Services residing on the SCB cluster use url-downloader.wikimedia.org as a proxy. However, it should return a 403 code when a URL resolves to one of WMF's IPs. Hence, the services need not to use it when making requests to our domains. The current approach is to provide helper methods in service-template-node that will allow users to make normal requests for the MW and RESTBase APIs, which will be templated and their URIs replaced by the LVS addresses for these entities.
Description
Details
Related Objects
Event Timeline
Change 207454 had a related patch set uploaded (by Mobrovac):
service::node: Add the list of domains for which not to use the proxy
Change 207467 had a related patch set uploaded (by Mobrovac):
Allow the full configuration of domains which shouldn't be proxied
Change 207467 merged by Mobrovac:
Allow the full configuration of domains which shouldn't be proxied
@akosiaris reverted the LVS IP block in https://gerrit.wikimedia.org/r/#/c/207489 until we come up with a proper solution.
Change 207538 had a related patch set uploaded (by Mobrovac):
Revert "Allow the full configuration of domains which shouldn't be proxied"
Change 207538 merged by Mobrovac:
Revert "Allow the full configuration of domains which shouldn't be proxied"
Change 207454 abandoned by Mobrovac:
service::node: Add the list of domains for which not to use the proxy
This is now a blocker (sort-of) for the current work on using DNS for discovery: in fact as soon as I switched the parameter for the restbase url to the discovery one (so restbase.svc.codfw.wmnet to restbase.discovery.wmnet, both resolving to the same IP) cxserver and mobileapps started complaining and investigation showed me the issue were the requests that were being directed to the proxy instead of being direct.
It is interesting to note that other apps behaved correctly instead.
Change 344957 had a related patch set uploaded (by Mobrovac):
[mediawiki/services/cxserver/deploy@master] Config: Add discovery.wmnet to no_proxy_list
Change 344957 merged by Mobrovac:
[mediawiki/services/cxserver/deploy@master] Config: Add discovery.wmnet to no_proxy_list
Change 344958 had a related patch set uploaded (by Mobrovac):
[mediawiki/services/mobileapps/deploy@master] Config: Add discovery.wmnet to no_proxy_list
Change 344958 merged by Mobrovac:
[mediawiki/services/mobileapps/deploy@master] Config: Add discovery.wmnet to no_proxy_list
After switching to Scap3 config deploys only the services that need the proxy to contact outside services use it. The exceptions are graphoid and mobileapps which still have the lists in their configs. I will verify whether they actually need them.
Change 344975 had a related patch set uploaded (by Mobrovac):
[mediawiki/services/mobileapps/deploy@master] Config: Do not use the proxy at all
Change 344975 merged by Mobrovac:
[mediawiki/services/mobileapps/deploy@master] Config: Do not use the proxy at all
Change 344996 had a related patch set uploaded (by Mobrovac):
[operations/puppet@production] service::node: Do not use the proxy by default
Change 344996 merged by Giuseppe Lavagetto:
[operations/puppet@production] service::node: Do not use the proxy by default
All of the services that do not need the proxy, don't use it. Moreover, with the switch to Scap3 config deploys, each service controls if the proxy will be active or not, so I'm declaring this task done (finally).