mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
feb4e65be6
#10292 The query was processing *every* file under `/Applications/`, which makes it super expensive both in CPU usage and Memory footprint. This query was the main culprit of triggering worker process kills by the watchdog. On some runs it triggered CPU usage alerts: ``` 7716:W0623 15:38:05.402959 221732864 watcher.cpp:415] osqueryd worker (72976) stopping: Maximum sustainable CPU utilization limit 1200ms exceeded for 12 seconds ``` And on other runs it triggered memory usage alerts: ``` 4431 W0626 07:28:50.868021 147312640 watcher.cpp:424] osqueryd worker (21453) stopping: Memory limits exceeded: 214020096 bytes (limit is 200MB) ``` For the above logs I used a custom osqueryd branch to be able to print more information: https://github.com/osquery/osquery/pull/8070 The metrics for the old query were CPU usage: ~4521 ms ``` 435:level=warn ts=2023-06-26T09:58:29.665712Z query=fleet_policy_query_1233 queryTime=4521 memory=12226560 msg="distributed query performance is excessive" hostID=308 platform=darwin ``` With the new query, CPU usage: ~210 ms. ``` 23893:level=debug ts=2023-06-26T18:06:08.242456Z query=fleet_policy_query_1233 queryTime=210 msg=stats memory=0 hostID=308 platform=darwin ``` Basically a ~20x improvement. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - ~[ ] Added/updated tests~ - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~ |
||
|---|---|---|
| .. | ||
| .keep | ||
| 10292-optimize-macos-cis-query-5.1.5 | ||
| 11037-privacy_preferences-chromeos-table | ||
| 11655-hide-osquery-table-info | ||
| 12310-setup-styling | ||
| 12368-copy-message | ||
| bug-2642-fix-msrc-error | ||
| bug-2790-return-proper-status-code | ||
| bug-2888-return-proper-status-code-if-smtp-invalid | ||
| bug-2888-validate-metadataurl | ||
| bug-10720-ratelimits-should-return-proper-status-code | ||
| bug-10867-output-warns-to-stdout | ||
| bug-11636-vuln-dropdown | ||
| bug-12108-weird-scroll-behavior | ||
| bug-12308-sandbox-software-image | ||
| bug-12332-dashboard-loading-state | ||
| bug-12394-variable-fleet-url | ||
| bug-add-mdm-feature-flag-in-modify-appconfig | ||
| issue-11861-filevault-key | ||
| issue-11932-improve-abm-400-error | ||
| issue-11952-UI-for-windows-mdm-on-off | ||
| issue-12129-activity-transferred-hosts | ||
| issue-12257-windows-mdm-feature-flag | ||
| issue-12259-windows-mdm-settings | ||
| issue-12260-trigger-windows-mdm-enrollment | ||
| issue-12261-microsoft-mdm-discovery-endpoint | ||
| issue-12297-ui-transferred-hosts-activity | ||
| issue-12330-mdm-verification-failed | ||
| issue-12392-use-primary | ||
| provide-feedback-fleetctl-login-when-using-env-vars | ||