Page MenuHomePhabricator
Create Task
Maniphest T76784

Make logstash in beta public
Closed, ResolvedPublic
Actions

Description

I'd like to remove the username/password protection from beta's logstash server (or make them trivially findable) so that users who experience failures in beta can try to debug the failure a bit themselves. Ideally we would even add a link from fatal pages served in beta directly to logstash.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
beta: Disable authentication for Kibanaoperations/puppetproduction+1 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 created this task.Dec 4 2014, 9:50 PM
bd808 raised the priority of this task from to Needs Triage.
bd808 updated the task description. (Show Details)
bd808 added projects: Beta-Cluster-Infrastructure, Release-Engineering-Team.
bd808 changed Security from none to None.
bd808 added a project: Wikimedia-Logstash.
bd808 added a subscriber: greg.
bd808 subscribed.

This change would need @greg's approval. I think we decided on IRC one day that there really aren't any secrets in beta's logs but having that "in writing" here would be good.

greg added a comment.Dec 8 2014, 7:26 PM

Reasoning to do it:

  • The ToS for wmflabs is written in a way that is less stringent than production wmf sites to allow "random" users to host tools that are accessed by users
  • The data that is included is not related to production username/passwords (any person who reuses their password on wmflabs is doing themselves a diservice, either for Beta Cluster or for any other tool)
  • It does log IP addresses, but these are probably fine given the labs ToS
coren subscribed.Dec 10 2014, 3:51 PM

Please remember to add the disclaimer from the Labs Terms of Use in a very conspicuous location.

greg triaged this task as Medium priority.Jan 6 2015, 12:01 AM
greg moved this task from To Triage to Next: Feature on the Beta-Cluster-Infrastructure board.
bd808 added a comment.Aug 7 2015, 11:47 PM
In T76784#837010, @coren wrote:

Please remember to add the disclaimer from the Labs Terms of Use in a very conspicuous location.

Logstash and kibana in and of themselves don't collect any information at all, they just make the information collected in the beta cluster wikis visible for debugging.

Restricted Application added a subscriber: Luke081515. · View Herald TranscriptAug 7 2015, 11:47 PM
bd808 added a comment.Aug 7 2015, 11:50 PM

@greg What do you think, can we flip this switch? I have all the bits in puppet now (at least in proposed patches) to let me change the vhost easily to no longer require auth.

bd808 mentioned this in T63754: Find a better auth mechanism for logstash in labs.Aug 7 2015, 11:55 PM
greg added a comment.EditedAug 8 2015, 12:07 AM
In T76784#1520273, @bd808 wrote:

@greg What do you think, can we flip this switch? I have all the bits in puppet now (at least in proposed patches) to let me change the vhost easily to no longer require auth.

Do it.

bd808 claimed this task.Aug 8 2015, 12:08 AM
bd808 added a project: User-bd808.
greg moved this task from INBOX to Externally Blocked / Watching on the Release-Engineering-Team board.Aug 11 2015, 3:47 PM
gerritbot subscribed.Aug 12 2015, 10:04 PM

Change 231179 had a related patch set uploaded (by BryanDavis):
beta: Disable authentication for Kibana

https://gerrit.wikimedia.org/r/231179

gerritbot added a project: Patch-For-Review.Aug 12 2015, 10:04 PM
bd808 moved this task from To Do to Done on the User-bd808 board.Aug 18 2015, 4:24 PM
bd808 moved this task from Done to Needs Review/Feedback on the User-bd808 board.
gerritbot added a comment.Aug 20 2015, 4:15 PM

Change 231179 merged by Giuseppe Lavagetto:
beta: Disable authentication for Kibana

https://gerrit.wikimedia.org/r/231179

Joe mentioned this in rOPUP97aeb36f6e04: beta: Disable authentication for Kibana.Aug 20 2015, 4:15 PM
Nemo_bis subscribed.Aug 20 2015, 6:52 PM
bd808 closed this task as Resolved.Aug 20 2015, 8:22 PM
bd808 moved this task from Needs Review/Feedback to Done on the User-bd808 board.
Luke081515 moved this task from Next: Feature to Done on the Beta-Cluster-Infrastructure board.Sep 7 2015, 3:13 PM
greg moved this task from Externally Blocked / Watching to Done on the Release-Engineering-Team board.Sep 8 2015, 8:42 PM
bd808 moved this task from Done to Archive on the User-bd808 board.Nov 4 2015, 4:41 AM
Sau226 subscribed.Sep 13 2017, 1:20 PM
Tgr subscribed.Mar 12 2018, 11:03 PM

This was reverted following discussion in {T161051}.

fgiunchedi added a project: observability.Aug 19 2019, 2:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits