Page MenuHomePhabricator
Create Task
Maniphest T371592

LdapAuthentication: Disable extension from Wikitech
Closed, ResolvedPublic
Actions

Description

Do not the load the LdapAuthentication extension, as it is not needed any more

What?
Remove the related code in wmf-config/wikitech.php from mediawiki-config

Details

Other Assignee
Ladsgroup
Related Changes in Gerrit:
SubjectRepoBranchLines +/-
wikitech: remove logging configuration for hooksoperations/mediawiki-configmaster+0 -2
wikitech: Stop loading the i18n for LdapAuthentication, no longer usedoperations/mediawiki-configmaster+0 -1
Drop WikitechPrivateSettings.phpoperations/puppetproduction+1 -30
Stop building LdapAuthentication i10noperations/mediawiki-configmaster+0 -1
Drop wikitech.phpoperations/mediawiki-configmaster+0 -637
wikitech: de-wikitech mediawiki-configoperations/mediawiki-configmaster+27 -47
Customize query in gerrit

Related Objects
Search...

Event Timeline

jijiki created this task.Aug 1 2024, 11:16 AM
jijiki added a project: serviceops.Aug 1 2024, 11:28 AM
jijiki added a subscriber: akosiaris.
jijiki added a subtask: T359820: Developer Account Blocking: Migrate the one-stop Developer (un)Blocking from Wikitech to Bitu.Aug 1 2024, 11:59 AM
jijiki removed a subtask: T371593: Developer Account Blocking: Migrate the one-stop Developer (un)Block functionality away from Wikitech.Aug 1 2024, 12:53 PM
jijiki claimed this task.Aug 1 2024, 3:23 PM
jijiki updated Other Assignee, added: Ladsgroup.
SLyngshede-WMF changed the status of subtask T359820: Developer Account Blocking: Migrate the one-stop Developer (un)Blocking from Wikitech to Bitu from Open to In Progress.Aug 5 2024, 11:38 AM
SLyngshede-WMF triaged this task as Medium priority.Aug 5 2024, 2:29 PM
jijiki updated the task description. (Show Details)Aug 5 2024, 2:50 PM
Pppery subscribed.Aug 5 2024, 6:36 PM
Andrew subscribed.Aug 21 2024, 2:10 PM

Will this be moot after the move to k8s, or is this blocking the move to k8s?

bd808 subscribed.Aug 21 2024, 3:29 PM
In T371592#10081520, @Andrew wrote:

Will this be moot after the move to k8s, or is this blocking the move to k8s?

This is blocking the move to k8s since the SREs have decided not to support PHP's ldap library in k8s.

Andrew added a comment.Aug 21 2024, 4:59 PM

Right, but after the sul migration the ldap extension will be dead code, right? Or does it need to be explicitly removed?

bd808 added a comment.Aug 21 2024, 6:17 PM
In T371592#10082373, @Andrew wrote:

Right, but after the sul migration the ldap extension will be dead code, right? Or does it need to be explicitly removed?

This removal from the MediaWiki LocalSettings.php chain used by wikitech is part of the SUL migration. In reality I expect this task is just a required step in the config changes that implement its T371588: wikitech self-auth: Allow wikitech to use its own internal authentication parent. Once MediaWiki-extensions-LdapAuthentication is removed from the config MediaWiki will default to local auth as the default provider in MediaWiki-Core-AuthManager.

Andrew added a comment.Aug 21 2024, 6:53 PM

Yep, that makes sense. I was confused because it popped up in our inbox as though it was an isolated task

akosiaris added a comment.Aug 26 2024, 12:53 PM
In T371592#10081906, @bd808 wrote:
In T371592#10081520, @Andrew wrote:

Will this be moot after the move to k8s, or is this blocking the move to k8s?

This is blocking the move to k8s since the SREs have decided not to support PHP's ldap library in k8s.

I am not sure how this misunderstanding came to be, but I want to point out that it's not the PHP LDAP library that we don't want to support. That was never the case. What we don't want is to regress from the, now improved, situation where no wiki has access to the LDAP servers (there are firewall rules now, ones that did not exist in the legacy infra) to a situation where any wiki can access them due to a single wiki needing to access them (or that we end up creating special rules for wikitech, treating differently to other wiki's we operate in wikikube)

The above is far from the only reason that we have an entire KR this quarter to move wikitech to wikikube, but let me stress again it is not about PHP's LDAP library.

bd808 added a comment.Aug 26 2024, 4:20 PM
In T371592#10091775, @akosiaris wrote:
In T371592#10081906, @bd808 wrote:

This is blocking the move to k8s since the SREs have decided not to support PHP's ldap library in k8s.

I am not sure how this misunderstanding came to be

4+ years of resistance by SRE to moving Wikitech off of the labscloudweb servers with vague concerns about LDAP being the most repeated concrete explanation are what informed my sense making. The information that today the concern is LDAP connectivity in general rather than the PHP extension in particular seems to be a distinction without difference from my point of view.

gerritbot added a comment.Aug 29 2024, 2:27 PM

Change #1059339 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/mediawiki-config@master] (DNM WIP) wikitech: de-wikitech mediawiki-config

https://gerrit.wikimedia.org/r/1059339

gerritbot added a project: Patch-For-Review.Aug 29 2024, 2:27 PM
jijiki added a parent task: T371374: mediawiki-config: consolidate labswiki.Aug 29 2024, 3:32 PM
Bugreporter mentioned this in T376097: Archive the LdapAuthentication extension.Oct 1 2024, 2:39 AM
Bugreporter added a parent task: T376097: Archive the LdapAuthentication extension.
gerritbot added a comment.Oct 1 2024, 10:41 AM

Change #1059339 merged by jenkins-bot:

[operations/mediawiki-config@master] wikitech: de-wikitech mediawiki-config

https://gerrit.wikimedia.org/r/1059339

Stashbot mentioned this in T371537: MVP: Privately serve wikitech via mwdebug1001.Oct 1 2024, 10:41 AM
Stashbot mentioned this in T371374: mediawiki-config: consolidate labswiki.
Stashbot mentioned this in T371359: Migrate Wikitech's Jobqueue.

Mentioned in SAL (#wikimedia-operations) [2024-10-01T10:41:56Z] <jiji@deploy2002> Started scap sync-world: Backport for [[gerrit:1059339|wikitech: de-wikitech mediawiki-config (T371537 T371592 T371374 T371359)]]

Stashbot added a comment.Oct 1 2024, 10:44 AM

Mentioned in SAL (#wikimedia-operations) [2024-10-01T10:44:23Z] <jiji@deploy2002> jiji: Backport for [[gerrit:1059339|wikitech: de-wikitech mediawiki-config (T371537 T371592 T371374 T371359)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Oct 1 2024, 10:52 AM

Mentioned in SAL (#wikimedia-operations) [2024-10-01T10:52:52Z] <jiji@deploy2002> Started scap sync-world: Backport for [[gerrit:1059339|wikitech: de-wikitech mediawiki-config (T371537 T371592 T371374 T371359)]]

Stashbot added a comment.Oct 1 2024, 10:55 AM

Mentioned in SAL (#wikimedia-operations) [2024-10-01T10:55:17Z] <jiji@deploy2002> jiji: Backport for [[gerrit:1059339|wikitech: de-wikitech mediawiki-config (T371537 T371592 T371374 T371359)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Oct 1 2024, 11:01 AM

Mentioned in SAL (#wikimedia-operations) [2024-10-01T11:01:16Z] <jiji@deploy2002> Finished scap sync-world: Backport for [[gerrit:1059339|wikitech: de-wikitech mediawiki-config (T371537 T371592 T371374 T371359)]] (duration: 08m 23s)

gerritbot added a comment.Oct 1 2024, 11:23 AM

Change #1076995 had a related patch set uploaded (by Ladsgroup; author: Amir Sarabadani):

[operations/mediawiki-config@master] Drop wikitech.php

https://gerrit.wikimedia.org/r/1076995

gerritbot added a comment.Oct 1 2024, 11:41 AM

Change #1076995 merged by jenkins-bot:

[operations/mediawiki-config@master] Drop wikitech.php

https://gerrit.wikimedia.org/r/1076995

Stashbot added a comment.Oct 1 2024, 11:42 AM

Mentioned in SAL (#wikimedia-operations) [2024-10-01T11:42:14Z] <ladsgroup@deploy2002> Started scap sync-world: Backport for [[gerrit:1076995|Drop wikitech.php (T371592 T371374)]]

Stashbot added a comment.Oct 1 2024, 11:44 AM

Mentioned in SAL (#wikimedia-operations) [2024-10-01T11:44:24Z] <ladsgroup@deploy2002> ladsgroup: Backport for [[gerrit:1076995|Drop wikitech.php (T371592 T371374)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Oct 1 2024, 11:49 AM

Mentioned in SAL (#wikimedia-operations) [2024-10-01T11:49:47Z] <ladsgroup@deploy2002> Finished scap sync-world: Backport for [[gerrit:1076995|Drop wikitech.php (T371592 T371374)]] (duration: 07m 32s)

Maintenance_bot removed a project: Patch-For-Review.Oct 1 2024, 12:31 PM
jijiki closed this task as Resolved.Oct 1 2024, 12:43 PM

LDAP extension has been removed.

Pppery added a parent task: T106123: Extensions needing to be removed from Wikimedia wikis.Oct 1 2024, 4:34 PM
gerritbot added a comment.Oct 2 2024, 10:43 AM

Change #1077345 had a related patch set uploaded (by Zabe; author: Zabe):

[operations/puppet@production] Drop WikitechPrivateSettings.php

https://gerrit.wikimedia.org/r/1077345

gerritbot added a project: Patch-For-Review.Oct 2 2024, 10:43 AM
Ladsgroup added a comment.Oct 3 2024, 12:49 PM

This probably needs a ticket to undeploy the extension altogether from our production. See T253216#9441964

Probably need to archive the extension too, which T354997: Archive the Listings extension could be used as example.

Pppery added a comment.Oct 3 2024, 4:31 PM

T376097: Archive the LdapAuthentication extension was already created.

gerritbot added a comment.Oct 6 2024, 8:12 PM

Change #1078105 had a related patch set uploaded (by Jforrester; author: Jforrester):

[operations/mediawiki-config@master] wikitech: Stop loading the i18n for LdapAuthentication, no longer used

https://gerrit.wikimedia.org/r/1078105

CodeReviewBot added a comment.Oct 6 2024, 8:14 PM

jforrester opened https://gitlab.wikimedia.org/repos/releng/release/-/merge_requests/120

make-release: Stop branching LdapAuthentication for production

Jdforrester-WMF subscribed.Oct 6 2024, 8:16 PM
In T371592#10191571, @jijiki wrote:

LDAP extension has been removed.

Only partially.

Remaining steps:

Jdforrester-WMF mentioned this in T376579: Drop items we had in production/etc. for wikitech, like LdapAuthentication.Oct 6 2024, 8:17 PM
Jdforrester-WMF added a parent task: T376579: Drop items we had in production/etc. for wikitech, like LdapAuthentication.Oct 6 2024, 8:21 PM
SLyngshede-WMF closed subtask T359820: Developer Account Blocking: Migrate the one-stop Developer (un)Blocking from Wikitech to Bitu as Resolved.Oct 7 2024, 9:26 AM
gerritbot added a comment.Oct 26 2024, 11:43 AM

Change #1083305 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/mediawiki-config@master] Stop building LdapAuthentication i10n

https://gerrit.wikimedia.org/r/1083305

gerritbot added a comment.Oct 31 2024, 3:55 PM

Change #1083305 abandoned by Majavah:

[operations/mediawiki-config@master] Stop building LdapAuthentication i10n

https://gerrit.wikimedia.org/r/1083305

gerritbot added a comment.Nov 16 2024, 10:21 AM

Change #1077345 abandoned by Zabe:

[operations/puppet@production] Drop WikitechPrivateSettings.php

Reason:

Removed in https://gerrit.wikimedia.org/r/c/operations/puppet/+/1081968

https://gerrit.wikimedia.org/r/1077345

CodeReviewBot added a comment.Nov 24 2024, 7:35 PM

reedy merged https://gitlab.wikimedia.org/repos/releng/release/-/merge_requests/120

make-release: Stop branching LdapAuthentication for production

gerritbot added a comment.Nov 26 2024, 12:37 AM

Change #1078105 merged by jenkins-bot:

[operations/mediawiki-config@master] wikitech: Stop loading the i18n for LdapAuthentication, no longer used

https://gerrit.wikimedia.org/r/1078105

Maintenance_bot removed a project: Patch-For-Review.Nov 26 2024, 1:31 AM
Andrew reopened subtask T359820: Developer Account Blocking: Migrate the one-stop Developer (un)Blocking from Wikitech to Bitu as Open.Dec 16 2024, 7:14 PM
Andrew closed subtask T359820: Developer Account Blocking: Migrate the one-stop Developer (un)Blocking from Wikitech to Bitu as Resolved.Dec 17 2024, 1:12 PM
gerritbot added a comment.Jun 20 2025, 8:40 AM

Change #1161871 had a related patch set uploaded (by Hashar; author: Hashar):

[operations/mediawiki-config@master] wikitech: remove logging configuration for hooks

https://gerrit.wikimedia.org/r/1161871

gerritbot added a project: Patch-For-Review.Jun 20 2025, 8:40 AM
gerritbot added a comment.Jun 24 2025, 11:00 AM

Change #1161871 merged by jenkins-bot:

[operations/mediawiki-config@master] wikitech: remove logging configuration for hooks

https://gerrit.wikimedia.org/r/1161871

Stashbot added a comment.Jun 24 2025, 11:00 AM

Mentioned in SAL (#wikimedia-operations) [2025-06-24T11:00:52Z] <ladsgroup@deploy1003> Started scap sync-world: Backport for [[gerrit:1161871|wikitech: remove logging configuration for hooks (T371592 T371374)]], [[gerrit:1163312|Specify caller for query builder in GlobalJsonLinks]]

Stashbot added a comment.Jun 24 2025, 11:03 AM

Mentioned in SAL (#wikimedia-operations) [2025-06-24T11:03:04Z] <ladsgroup@deploy1003> ladsgroup, hashar: Backport for [[gerrit:1161871|wikitech: remove logging configuration for hooks (T371592 T371374)]], [[gerrit:1163312|Specify caller for query builder in GlobalJsonLinks]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.

Stashbot added a comment.Jun 24 2025, 11:10 AM

Mentioned in SAL (#wikimedia-operations) [2025-06-24T11:10:54Z] <ladsgroup@deploy1003> Finished scap sync-world: Backport for [[gerrit:1161871|wikitech: remove logging configuration for hooks (T371592 T371374)]], [[gerrit:1163312|Specify caller for query builder in GlobalJsonLinks]] (duration: 10m 01s)

Maintenance_bot removed a project: Patch-For-Review.Jun 24 2025, 11:31 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits