Skip to content

Customer Zero: Verify Vulnerability Data Retention Contingency Plan

Staging Change

Change Summary

Run the Vulnerability Data Retention contingency process for a Customer Zero/Internal Dogfooding.

Related to: gitlab-org/gitlab#526584

We have implemented data retention for the vulnerability dataset, this is already running in production for Customer Zero. We have also implemented a contingency plan to reverse the actions taken by the data retention mechanism. This change request concerns the contingency plan.

We would like to execute the following code snippet on the staging console to validate the contingency plan;

group = Group.find_by_full_path('govern-team-test/minac-test-group')

Vulnerabilities::Archival::Restoration::RestoreForGroupService.execute(group)

This will:

  • Move DB records from archive tables back to main tables.
  • There are no other side effects.

We will validate this by tracking log messages in Kibana.

Change Details

  1. Services Impacted
    1. Database - we are move records from one table to another. (this is the inverse of an archive process that already runs, so we are not concerned about DB load here).
  2. Change Technician
    1. For groupsecurity infrastructure @minac
    2. We need this to be run on the production console, so we require a DRI from SRE to run this. @cmcfarland
  3. Change Reviewer - @astarovoytov
  4. Scheduled Date and Time (UTC in format YYYY-MM-DD HH:MM) - 2025-10-23 17:00
  5. Time tracking - 30
  6. Downtime Component - No downtime expected.

Preparation

Note

The following checklists must be done in advance, before setting the label changescheduled

Change Reviewer checklist

C4 C3 C2 C1:

  • Check if the following applies:
    • The scheduled day and time of execution of the change is appropriate.
    • The change plan is technically accurate.
    • The change plan includes estimated timing values based on previous testing.
    • The change plan includes a viable rollback plan.
    • The specified metrics/monitoring dashboards provide sufficient visibility for the change.

C2 C1:

  • Check if the following applies:
    • The complexity of the plan is appropriate for the corresponding risk of the change. (i.e. the plan contains clear details).
    • The change plan includes success measures for all steps/milestones during the execution.
    • The change adequately minimizes risk within the environment/service.
    • The performance implications of executing the change are well-understood and documented.
    • The specified metrics/monitoring dashboards provide sufficient visibility for the change.
      • If not, is it possible (or necessary) to make changes to observability platforms for added visibility?
    • The change has a primary and secondary SRE with knowledge of the details available during the change window.
    • The change window has been agreed with Release Managers in advance of the change. If the change is planned for APAC hours, this issue has an agreed pre-change approval.
    • The labels blocks deployments and/or blocks feature-flags are applied as necessary.

Change Technician checklist

  • The Change Criticality has been set appropriately and requirements have been reviewed.
  • The change plan is technically accurate.
  • The rollback plan is technically accurate and detailed enough to be executed by anyone with access.
  • This Change Issue is linked to the appropriate Issue and/or Epic
  • Change has been tested in staging and results noted in a comment on this issue.
  • A dry-run has been conducted and results noted in a comment on this issue.
  • The change execution window respects the Production Change Lock periods.
  • Once all boxes above are checked, mark the change request as scheduled: /label ~"change::scheduled"
  • For C1 and C2 change issues, the change event is added to the GitLab Production calendar by the change-scheduler bot. It is schedule to run every 2 hours.
  • For C1 change issues, a Senior Infrastructure Manager has provided approval with the manager_approved label on the issue.
  • For C2 change issues, an Infrastructure Manager provided approval with the manager_approved label on the issue.
  • For C1 and C2 changes, mention @gitlab-org/saas-platforms/inframanagers in this issue to provide visibility to all infrastructure managers.
  • For C1, C2, or blocks deployments change issues, confirm with Release managers that the change does not overlap or hinder any release process (In #production channel, mention @release-managers and this issue and await their acknowledgment.)

Detailed steps for the change

Pre-execution steps

Note

The following steps should be done right at the scheduled time of the change request. The preparation steps are listed below.

  • Make sure all tasks in Change Technician checklist are done
  • For C1 and C2 change issues, the SRE on-call has been informed prior to change being rolled out. (Search the PagerDuty schedule for "SRE 8-hour" to find who will be on-call at the scheduled day and time. SREs on-call must be informed of plannable C1 changes at least 2 weeks in advance.)
    • The SRE on-call provided approval with the eoc_approved label on the issue.
  • For C1, C2, or blocks deployments change issues, Release managers have been informed prior to change being rolled out. (In #production channel, mention @release-managers and this issue and await their acknowledgment.)
  • There are currently no active incidents that are severity1 or severity2
  • If the change involves doing maintenance on a database host, an appropriate silence targeting the host(s) should be added for the duration of the change.

Change steps - steps to take to execute the change

Estimated Time to Complete (mins) - 25 minutes

  • Set label changein-progress /label ~change::in-progress
  • Connect to the staging console RW server 
    ssh console-01-sv-gstg.c.gitlab-staging-1.internal
  • Run the following code on staging console 
    group = Group.find_by_full_path('govern-team-test/minac-test-group')

Vulnerabilities::Archival::Restoration::RestoreForGroupService.execute(group)
  • Paste the results of the console commands and response into an internal comment on this issue.
  • Set label changecomplete /label ~change::complete

Rollback

There is no rollback needed for this action.

Rollback steps - steps to be taken in the event of a need to rollback this change

Estimated Time to Complete (mins) - 5 minutes

Monitoring

The vulnerability report for the test group can be refreshed while the script is running to see the progress.

https://staging.gitlab.com/govern-team-test/minac-test-group/static-reports/big-report/-/security/vulnerability_report/

The script will return an array of anonymous classes when it succeeds.

Key metrics to observe

  • Metric: Metric Name
    • Location: Dashboard URL
    • What changes to this metric should prompt a rollback: Describe Changes
Edited by Mehmet Emin INAC