Skip to content

Operations - Cron/Scheduler Operating Model And Ownership

Overview

This document specifies the legacy cron/scheduler operating model and ownership boundaries for migration planning.

Checklist coverage: - CR-001 Edit image batch queueing - CR-002 Stock export generation - CR-003 License expiration mail sender - CR-004 DWH counters update - CR-005 Queue cleanup - CR-006 Queue processing - CR-007 Log cleanup - CR-008 Platform orders pull - CR-009 Supplier stock all - CR-010 Supplier stock single - CR-011 System data cleanup - CR-012 DriveRight sync pipeline - CR-013 Simulator MAK files send - CR-014 Session file purge

Primary legacy evidence: - _shopupdating/cronjobs/atx/articles/editImage.php - _shopupdating/cronjobs/atx/articles/stock/export.php - _shopupdating/cronjobs/atx/customers/sendMailLicenceExpired.php - _shopupdating/cronjobs/atx/dwh/updateCounters.php - _shopupdating/cronjobs/atx/job/cleanQueues.php - _shopupdating/cronjobs/atx/job/processGeneralQueue.php - _shopupdating/cronjobs/atx/logs/cleanLogs.php - _shopupdating/cronjobs/atx/orders/getOrders.php - _shopupdating/cronjobs/atx/suppliers/stock/checkAllSupplierStock.php - _shopupdating/cronjobs/atx/suppliers/stock/checkSupplierStock.php - _shopupdating/cronjobs/atx/system/cleanData.php - _shopupdating/cronjobs/atx/vehicles/driveright/updateDriveRight.php - _shopupdating/cronjobs/atx/vehicles/simulator/sendMakFiles.php - _shopupdating/cronjobs/system/rmsessions - _admin/controller/classes/atx/UpdatingController.php - _admin/controller/classes/atx/job/JobController.php - _core/model/dbclasses/atx/job/QueueDAO.php - _admin/controller/classes/atx/job/AdminJobController.php

Legacy Operating Model (As-Is)

Runtime Envelope

  1. Most cron scripts bootstrap legacy runtime by setting $_SESSION['username'] = 'updating' and including _www/appconfig/config.php.
  2. Execution control is mostly a single global switch: config('cron-running', 'atx\\job').
  3. Several scripts are executable via both CLI and HTTP-style wrappers in _shopupdating/.
  4. Failure handling is inconsistent: some scripts var_dump messages, some only echo text, and some have no explicit error output.

Queue Semantics

  1. Queue processing (CR-006) uses DB statuses (NEW, IN_QUEUE, PROCESSING, PROCESSED, CRASH) with automatic stale-job restart logic in QueueDAO (ALLOWED_MAX_DURATION = 10 minutes).
  2. Queue cleanup (CR-005) deletes old processed rows by configured retention.
  3. Queue admin UI exists (AdminJobController) for pause/resume/priority and manual reset.

Cron Inventory And Ownership

ID Legacy Job Entry Script Legacy Behavior Summary Domain Owner (Accountable) Runtime Owner (Responsible) Priority
CR-001 Edit image batch queueing _shopupdating/cronjobs/atx/articles/editImage.php Reads APP_TEMP_PATH/images_*.csv and enqueues UpdatingImagesController::updateImages work. Webshop Admin + Stock Import Shared Ops M
CR-002 Stock export generation _shopupdating/cronjobs/atx/articles/stock/export.php Runs UpdatingExportStockController::exportStock with optional supplier/customer/export filters. Platform Export Shared Ops H
CR-003 License expiration mail sender _shopupdating/cronjobs/atx/customers/sendMailLicenceExpired.php Runs MiniShopLicenseExpirationNotifier::bulkNotify for 14/7/1-day reminders. Webshop Shared Ops M
CR-004 DWH counters update _shopupdating/cronjobs/atx/dwh/updateCounters.php Refreshes counters/pagehit aggregates via UpdatingCounterController. Shared Ops Shared Ops L
CR-005 Queue cleanup _shopupdating/cronjobs/atx/job/cleanQueues.php Deletes old processed queue rows by retention setting. Shared Ops Shared Ops H
CR-006 Queue processing _shopupdating/cronjobs/atx/job/processGeneralQueue.php Processes incoming/outgoing general queue; supports forced restart mode. Shared Ops Shared Ops H
CR-007 Log cleanup _shopupdating/cronjobs/atx/logs/cleanLogs.php Purges log-update rows by configured retention days. Shared Ops Shared Ops M
CR-008 Platform orders pull _shopupdating/cronjobs/atx/orders/getOrders.php Pulls per-platform order payloads and enqueues processing jobs. Platform Export Shared Ops H
CR-009 Supplier stock all _shopupdating/cronjobs/atx/suppliers/stock/checkAllSupplierStock.php Imports stock for all active supplier import settings. Stock Import Shared Ops H
CR-010 Supplier stock single _shopupdating/cronjobs/atx/suppliers/stock/checkSupplierStock.php Imports stock for one supplier (with updateAnyway override). Stock Import Shared Ops H
CR-011 System data cleanup _shopupdating/cronjobs/atx/system/cleanData.php Cleans article search/popular caches via UpdatingCleanController. Shared Ops Shared Ops M
CR-012 DriveRight sync pipeline _shopupdating/cronjobs/atx/vehicles/driveright/updateDriveRight.php Executes staged pull/sync/email/update methods in sequence. Vehicle Data Shared Ops H
CR-013 Simulator MAK files send _shopupdating/cronjobs/atx/vehicles/simulator/sendMakFiles.php Builds CSV files and uploads them to MAK FTP endpoint. Vehicle Data Shared Ops M
CR-014 Session file purge _shopupdating/cronjobs/system/rmsessions Deletes session files from absolute path using shell rm. Shared Ops Shared Ops L

Current Gaps And Risks To Resolve In Migration

  1. No schedule-as-code source exists in this repository; operational cadence is external and not versioned.
  2. No consistent locking/overlap policy across jobs (queue processor has DB-state control, others do not).
  3. HTTP-callable wrappers in _shopupdating/ blur scheduler boundary and increase accidental/manual trigger risk.
  4. CR-013 uses inline FTP credentials and direct stream writes.
  5. CR-014 uses a broad path delete shell loop and bypasses PHP/session lifecycle controls.
  6. Alerting/observability is inconsistent and mostly log-table/console-message based.
  7. Retry and backoff behavior is uneven; several jobs have one-shot execution without clear recovery strategy.
  8. Ownership boundaries are implicit and undocumented, especially for cross-island jobs (CR-001, CR-002, CR-008).

Target Migration Specification (Symfony)

Scope

In-scope: - One operating model for all scheduled jobs. - Explicit ownership split per job (domain accountability + runtime responsibility). - Command-level standards for locking, retry, timeout, metrics, and alerts.

Out-of-scope: - Final production schedule frequencies (set during infra rollout). - Full command implementation details for each job.

Scheduler Operating Contract

  1. Every scheduled task must run as a Symfony command only; no HTTP cron entrypoints.
  2. Every command must declare:
  3. lock key (prevent overlap),
  4. timeout,
  5. retry policy,
  6. idempotency notes,
  7. success/failure metrics.
  8. All schedules must be infrastructure-as-code (Kubernetes CronJobs or equivalent) in the target ops repo.
  9. Every command must emit structured logs with a correlation id and scheduler run id.
  10. Failed runs must page the runtime owner (Shared Ops) and notify the accountable domain owner.

Ownership Model (RACI-lite)

Area Accountable (A) Responsible (R) Consulted (C)
Queue runtime (CR-005, CR-006) Shared Ops Shared Ops Platform Export, Stock Import
Platform pull/export (CR-002, CR-008) Platform Export Shared Ops ERP Middleware
Supplier stock imports (CR-009, CR-010) Stock Import Shared Ops Webshop
Image batch queueing (CR-001) Webshop Admin + Stock Import Shared Ops Webshop
License/birthday-adjacent mail jobs (CR-003) Webshop Shared Ops Marketing/CRM
Vehicle sync jobs (CR-012, CR-013) Vehicle Data Shared Ops Webshop
System cleanups (CR-004, CR-007, CR-011, CR-014) Shared Ops Shared Ops All islands

Proposed Target Command Map

CR ID Target Command (proposed) Lock Scope Notes
CR-001 cron:images:enqueue-batches cron.images.enqueue Producer-only; queue worker handles processing.
CR-002 cron:stock:export cron.stock.export Keep CLI args (supplier, customer, export, skip-generation).
CR-003 cron:customers:notify-license-expiration cron.customers.license-expiry Preserve reminder offsets (14/7/1 days).
CR-004 cron:dwh:update-counters cron.dwh.counters Keep lightweight, no overlap needed beyond lock.
CR-005 cron:queue:clean cron.queue.clean Retention from typed config, not ad-hoc setting reads.
CR-006 cron:queue:process --queue=general cron.queue.process.general High-frequency job; strict overlap prevention.
CR-007 cron:logs:clean cron.logs.clean Move retention to typed config.
CR-008 cron:platform:pull-orders cron.platform.pull-orders Keep platform filter option for scoped reruns.
CR-009 cron:suppliers:import-stock --all cron.suppliers.import.all Retain file freshness and ProcessFile behavior.
CR-010 cron:suppliers:import-stock --supplier={id} cron.suppliers.import.supplier.{id} Same command with scoped mode.
CR-011 cron:system:clean-data cron.system.clean-data Keep current clean operations and audit outputs.
CR-012 cron:driveright:sync cron.driveright.sync Keep staged ordering with stop-on-failure and resume policy.
CR-013 cron:simulator:send-mak-files cron.simulator.send-mak-files Replace inline FTP creds with secrets-backed adapter.
CR-014 cron:sessions:purge cron.sessions.purge Replace shell rm loop with safer retention-based purge.

Data And Configuration Migration Notes

  1. Extract and version current production schedules before cutover (current cadence is not in this repository).
  2. Migrate scheduler settings (cron-running, queue/log retention values, clean windows) to typed Symfony config.
  3. Move external credentials (especially MAK FTP) into secrets management.
  4. Preserve queue status semantics (NEW, IN_QUEUE, PROCESSING, PROCESSED, CRASH) for operations continuity.
  5. Keep CLI compatibility for parameterized jobs (CR-002, CR-008, CR-010) during migration transition.

Acceptance Scenarios (Gherkin)

Feature: Cron operating model and ownership

  Scenario: Scheduled jobs run only through command entrypoints
    Given target scheduler manifests are applied
    When a cron task is triggered
    Then execution should call a Symfony command and not an HTTP wrapper endpoint

  Scenario: Queue processor prevents overlap
    Given a queue processing run is already active
    When the scheduler triggers the same queue command
    Then the second run should not start processing jobs

  Scenario: Runtime and domain ownership are both notified on failure
    Given a scheduled platform order pull fails
    When alerting is emitted
    Then Shared Ops should receive the runtime alert
    And Platform Export owner should receive domain-impact notification

  Scenario: Supplier stock import can run in all-suppliers and single-supplier mode
    Given supplier import command supports scope options
    When it runs with --all
    Then all active supplier import settings should be processed
    When it runs with --supplier=23
    Then only supplier 23 should be processed

  Scenario: Session cleanup uses retention policy
    Given session purge configuration defines max session age
    When the session purge command runs
    Then only sessions older than retention should be removed

Open Decisions

  1. Which scheduler backend is canonical for Day 1 (Kubernetes CronJob vs host-level timer), and where schedule IaC lives.
  2. Whether queue cleanup (CR-005) remains separate or is folded into queue processor maintenance.
  3. Whether simulator MAK transfer (CR-013) remains FTP-based or is replaced with API/object-storage transfer.
  4. Whether session cleanup (CR-014) should be an app command or delegated fully to platform-native session TTL handling.