Page MenuHomePhabricator
Create Task
Maniphest T263263

Access and use the MaxMind database for IPInfo
Closed, ResolvedPublic
Actions

Description

The Anti-Harassment team needs to access the MaxMind database to provide extended information about IPs as part of our work on IP masking. We have licensing permission from MaxMind to use the data in this way.

Production

The MaxMind DB file is available on all Wikimedia application servers. We'll add a config variable to IP Info extension that will be a filesystem path to the MaxMind DB file. We'll use their geoip2/geoip2 library in order to read/query the DB file. What will the the file path in production?

Alternatively, we could create a microservice that IP Info could access over the local network.

Testing

The outstanding question is how do we write code that integrates with that data either in local environments or other testing areas. Should we mock the data structure with some fake data? Is the GeoIP Lite database in the same structure? Given its open license, we could more easily copy that data around. What other options are there for testing setups?

Other Concerns

Given that this is a nicely indexed flat file database, I'm assuming performance impact for something low use is negligible. (At least to begin with, the feature will only be available to checkusers. However, it may be more widely available in the future.) Is that assumption correct?

Related Objects

Event Timeline

aezell created this task.Sep 18 2020, 2:30 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 18 2020, 2:30 PM
Niharika edited projects, added Anti-Harassment; removed Anti-Harassment (The Letter Song).Sep 18 2020, 6:08 PM
DannyS712 subscribed.Sep 18 2020, 6:45 PM
dbarratt updated the task description. (Show Details)Sep 18 2020, 7:44 PM
Niharika moved this task from Untriaged to Tracking work by others on the Anti-Harassment board.Sep 22 2020, 8:23 PM
DannyH added subscribers: sdkim, eprodromou, DannyH.Sep 24 2020, 8:27 PM

@eprodromou @sdkim Can you check in with @aezell about this? They're hoping to have a quick turnaround if possible.

Niharika triaged this task as High priority.Sep 25 2020, 9:06 PM
Niharika mentioned this in T261372: Replace mock data returned from API endpoint with live data.Sep 25 2020, 9:15 PM
dbarratt added a subscriber: BBlack.Sep 29 2020, 8:47 PM
aezell added a comment.Sep 29 2020, 8:51 PM

After some discussions with @eprodromou about an API, we've decided for ease and speed's sake to use the flatfile available on the application servers.

Now, we need to discover what that file location is and whether the user that is running the PHP app can access that application or if the permissions restrict it.

@BBlack Do you know the filepath for the MaxMind DB on the app servers and what its permissions might be?

dbarratt updated the task description. (Show Details)Sep 29 2020, 8:53 PM
Tchanders renamed this task from Access and use the MaxMind database for CheckUser to Access and use the MaxMind database for IPInfo.Sep 30 2020, 5:24 PM
Tchanders updated the task description. (Show Details)
eprodromou moved this task from Untriaged to Later on the Tech-Product API Roadmap board.Sep 30 2020, 8:35 PM
Niharika subscribed.Oct 1 2020, 4:53 PM
This comment was removed by Niharika.
aezell added a subscriber: Jdforrester-WMF.Oct 7 2020, 3:41 PM

@Jdforrester-WMF I'm curious if you have any knowledge about how accessing the MaxMind database works. If so, could you share some guidance?

Niharika mentioned this in T264838: Poke around production to find the maxmind flatfile! [4H].Oct 7 2020, 3:44 PM
Jdforrester-WMF added a comment.Oct 7 2020, 4:41 PM

Hmm. Looking, it seems like the geoip2 composer library is installed in production on the Fundraising cluster but not the main one. Not sure how trivial it'd be to enable it in full Prod?

sdkim unsubscribed.Oct 7 2020, 6:25 PM
MNadrofsky moved this task from Later to In Review on the Tech-Product API Roadmap board.Oct 7 2020, 8:25 PM
Jdforrester-WMF added a comment.Oct 7 2020, 11:34 PM

Note that https://gerrit.wikimedia.org/r/c/mediawiki/core/+/376451 was going to do some of this work in core, including adding this library, so it's not an unknown want. :-)

CDanis subscribed.Oct 10 2020, 5:16 PM
CDanis added a comment.Oct 10 2020, 5:38 PM

The MaxMind databases we have are available in production on each Mediawiki application server under /usr/share/GeoIP. The GeoIP2, the GeoIP, and the GeoLite databases are available.

Also, there's freely-distributable (CC-BY-SA 3.0 license) MaxMind demo databases at https://github.com/maxmind/MaxMind-DB/tree/master/test-data which ought to be helpful for unit/integration tests against the GeoIP2 data format.

Happy to help more but hopefully this unblocks you :)

CDanis added a comment.Oct 10 2020, 5:46 PM

BTW, there's also the mmdblookup utility installed on those machines, which will let you look up values by hand, give you the field structure & data types, etc.
https://maxmind.github.io/libmaxminddb/mmdblookup.html

Naike moved this task from In Review to Later on the Tech-Product API Roadmap board.Oct 28 2020, 9:37 PM
Tchanders mentioned this in T260822: Security review of IP Info extension.Nov 2 2020, 1:17 PM
Tchanders mentioned this in T260821: Performance review of IP Info extension.Nov 2 2020, 2:48 PM
eprodromou closed this task as Invalid.Nov 2 2020, 9:55 PM

Marking as invalid, since working with the flat file meets AHT's needs. We may re-open if there are performance or other issues in the future.

Tchanders subscribed.Nov 4 2020, 3:49 PM

Thanks @CDanis, this is really helpful. We're currently responding to performance and security reviews via our test environment, using the free databases. We may have more questions when we're ready to move over to production.

For now, do you know how often the databases are updated? I see that some haven't been updated since summer, but some have been updated since T264838#6534393 (those with Oct 4 date now have Nov 1, so I would guess monthly or weekly?)...

CDanis added a comment.Nov 4 2020, 4:04 PM
In T263263#6603182, @Tchanders wrote:

Thanks @CDanis, this is really helpful. We're currently responding to performance and security reviews via our test environment, using the free databases. We may have more questions when we're ready to move over to production.

Sounds good!

For now, do you know how often the databases are updated? I see that some haven't been updated since summer, but some have been updated since T264838#6534393 (those with Oct 4 date now have Nov 1, so I would guess monthly or weekly?)...

Yeah, sorry, there's a variety of legacy files also in that directory.

In production you should use the GeoIP2 databases.

As compared to some of the other, older formats: GeoIP2 is more accurate, supports IPv6, and is not due to be deprecated around 2022.

The GeoIP2 files are updated weekly, usually on Tuesdays.

Depending on which free database you've been using to do your testing, and which fields you care about, GeoIP2's structure might be somewhat different -- you should probably also do some tests against the GeoIP2 test files. Just be aware those test files are pretty sparse in terms of IP address coverage, so you'll need to hunt down some addresses defined in them -- the JSON source data in that repo can help.

aezell added a comment.Dec 9 2020, 4:30 PM

@CDanis Thanks for the help so far. These are the MaxMind files that we appear to have available on production (from T264838#6534393):

GeoIP2-City.mmdb
GeoIP2-Connection-Type.mmdb
GeoIP2-Country.mmdb
GeoIP2-ISP.mmdb

MaxMind does offer more databases, but we don't have them available: https://dev.maxmind.com/geoip/

We were planning on using some of this additional data if these files were available.

Are they left out by design, because of licensing, or some other reason? Is there a way to add them?

Maybe @BBlack might know.

jbond subscribed.Dec 9 2020, 5:17 PM
Tchanders reopened this task as Open.Dec 15 2020, 8:55 PM
In T263263#6679742, @aezell wrote:

@CDanis Thanks for the help so far. These are the MaxMind files that we appear to have available on production (from T264838#6534393):

GeoIP2-City.mmdb
GeoIP2-Connection-Type.mmdb
GeoIP2-Country.mmdb
GeoIP2-ISP.mmdb

MaxMind does offer more databases, but we don't have them available: https://dev.maxmind.com/geoip/

We were planning on using some of this additional data if these files were available.

Are they left out by design, because of licensing, or some other reason? Is there a way to add them?

Maybe @BBlack might know.

Re-opening this until we know whether we can use the production .mmdb files on the Beta Cluster.

phuedx mentioned this in T288844: Update MaxMind GeoIP2 license key and product IDs for application servers.Aug 13 2021, 5:05 PM
Niharika added a project: IP Info.Apr 15 2022, 11:06 PM
Dzahn mentioned this in T308876: Improve comments in mediawiki-config about IPInfo.May 23 2022, 9:20 PM
Prtksxna closed this task as Resolved.Aug 10 2022, 4:33 AM
Prtksxna added subscribers: STran, Prtksxna.

@STran says its ok to close, "Production files can only be used in production."

Prtksxna moved this task from Backlog to Closed on the IP Info board.Aug 10 2022, 4:37 AM
Tchanders mentioned this in T355392: Confirm and update what information IPInfo users should be able to see.May 17 2024, 10:11 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL