RE: ProGet log deletion query takes 26 hours

I checked, we don't have feed-level logging enabled.

Very well then, I'll push to have our instance upgraded quickly so we don't run into it in the future.

Thanks for the confirmation.

Sincerely,
Jérôme Jolidon

Could this be related to this issue? https://inedo.myjetbrains.com/youtrack/issue/PG-2189

Hello all,

We had a small issue in production today that forced us to restart the container: the ancient log deletion query ran over 26 hours, with 15% cpu used on the DB instance.

The service eventually collapsed into unresponsiveness due to database DTU throttling when the second identical query started and the workers started using the service intensively (around 9:45 local time).

The culprit is this query:

WITH LM AS (
        SELECT RN = ROW_NUMBER() OVER (PARTITION BY [Message_Level]
                                           ORDER BY [LogMessage_Id] DESC)
          FROM [LogMessages]
    )
    DELETE
      FROM LM
     WHERE RN > 1000

The deployment is the container image v6.0.19 on Azure with an Azure SQL server instance.

Here are some screenshots of the app and db performance logs:
DTU during outage

DB query stats

DTU at the end of outage

App perfs during outage

Run logs for this query

Hello,

All good, thank you for the support, the investigation and the oncoming fixes.

Cheers,
Jérôme

Ah, thanks, I didn't know it was called filtering level. I kept the recommended value, "Block download only".

I'm not sure to know what you mean by "filtering level". Currently I only block packages that match internal naming rules, another layer of protection against Dependency Confusion. I used Microsoft's for testing purposes to confirm that the way I defined the rules actually worked (the title of the thread does mention doc being a bit sparse ;-)).

Sincerely,
Jérôme

Hello Rich,

Indeed, I did not go that far, I trusted the UI. The blocking patterns actually work for NPM, including on our old 5.3.4.

Maybe a few remarks regarding the behavior of the UI for blocked packages:

• As you mentioned, the Blocked label doesn't appear
• In addition, the version list is empty, but it could be by design
• On the other hand, if the version list should appear empty, maybe it should not show the "Latest version" link on the search results page
• The download link indeed goes to a 404 page, which is good, but perhaps the button should be disabled altogether
• When logged as admin, the "Pull to ProGet" workflow is also enabled, but it seems it is also blocked down the road - still, it fails without feedback, that could be an improvement
• I don't know if the "Delete" button should be enabled for packages that have not been pulled or added locally.
• I think the Promote workflow should also be hidden, but that could be discussed - please note that I haven't tried it.

Again, thanks a lot for the investigation!

Sincerely,
Jérôme

Hello,

Yes, I believe that for nugets, the filters work as of 5.3.17, but they don't seem to work for npm packages. I will also be looking into docker filters, so I might have more feedback soon.

Thank you for investigating this.

Cheers,
Jérôme

Hello Nanci,

Yep, I have two paid licenses, and I'm testing on two different instances, one running 5.3.4 (I won't blame you if you tell me I need to upgrade, I wish I could) and one running the 5.3.17 docker image.

The proposed @microsoft/ does not work, package @microsoft/tsdoc is still unfiltered.

The field mask mentions e.g. Microsoft.* or JQuery which made me thing that wildcards were allowed, all I tried until now had wildcards. I have the impression that it's not completely clear in any case, and the documentation is pretty scarce.

Sincerely,
Jérôme

Hello,

I'm trying to get the connector filters to work for an npm feed connected to npmjs.org. To try out the feature I've tried putting the following filters:
!@microsoft/*
!microsoft/*
!microsoft*
!@microsoft*

But in the end the packages from Microsoft can still be downloaded.

There's not enough documentation on that feature, I think. There should really be examples of what works and doesn't.