Page MenuHomePhabricator
Create Task
Maniphest T347544

Separate deployment for wikifunctions.org
Closed, ResolvedPublic
Actions

Description

Given the specific nature of wikifunctions, the SRE team has evaluated that even opening the execution of functions to the general public constitutes a risk that is unacceptable if wikifunctions shares the php worker pool with the rest of production. Given the current (and future, AIUI) performance of the system expected to be in the order of seconds per function call, we certainly want to contain the possible blast radius of the problem.

To this end we need the following:

  • set up a new deployment of mediawiki on k8s, possibly under ingress
  • Set up the corresponding entry in service::catalog, including discovery dns
  • Modify the traffic layer routing logic to separate out wikifunctions. Probably it makes sense to do so in mw-on-k8s.lua.
  • Add service-mesh listeners for mw-wikifunctions
  • Change wikifunctions mesh listener to use the separate deployment (mw-wikifunctions-ro) instead of mw-api-int for api calls
  • Add networkpolicy rule allowing wikifunctions to connect to mw-wikifunctions

Details

Related Changes in Gerrit:
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

Joe created this task.Sep 28 2023, 6:34 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 28 2023, 6:34 AM
Joe triaged this task as High priority.Sep 28 2023, 6:34 AM
Joe moved this task from Incoming 🐫 to this.quarter 🍕 on the serviceops-deprecated board.
Maintenance_bot added a project: SRE.Sep 28 2023, 6:45 AM
Maintenance_bot added a project: Abstract Wikipedia team.
JMeybohm updated the task description. (Show Details)Sep 28 2023, 7:23 AM
JMeybohm merged a task: T347509: Serve wikifunctions.org from mw-on-k8s at 100%.Sep 28 2023, 7:49 AM
JMeybohm added a subscriber: Jdforrester-WMF.
JMeybohm claimed this task.Sep 28 2023, 9:13 AM
Jdforrester-WMF changed the task status from Open to In Progress.Sep 28 2023, 4:33 PM
Jdforrester-WMF moved this task from To Triage to In Progress on the Abstract Wikipedia team board.
gerritbot added a comment.Oct 11 2023, 8:36 AM

Change 965054 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] admin_ng: Add namespace for wikifunctions mediawiki deployment

https://gerrit.wikimedia.org/r/965054

gerritbot added a project: Patch-For-Review.Oct 11 2023, 8:36 AM

Change 965055 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Add mediawiki deployment for wikifunctions

https://gerrit.wikimedia.org/r/965055

gerritbot added a comment.Oct 11 2023, 8:39 AM

Change 965056 had a related patch set uploaded (by Clément Goubert; author: Clément Goubert):

[operations/puppet@production] wikifunctions: Add routing to separate mw-on-k8s

https://gerrit.wikimedia.org/r/965056

gerritbot added a comment.Oct 11 2023, 9:29 AM

Change 965062 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/dns@master] Add mw-wikifunctions records

https://gerrit.wikimedia.org/r/965062

gerritbot added a comment.Oct 11 2023, 9:54 AM

Change 965065 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/dns@master] Add mw-wikifunctions discovery records

https://gerrit.wikimedia.org/r/965065

gerritbot added a comment.Oct 11 2023, 9:54 AM

Change 965086 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] service::catalog: Add mw-wikifunctions - 1

https://gerrit.wikimedia.org/r/965086

gerritbot added a comment.Oct 11 2023, 12:16 PM

Change 965121 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] Add mw-wikifunctions to mediawiki k8s releases

https://gerrit.wikimedia.org/r/965121

gerritbot added a comment.Oct 11 2023, 12:47 PM

Change 965054 merged by jenkins-bot:

[operations/deployment-charts@master] admin_ng: Add namespace for wikifunctions mediawiki deployment

https://gerrit.wikimedia.org/r/965054

gerritbot added a comment.Oct 11 2023, 1:08 PM

Change 965055 merged by jenkins-bot:

[operations/deployment-charts@master] Add mediawiki deployment for wikifunctions

https://gerrit.wikimedia.org/r/965055

gerritbot added a comment.Oct 11 2023, 1:18 PM

Change 965156 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] deployment_server: Add mw-wikifunctions

https://gerrit.wikimedia.org/r/965156

gerritbot added a comment.Oct 11 2023, 1:20 PM

Change 965156 merged by JMeybohm:

[operations/puppet@production] deployment_server: Add mw-wikifunctions

https://gerrit.wikimedia.org/r/965156

gerritbot added a comment.Oct 11 2023, 1:30 PM

Change 965158 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Remove namespace quota and limitranger from mw-wikifunctions

https://gerrit.wikimedia.org/r/965158

gerritbot added a comment.Oct 11 2023, 1:35 PM

Change 965158 merged by jenkins-bot:

[operations/deployment-charts@master] Remove namespace quota and limitranger from mw-wikifunctions

https://gerrit.wikimedia.org/r/965158

Jdforrester-WMF updated the task description. (Show Details)Oct 11 2023, 1:43 PM
gerritbot added a comment.Oct 11 2023, 2:09 PM

Change 965121 merged by JMeybohm:

[operations/puppet@production] Add mw-wikifunctions to mediawiki k8s releases

https://gerrit.wikimedia.org/r/965121

gerritbot added a comment.Oct 11 2023, 2:19 PM

Change 965062 merged by JMeybohm:

[operations/dns@master] Add mw-wikifunctions records

https://gerrit.wikimedia.org/r/965062

JMeybohm updated the task description. (Show Details)Oct 11 2023, 2:22 PM
gerritbot added a comment.Oct 11 2023, 2:31 PM

Change 965086 merged by JMeybohm:

[operations/puppet@production] service::catalog: Add mw-wikifunctions - 1

https://gerrit.wikimedia.org/r/965086

gerritbot added a comment.Oct 11 2023, 2:37 PM

Change 965175 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] service::catalog: Add mw-wikifunctions - 2

https://gerrit.wikimedia.org/r/965175

gerritbot added a comment.Oct 11 2023, 2:37 PM

Change 965176 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] service::catalog: Add mw-wikifunctions - 3

https://gerrit.wikimedia.org/r/965176

gerritbot added a comment.Oct 11 2023, 2:37 PM

Change 965177 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] service::catalog: Add mw-wikifunctions - 4

https://gerrit.wikimedia.org/r/965177

gerritbot added a comment.Oct 11 2023, 2:46 PM

Change 965175 merged by JMeybohm:

[operations/puppet@production] service::catalog: Add mw-wikifunctions - 2

https://gerrit.wikimedia.org/r/965175

gerritbot added a comment.Oct 11 2023, 3:01 PM

Change 965176 merged by JMeybohm:

[operations/puppet@production] service::catalog: Add mw-wikifunctions - 3

https://gerrit.wikimedia.org/r/965176

gerritbot added a comment.Oct 11 2023, 3:12 PM

Change 965177 merged by JMeybohm:

[operations/puppet@production] service::catalog: Add mw-wikifunctions - 4

https://gerrit.wikimedia.org/r/965177

gerritbot added a comment.Oct 11 2023, 3:25 PM

Change 965065 merged by JMeybohm:

[operations/dns@master] Add mw-wikifunctions discovery records

https://gerrit.wikimedia.org/r/965065

JMeybohm updated the task description. (Show Details)Oct 11 2023, 3:38 PM
gerritbot added a comment.Oct 11 2023, 4:55 PM

Change 965227 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Add appserver, api and jobrunner SANs to mw deployments

https://gerrit.wikimedia.org/r/965227

gerritbot added a comment.Oct 12 2023, 8:31 AM

Change 965227 merged by jenkins-bot:

[operations/deployment-charts@master] Add appserver, api and jobrunner SANs to mw deployments

https://gerrit.wikimedia.org/r/965227

gerritbot added a comment.Oct 12 2023, 9:19 AM

Change 965471 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] service_proxy: Add mw-wikifunctions-ro listener

https://gerrit.wikimedia.org/r/965471

gerritbot added a comment.Oct 12 2023, 9:33 AM

Change 965473 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] wikifunctions: Switch to use mw-wikifunctions for API calls

https://gerrit.wikimedia.org/r/965473

gerritbot added a comment.Oct 12 2023, 10:57 AM

Change 965471 merged by JMeybohm:

[operations/puppet@production] service_proxy: Add mw-wikifunctions-ro listener

https://gerrit.wikimedia.org/r/965471

gerritbot added a comment.Oct 12 2023, 11:19 AM

Change 965473 merged by jenkins-bot:

[operations/deployment-charts@master] wikifunctions: Switch to use mw-wikifunctions for API calls

https://gerrit.wikimedia.org/r/965473

JMeybohm updated the task description. (Show Details)Oct 12 2023, 11:39 AM
Stashbot added a comment.Oct 12 2023, 12:16 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-12T12:16:06Z] <jayme> disable puppet on A:cp-text - T347544

Stashbot added a comment.Oct 12 2023, 12:18 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-12T12:18:32Z] <jayme> disable puppet on A:cp - T347544

gerritbot added a comment.Oct 12 2023, 12:19 PM

Change 965056 merged by JMeybohm:

[operations/puppet@production] wikifunctions: Add routing to separate mw-on-k8s

https://gerrit.wikimedia.org/r/965056

Stashbot added a comment.Oct 12 2023, 12:26 PM

Mentioned in SAL (#wikimedia-operations) [2023-10-12T12:26:49Z] <jayme> re-enable puppet on A:cp - T347544

Maintenance_bot removed a project: Patch-For-Review.Oct 12 2023, 12:30 PM
JMeybohm updated the task description. (Show Details)Oct 12 2023, 12:55 PM
JMeybohm closed this task as Resolved.Oct 12 2023, 1:02 PM

All wikifunctions.org traffic from the edge as well as from function-orchestrator is now served by the separate k8s deployment mw-wikifunctions

Jdforrester-WMF moved this task from In Progress to Verify in production on the Abstract Wikipedia team board.Oct 12 2023, 2:57 PM

Thank you!

Jdforrester-WMF added a parent task: T343458: Allow logged-out users to run (community-approved) implementations on wikifunctions.org via the `wikilambda-execute` right.Oct 12 2023, 4:34 PM
gerritbot added a comment.Oct 26 2023, 2:36 PM

Change 969131 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/cookbooks@master] Add mw-wikifunctions to MEDIAWIKI_SERVICES

https://gerrit.wikimedia.org/r/969131

gerritbot added a project: Patch-For-Review.Oct 26 2023, 2:36 PM
gerritbot added a comment.Oct 26 2023, 4:40 PM

Change 969131 merged by jenkins-bot:

[operations/cookbooks@master] Add mw-wikifunctions to MEDIAWIKI_SERVICES

https://gerrit.wikimedia.org/r/969131

Maintenance_bot removed a project: Patch-For-Review.Oct 26 2023, 5:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits