New Service Request 'iPoid'
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	STran
	Dec 14 2022, 11:54 AM

Description

iPoid Service

iPoid (Wikitech: iPoid, Gerrit: ~~security-api~~ mediawiki/services/ipoid) is a node-based service. It offers 2 basic functionalities:

Local storage for 3rd party data

iPoid calls a third-party provider to fetch a large (~700MB) gzipped json. In turn that data is processed and stored in its MariaDB database. This Gzipped data unzips to ~4GB while the row count in the order of millions.

Scheduled job:
As far as we know, the current 3rd party provider updates their data frequently with new known actors and expires stale data on others. It is not known how often the data changes in practice but the service we’re using updates daily so we should try to take advantage of that if we can. Additionally, we can try to do some research on how much actually changes.

Interaction with MediaWiki

iPoid's REST API is accessed via a MediaWiki extension SecurityApi. It will receive requests for this data from MediaWiki and provides access through its RESTful API.

Other Information

Timeline: Jan 2023 although whatever would go up then wouldn’t be production ready. Unknown production ready date.
Diagram:

Technologies: node.js, mariaDB
Point person: @sbassett, @Reedy, @Mstyles, @STran

Notes:

Possible caching? Data expected to be refreshed daily.
@SCherukuwada asked if this had to use a relational database and I don't have a good answer. @sbassett originally specced the schemas and might have a better informed answer. Perhaps a DBA could weigh in?

Details

Related Changes in Gerrit:

Subject	Repo	Branch	Lines +/-
ipoid: Fix probe definition	operations/puppet	production	+1 -1
ProductionServices: Add entry for ipoid	operations/mediawiki-config	master	+5 -0
services_proxy: Add ipoid to the service mesh (fix)	operations/puppet	production	+2 -0
service.yaml: add iPoid to the service catalogue	operations/puppet	production	+14 -0
Add ipoid to the service mesh	operations/puppet	production	+6 -0
ipoid: add records	operations/dns	master	+3 -0
kubernetes.yaml: add iPoid user/tokens	labs/private	master	+4 -0
ipoid: deployment_server stanzas	operations/puppet	production	+4 -0

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	kostajh	T325147 New Service Request 'iPoid'
Resolved	jijiki	T336163 Create helm chart for iPoid
Resolved	kostajh	T336165 Create Wikitech page documenting the iPoid service
Resolved	Tchanders	T336218 Rename security-api to iPoid
Resolved	kostajh	T305724 Investigate database data invalidation questions and chunked/timed API to MySQL/MariaDB ETL
Resolved	• Marostegui	T305114 Set up MariaDB for iPoid
Resolved	Mstyles	T301428 Security API Storage Needs
Resolved	STran	T325635 Investigate: Alternatives or improvements to data import method
Resolved	kostajh	T305727 Improve service and extension documentation and related configuration guidelines
Open	kostajh	T348935 Define service level indicators and service level objectives

Event Timeline

STran created this task.Dec 14 2022, 11:54 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 14 2022, 11:54 AM

I'm aware this is a duplicate of T290917: New Service Request Security API Gateway but I made it anyway because:

afaik, the the scope of security-api has changed (for now). Whatever's being implemented is for IPInfo's specific use case.
At the time the original ticket was written, security-api was fairly conceptual and seems to have stalled because of that. Although it still needs work to be production ready, hopefully it's out of the conceptual stage enough that we can start talking about getting it deployed and finding out more concrete next steps
I didn't want to just edit the ticket but we've been discussing deploying security-api for a week or two now and consensus seems to be that it's better to get what we have in front of SREs eyes sooner rather than later

If I've put the horse before the cart, please feel free to merge/close as you see fit. I believe I've tagged the involved parties and apologies if I've missed you.

Triaging for serviceops, removing SRE.

In T325147#8466272, @STran wrote:

afaik, the the scope of security-api has changed (for now). Whatever's being implemented is for IPInfo's specific use case.

Yes and no, IMO. Yes, the IPInfo use-case is driving this a bit more now, than say, the community efforts from T265845, but I believe that both use-cases would leverage the service in a similar fashion, just with the community efforts using SecurityApi and IPInfo talking to the node service endpoints directly within Wikimedia production.

At the time the original ticket was written, security-api was fairly conceptual and seems to have stalled because of that. Although it still needs work to be production ready, hopefully it's out of the conceptual stage enough that we can start talking about getting it deployed and finding out more concrete next steps

I think it probably is, though we'll need to reevaluate that status and necessity of the remaining sub-tasks under the old task, T290917.

I didn't want to just edit the ticket but we've been discussing deploying security-api for a week or two now and consensus seems to be that it's better to get what we have in front of SREs eyes sooner rather than later

I agree.

@SCherukuwada asked if this had to use a relational database and I don't have a good answer. @sbassett originally specced the schemas and might have a better informed answer. Perhaps a DBA could weigh in?

We had considered a few different options but the guidance from SRE here: T301428#7730915 lead to T305114.

Niharika mentioned this in T325628: Investigate: Ensure there's a production-ready init process.Dec 20 2022, 5:21 PM

@Joe Suman said you were the person to talk to regarding next steps?

In T325147#8516086, @STran wrote:

@Joe Suman said you were the person to talk to regarding next steps?

Hi @STran, first of all sorry if it took this long to get back to you!

I'm happy to assist with the next steps. I will schedule a meeting, but if you have documents besides phabricator I can read to get acquainted with how security-api works, can you point me to them?

@STran

Hi, should we move this forward? I think as @Joe says, we 'll need to sync up a bit to see how to best move forward with deployment on our platform.

Yes I'm so sorry! This slipped my mind. I wrote up some internal documentation for the team that might be useful in this case: https://docs.google.com/document/d/1CqnWfwhjiEoQMK1mCWjcikgjMhdAVfoDL3f_Q-f7elg/

I can follow up on slack to set a meeting up with @Joe if we think that's the best next step.

In T325147#8590684, @STran wrote:

Yes I'm so sorry! This slipped my mind. I wrote up some internal documentation for the team that might be useful in this case: https://docs.google.com/document/d/1CqnWfwhjiEoQMK1mCWjcikgjMhdAVfoDL3f_Q-f7elg/

That's useful, thanks!

I can follow up on slack to set a meeting up with @Joe if we think that's the best next step.

👍

akosiaris moved this task from Incoming 🐫 to Doing 😎 on the serviceops board.Feb 8 2023, 2:48 PM

In T325147#8590684, @STran wrote:

I can follow up on slack to set a meeting up with @Joe if we think that's the best next step.

Feel free to add myself and @Mstyles to that meeting, if you'd like.

JMeybohm subscribed.Mar 30 2023, 8:26 AM

kostajh subscribed.May 3 2023, 7:50 PM

STran added a subtask: T336163: Create helm chart for iPoid.May 8 2023, 11:26 AM

jijiki renamed this task from New Service Request 'security-api' to New Service Request 'IPoid'.May 9 2023, 10:05 AM

jijiki triaged this task as High priority.

jijiki updated the task description. (Show Details)

jijiki added a subtask: T336218: Rename security-api to iPoid.May 9 2023, 10:35 AM

jijiki renamed this task from New Service Request 'IPoid' to New Service Request 'iPoid'.May 10 2023, 12:47 PM

jijiki updated the task description. (Show Details)

jijiki added a subtask: T305724: Investigate database data invalidation questions and chunked/timed API to MySQL/MariaDB ETL.May 14 2023, 8:45 PM

jijiki added a subtask: T305114: Set up MariaDB for iPoid.May 14 2023, 8:50 PM

jijiki added a subtask: T301428: Security API Storage Needs.May 14 2023, 9:11 PM

jijiki added a subtask: T325635: Investigate: Alternatives or improvements to data import method.May 16 2023, 12:05 PM

TheresNoTime subscribed.May 23 2023, 3:19 PM

Change 922808 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[labs/private@master] kubernetes.yaml: add iPoid user/tokens

https://gerrit.wikimedia.org/r/922808

gerritbot added a project: Patch-For-Review.May 24 2023, 10:08 AM

Change 922845 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] ipoid: deployment_server stanzas

https://gerrit.wikimedia.org/r/922845

Change 922845 merged by Effie Mouzeli:

[operations/puppet@production] ipoid: deployment_server stanzas

https://gerrit.wikimedia.org/r/922845

TheresNoTime updated the task description. (Show Details)May 25 2023, 12:42 PM

kostajh closed subtask T336218: Rename security-api to iPoid as Resolved.Jun 1 2023, 8:05 AM

kostajh mentioned this in T290917: New Service Request Security API Gateway.

Change 922808 abandoned by Effie Mouzeli:

[labs/private@master] kubernetes.yaml: add iPoid user/tokens

Reason:

rebase hell

https://gerrit.wikimedia.org/r/922808

Maintenance_bot removed a project: Patch-For-Review.Jun 7 2023, 1:30 PM

Change 928473 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/dns@master] ipoid: add records

https://gerrit.wikimedia.org/r/928473

gerritbot added a project: Patch-For-Review.Jun 8 2023, 10:07 AM

Change 928473 merged by Effie Mouzeli:

[operations/dns@master] ipoid: add records

https://gerrit.wikimedia.org/r/928473

Maintenance_bot removed a project: Patch-For-Review.Jun 8 2023, 10:30 AM

Change 928487 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] service.yaml: add iPoid to the service catalogue

https://gerrit.wikimedia.org/r/928487

gerritbot added a project: Patch-For-Review.Jun 8 2023, 10:53 AM

Krinkle subscribed.Jun 8 2023, 1:25 PM

• Marostegui closed subtask T305114: Set up MariaDB for iPoid as Resolved.Jun 14 2023, 9:55 AM

Quick Note: Currently iPoid's database, m5-master.eqiad.wmnet is anchored to eqiad for writes, while in can read from m5-master.codfw.wmnet, that means that, the service will be active/active from the user perspective, but its cronjob, which is the only path where there are writes in the database, will run always from eqiad.

In other words, we have to not forget to make sure that any cronjobs that perform writes, need to only (and always) run on eqiad.

jijiki closed subtask T336163: Create helm chart for iPoid as Resolved.Jun 14 2023, 7:37 PM

STran closed subtask T325635: Investigate: Alternatives or improvements to data import method as Resolved.Jun 16 2023, 8:06 AM

sbassett added a subtask: T305727: Improve service and extension documentation and related configuration guidelines.Jun 27 2023, 3:04 PM

jijiki moved this task from Doing 😎 to this.quarter 🍕 on the serviceops board.Jul 3 2023, 10:21 AM

kostajh edited projects, added iPoid-Service; removed Services.Jul 4 2023, 8:27 AM

kostajh moved this task from Backlog to In Progress on the iPoid-Service board.Jul 5 2023, 10:57 AM

kostajh closed subtask T305724: Investigate database data invalidation questions and chunked/timed API to MySQL/MariaDB ETL as Resolved.Jul 5 2023, 11:04 AM

kostajh mentioned this in T289579: <Security Initiative> P2P Proxy API.Aug 24 2023, 7:20 AM

Tchanders added a project: Trust and Safety Product Sprint.Oct 27 2023, 10:41 AM

Tchanders moved this task from In Progress to Backlog on the iPoid-Service board.Nov 1 2023, 6:56 PM

jijiki reopened subtask T305114: Set up MariaDB for iPoid as Open.Nov 8 2023, 10:57 AM

• Marostegui closed subtask T305114: Set up MariaDB for iPoid as Resolved.Nov 8 2023, 2:39 PM

kostajh closed subtask T336165: Create Wikitech page documenting the iPoid service as Resolved.Nov 10 2023, 10:08 AM

Change 988453 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/puppet@production] Add ipoid to the service mesh

https://gerrit.wikimedia.org/r/988453

Change 988482 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[operations/mediawiki-config@master] ProductionServices: Add entry for ipoid

https://gerrit.wikimedia.org/r/988482

Change 988453 merged by Effie Mouzeli:

[operations/puppet@production] Add ipoid to the service mesh

https://gerrit.wikimedia.org/r/988453

Change 928487 merged by Effie Mouzeli:

[operations/puppet@production] service.yaml: add iPoid to the service catalogue

https://gerrit.wikimedia.org/r/928487

Change 989829 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] services_proxy: Add ipoid to the service mesh (fix)

https://gerrit.wikimedia.org/r/989829

Change 989829 merged by Effie Mouzeli:

[operations/puppet@production] services_proxy: Add ipoid to the service mesh (fix)

https://gerrit.wikimedia.org/r/989829

Change 988482 merged by jenkins-bot:

[operations/mediawiki-config@master] ProductionServices: Add entry for ipoid

https://gerrit.wikimedia.org/r/988482

Mentioned in SAL (#wikimedia-operations) [2024-01-11T14:51:11Z] <reedy@deploy2002> Synchronized wmf-config/: T325147 (duration: 06m 43s)

Maintenance_bot removed a project: Patch-For-Review.Jan 11 2024, 3:30 PM

Change 995005 had a related patch set uploaded (by Clément Goubert; author: Clément Goubert):

[operations/puppet@production] ipoid: Fix probe definition

https://gerrit.wikimedia.org/r/995005

gerritbot added a project: Patch-For-Review.Feb 1 2024, 12:15 PM

Closing this; future work can tag iPoid-Service.

Change 995005 merged by Clément Goubert: