Page MenuHomePhabricator
Create Task
Maniphest T305581

ipblocks support for other "entities" (not clouds, not abuse nets)
Open, Needs TriagePublic
Actions

Description

One example of this: the Googlebot IP space, plus also, other Google-owned IP space that is neither Googlebot nor Google Cloud customers.

Details

SubjectRepoBranchLines +/-
varnish: Allow using netmapper with multiple requestctl ipblock typesoperations/puppetproduction+15 -2
varnish: Rename public_clouds.json to ipblock_cloud.jsonoperations/puppetproduction+16 -6
cache: Support multiple requestctl ipblock types in netmapper confd templateoperations/puppetproduction+18 -14
external_cloud_vendors: Add a known-clients/Googlebot ipblockoperations/puppetproduction+8 -0
cloud vendors: force yaml output formatoperations/puppetproduction+1 -1
external_clouds_vendors: Remove migration shim for T305581operations/puppetproduction+0 -6
external_clouds_vendors: Support entity types besides "cloud"operations/puppetproduction+62 -50
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 OpenNoneT305580 requestctl v1 improvements
 OpenRLazarusT305581 ipblocks support for other "entities" (not clouds, not abuse nets)

Event Timeline

CDanis created this task.Apr 6 2022, 7:45 PM
CDanis removed a subtask: T305582: Annotate X-Analytics header with any matching actions.Apr 6 2022, 7:58 PM
gerritbot added a comment.Apr 7 2022, 12:19 AM

Change 777899 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] external_clouds_vendors: Support entity types besides "cloud"

https://gerrit.wikimedia.org/r/777899

gerritbot added a project: Patch-For-Review.Apr 7 2022, 12:19 AM
Joe added a comment.Apr 7 2022, 6:01 AM

Ipblock, per se, supports arbitrary scope names.

What we need is to add support for thes other scopes in VCL.

My proposal would be to ditch the X-Public-Cloud header going forward, and add a X-SRE header (or whatever other name we want to give to it) and collect all these info as tags in it. So for example, a request from an IP in google cloud will have X-SRE: cloud=gcp as a fake-header, while a request coming from a known crawler IP space will have possibly a combined value, like X-SRE: cloud=aws;crawler=wikiband.

This has the disadvantage of making our VCL clunkier (every new category will need the same piece of code handling appending values to a header) but is future-proof and gives us a lot more flexibility.

CDanis added a comment.Apr 7 2022, 12:37 PM

I suggest something simpler:

Use a common prefix in the header name, with the name of the ipblock group as the suffix.

X-SRE-Ipblock-Cloud
X-SRE-Ipblock-CrawlerEntity

etc etc

gerritbot added a comment.Apr 11 2022, 9:20 PM

Change 777899 merged by RLazarus:

[operations/puppet@production] external_clouds_vendors: Support entity types besides "cloud"

https://gerrit.wikimedia.org/r/777899

Maintenance_bot removed a project: Patch-For-Review.Apr 11 2022, 9:30 PM
gerritbot added a comment.Apr 12 2022, 12:58 AM

Change 779149 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] external_clouds_vendors: Remove migration shim for T305581

https://gerrit.wikimedia.org/r/779149

gerritbot added a project: Patch-For-Review.Apr 12 2022, 12:58 AM
gerritbot added a comment.Apr 12 2022, 1:21 AM

Change 779157 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] external_cloud_vendors: Add a known-clients/Googlebot ipblock

https://gerrit.wikimedia.org/r/779157

gerritbot added a comment.Apr 12 2022, 9:43 AM

Change 779444 had a related patch set uploaded (by Volans; author: Volans):

[operations/puppet@production] cloud vendors: force yaml output format

https://gerrit.wikimedia.org/r/779444

gerritbot added a comment.Apr 12 2022, 5:58 PM

Change 779149 merged by RLazarus:

[operations/puppet@production] external_clouds_vendors: Remove migration shim for T305581

https://gerrit.wikimedia.org/r/779149

gerritbot added a comment.Apr 12 2022, 6:01 PM

Change 779444 merged by Volans:

[operations/puppet@production] cloud vendors: force yaml output format

https://gerrit.wikimedia.org/r/779444

gerritbot added a comment.Apr 12 2022, 10:02 PM

Change 779157 merged by RLazarus:

[operations/puppet@production] external_cloud_vendors: Add a known-clients/Googlebot ipblock

https://gerrit.wikimedia.org/r/779157

CDanis added a subscriber: RLazarus.Apr 14 2022, 8:53 PM

@RLazarus were you going to work on the rest of this? We still need more plumbing inside requestctl correct?

RLazarus claimed this task.Apr 14 2022, 9:26 PM

Yeah -- I can do the implementation but I'm not sure if we've settled on what we want it to look like.

I don't have a strong opinion between the two header proposals above, did you and @Joe settle on a preference?

gerritbot added a comment.Apr 20 2022, 8:28 PM

Change 784761 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] varnish: Rename public_clouds.json to ipblock_cloud.json

https://gerrit.wikimedia.org/r/784761

gerritbot added a comment.Apr 20 2022, 10:49 PM

Change 784774 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] varnish: Allow using netmapper with multiple requestctl ipblocks

https://gerrit.wikimedia.org/r/784774

gerritbot added a comment.Apr 21 2022, 2:02 AM

Change 784798 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] cache: Support multiple requestctl ipblock types in netmapper confd template

https://gerrit.wikimedia.org/r/784798

Joe moved this task from Backlog to in progress on the conftool board.Apr 28 2022, 9:03 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL