Page MenuHomePhabricator
Create Task
Maniphest T260504

Get rid of remaining non-Thumbor MediaWiki image scaling in WMF production
Open, MediumPublic
Actions

Description

Thumbor is supposed to be WMF's image scaling system. However, the pre-Thumbor image scaling system in MediaWiki still thinks it is responsible for image scaling, is still maintained, and is still doing hundreds of image rendering and scaling operations per day. T260330 is a proposal to split out MediaWiki shell execution to a service. It would simplify that project if we used the pre-existing Thumbor service when MediaWiki requests immediate image scaling, or if we avoided those calls in the first place, rather than building a new Thumbor-like thing to replace those shell executions.

Code search indicates that File::transform() is called with the RENDER_NOW flag from the following places:

  • ThumbnailRenderJob (should be prevented by $wgUploadThumbnailRenderMethod)
  • SpecialUploadStash (should be prevented by $wgUploadStashScalerBaseUrl)
  • thumb.php (should be prevented by thumbProxyUrl)
  • PagedTiffHandler
  • TimedMediaThumbnail

Analysis of exec.log shows convert being called due to UploadStash, mostly via a job, e.g.

2020-08-06 12:39:28 [fa727d75-2be8-4ab4-831f-ac72a3aa1150] mw1387 idwiki 1.36.0-wmf.2 exec DEBUG: MediaWiki\Shell\Command::execute: /bin/bash '/srv/mediawiki/php-1.36.0-wmf.2/includes/shell/limit.sh' 'OMP_NUM_THREADS='\''1'\'' MAGICK_TMPDIR='\''/tmp/magick-tmp'\'' /usr/bin/firejail --quiet --profile=/srv/mediawiki/php-1.36.0-wmf.2/includes/shell/firejail.profile --blacklist=/srv/mediawiki/php-1.36.0-wmf.2/LocalSettings.php --noroot --seccomp --private-dev -- '\''/usr/local/bin/mediawiki-firejail-convert'\'' '\''-quality'\'' '\''80'\'' '\''-background'\'' '\''white'\'' '\''-define'\'' '\''jpeg:size=120x151'\'' '\''/tmp/localcopy_2031ebe257d3.jpg'\'' '\''-thumbnail'\'' '\''120x151!'\'' '\''-set'\'' '\''comment'\'' '\''File source: https://id.wikipedia.org/wiki/Istimewa:UploadStash/file/17o6wwd3amws.xc7gzv.1023578.jpg'\'' '\''+set'\'' '\''Thumb::URI'\'' '\''-depth'\'' '\''8'\'' '\''-sharpen'\'' '\''0x0.8'\'' '\''-rotate'\'' '\''-0'\'' '\''-sampling-factor'\'' '\''2x2,1x1,1x1'\'' '\''/tmp/transform_c48664777a79.jpg'\''' 'MW_INCLUDE_STDERR=1;MW_CPU_LIMIT=50; MW_CGROUP='\''/sys/fs/cgroup/memory/mediawiki/job'\''; MW_MEM_LIMIT=1048576; MW_FILE_SIZE_LIMIT=524288; MW_WALL_CLOCK_LIMIT=180; MW_USE_LOG_PIPE=yes'

Trying to filter out UploadStash mostly just gives me other translations of UploadStash. Other conversion types (vips, rsvg, etc.) are also present but don't have such useful debugging information in exec.log. Maybe once UploadStash is fixed, the log entries will go away and we can make transform(RENDER_NOW) throw an exception. Then we can uninstall the file transform utilities on the appservers.

Details

SubjectRepoBranchLines +/-
Better config for disabling all local image scalingmediawiki/coremaster+75 -21
Customize query in gerrit

Related Objects
Search...

Event Timeline

tstarling created this task.Aug 17 2020, 12:28 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 17 2020, 12:28 AM
AntiCompositeNumber moved this task from Backlog to Radar on the Thumbor board.Aug 17 2020, 1:02 AM
Peachey88 subscribed.Aug 17 2020, 1:14 AM
tstarling mentioned this in T260330: RFC: PHP microservice for containerized shell execution.Aug 18 2020, 10:26 AM
eprodromou moved this task from Inbox to Tech Planning Review on the Platform Engineering board.Aug 18 2020, 8:38 PM
Krinkle awarded a token.Aug 19 2020, 1:19 AM
Krinkle added a project: Performance-Team (Radar).
Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.
AMooney triaged this task as Medium priority.Aug 25 2020, 8:17 PM
Jony subscribed.Aug 26 2020, 9:21 AM
daniel edited projects, added Platform Engineering Roadmap Decision Making; removed Platform Engineering.Jan 14 2021, 10:29 AM
daniel added a project: MW-on-K8s.Jan 14 2021, 10:31 AM
daniel subscribed.Jan 14 2021, 10:38 AM

Should we work together with Structured Data Engineering on this, as a knowledge transfer opportunity? They own image scaling at least in theory, right?

Gilles added a comment.Jan 14 2021, 10:58 AM

My recollection of this UploadStash mechanism is that it only kicks in for older browsers that are incapable of doing client-side rescaling of images in order to display provisional thumbnails during the upload process. I think the grade C experience can live without those provisional thumbnails.

tstarling added a comment.Feb 11 2021, 4:47 AM

I think the problem is that $wgUploadStashScalerBaseUrl is only set if $wmgUseUploadWizard is true, which it isn't for most wikis.

Gilles added a comment.EditedFeb 11 2021, 8:04 AM

I don't think there's anything that would prevent wikis that don't have UploadWizard enabled from using $wgUploadStashScalerBaseUrl

tstarling added a comment.Feb 15 2021, 2:46 AM

I did some command line tests in production, and investigated the code a bit more carefully. I'm pretty sure it will work. One surprising thing is that $wgUploadStashScalerBaseUrl could be set to "foo" and it would still work, because $repo->getThumbProxyUrl() takes precedence over $wgUploadStashScalerBaseUrl, and $repo->getThumbProxyUrl() is always set in production. I think a reasonable core change would be to activate remote scaling if $repo->getThumbProxyUrl() is set. Then $wgUploadStashScalerBaseUrl can be false in production and can probably be deprecated.

I reproduced an exec.log message for local scaling like the one in the task description, by triggering an upload warning on en.wikipedia.org. Then I scaled it via Thumbor using curl, with the URL that I would expect outputRemoteScaledThumb() to use.

gerritbot added a comment.Feb 15 2021, 3:54 AM

Change 664086 had a related patch set uploaded (by Tim Starling; owner: Tim Starling):
[mediawiki/core@master] Better config for disabling all local image scaling

https://gerrit.wikimedia.org/r/664086

gerritbot added a project: Patch-For-Review.Feb 15 2021, 3:54 AM
Gilles added a comment.Feb 15 2021, 8:50 AM

Something we will have to watch out for when this gets deployed is that some Swift containers for "temp" might be missing some privileges for the Thumbor Swift user. This happened before (containers that were supposed to have the rights applied didn't when they came in use) and would show up as errors in the Thumbor logs.

tstarling added a comment.Feb 16 2021, 12:51 AM

I looked at all the temp container ACLs with "swift stat". The following containers lack the correct permissions for Thumbor:

  • wikibooks-als-local-temp
  • wikimedia-uk-local-temp
  • wikipedia-mo-local-temp
  • wikiquote-als-local-temp
  • wiktionary-als-local-temp
  • wiktionary-mo-local-temp
  • wikimedia-ve-local-temp

The corresponding wikis are all deleted (in deleted.dblist). So it should be OK.

AMooney moved this task from Backlog to In Progress on the MW-on-K8s board.Feb 18 2021, 1:40 PM
AMooney removed a project: Platform Engineering Roadmap Decision Making.Feb 18 2021, 2:55 PM
gerritbot added a comment.Feb 22 2021, 6:12 AM

Change 664086 merged by jenkins-bot:
[mediawiki/core@master] Better config for disabling all local image scaling

https://gerrit.wikimedia.org/r/664086

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.32; 2021-02-23).Feb 22 2021, 7:00 AM
Maintenance_bot removed a project: Patch-For-Review.Feb 22 2021, 7:10 AM
Xover subscribed.Mar 5 2021, 12:55 PM
Legoktm mentioned this in T290759: Undeploy VipsScaler from Wikimedia wikis.Sep 13 2021, 8:15 PM
Legoktm added a subtask: T290759: Undeploy VipsScaler from Wikimedia wikis.
Jdforrester-WMF closed subtask T290759: Undeploy VipsScaler from Wikimedia wikis as Resolved.Sep 13 2021, 11:51 PM
Jdforrester-WMF reopened subtask T290759: Undeploy VipsScaler from Wikimedia wikis as Open.Sep 14 2021, 9:55 PM
Legoktm mentioned this in T291014: Terminate all implicit use of VipsScaler code from Wikimedia production so we can remove it without breaking things this time.Sep 20 2021, 7:01 AM
Xeriphas1994 subscribed.Feb 8 2022, 8:33 PM
tstarling mentioned this in T265549: Update librsvg to > 2.44.10.Aug 12 2022, 12:52 AM
Krinkle removed a project: Performance-Team (Radar).Aug 18 2023, 8:13 PM
Tgr added a subtask: T355243: MediaModeration maintenance script scanFilesInScanTable.php indirectly calls $wgImageMagickConvertCommand.Feb 8 2024, 11:49 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL