*: decrease frequency of background tasks, smear tasks based on name and fqdn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2159
This commit is contained in:
Jens Langhammer 2022-04-20 18:42:56 +02:00
parent 1328c3e62c
commit 1a1434bfda
9 changed files with 37 additions and 17 deletions

View file

@ -1,10 +1,12 @@
"""authentik admin settings"""
from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = {
"admin_latest_version": {
"task": "authentik.admin.tasks.update_latest_version",
"schedule": crontab(minute="*/60"), # Run every hour
"schedule": crontab(minute=fqdn_rand("admin_latest_version", 60), hour="*"),
"options": {"queue": "authentik_scheduled"},
}
}

View file

@ -1,10 +1,12 @@
"""Crypto task Settings"""
from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = {
"crypto_certificate_discovery": {
"task": "authentik.crypto.tasks.certificate_discovery",
"schedule": crontab(minute="*/5"),
"schedule": crontab(minute=fqdn_rand("crypto_certificate_discovery", 60), hour="*"),
"options": {"queue": "authentik_scheduled"},
},
}

View file

@ -1,6 +1,10 @@
"""Time utilities"""
import datetime
from hashlib import sha256
from random import randrange, seed
from socket import getfqdn
from celery.schedules import crontab
from django.core.exceptions import ValidationError
from django.utils.translation import gettext_lazy as _
@ -38,3 +42,12 @@ def timedelta_from_string(expr: str) -> datetime.timedelta:
if len(kwargs) < 1:
raise ValueError("No valid keys to pass to timedelta")
return datetime.timedelta(**kwargs)
def fqdn_rand(task: str, max: int) -> int:
"""Get a random number within max based on the FQDN and task name"""
entropy = f"{getfqdn()}:{task}"
hasher = sha256()
hasher.update(entropy.encode("utf-8"))
seed(hasher.hexdigest())
return randrange(0, max) # nosec

View file

@ -1,10 +1,12 @@
"""managed Settings"""
from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = {
"managed_reconcile": {
"task": "authentik.managed.tasks.managed_reconcile",
"schedule": crontab(minute="*/5"),
"schedule": crontab(minute=fqdn_rand("managed_reconcile", 60), hour="*/4"),
"options": {"queue": "authentik_scheduled"},
},
}

View file

@ -1,25 +1,27 @@
"""Outposts Settings"""
from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = {
"outposts_controller": {
"task": "authentik.outposts.tasks.outpost_controller_all",
"schedule": crontab(minute="*/5"),
"schedule": crontab(minute=fqdn_rand("outposts_controller", 60), hour="*/4"),
"options": {"queue": "authentik_scheduled"},
},
"outposts_service_connection_check": {
"task": "authentik.outposts.tasks.outpost_service_connection_monitor",
"schedule": crontab(minute="*/5"),
"schedule": crontab(minute="3-59/15"),
"options": {"queue": "authentik_scheduled"},
},
"outpost_token_ensurer": {
"task": "authentik.outposts.tasks.outpost_token_ensurer",
"schedule": crontab(minute="*/5"),
"schedule": crontab(minute=fqdn_rand("outpost_token_ensurer", 60), hour="*/8"),
"options": {"queue": "authentik_scheduled"},
},
"outpost_local_connection": {
"task": "authentik.outposts.tasks.outpost_local_connection",
"schedule": crontab(minute="*/60"),
"schedule": crontab(minute=fqdn_rand("outpost_local_connection", 60), hour="*/8"),
"options": {"queue": "authentik_scheduled"},
},
}

View file

@ -4,7 +4,7 @@ from celery.schedules import crontab
CELERY_BEAT_SCHEDULE = {
"policies_reputation_save": {
"task": "authentik.policies.reputation.tasks.save_reputation",
"schedule": crontab(minute="*/5"),
"schedule": crontab(minute="1-59/5"),
"options": {"queue": "authentik_scheduled"},
},
}

View file

@ -337,17 +337,12 @@ CELERY_WORKER_MAX_TASKS_PER_CHILD = 50
CELERY_BEAT_SCHEDULE = {
"clean_expired_models": {
"task": "authentik.core.tasks.clean_expired_models",
"schedule": crontab(minute="*/5"),
"options": {"queue": "authentik_scheduled"},
},
"db_backup": {
"task": "authentik.core.tasks.backup_database",
"schedule": crontab(hour="*/24", minute=0),
"schedule": crontab(minute="2-59/5"),
"options": {"queue": "authentik_scheduled"},
},
"user_cleanup": {
"task": "authentik.core.tasks.clean_temporary_users",
"schedule": crontab(minute="*/5"),
"schedule": crontab(minute="9-59/5"),
"options": {"queue": "authentik_scheduled"},
},
}

View file

@ -1,10 +1,12 @@
"""LDAP Settings"""
from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = {
"sources_ldap_sync": {
"task": "authentik.sources.ldap.tasks.ldap_sync_all",
"schedule": crontab(minute="*/120"), # Run every other hour
"schedule": crontab(minute=fqdn_rand("sources_ldap_sync", 60), hour="*/2"),
"options": {"queue": "authentik_scheduled"},
}
}

View file

@ -1,10 +1,12 @@
"""Plex source settings"""
from celery.schedules import crontab
from authentik.lib.utils.time import fqdn_rand
CELERY_BEAT_SCHEDULE = {
"check_plex_token": {
"task": "authentik.sources.plex.tasks.check_plex_token_all",
"schedule": crontab(minute="31", hour="*/3"),
"schedule": crontab(minute=fqdn_rand("check_plex_token", 60), hour="*/3"),
"options": {"queue": "authentik_scheduled"},
},
}