Last modified: 2014-04-16 21:36:48 UTC
To fix a recent bug I had to upgrade celery. But this highlighted that we have a security issue due to Celery running as root and pickle being the default serialization format. We need to: 1. stop running Celery as root (configure upstart) 2. stop using pickle as the serialization format
Prioritization and scheduling of this bug is tracked on Mingle card https://wikimedia.mingle.thoughtworks.com/projects/analytics/cards/cards/1396
Going to change pickle to JSON
(In reply to comment #0) > 1. stop running Celery as root (configure upstart) The Puppet module provisions an Upstart job which sets gid/uid to wikimetrics.
Thanks Ori, that's a good point. Wikimetrics came before its puppetization, so the "production" instance suffers from this problem. We should fix it by puppetizing it.