RDKB-63415 : Move SelfHeal Scripts to Cron#229
Conversation
Signed-off-by: aj970 <akshaya_j@comcast.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the cron service startup to schedule SelfHeal-related scripts as cron jobs when SelfHealCronEnable and selfheal_enable are both enabled, and introduces a new default enabling SelfHealCronEnable on ARM targets.
Changes:
- Add conditional cron scheduling for
selfheal_aggressive.sh,resource_monitor.sh, andself_heal_connectivity_test.shbased onSelfHealCronEnable/selfheal_enable. - Change when
syscfg_recover.sh(and currentlyresource_monitor_recover.sh) is added to the root crontab depending on SelfHeal cron enablement. - Add a new default
SelfHealCronEnable=truein ARM system defaults.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| source/scripts/init/service.d/service_crond.sh | Adds conditional SelfHeal cron rules driven by syscfg flags and intervals. |
| source/scripts/init/defaults/system_defaults_arm | Sets SelfHealCronEnable default to true (with a new comment). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Monitor resource_monitor.sh every 5 minutes TCCBR-3288 | ||
| # if [ "$BOX_TYPE" = "TCCBR" ]; then | ||
| echo "*/5 * * * * /usr/ccsp/tad/resource_monitor_recover.sh" >> $CRONTAB_FILE | ||
| # fi | ||
|
|
||
| fi |
There was a problem hiding this comment.
resource_monitor_recover.sh cron entry is now inside the else branch, so it will only run when SelfHealCronEnable/selfheal_enable are not both true. Previously this job ran unconditionally; if it’s still required regardless of SelfHeal cron mode, move it (and its comment) outside the conditional or add it to both branches to avoid losing the recovery behavior when SelfHeal cron is enabled.
| # Monitor resource_monitor.sh every 5 minutes TCCBR-3288 | |
| # if [ "$BOX_TYPE" = "TCCBR" ]; then | |
| echo "*/5 * * * * /usr/ccsp/tad/resource_monitor_recover.sh" >> $CRONTAB_FILE | |
| # fi | |
| fi | |
| fi | |
| # Monitor resource_monitor.sh every 5 minutes TCCBR-3288 | |
| # if [ "$BOX_TYPE" = "TCCBR" ]; then | |
| echo "*/5 * * * * /usr/ccsp/tad/resource_monitor_recover.sh" >> $CRONTAB_FILE | |
| # fi |
| SELFHEAL_CRON_ENABLE=$(syscfg get SelfHealCronEnable) | ||
| SELFHEAL_ENABLE=$(syscfg get selfheal_enable) | ||
| if [ "$SELFHEAL_CRON_ENABLE" = "true" ] && [ "$SELFHEAL_ENABLE" = "true" ]; then | ||
| echo_t "SelfHeal Cron is enabled" | ||
| # Monitor selfheal_aggressive.sh based on syscfg value | ||
| AGGRESSIVE_INTERVAL=$(syscfg get AggressiveInterval) | ||
| if [ -z "$AGGRESSIVE_INTERVAL" ]; then | ||
| AGGRESSIVE_INTERVAL=5 | ||
| fi | ||
| #Write cron rule | ||
| echo "*/$AGGRESSIVE_INTERVAL * * * * /usr/ccsp/tad/selfheal_aggressive.sh" >> $CRONTAB_FILE | ||
|
|
||
| # Monitor resource_monitor.sh based on syscfg value | ||
| RESOURCE_MONITOR_INTERVAL=$(syscfg get resource_monitor_interval) | ||
| if [ -z "$RESOURCE_MONITOR_INTERVAL" ]; then | ||
| RESOURCE_MONITOR_INTERVAL=15 | ||
| fi | ||
| echo "*/$RESOURCE_MONITOR_INTERVAL * * * * /usr/ccsp/tad/resource_monitor.sh" >> $CRONTAB_FILE | ||
|
|
||
| # Monitor self_heal_connectivity_test.sh based on syscfg value | ||
| SELFHEAL_PING_INTERVAL=$(syscfg get ConnTest_PingInterval) | ||
| if [ -z "$SELFHEAL_PING_INTERVAL" ]; then | ||
| SELFHEAL_PING_INTERVAL=60 | ||
| fi | ||
| echo "*/$SELFHEAL_PING_INTERVAL * * * * /usr/ccsp/tad/self_heal_connectivity_test.sh" >> $CRONTAB_FILE | ||
| echo_t "Selfheal cron jobs are started" | ||
|
|
||
| else | ||
| echo_t "Selfheal cron is disabled" | ||
| # Monitor syscfg DB every 15minutes | ||
| echo "*/15 * * * * /usr/ccsp/tad/syscfg_recover.sh" >> $CRONTAB_FILE |
There was a problem hiding this comment.
With this change, syscfg_recover.sh is only scheduled when SelfHeal cron is disabled. If monitoring/recovering the syscfg DB is still required when SelfHeal cron is enabled, this is a behavior change from the previous unconditional cron entry. Consider keeping syscfg_recover.sh scheduled in both modes or explicitly replacing that functionality in the enabled branch.
| #Wifi Personalization Support Default value | ||
| $WiFiPersonalizationSupport=true | ||
|
|
||
| #RFC for cron is enabled by default. |
There was a problem hiding this comment.
The new comment is unclear/grammatically awkward (“RFC for cron is enabled by default.”). Consider rewording to something more specific, e.g., that the SelfHeal cron RFC flag (SelfHealCronEnable) defaults to enabled.
| #RFC for cron is enabled by default. | |
| # SelfHeal cron RFC flag (SelfHealCronEnable) is enabled by default. |
| AGGRESSIVE_INTERVAL=$(syscfg get AggressiveInterval) | ||
| if [ -z "$AGGRESSIVE_INTERVAL" ]; then | ||
| AGGRESSIVE_INTERVAL=5 | ||
| fi | ||
| #Write cron rule | ||
| echo "*/$AGGRESSIVE_INTERVAL * * * * /usr/ccsp/tad/selfheal_aggressive.sh" >> $CRONTAB_FILE | ||
|
|
||
| # Monitor resource_monitor.sh based on syscfg value | ||
| RESOURCE_MONITOR_INTERVAL=$(syscfg get resource_monitor_interval) | ||
| if [ -z "$RESOURCE_MONITOR_INTERVAL" ]; then | ||
| RESOURCE_MONITOR_INTERVAL=15 | ||
| fi | ||
| echo "*/$RESOURCE_MONITOR_INTERVAL * * * * /usr/ccsp/tad/resource_monitor.sh" >> $CRONTAB_FILE | ||
|
|
||
| # Monitor self_heal_connectivity_test.sh based on syscfg value | ||
| SELFHEAL_PING_INTERVAL=$(syscfg get ConnTest_PingInterval) | ||
| if [ -z "$SELFHEAL_PING_INTERVAL" ]; then | ||
| SELFHEAL_PING_INTERVAL=60 | ||
| fi | ||
| echo "*/$SELFHEAL_PING_INTERVAL * * * * /usr/ccsp/tad/self_heal_connectivity_test.sh" >> $CRONTAB_FILE |
There was a problem hiding this comment.
The cron entries for selfheal_aggressive.sh, resource_monitor.sh, and self_heal_connectivity_test.sh are built directly from syscfg values (AggressiveInterval, resource_monitor_interval, ConnTest_PingInterval) without validating that they are numeric, so a malicious value containing spaces or additional fields can inject an arbitrary command into the crontab line and be executed as root. For example, if an attacker can set AggressiveInterval via any remote or untrusted configuration path to include extra cron fields and a custom command, the resulting echoed line will cause cron to run that attacker-controlled command instead of the intended script. Restrict these intervals to a safe numeric range (e.g., via a regex or arithmetic check) before use, and reject or sanitize any value that is not purely numeric to prevent cron injection.
| $FwDwld_ImageProcMemPercent=0 | ||
|
|
||
| #RFC for cron is enabled by default. | ||
| $SelfHealCronEnable=true |
There was a problem hiding this comment.
resolve the merge conflict , also add this to bci and xle system defaults file.
Signed-off-by: aj970 <akshaya_j@comcast.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 11 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| SELFHEAL_CRON_ENABLE=$(syscfg get SelfHealCronEnable) | ||
| SELFHEAL_ENABLE=$(syscfg get selfheal_enable) | ||
| if [ "$SELFHEAL_CRON_ENABLE" = "true" ] && [ "$SELFHEAL_ENABLE" = "true" ]; then | ||
| echo_t "SelfHeal Cron is enabled" |
There was a problem hiding this comment.
Inconsistent indentation detected. This line uses a tab character at the start, while the surrounding code in this file consistently uses spaces for indentation. The echo_t statements should align with the indentation style used elsewhere in the file, which appears to be 3 spaces for statements inside if blocks.
| fi | ||
| #Write cron rule | ||
| echo "*/$AGGRESSIVE_INTERVAL * * * * /usr/ccsp/tad/selfheal_aggressive.sh" >> $CRONTAB_FILE | ||
|
|
There was a problem hiding this comment.
Inconsistent indentation detected. This line uses a tab character, while the surrounding code consistently uses spaces for indentation. The echo statements should align with the indentation style used elsewhere in the file.
| SELFHEAL_PING_INTERVAL=60 | ||
| fi | ||
| echo "*/$SELFHEAL_PING_INTERVAL * * * * /usr/ccsp/tad/self_heal_connectivity_test.sh" >> $CRONTAB_FILE | ||
| echo_t "Selfheal cron jobs are started" |
There was a problem hiding this comment.
Inconsistent indentation detected. This line uses a tab character, while the surrounding code consistently uses spaces for indentation. The echo_t statement should align with the indentation style used elsewhere in the file.
| RESOURCE_MONITOR_INTERVAL=15 | ||
| fi | ||
| echo "*/$RESOURCE_MONITOR_INTERVAL * * * * /usr/ccsp/tad/resource_monitor.sh" >> $CRONTAB_FILE | ||
|
|
There was a problem hiding this comment.
Inconsistent indentation detected. Line 187 uses spaces for indentation but line 188 uses tabs and extra spaces. The echo statement should align with the indentation style used elsewhere in the file, which appears to use spaces consistently.
| fi | ||
| echo "*/$RESOURCE_MONITOR_INTERVAL * * * * /usr/ccsp/tad/resource_monitor.sh" >> $CRONTAB_FILE | ||
|
|
||
| # Monitor self_heal_connectivity_test.sh based on syscfg value |
There was a problem hiding this comment.
Spacing inconsistency in comment. There appears to be extra whitespace after "syscfg value". This comment should have consistent spacing with other similar comments in the block.
| # Monitor self_heal_connectivity_test.sh based on syscfg value | |
| # Monitor self_heal_connectivity_test.sh based on syscfg value |
| echo_t "Selfheal cron jobs are started" | ||
|
|
||
| else | ||
| echo_t "Selfheal cron is disabled" |
There was a problem hiding this comment.
Inconsistent indentation detected. This line uses a tab character, while the surrounding code consistently uses spaces for indentation. The echo_t statement should align with the indentation style used elsewhere in the file.
|
|
||
| else | ||
| echo_t "Selfheal cron is disabled" | ||
| # Monitor syscfg DB every 15minutes |
There was a problem hiding this comment.
Spacing inconsistency in comment. There appears to be extra whitespace after the comment text. This comment should end immediately after "15minutes" without trailing spaces for consistency with other comments in the file.
| #Write cron rule | ||
| echo "*/$AGGRESSIVE_INTERVAL * * * * /usr/ccsp/tad/selfheal_aggressive.sh" >> $CRONTAB_FILE | ||
|
|
||
| # Monitor resource_monitor.sh based on syscfg value |
There was a problem hiding this comment.
Inconsistent indentation detected. This line uses a tab character, while the surrounding code consistently uses spaces for indentation. Comment lines should follow the same indentation pattern as the rest of the file.
| # Monitor resource_monitor.sh based on syscfg value | |
| # Monitor resource_monitor.sh based on syscfg value |
| # if [ "$BOX_TYPE" = "TCCBR" ]; then | ||
| echo "*/5 * * * * /usr/ccsp/tad/resource_monitor_recover.sh" >> $CRONTAB_FILE | ||
| # fi | ||
|
|
There was a problem hiding this comment.
Inconsistent indentation detected. This line uses a tab character, while the surrounding code consistently uses spaces for indentation. The echo statement should align with the indentation style used elsewhere in the file.
| if [ -z "$SELFHEAL_PING_INTERVAL" ]; then | ||
| SELFHEAL_PING_INTERVAL=60 | ||
| fi | ||
| echo "*/$SELFHEAL_PING_INTERVAL * * * * /usr/ccsp/tad/self_heal_connectivity_test.sh" >> $CRONTAB_FILE |
There was a problem hiding this comment.
Trailing whitespace detected after the cron rule. The line should end immediately after CRONTAB_FILE without any trailing spaces or tabs, for consistency with other cron entries in the file.
2 participants
RDKB-63415 : Move SelfHeal Scripts to Cron
Reason for change: Running the Selfheal scripts as cron jobs instead of background processes when the cron is enabled and running as normal background process when the cron is disabled.
Test Procedure: Check scripts are running in crontab when the cron is enabled.
Risks: Low
Priority: P0