Page MenuHomePhabricator
Create Task
Maniphest T347838

Add sha512 checksum files to all the ML's models in the public dir
Closed, ResolvedPublic
Actions

Description

In https://analytics.wikimedia.org/published/wmf-ml-models/ we store the models uploaded to Lift Wing. We should add sha512 checksum to all files to allow people to verify the binaries after downloading them.

Extra caveat - we should verify if anybody is allowed to change files under that directory, to make sure that they cannot be tampered easily (or mistakenly changed etc..). For example:

  • MLOps uploads the model binary and the checksum to analytics.wikimedia.org.
  • User X with access to the stat boxes copies over their models on the same dir, overwriting the content.

Details

SubjectRepoBranchLines +/-
profile::statistics::explorer::ml: change owner of published diroperations/puppetproduction+1 -1
profile::statistics::explorer:ml: expand model_upload.shoperations/puppetproduction+20 -1
profile::statistics::explorer: ensure /srv/published/wmf-ml-modelsoperations/puppetproduction+12 -0
role::statistics::explorer: add ml-team-admins to stat100x nodesoperations/puppetproduction+2 -1
Customize query in gerrit

Related Objects

Event Timeline

elukey created this task.Oct 2 2023, 9:59 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 2 2023, 9:59 AM
klausman subscribed.Oct 2 2023, 11:15 AM

Do you think it would be useful to also keep the checksums in a different place, with permissions independent of the backing store behind the published/ directory?

elukey added a comment.Oct 2 2023, 12:46 PM
In T347838#9215035, @klausman wrote:

Do you think it would be useful to also keep the checksums in a different place, with permissions independent of the backing store behind the published/ directory?

Ideally it would be nice to keep them in the same place, so we don't forget to add them with our automation and folks from the community have an easier way to find things.

gerritbot added a comment.Oct 6 2023, 8:48 AM

Change 963956 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] profile::statistics::explorer: ensure /srv/published/wmf-ml-models

https://gerrit.wikimedia.org/r/963956

gerritbot added a project: Patch-For-Review.Oct 6 2023, 8:48 AM
gerritbot added a comment.Oct 6 2023, 9:43 AM

Change 963962 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] role::statistics::explorer: add ml-team-admins to stat100x nodes

https://gerrit.wikimedia.org/r/963962

gerritbot added a comment.Oct 6 2023, 9:51 AM

Change 963962 merged by Elukey:

[operations/puppet@production] role::statistics::explorer: add ml-team-admins to stat100x nodes

https://gerrit.wikimedia.org/r/963962

gerritbot added a comment.Oct 6 2023, 9:51 AM

Change 963956 merged by Elukey:

[operations/puppet@production] profile::statistics::explorer: ensure /srv/published/wmf-ml-models

https://gerrit.wikimedia.org/r/963956

Maintenance_bot removed a project: Patch-For-Review.Oct 6 2023, 10:10 AM
elukey added a comment.Oct 6 2023, 10:29 AM

The original upload task was T334111. All the stat boxes now have a directory called /srv/published/wmf-ml-models that can be writable only by members of the posix group ml-team-admins and root.

Ran also the following:

elukey@stat1008:~$ for f in $(find /srv/published/wmf-ml-models -type f); do echo $f; sha512sum -b $f > "${f}.sha512"; done

To generate all the sha512 files.

elukey claimed this task.Oct 9 2023, 8:28 AM
elukey moved this task from Unsorted to In Progress on the Machine-Learning-Team board.Oct 9 2023, 3:31 PM
elukey added a comment.Oct 11 2023, 2:37 PM

We decided during the team meeting to add prompt in the upload_model script to copy the model to /srv/published. In this way we don't forget :)

Next steps:

  • Implement the new prompt in the upload models scritpt.
gerritbot added a comment.Oct 12 2023, 8:58 AM

Change 965469 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] profile::statistics::explorer:ml: expand model_upload.sh

https://gerrit.wikimedia.org/r/965469

gerritbot added a project: Patch-For-Review.Oct 12 2023, 8:58 AM
gerritbot added a comment.Oct 12 2023, 9:42 AM

Change 965469 merged by Elukey:

[operations/puppet@production] profile::statistics::explorer:ml: expand model_upload.sh

https://gerrit.wikimedia.org/r/965469

gerritbot added a comment.Oct 12 2023, 9:46 AM

Change 965474 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] profile::statistics::explorer::ml: change owner of published dir

https://gerrit.wikimedia.org/r/965474

elukey added a comment.Oct 12 2023, 9:50 AM

Prompt added to the script, task should be done!

elukey moved this task from In Progress to 2023-2024 Q3 Done on the Machine-Learning-Team board.Oct 12 2023, 9:50 AM
gerritbot added a comment.Oct 12 2023, 10:56 AM

Change 965474 merged by Elukey:

[operations/puppet@production] profile::statistics::explorer::ml: change owner of published dir

https://gerrit.wikimedia.org/r/965474

Maintenance_bot removed a project: Patch-For-Review.Oct 12 2023, 11:10 AM
elukey closed this task as Resolved.Oct 26 2023, 8:29 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits