=fqdn_rand("check_plex_token", 60), hour="*/3"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
} }