cfn-lint icon indicating copy to clipboard operation
cfn-lint copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

--update-specs is taking ~30 minutes to run

Open galluccicamden opened this issue 1 year ago • 10 comments

CloudFormation Lint Version

cfn-lint 0.76.2

What operating system are you using?

Linux

Describe the bug

For the past few weeks, running cfn-lint --update-specs has taken roughly 30 minutes every time.

Expected behavior

--update-specs should not take 30 minutes

Reproduction template

N/A

galluccicamden avatar Apr 04 '23 19:04 galluccicamden

Noticing the same!

LoganB99 avatar Apr 26 '23 21:04 LoganB99

My update took about 5 minutes but it had all 8 of my CPUs pegged at 100%.

OS: Ubuntu 22.04 LTS

Linux deepthought 5.19.0-42-generic #43~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Apr 21 16:51:08 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

mousedownmike avatar May 30 '23 20:05 mousedownmike

Same issue... At 30 minutes now and climbing... What does -u actually do? I can't imagine it's a heavy process, this should be pulling in template/json files that live in a shared S3 bucket or are behind CloudFront.

Someone please look into.

timothy-cloudopsguy avatar Jun 03 '23 13:06 timothy-cloudopsguy

It looks like the cloudspecs locations are here:

https://github.com/aws-cloudformation/cfn-lint/blob/main/src/cfnlint/helpers.py

So I suppose a quick and dirty hack could be to just write a script that grabs those, and shoves them into src/cfn-lint/data/CloudSpecs/ folder

Don't try this on a production server, as I just glanced and didn't dig deep enough to know if this would harm the app.

Although, it looks like the specs in this repo were updated 3 days ago, so if you just want to delete and re-install cfn-lint that might be quickest path at the moment.

I install it into a docker container for my build agents, and I update that docker once a month, so I'll just for now, trust that these files get updated on the install and stop wasting my time on running -u ...

timothy-cloudopsguy avatar Jun 03 '23 14:06 timothy-cloudopsguy

@kddejong any thoughts?

LoganB99 avatar Jun 03 '23 15:06 LoganB99

Yea, been thinking of some ideas. I think the short term solution would be to restrict what regions we are updating.

I will say I'm seeing a significant improvement in timing with v1 (currently pre-release).

kddejong avatar Jul 03 '23 20:07 kddejong

i restricted regions to us-east-2 and it didnt help our team. excited for the v1 fix

LoganB99 avatar Aug 07 '23 19:08 LoganB99

Yea, sorry currently the region parameter doesn't apply to the --update-specs. I'm curious about how often you are running this? Specs are updated weekly and we try to release cfn-lint weekly with those updates.

A short term fix would be to account for the region parameter into the --update-specs but we would have to implement it.

kddejong avatar Aug 07 '23 19:08 kddejong

We have it in our CI/CD pipeline to run on deployments to Dev/QA/Prod.. short term fix would be to turn it off for dev, of course.

LoganB99 avatar Aug 07 '23 20:08 LoganB99

We have it in our CI/CD pipeline to run on deployments to Dev/QA/Prod.. short term fix would be to turn it off for dev, of course.

One option, as I do in my pipelines, I update my code build image weekly via a cron job or manually run the image builder project as needed.

whoDoneItAgain avatar Aug 08 '23 00:08 whoDoneItAgain

In v1 this should be significantly decreased.

kddejong avatar Jun 19 '24 20:06 kddejong