Page MenuHomePhabricator
Create Task
Maniphest T326105

Create cu_log_event and cu_private_event on WMF wikis
Closed, ResolvedPublic
Actions

Description

  1. CREATEs to run: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/866684/10/schema/mysql/patch-cu_log_event-def.sql and https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/866684/10/schema/mysql/patch-cu_private_event-def.sql
  2. Where to run those changes: all.dblist
  3. When to run those changes: Blocks patches for several security tickets (e.g. T316414), however, no need to rush.
  4. If the schema change is backwards compatible: Yes.
  5. If the schema change has been tested already on some of the test/beta wikis: beta cluster doesn't have checkuser
  6. if the data should be made available on the labs replicas and/or dumps: No, data is private.

Table creation specific Q&As:

  1. Should this table be replicated to wiki replicas?: No, as it contains private data.
  2. Will you be doing cross-joins with the wiki metadata?: A join to the logging table for entries in the cu_log_event will occur.
  3. Size of the table (number of rows expected): Unsure of exact numbers as I do not have raw access to cu_changes on WMF wikis. The two tables will have less entries than what cu_changes currently has (as these tables are being added to split up what cu_changes stores into multiple tables).
  4. Expected growth per year (number of rows): Like cu_changes, the data will be purged after a set expiry time (currently 3 months). Once the tables have existed for 3 months or if a maintenance script is run to fill the tables, the tables will then not grow or shrink by any large amount
  5. Expected amount of queries, both writes and reads (per minute, per hour...per day, any of those are ok): As I do not have access to this information, I cannot give specifics for this. However, what I can say is:
    1. Reads: Very similar to cu_changes as all three tables will in most cases be read together
    2. Writes: Smaller than the writes to cu_changes - dependent on how many log events are being triggered
  6. Examples of queries that will be using the table: TBC - Need to work on a patch that makes use of the new system. Queries are either to be separately run or combined via a UNION (there may be cases where only some of the three tables are queried):
    1. SELECT ... FROM [cu_changes, cu_private_event] WHERE ... LIMIT ...
    2. SELECT ... FROM cu_log_event INNER JOIN logging ON cue_log_id = log_id WHERE ... LIMIT ...

Creating new tables over adding a new column to cu_changes was suggested by Ladsgroup. The change has been merged, but open to discussion on improvements if they are needed.

Details

SubjectRepoBranchLines +/-
createExtensionTables: Add extension CheckUsermediawiki/extensions/WikimediaMaintenancemaster+5 -0
realm.pp: Add two new tables to privateoperations/puppetproduction+2 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedFeatureDreamy_JazzT311375 Instead of not showing any results on too many results show the results to the truncation point with a pager that allows generation of more results
 OpenFeatureDreamy_JazzT313446 Make non-CUs linking users and IPs when CUs use block forms in CheckUser harder
Restricted Task
Restricted Task
Restricted Task
 ResolvedSecurityZabeT311337 CVE-2022-39193: Edits with the performer suppressed still show the performer in results from the CheckUser extension
 ResolvedSecurityDreamy_JazzT316414 CVE-2022-39193: Special:Investigate can expose supressed information in check results
 ResolvedSecurityDreamy_JazzT318166 CVE-2022-39193: CheckUser API can expose the suppressed performer
 ResolvedSecurityDreamy_JazzT316360 Oversighted action text is shown in Special:CheckUser when the checkuser does not have the right to see it
Restricted Task
 OpenBUG REPORTNoneT326866 Special:Investigate can expose suppressed information for log events
 ResolvedBUG REPORTDreamy_JazzT326867 CheckUser API can expose suppressed information for log events
 ResolvedBUG REPORTDreamy_JazzT326865 Special:CheckUser can expose suppressed information for log events
 ResolvedDreamy_JazzT253796 Make CheckUser record the log_id of logged actions
 OpenNoneT139810 RFC: Overhaul the CheckUser extension
 OpenNoneT132892 CheckUser UI revamp
 OpenNoneT69811 CheckUsers "Get users" design needs improvements
 OpenFeatureDreamy_JazzT24120 Enhance Blocking and tagging from checkuser interface: add dropdowns
 DuplicateNoneT145340 Split CheckUser mass-block interface to separate special page
 OpenFeatureNoneT324709 Allow the HTMLForm Select and other field to have a minimum length set
 ResolvedFeatureDreamy_JazzT316441 Enforce minimum length of the tag on the client side for the checkuser block form
 ResolvedFeatureDreamy_JazzT321427 Allow HTMLForm text based elements to specify a minimum length
 ResolvedFeatureDreamy_JazzT321439 Allow TextInputWidget to specify the "minlength" attribute
 OpenFeatureNoneT316444 The CheckUser block form should explain why users were not blocked or tagged
 OpenFeatureNoneT314700 Restore the bottom paging links on 'Get users'
 ResolvedBUG REPORTDreamy_JazzT314217 Checkuserblock form is broken when paging links are shown on 'Get users'
 DeclinedFeatureNoneT313451 Separate out when the blocks are made for IPs and users in Special:CheckUser 'get users' mode
 OpenFeatureNoneT18306 Allow user to specify block settings from CU form
 ResolvedGlaisherT41213 Block interface after "Get users" check should allow talk page/send email blocking
 OpenFeatureNoneT329493 Replace Special:CheckUser's 'get users' block form with a usage of Special:InvestigateBlock
 ResolvedDreamy_JazzT339914 Remove CheckUserEnableSpecialInvestigate config
 OpenFeatureDreamy_JazzT318458 Add dropdown options for the reason in Special:InvestigateBlock (like Special:Block has)
 OpenDreamy_JazzT362569 Test SpecialInvestigateBlock
 OpenNoneT27053 Replace user / talk pages feature of "Get users" creates a user/talk page if it doesnt exist
 ResolvedFeatureDreamy_JazzT318459 Make a clearer visual distinction between the UA and IP list in 'get users'
 ResolvedGlaisherT49505 CheckUser results (userlinks) cannot be customized
 Resolved NiharikaT24119 Enhance Blocking and tagging from checkuser interface: add new page
 ResolvedNoneT14808 Blocking and tagging from checkuser interface
 ResolvedFeatureDreamy_JazzT16699 More versatile searching in CheckUser log
 DeclinedNoneT15789 Restore the global CheckUser log
 ResolvedFeatureDreamy_JazzT309924 Add check links for both the target and performer in Special:CheckUserLog
 ResolvedFeatureDreamy_JazzT309925 Implement User:Amalthea/culoghelper.js into the CheckUser extension
 DuplicateNoneT140345 Userlinks in CheckUser should be customizable
 OpenNoneT21964 Provide a link to the user on account creation
 DuplicateNoneT144099 Make CheckUser unit-testable
 ResolvedDreamy_JazzT309815 Use OOUI in Special:CheckUser
 ResolvedDreamy_JazzT310019 The Special:CheckUser block form should use OOUI
 ResolvedDreamy_JazzT266586 Use OOUI in SpecialCheckUserLog
Restricted Task
 OpenFeatureNoneT26231 Allow CheckUsers to filter checks for account creations only
 ResolvedDreamy_JazzT139809 Bad output of AbuseFilter blocks in CU get edits
 ResolvedBUG REPORTDreamy_JazzT41013 Incomplete i18n for log entries in CheckUser
 ResolvedBUG REPORTDreamy_JazzT268156 Partial blocks from namespaces are displayed odd
 OpenNoneT311354 Make CheckUser results easier to parse by userscripts
 OpenFeatureNoneT311380 Make certain types of edits in 'Get edits' highlightable for ease of parsing the results
 DeclinedFeatureNoneT54849 Checkuser option "get users" should point out when user password is changed
 OpenFeatureNoneT315488 Show failed login attempts in the results list for the user
Restricted Task
 ResolvedDreamy_JazzT145265 Store check user data action text in structured format
 ResolvedkostajhT257893 [EPIC] Support User-Agent Client Hints header in CheckUser
 OpenNoneT341094 Create client hint mapping rows for CheckUser-worthy events
 OpenNoneT248926 Performance review of checkuser database queries [NOT READY]
 Resolved tstarlingT342613 CompareService::getTotalEditsFromIp queries exceeding TransactionProfiler limits
 OpenNoneT301992 Insert CheckUser row events during certain 2FA actions
 ResolvedTchandersT326393 IP Address Reveal on Log page
 OpenBUG REPORTNoneT28843 CheckUser results do not appear cleanly for AbuseFilter modifications
 OpenFeatureDreamy_JazzT324907 Create separate tables for log events in CheckUser
 ResolvedLadsgroupT326105 Create cu_log_event and cu_private_event on WMF wikis

Event Timeline

Dreamy_Jazz created this task.Jan 3 2023, 12:13 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 3 2023, 12:13 AM
Dreamy_Jazz added a parent task: T324907: Create separate tables for log events in CheckUser.Jan 3 2023, 12:14 AM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz updated the task description. (Show Details)Jan 3 2023, 12:18 AM
Dreamy_Jazz updated the task description. (Show Details)Jan 3 2023, 12:46 AM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz updated the task description. (Show Details)Jan 3 2023, 1:08 AM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz updated the task description. (Show Details)Jan 3 2023, 1:11 AM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz updated the task description. (Show Details)Jan 3 2023, 1:14 AM
Dreamy_Jazz updated the task description. (Show Details)
Marostegui triaged this task as Medium priority.Jan 3 2023, 7:24 AM
Marostegui moved this task from Triage to Blocked external/Not db team on the DBA board.
Marostegui subscribed.

Thanks for the task.
DBAs do not create the tables. That's self service: https://wikitech.wikimedia.org/wiki/Schema_changes#What_is_not_a_schema_change

Can you please clarify this bit:

Should this table be replicated to wiki replicas?: Yes, like cu_changes is currently. Replicas should keep this table and it's data private.

cu_changes tables isn't replicated to our wikireplicas. It is a private table: https://github.com/wikimedia/puppet/blob/production/manifests/realm.pp#L192

Marostegui removed a project: Schema-change-in-production.Jan 3 2023, 7:26 AM
Dreamy_Jazz added a comment.EditedJan 3 2023, 9:34 AM
In T326105#8494283, @Marostegui wrote:

Thanks for the task.
DBAs do not create the tables. That's self service: https://wikitech.wikimedia.org/wiki/Schema_changes#What_is_not_a_schema_change

Thanks for the explanation. I didn't realise there was a separate page about creating tables until I created the task. I added the extra questions, but did not read on to the deployment section as I assumed that was not for me.

In T326105#8494283, @Marostegui wrote:

Can you please clarify this bit:

Should this table be replicated to wiki replicas?: Yes, like cu_changes is currently. Replicas should keep this table and it's data private.

cu_changes tables isn't replicated to our wikireplicas. It is a private table: https://github.com/wikimedia/puppet/blob/production/manifests/realm.pp#L192

Hmm. Maybe I'm misunderstanding what "wikireplicas" are in this situation. I know from the PHP code that CheckUser uses a replica DB to read rows from cu_changes via:

$this->mDb = $loadBalancer->getConnection( DB_REPLICA );
Marostegui added a comment.Jan 3 2023, 9:38 AM

I think there might be a misunderstanding on what "wiki replicas" are.
This might help: https://wikitech.wikimedia.org/wiki/Wiki_Replicas

Marostegui added a comment.Jan 3 2023, 9:39 AM

I am going to go ahead and prepare a patch to add these tables to the private list (like cu_changes)

Dreamy_Jazz added a comment.Jan 3 2023, 9:39 AM

Thanks. I'll update the task.

Dreamy_Jazz updated the task description. (Show Details)Jan 3 2023, 9:39 AM
Dreamy_Jazz updated the task description. (Show Details)
gerritbot added a comment.Jan 3 2023, 9:40 AM

Change 874781 had a related patch set uploaded (by Marostegui; author: Marostegui):

[operations/puppet@production] realm.pp: Add two new tables to private

https://gerrit.wikimedia.org/r/874781

gerritbot added a project: Patch-For-Review.Jan 3 2023, 9:40 AM
gerritbot added a comment.Jan 3 2023, 9:49 AM

Change 874782 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/WikimediaMaintenance@master] createExtensionTables: Add extension CheckUser

https://gerrit.wikimedia.org/r/874782

Marostegui added a comment.Jan 3 2023, 9:50 AM

Please do not create the tables until we've given the green light. We need to merge our patches and restart a few services.

Dreamy_Jazz added a comment.Jan 3 2023, 9:51 AM

Okay. Was following the steps in the "Preparation" section.

gerritbot added a comment.Jan 3 2023, 10:49 AM

Change 874781 merged by Marostegui:

[operations/puppet@production] realm.pp: Add two new tables to private

https://gerrit.wikimedia.org/r/874781

Stashbot added a comment.Jan 3 2023, 10:50 AM

Mentioned in SAL (#wikimedia-operations) [2023-01-03T10:50:43Z] <marostegui> Restart codfw sanitarium masters T326105

Stashbot added a comment.Jan 3 2023, 10:53 AM

Mentioned in SAL (#wikimedia-operations) [2023-01-03T10:53:53Z] <marostegui> Restart eqiad sanitarium T326105

Marostegui added a comment.Jan 3 2023, 10:57 AM

I have restarted both pair of sanitarium hosts and the replication filter is now in place. You can create the tables at your own convenience.

gerritbot added a comment.Jan 3 2023, 11:57 AM

Change 874782 merged by jenkins-bot:

[mediawiki/extensions/WikimediaMaintenance@master] createExtensionTables: Add extension CheckUser

https://gerrit.wikimedia.org/r/874782

Maintenance_bot removed a project: Patch-For-Review.Jan 3 2023, 12:31 PM
Marostegui edited projects, added Data-Persistence (work done); removed DBA.Jan 4 2023, 8:08 AM
Dreamy_Jazz added a comment.Jan 4 2023, 10:37 AM
In T326105#8494564, @Marostegui wrote:

I have restarted both pair of sanitarium hosts and the replication filter is now in place. You can create the tables at your own convenience.

Thanks. I will need to find someone to do this.

Dreamy_Jazz added projects: Wikimedia-maintenance-script-run, Wikimedia-Site-requests.Jan 4 2023, 10:38 AM
Marostegui added a comment.Jan 4 2023, 10:40 AM
In T326105#8497418, @Dreamy_Jazz wrote:
In T326105#8494564, @Marostegui wrote:

I have restarted both pair of sanitarium hosts and the replication filter is now in place. You can create the tables at your own convenience.

Thanks. I will need to find someone to do this.

You can do it during one of the deployment windows.

Ladsgroup subscribed.Jan 4 2023, 11:30 AM

I can do it @Dreamy_Jazz, give me a couple of hours

Dreamy_Jazz added a comment.Jan 4 2023, 12:25 PM

Thanks @Ladsgroup. I won't be around for today and most of tommorrow for the deployment windows if you need my input.

ReleaseTaggerBot added a project: MW-1.40-notes (1.40.0-wmf.18; 2023-01-09).Jan 4 2023, 2:02 PM
taavi moved this task from Backlog to WMF Prod on the Wikimedia-maintenance-script-run board.Jan 4 2023, 9:50 PM
Dreamy_Jazz added a comment.Jan 5 2023, 3:35 PM

I've added creating these tables to the late backport today.

Ladsgroup added a comment.Jan 5 2023, 6:43 PM

Since the files are not deployed yet to production (it's in wmf.18) deployers will have hard time to get it done, I'm on it. Hopefully done in ten minutes or so when I can figure out a good way to do without breaking stuff :P

Ladsgroup added a comment.Jan 5 2023, 7:32 PM

Started it.

Ladsgroup closed this task as Resolved.Jan 5 2023, 7:39 PM
Ladsgroup claimed this task.
Ladsgroup edited projects, added DBA; removed Data-Persistence (work done).

it's done. Before starting to write to it, I suggest double checking this doesn't end up in cloud replicas and even if you start, let's do one wiki first, double check for leakage a couple times (this is quite sensitive) and then move forward to the rest of wikis.

Dreamy_Jazz added a comment.Jan 5 2023, 8:59 PM

Thanks!

I'll follow the plan and I'll set a migration config in the change so that it can be per wiki.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL