client_ip attribute reports only 127.0.0.1 in PHP/API context
Open, Unbreak Now!PublicBUG REPORT
Actions

Description

The WikiLambda extension (a component of Wikifunctions) is using the Metrics Platform PHP library to track the usage of our wikilambda_function_call (private) API endpoint. We include

allOf: 
  $ref: /fragment/http/client_ip/1.0.0#

in the schema so we can get a rough-granularity breakdown of geolocations from which the API is being called. The http.client_ip attribute always gets assigned the value 127.0.0.1.

This is also true of our wikifunctions_run (public) API endpoint.

Notes: each of the endpoint pages linked above includes clickable example calls to the API. This patch declared the stream configuration for the metrics events. Currently there are several thousand events in the corresponding Data Lake table, and every one has 127.0.0.1 for http.client_ip. All other attributes have appropriate values.

Desired behavior/Acceptance criteria

The client_ip attribute should be assigned a value that appropriately indicates the address of the system from which the API has been called.

Details

Subject	Repo	Branch	Lines +/-
Forward info about original request	mediawiki/extensions/EventBus	master	+6 -3
Revert "Increase the eventgate canary log_level to trace, temporarily"	operations/deployment-charts	master	+0 -5
Increase the eventgate canary log_level to trace, temporarily	operations/deployment-charts	master	+5 -0

Customize query in gerrit

Related Objects

Mentioned Here: T288853: Migrated Server-side EventLogging events recording http.client_ip as 127.0.0.1

Event Timeline

DMartin-WMF created this task.Wed, Jun 26, 4:39 AM

DMartin-WMF updated the task description. (Show Details)Wed, Jun 26, 5:03 AM

This sounds like either it's a bug in the Metrics Platform code, or this is us mis-reading what this attribute is meant to convey?

We ran into this three years ago when two of the Growth team's schemas were migrated to Event Platform. Might be useful to check what was done there: T288853

Jdforrester-WMF triaged this task as Medium priority.Wed, Jun 26, 4:35 PM

Jdforrester-WMF changed the subtype of this task from "Task" to "Bug Report".

Jdforrester-WMF moved this task from To triage to 25Q1 (Jul–Sep) on the Abstract Wikipedia team board.

Jdforrester-WMF edited projects, added Abstract Wikipedia team (25Q1 (Jul–Sep)); removed Abstract Wikipedia team.

Jdforrester-WMF moved this task from Incoming to Ready, Bugs on the Abstract Wikipedia team (25Q1 (Jul–Sep)) board.Wed, Jun 26, 5:00 PM

VirginiaPoundstone added projects: Metrics Platform Backlog, Data Products.Wed, Jun 26, 9:27 PM

CC @phuedx and @Ottomata any ideas here?

Hi! Would have to dive in to find out why/where it is not being set.

Here is the code in eventgate-wikimedia responsible for setting client_ip. And here is the function that determines client_ip from headers.

Just checking: is instrumentation explicitly setting http.client_ip in the event anywhere? If so that will take precedence.

From Slack:

EventBus is configured to send events submitted to the mediawiki.product_metrics.wikilambda_api stream to eventgate-analytics-external

EventBus is configured to forward the client IP to the event intake service (EventGate) for that service

EventGate will set the http.client_ip property on the event if it has a slot for it

It's worth noting that EventBus will only forward the client IP to the event intake service if one is present. I wonder if it is 🤔

Thanks, @Ottomata ! Re: whether instrumentation is explicitly setting http.client_ip - in terms of what the extension (WikiLambda) does, definitely not.

Also from Slack:

I think there might be something going on with client IP detection or forwarding. I would greatly appreciate some help.

The task that @Nettrom linked was about the ServerSideAccountCreation instrument. At the time, @Nettrom verified that the instrument had been fixed.

Fortunately, the instrument is still active so I ran the following via Superset:
SELECT
  SUM(1) AS n,
  SUM(IF(http.client_ip IS NULL, 1, 0)) AS n_null,
  SUM(IF(http.client_ip = '127.0.0.1', 1, 0)) AS n_127_0_0_1,
  SUM(IF(http.client_ip = '127.0.0.1' AND event.isapi, 1, 0)) AS n_127_0_0_1_api
FROM
  event.serversideaccountcreation
WHERE
  year = 2024
  AND month = 6
  AND day < 27
;
and got the following results:
n       n_null  n_127_0_0_1  n_127_0_0_1_api
178919  0       166129       14192
So…

A large number of events (92.85%) are being sent with X-Client-IP set to 127.0.0.1

This isn't limited to interactions with the MediaWiki Action API

Unfortunately, event.serversideaccountcreation data is purged after 90 days so it's difficult to detect when this started occurring

MNeisler subscribed.Thu, Jun 27, 5:53 PM

nettrom_WMF removed a subscriber: Nettrom.Thu, Jun 27, 7:13 PM

Can confirm that this problem has re-emerged in HomepageVisit as well, running the same query that @phuedx
used, but modified to remove the API counts and changed to query event.homepagevisit gives:

n	n_null	n_127_0_0_1
561611	0	518059

That's 92.2% of events having the IP set to 127.0.0.1.

phuedx raised the priority of this task from Medium to Unbreak Now!.Fri, Jun 28, 8:16 AM

One thought I did have was that EventBus's way of determining the client IP is different from other codebases. EventBus fetches the value of the X-Client-IP header directly. This is the only instance of this in all codebases indexed by Codesearch.

@Ottomata: Would you have any objection to changing the line to:

EventBus/includes/EventBus.php

if ( $this->forwardXClientIP ) {
    $req['headers']['x-client-ip'] = RequestContext::getMain()
        ->getRequest()
        ->getIP();
}

+1 looks good to me.

cc @gmodena

Change #1050588 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/deployment-charts@master] Increase the eventgate canary log_level to trace, temporarily

https://gerrit.wikimedia.org/r/1050588

gerritbot added a project: Patch-For-Review.Fri, Jun 28, 11:29 AM

Change #1050588 merged by jenkins-bot:

[operations/deployment-charts@master] Increase the eventgate canary log_level to trace, temporarily

https://gerrit.wikimedia.org/r/1050588

Maintenance_bot removed a project: Patch-For-Review.Fri, Jun 28, 12:30 PM

Change #1050608 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/deployment-charts@master] Revert "Increase the eventgate canary log_level to trace, temporarily"

https://gerrit.wikimedia.org/r/1050608

gerritbot added a project: Patch-For-Review.Fri, Jun 28, 1:33 PM

Change #1050608 merged by jenkins-bot:

[operations/deployment-charts@master] Revert "Increase the eventgate canary log_level to trace, temporarily"

https://gerrit.wikimedia.org/r/1050608

Maintenance_bot removed a project: Patch-For-Review.Fri, Jun 28, 2:30 PM

Change #1050632 had a related patch set uploaded (by Phuedx; author: Phuedx):

[mediawiki/extensions/EventBus@master] Forward info about original request

https://gerrit.wikimedia.org/r/1050632

gerritbot added a project: Patch-For-Review.Fri, Jun 28, 3:01 PM

Change #1050632 merged by jenkins-bot:

[mediawiki/extensions/EventBus@master] Forward info about original request

https://gerrit.wikimedia.org/r/1050632

Maintenance_bot removed a project: Patch-For-Review.Fri, Jun 28, 4:30 PM

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.12; 2024-07-02).Fri, Jun 28, 5:00 PM

client_ip attribute reports only 127.0.0.1 in PHP/API contextOpen, Unbreak Now!PublicBUG REPORTActions

Description

Description

Details

Related Objects

Event Timeline

client_ip attribute reports only 127.0.0.1 in PHP/API context
Open, Unbreak Now!PublicBUG REPORT
Actions