Page MenuHomePhabricator
Create Task
Maniphest T108253

Make sure CentralAuth login tokens work with two datacenters
Closed, ResolvedPublic
Actions

Description

There is a lot of mixed GET/POST back and forth among domains on login in a short time period. The sticky DC cookie will not work cross-domains easily. Options include:
a) Making login tokens and other sensitive cache/stash access use the BagOStuff READ_LATEST flag
b) Locking those tokens to use a unified BagOStuff config pointing to a single set of servers in one DC
c) Ugly VCL rules to treat CentralAuth login URLs like POST (not preferred)

Details

SubjectRepoBranchLines +/-
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()mediawiki/extensions/CentralAuthwmf/1.26wmf21+26 -20
Converted api-token store to CentralAuthUser::getSessionCache()mediawiki/extensions/CentralAuthwmf/1.26wmf21+18 -15
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()mediawiki/extensions/CentralAuthmaster+26 -20
Converted api-token store to CentralAuthUser::getSessionCache()mediawiki/extensions/CentralAuthmaster+18 -15
Customize query in gerrit

Related Objects
Search...

Event Timeline

aaron created this task.Aug 6 2015, 10:01 PM
aaron claimed this task.
aaron raised the priority of this task from to Medium.
aaron updated the task description. (Show Details)
aaron added projects: Sustainability, Epic.
aaron added subscribers: mobrovac, Gilles, GWicke and 8 others.
Aklapper added a project: MediaWiki-extensions-CentralAuth.Aug 11 2015, 10:20 AM
aaron mentioned this in T97620: Convert various core/extension cache users to ReplicatedBagOStuff.Aug 27 2015, 12:25 AM
gerritbot added a comment.Aug 30 2015, 8:00 AM

Change 234839 had a related patch set uploaded (by Aaron Schulz):
Converted api-token store to CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/234839

gerritbot added a project: Patch-For-Review.Aug 30 2015, 8:00 AM
gerritbot added a comment.Aug 30 2015, 10:07 PM

Change 234922 had a related patch set uploaded (by Aaron Schulz):
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/234922

Krinkle subscribed.Sep 4 2015, 3:25 AM
gerritbot added a comment.Sep 5 2015, 12:50 AM

Change 234839 merged by jenkins-bot:
Converted api-token store to CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/234839

gerritbot added a comment.Sep 5 2015, 12:50 AM

Change 234922 merged by jenkins-bot:
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/234922

Diffusion mentioned this in rMEXT668ba73c7100: Updated mediawiki/extensions Project: mediawiki/extensions/CentralAuth….Sep 5 2015, 12:50 AM
Krinkle mentioned this in rECAUb8c385296ecb: Converted api-token store to CentralAuthUser::getSessionCache().Sep 5 2015, 12:50 AM
Krinkle mentioned this in rECAU6bd83005148b: Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache().
Diffusion mentioned this in rMEXTc8e1f986e593: Updated mediawiki/extensions Project: mediawiki/extensions/CentralAuth….Sep 5 2015, 12:51 AM
aaron added a subtask: T111575: Make $wgSessionCacheType and $wgMainStash caches multi-DC ready.Sep 5 2015, 12:55 AM
ReleaseTaggerBot added a project: WMF-deploy-2015-09-08_(1.26wmf22).Sep 5 2015, 1:00 AM
gerritbot added a comment.Sep 8 2015, 4:18 PM

Change 236822 had a related patch set uploaded (by 20after4):
Converted api-token store to CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/236822

gerritbot added a comment.Sep 8 2015, 4:19 PM

Change 236823 had a related patch set uploaded (by 20after4):
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/236823

gerritbot added a comment.Sep 8 2015, 4:53 PM

Change 236822 merged by jenkins-bot:
Converted api-token store to CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/236822

gerritbot added a comment.Sep 8 2015, 4:53 PM

Change 236823 merged by jenkins-bot:
Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache()

https://gerrit.wikimedia.org/r/236823

aaron mentioned this in rMWbef11ac7763a: Updated mediawiki/core Project: mediawiki/extensions/CentralAuth….Sep 8 2015, 4:54 PM
Diffusion mentioned this in rMWd1d30067dc75: Updated mediawiki/core Project: mediawiki/extensions/CentralAuth….Sep 8 2015, 4:54 PM
mmodell mentioned this in rECAU3a105732d01a: Converted api-token store to CentralAuthUser::getSessionCache().Sep 8 2015, 4:54 PM
mmodell mentioned this in rECAU98a1e2a7ae14: Converted SUL2 handshake tokens to use CentralAuthUser::getSessionCache().
ReleaseTaggerBot added a project: WMF-deploy-2015-09-01_(1.26wmf21).Sep 8 2015, 5:00 PM
aaron closed this task as Resolved.Sep 10 2015, 5:43 PM
aaron closed subtask T111575: Make $wgSessionCacheType and $wgMainStash caches multi-DC ready as Declined.Sep 4 2016, 12:33 PM
MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.Dec 15 2016, 4:20 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL