Page MenuHomePhabricator
Create Task
Maniphest T244770

Enable RunSingleJobHandler endpoint on Job Runner Cluster
Closed, ResolvedPublic
Actions

Description

As discussed in the parent RFC, we want to get rid of the /rpc code in the mediawiki-config that's currently responsible for the job execution, and introduce a rest endpoint instead.

The endpoint will be protected against random job submissions by verifying the event signature, signed with mediawiki private key, like Special:RunSingleJob does. Also, since we currently don't maintain any kind of an automatic listing of REST endpoints in core, this essentially will be an internal endpoint.

However, to protect even more, it would be good to only enable it on jobrunner and videoscaler clusters and not on public-facing web or api clusters. We can control introduce a global configuration variable to selectively enable/disable the endpoint.

Details

SubjectRepoBranchLines +/-
Add EventBus Run Job API permissionsoperations/mediawiki-configmaster+10 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Clarakosi created this task.Feb 10 2020, 5:58 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 10 2020, 5:58 PM
Pchelolo added a parent task: T220127: Reuse JobExecutor within a JobRunner.Feb 11 2020, 4:35 AM
Pchelolo edited parent tasks, added: T175146: JobQueue: Unify JobRunner entry points; removed: T220127: Reuse JobExecutor within a JobRunner.
Pchelolo edited projects, added serviceops; removed MediaWiki-Core-JobQueue.Feb 11 2020, 4:47 AM
Pchelolo updated the task description. (Show Details)
Pchelolo added a subscriber: Joe.

I've poked around mediawiki-config, and I don't really see a none-hacky way of setting a variable depending on MW cluster. set-time-limit.php has an implementation, but it seems a bit hacky. Is there a better way of getting a name of the MW cluster within MW config?

Pchelolo added a subtask: T244826: Create rest endpoint for executing jobs instead of /rpc/RunSingleJob.Feb 11 2020, 4:52 AM
Pchelolo removed a subtask: T244826: Create rest endpoint for executing jobs instead of /rpc/RunSingleJob.
Pchelolo edited parent tasks, added: T244826: Create rest endpoint for executing jobs instead of /rpc/RunSingleJob; removed: T175146: JobQueue: Unify JobRunner entry points.
Pchelolo mentioned this in T244826: Create rest endpoint for executing jobs instead of /rpc/RunSingleJob.Feb 13 2020, 4:04 PM
Joe added a comment.Feb 18 2020, 11:19 AM
In T244770#5871111, @Pchelolo wrote:

I've poked around mediawiki-config, and I don't really see a none-hacky way of setting a variable depending on MW cluster. set-time-limit.php has an implementation, but it seems a bit hacky. Is there a better way of getting a name of the MW cluster within MW config?

There is an env variable set by apache you can use, SERVER_GROUP.

For instance we check for the parsoid cluster as follows:

if ( ( $_SERVER['SERVERGROUP'] ?? null ) === 'parsoid' ) {
...
}
gerritbot added a comment.Feb 18 2020, 10:10 PM

Change 572994 had a related patch set uploaded (by Clarakosi; owner: Clarakosi):
[operations/mediawiki-config@master] Enable EventBus Run Job API on only jobrunner clusters

https://gerrit.wikimedia.org/r/572994

gerritbot added a project: Patch-For-Review.Feb 18 2020, 10:10 PM
hnowlan subscribed.Feb 20 2020, 12:35 PM
Pchelolo mentioned this in T246371: Move job traffic from rpc/RunSingleJob to REST endpoint.Feb 27 2020, 6:46 PM
gerritbot added a comment.Mar 2 2020, 7:08 PM

Change 572994 merged by jenkins-bot:
[operations/mediawiki-config@master] Add EventBus Run Job API permissions

https://gerrit.wikimedia.org/r/572994

Stashbot added a comment.Mar 2 2020, 7:15 PM

Mentioned in SAL (#wikimedia-operations) [2020-03-02T19:15:36Z] <ppchelko@deploy1001> Synchronized wmf-config/CommonSettings-labs.php: Enable REST run jobs endpoint on jobrunners T244770 (duration: 00m 56s)

Stashbot added a comment.Mar 2 2020, 7:17 PM

Mentioned in SAL (#wikimedia-operations) [2020-03-02T19:17:09Z] <ppchelko@deploy1001> Synchronized wmf-config/CommonSettings.php: Enable REST run jobs endpoint on jobrunners T244770 (duration: 00m 56s)

Pchelolo closed this task as Resolved.Mar 2 2020, 7:19 PM
Pchelolo claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits