Page MenuHomePhabricator

Eevans (Eric Evans)
Senior Software Engineer

Projects (13)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Feb 27 2015, 10:47 PM (228 w, 3 d)
Availability
Available
IRC Nick
urandom
LDAP User
Eevans
MediaWiki User
Unknown

Recent Activity

Yesterday

Eevans closed T222960: Fix restbase1017's physical rack, a subtask of T208087: Replace remaining Samsung SSDs, as Resolved.
Mon, Jul 15, 6:49 PM · Core Platform Team Workboards (Team 2), Patch-For-Review, Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra
Eevans closed T222960: Fix restbase1017's physical rack as Resolved.

All instances bootstrapped, and cleanups in corresponding rack are complete; Closing

Mon, Jul 15, 6:49 PM · Patch-For-Review, serviceops, Core Platform Team Workboards (Team 2), Operations, Services (doing), Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra
Eevans added a comment to T220246: Management of Cassandra schema and keyspace/table configuration.

First of all I've a some questions due to my lack of knowledge of Cassandra specifics:

  • Is there any configuration that could require a code change in the application? Can those be changed at will without any coordination with the application?
Mon, Jul 15, 2:53 PM · serviceops-radar, Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)

Fri, Jul 12

Eevans updated the task description for T226553: Install Cassandra table properties Debian package on Cassandra hosts.
Fri, Jul 12, 7:23 PM · Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans renamed T226554: Document table_properties work flow from Documentation for table_properties work flow to Document table_properties work flow.
Fri, Jul 12, 6:05 PM · Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans updated the task description for T226555: Bootstrap initial Cassandra table properties configuration in Puppet.
Fri, Jul 12, 5:58 PM · serviceops-radar, Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans updated the task description for T226551: Package table_properties utility for Debian.
Fri, Jul 12, 5:54 PM · serviceops, Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans updated the task description for T226556: Relocate MVP table_properties util repo from Github to Gerrit.
Fri, Jul 12, 5:52 PM · Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans updated the task description for T226557: Integrate table_properties utility's tests into CI .
Fri, Jul 12, 5:46 PM · Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans added a comment to T227776: Generalize ParserCache, create a service for storing data derived from a page's current content.

Kask,[1] accessed via RESTBagOStuff?

Probably not Kask, but perhaps something similar, or a derivative or successor of Kask.

Fri, Jul 12, 3:23 PM · Core Platform Team, TechCom, User-Daniel, Proposal
Eevans reopened T226554: Document table_properties work flow, a subtask of T220246: Management of Cassandra schema and keyspace/table configuration, as Open.
Fri, Jul 12, 2:46 PM · serviceops-radar, Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans reopened T226554: Document table_properties work flow as "Open".

Do you have a link to the documentation? What is the likelihood that any documentation written now may change after going through code-review, and should we leave this open until then?

Fri, Jul 12, 2:46 PM · Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans reopened T226557: Integrate table_properties utility's tests into CI , a subtask of T226556: Relocate MVP table_properties util repo from Github to Gerrit, as Open.
Fri, Jul 12, 2:41 PM · Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans reopened T226557: Integrate table_properties utility's tests into CI as "Open".

This can't be done, it's dependent on moving the project to Gerrit.

Fri, Jul 12, 2:41 PM · Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans added a comment to T222960: Fix restbase1017's physical rack.

Current snafu: None of data volumes are mounted (entries are missing from fstab). @fgiunchedi I seem to (vaguely) remember this as a thing, was the solution to add them manually?

Fri, Jul 12, 1:48 AM · Patch-For-Review, serviceops, Core Platform Team Workboards (Team 2), Operations, Services (doing), Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra

Thu, Jul 11

Eevans closed T208087: Replace remaining Samsung SSDs, a subtask of T197477: RESTBase storage capacity planning, as Resolved.
Thu, Jul 11, 1:17 PM · Core Platform Team Backlog (Designing), Services (designing), RESTBase, User-Eevans, Cassandra
Eevans closed T208087: Replace remaining Samsung SSDs as Resolved.
Thu, Jul 11, 1:17 PM · Core Platform Team Workboards (Team 2), Patch-For-Review, Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra
Eevans closed T197477: RESTBase storage capacity planning as Resolved.

I guess it was left open because it has sub-tickets still open (of which T222960: Fix restbase1017's physical rack is still unresolved).

Thu, Jul 11, 1:16 PM · Core Platform Team Backlog (Designing), Services (designing), RESTBase, User-Eevans, Cassandra

Wed, Jul 10

Eevans edited projects for T127472: Investigate reducing impact of single-node Cassandra latencies, added: Core Platform Team (Cassandra Operational ); removed Core Platform Team Backlog (Later), Services (later).
Wed, Jul 10, 10:37 PM · Core Platform Team (Cassandra Operational ), User-Eevans, Cassandra, RESTBase-Cassandra
Eevans edited projects for T94329: secure Cassandra/RESTBase cluster, added: Core Platform Team (Cassandra Operational ); removed Core Platform Team Backlog (Later).
Wed, Jul 10, 10:36 PM · Core Platform Team (Cassandra Operational ), Cassandra, Operations, RESTBase-Cassandra, RESTBase
Eevans edited projects for T92471: enable authenticated access to Cassandra JMX, added: Core Platform Team (Cassandra Operational ); removed Core Platform Team Backlog (Later), Services (next).
Wed, Jul 10, 10:35 PM · Core Platform Team (Cassandra Operational ), User-Eevans, Cassandra, Operations, Patch-For-Review
Eevans edited projects for T132632: puppetize turning off reserved space for cassandra /srv, added: Core Platform Team (Cassandra Operational ); removed Core Platform Team Backlog (Later).
Wed, Jul 10, 10:34 PM · Core Platform Team (Cassandra Operational ), User-Eevans, Operations, Cassandra
Eevans edited projects for T226989: Document the session storage service, added: Core Platform Team Workboards (Team 2); removed Core Platform Team Backlog (Next).
Wed, Jul 10, 10:32 PM · Core Platform Team Workboards (Team 2), Documentation, Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, User-Eevans
Eevans updated the task description for T220246: Management of Cassandra schema and keyspace/table configuration.
Wed, Jul 10, 9:31 PM · serviceops-radar, Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans added a comment to T220246: Management of Cassandra schema and keyspace/table configuration.

The task description has been updated with information on a working prototype created by @holger.knust. We'd be very curious to hear any feedback about the general approach (including the workflow it's meant to empower), particular from folks in SRE (@Joe are you still monitoring this ticket? :))

Wed, Jul 10, 9:28 PM · serviceops-radar, Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans updated the task description for T220246: Management of Cassandra schema and keyspace/table configuration.
Wed, Jul 10, 9:19 PM · serviceops-radar, Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans updated the task description for T220246: Management of Cassandra schema and keyspace/table configuration.
Wed, Jul 10, 9:00 PM · serviceops-radar, Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans triaged T219526: Make RESTBagOStuff::add() atomic as Normal priority.
Wed, Jul 10, 6:53 PM · Core Platform Team
Eevans moved T219526: Make RESTBagOStuff::add() atomic from Inbox to Icebox on the Core Platform Team board.
Wed, Jul 10, 6:52 PM · Core Platform Team
Eevans edited projects for T219526: Make RESTBagOStuff::add() atomic, added: Core Platform Team; removed Core Platform Team Backlog (Attic), User-Clarakosi, User-Eevans.
Wed, Jul 10, 6:52 PM · Core Platform Team
Eevans edited projects for T134461: Evaluate increased memtable_cleanup_threshold values, added: Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Clinic Duty Team); removed Core Platform Team Backlog (Attic), Services (attic).
Wed, Jul 10, 6:51 PM · Core Platform Team Workboards (Clinic Duty Team), Core Platform Team (Cassandra Operational ), User-Eevans, Cassandra
Eevans moved T144431: RESTBase k-r-v as Cassandra anti-pattern from Inbox to Icebox on the Core Platform Team board.
Wed, Jul 10, 6:48 PM · Core Platform Team, Operations, Cassandra, RESTBase
Eevans edited projects for T144431: RESTBase k-r-v as Cassandra anti-pattern, added: Core Platform Team; removed Core Platform Team Backlog (Attic), Services (attic).
Wed, Jul 10, 6:48 PM · Core Platform Team, Operations, Cassandra, RESTBase
Eevans added a comment to T222960: Fix restbase1017's physical rack.

Any word on when we'll be imaging this machine?

Wed, Jul 10, 2:04 PM · Patch-For-Review, serviceops, Core Platform Team Workboards (Team 2), Operations, Services (doing), Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra

Tue, Jul 9

Eevans added a comment to T222960: Fix restbase1017's physical rack.

@Eevans We did a test run for an install and the server was able to reach the installer without an issue. I did see on IRC something about stretch. I will leave that up to you if you like and the server can be installed whenever you need it.

Tue, Jul 9, 10:09 PM · Patch-For-Review, serviceops, Core Platform Team Workboards (Team 2), Operations, Services (doing), Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra
Eevans added a comment to T222960: Fix restbase1017's physical rack.

restbase1017 is shown as down in Icinga and has no downtime or comment . would be appreciated if you can schedule downtimes for planned maintenance. thanks
https://icinga.wikimedia.org/cgi-bin/icinga/status.cgi?host=all&style=hostdetail&hoststatustypes=4&hostprops=2097162

Tue, Jul 9, 10:03 PM · Patch-For-Review, serviceops, Core Platform Team Workboards (Team 2), Operations, Services (doing), Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra

Mon, Jul 8

Eevans closed T209389: rack/setup/install sessionstore200[123].codfw.wmnet as Resolved.
Mon, Jul 8, 11:38 PM · Services (watching), Core Platform Team Backlog (Watching / External), Operations, Core Platform Team (Session Management Service (CDP2))
Eevans updated the task description for T209389: rack/setup/install sessionstore200[123].codfw.wmnet.
Mon, Jul 8, 11:38 PM · Services (watching), Core Platform Team Backlog (Watching / External), Operations, Core Platform Team (Session Management Service (CDP2))
Eevans updated the task description for T227514: k8s liveness check(?) generating session storage log noise.
Mon, Jul 8, 6:39 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2)), serviceops
Eevans added a comment to T209110: Logging for the session storage service.

[ ... ]
Also, there are some exceptional situations where the Go http module (and perhaps gocql) as well do their own unstructured logging to stdout (and/or stderr?). I don't believe there are any situations were these errors modes wouldn't be handled (and logged) appropriately, but we should probably make sure this output doesn't cause harm elsewhere.

Mon, Jul 8, 6:38 PM · Patch-For-Review, User-Clarakosi, Core Platform Team Backlog (Next), Core Platform Team (Session Management Service (CDP2)), User-Eevans
Eevans triaged T227514: k8s liveness check(?) generating session storage log noise as Normal priority.
Mon, Jul 8, 6:37 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2)), serviceops
Eevans created T227514: k8s liveness check(?) generating session storage log noise.
Mon, Jul 8, 6:36 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2)), serviceops
Eevans added a comment to T227492: Problems deploying sessionstore service (staging) to k8s.

After several failed experiments (editing /srv/scap-helm/sessionstore/sessionstore-staging-values.yaml and upgrading), I restored the original configuration (that was previously not working), and it now works.

Mon, Jul 8, 6:21 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2)), serviceops
Eevans added a comment to T222960: Fix restbase1017's physical rack.

All 3 Cassandra instances are decommissioned; We are ready to begin

Mon, Jul 8, 6:18 PM · Patch-For-Review, serviceops, Core Platform Team Workboards (Team 2), Operations, Services (doing), Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra
Eevans renamed T227492: Problems deploying sessionstore service (staging) to k8s from Problems deploying sessionstore services (staging) to k8s to Problems deploying sessionstore service (staging) to k8s.
Mon, Jul 8, 3:27 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2)), serviceops
Eevans updated the task description for T227492: Problems deploying sessionstore service (staging) to k8s.
Mon, Jul 8, 3:27 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2)), serviceops
Eevans triaged T227492: Problems deploying sessionstore service (staging) to k8s as Normal priority.
Mon, Jul 8, 3:23 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2)), serviceops
Eevans created T227492: Problems deploying sessionstore service (staging) to k8s.
Mon, Jul 8, 3:22 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2)), serviceops

Fri, Jul 5

Eevans renamed T226551: Package table_properties utility for Debian from table_properties utility should be package for Debian to Package table_properties utility for Debian.
Fri, Jul 5, 9:53 PM · serviceops, Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans updated the task description for T198787: Revisit default settings for c-foreach-restart.
Fri, Jul 5, 9:28 PM · Core Platform Team Workboards (Team 2), Services (done), User-Eevans, Cassandra, Operations
Eevans awarded T198787: Revisit default settings for c-foreach-restart a Heartbreak token.
Fri, Jul 5, 9:25 PM · Core Platform Team Workboards (Team 2), Services (done), User-Eevans, Cassandra, Operations
Eevans added a comment to T198787: Revisit default settings for c-foreach-restart.

@Eevans Can we close this?

Fri, Jul 5, 9:25 PM · Core Platform Team Workboards (Team 2), Services (done), User-Eevans, Cassandra, Operations
Eevans updated the task description for T178839: New upstream jvm-tools.
Fri, Jul 5, 9:11 PM · Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, User-fgiunchedi, Operations
Eevans added a comment to T178839: New upstream jvm-tools.

@Eevans Do want to move this along or has it stalled?

Fri, Jul 5, 9:09 PM · Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, User-fgiunchedi, Operations
Eevans closed T209393: rack/setup/install sessionstore100[123].eqiad.wmnet as Resolved.

@Eevans Is this closable?

Fri, Jul 5, 9:06 PM · Core Platform Team Workboards (Team 2), Operations, Core Platform Team (Session Management Service (CDP2)), User-Eevans
Eevans updated the task description for T226557: Integrate table_properties utility's tests into CI .
Fri, Jul 5, 3:13 PM · Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans renamed T226556: Relocate MVP table_properties util repo from Github to Gerrit from Replicate table_properties util repo from Github to Gerrit to Relocate MVP table_properties util repo from Github to Gerrit.
Fri, Jul 5, 3:11 PM · Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans

Wed, Jul 3

Eevans added a comment to T222960: Fix restbase1017's physical rack.

From IRC, 2019-07-03T16:57:04-05:00:

Wed, Jul 3, 9:58 PM · Patch-For-Review, serviceops, Core Platform Team Workboards (Team 2), Operations, Services (doing), Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra
Eevans closed T226988: Add/report build meta data as Resolved.

This is now complete, and Kask v1.0.0 has been release.

Wed, Jul 3, 9:47 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans closed T226988: Add/report build meta data, a subtask of T206016: Create a service for session storage, as Resolved.
Wed, Jul 3, 9:47 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans committed rMSKS3228c40e6ca8: Typo'd string literal (s/build_data/build_date/) (authored by Eevans).
Typo'd string literal (s/build_data/build_date/)
Wed, Jul 3, 7:49 PM

Tue, Jul 2

Eevans committed rMSKSad39168fb6f7: Treat Git tag as the canonical version (authored by Eevans).
Treat Git tag as the canonical version
Tue, Jul 2, 11:55 PM
Eevans committed rMSKS743ea9fd811b: rename `kask_build_information` -> `kask_build_info` (authored by Eevans).
rename `kask_build_information` -> `kask_build_info`
Tue, Jul 2, 7:03 PM
Eevans added a comment to T226988: Add/report build meta data.
build output
eevans@hermes:~/dev/src/git/go-kask(versioning)$ devscripts/docker_run make clean test functional-test
rm -f kask
GOPATH=/usr/share/gocode go build -ldflags "-X main.version=1.0.0 -X main.gitTag=v1.0.0-3-gab83187 -X main.buildDate=2019-07-02T15:33:29+00:00 -X main.buildHost=e0cdaa8cc607" kask.go config.go http.go logging.go storage.go
Tue, Jul 2, 3:34 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans added a comment to T226988: Add/report build meta data.
log output
eevans@hermes:~/dev/src/git/go-kask(versioning)$ devscripts/docker_run ./kask --config config.yaml.test | aeson-pretty 
{
    "time": "2019-07-02T15:29:15Z",
    "appname": "kask",
    "msg": "Initializing Kask 1.0.0 (Git: v1.0.0-3-gc2dcf59, Go version: go1.7.4, Build host: aea19cb0dd4c, Timestamp: 2019-07-02T15:25:51+00:00)...",
    "level": "INFO"
}
{
    "time": "2019-07-02T15:29:15Z",
    "appname": "kask",
    "msg": "Starting service as http://172.17.0.3:8080/v1/",
    "level": "INFO"
}
Tue, Jul 2, 3:33 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans committed rMSKSab8318740c1a: Report build meta data (authored by Eevans).
Report build meta data
Tue, Jul 2, 3:28 PM
Eevans committed rMSKSc2dcf59c7287: Report build meta data (authored by Eevans).
Report build meta data
Tue, Jul 2, 3:26 PM

Mon, Jul 1

Eevans updated the task description for T226988: Add/report build meta data.
Mon, Jul 1, 4:39 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans created T226989: Document the session storage service.
Mon, Jul 1, 12:54 PM · Core Platform Team Workboards (Team 2), Documentation, Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, User-Eevans
Eevans renamed T209098: Document Kask from Document the session storage service to Document Kask.
Mon, Jul 1, 12:51 PM · Documentation, Core Platform Team Workboards (Team 2), User-Clarakosi, Core Platform Team (Session Management Service (CDP2)), User-Eevans
Eevans updated the task description for T226988: Add/report build meta data.
Mon, Jul 1, 12:50 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
akosiaris awarded T226988: Add/report build meta data a Like token.
Mon, Jul 1, 12:50 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans triaged T226988: Add/report build meta data as Normal priority.
Mon, Jul 1, 12:50 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans created T226988: Add/report build meta data.
Mon, Jul 1, 12:48 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans

Fri, Jun 28

Eevans renamed T220246: Management of Cassandra schema and keyspace/table configuration from Session storage service Cassandra schema to Management of Cassandra schema and keyspace/table configuration.
Fri, Jun 28, 6:02 PM · serviceops-radar, Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans removed a parent task for T220246: Management of Cassandra schema and keyspace/table configuration: T206016: Create a service for session storage.
Fri, Jun 28, 6:01 PM · serviceops-radar, Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans removed a subtask for T206016: Create a service for session storage: T220246: Management of Cassandra schema and keyspace/table configuration.
Fri, Jun 28, 6:01 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans added a comment to T222960: Fix restbase1017's physical rack.

@Eevans Do you still want to move this server? Let's coordinate a day/time

Fri, Jun 28, 3:37 PM · Patch-For-Review, serviceops, Core Platform Team Workboards (Team 2), Operations, Services (doing), Core Platform Team (Security, stability, performance and scalability (TEC1)), User-Eevans, Cassandra
Eevans added a comment to T222099: Staging release of RESTBagOStuff using Kask.

[ ... ]
Note: during the transition, testwiki will still be using a TTL ($wgObjectCacheSessionExpiry) value of 3600. The Kask TTL setting must therefore be at least 3600 seconds. If the Kask setting is longer, the transition will still be okay. But we will do more writes to Kask than we would with a longer settings, because MediaWiki will think the sessions need to be rewritten.

I will work on getting the sessionstore cluster reconfigured for a TTL of 3600 (currently set to 86400).

Fri, Jun 28, 3:07 PM · Patch-For-Review, Core Platform Team Workboards (Team 2), User-Clarakosi, Core Platform Team (Session Management Service (CDP2)), User-Eevans
Eevans added a comment to T221986: Security Review of RESTBagOStuff.

If we just consider the session ID, I can see these potential things that a villain could do by carefully crafting a session ID value:

  • Kask to Cassandra (CQL, mostly?)
    • retrieve data that's not authorized

If an attacker could utilize the session ID of another, then they'd be able to to do anything the owner of the session would, there is no defense against this other than keeping other user's session a secret.

Again, I don't know CQL, but I was thinking about code that crafts SQL queries like

sprintf("SELECT * FROM session WHERE id = '%s'", id)

...so that an injected ID string like "IGNORED' OR 'constant' = 'constant" will generate "SELECT * FROM session WHERE id = 'IGNORED' OR 'constant' = 'constant'" which should get all rows in the table.

Fri, Jun 28, 2:10 PM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2))
Eevans added a comment to T222099: Staging release of RESTBagOStuff using Kask.

[ ... ]
Note: during the transition, testwiki will still be using a TTL ($wgObjectCacheSessionExpiry) value of 3600. The Kask TTL setting must therefore be at least 3600 seconds. If the Kask setting is longer, the transition will still be okay. But we will do more writes to Kask than we would with a longer settings, because MediaWiki will think the sessions need to be rewritten.

Fri, Jun 28, 1:36 PM · Patch-For-Review, Core Platform Team Workboards (Team 2), User-Clarakosi, Core Platform Team (Session Management Service (CDP2)), User-Eevans
Eevans committed rMSKSe250c88f3eec: Return correct `Content-Type` for /openapi endpoint (authored by Eevans).
Return correct `Content-Type` for /openapi endpoint
Fri, Jun 28, 1:22 PM
Eevans committed rMSKSce879a266a0b: Return correct `Content-Type` for /openapi endpoint (authored by Eevans).
Return correct `Content-Type` for /openapi endpoint
Fri, Jun 28, 3:54 AM

Thu, Jun 27

Eevans closed T226666: RESTBagOStuff client error handling as Resolved.

Currently, if decoding fails, RESTBagOStuff will simply log the error without any extended information. This would include only:

  • a message describing the operation that was being attempted (ex. "Failed to store XXXX")
  • the HTTP error code (ex. 500)
  • the HTTP response string (ex. "Internal Server Error")

So we would have a record of the error,. But if the body contained error information beyond the HTTP code/string, that information would be lost. In the example from the task description, we would not lose anything.
Are there cases where the body will contain useful text/plain information beyond the HTTP response string?

Thu, Jun 27, 2:52 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans closed T226666: RESTBagOStuff client error handling, a subtask of T206016: Create a service for session storage, as Resolved.
Thu, Jun 27, 2:52 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans

Wed, Jun 26

Eevans reassigned T226666: RESTBagOStuff client error handling from Eevans to BPirkle.
Wed, Jun 26, 8:36 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans triaged T226666: RESTBagOStuff client error handling as Normal priority.
Wed, Jun 26, 8:35 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans created T226666: RESTBagOStuff client error handling.
Wed, Jun 26, 8:35 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans renamed T226553: Install Cassandra table properties Debian package on Cassandra hosts from table_properties Puppet install config to Install Cassandra table properties Debian package on Cassandra hosts.
Wed, Jun 26, 8:23 PM · Core Platform Team (Cassandra Operational ), Core Platform Team Workboards (Team 2)
Eevans renamed T226555: Bootstrap initial Cassandra table properties configuration in Puppet from Enable initial configuration of Cassandra instances via Puppet to Bootstrap initial Cassandra table properties configuration in Puppet.
Wed, Jun 26, 8:09 PM · serviceops-radar, Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans added a comment to T221986: Security Review of RESTBagOStuff.

Responding (in-line) to those items I'm familiar with...

Wed, Jun 26, 12:50 AM · Core Platform Team Workboards (Team 2), Core Platform Team (Session Management Service (CDP2))

Tue, Jun 25

Eevans added a comment to T224993: Example configuration clauses for using RESTBagOStuff with Kask.
  • setting $wgObjectCacheSessionExpiry to the same value as is configured for kask (9 * 3600?)
Tue, Jun 25, 4:27 PM · Core Platform Team (Session Management Service (CDP2))

Jun 12 2019

Eevans closed T219831: Security Review For Kask as Resolved.
Jun 12 2019, 2:24 PM · Restricted Project, Security-Team-Reviews, Services (watching), Core Platform Team Backlog (Watching / External), Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans closed T219831: Security Review For Kask, a subtask of T206016: Create a service for session storage, as Resolved.
Jun 12 2019, 2:24 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans added a comment to T219831: Security Review For Kask.

@Eevans - I'm not seeing anything for this particular review, though I might dig a little deeper into the code and attempt some dynamic-scanning this week, as mentioned in T219831#5173498. But none of this should block resolving the task or deployment IMO.

Jun 12 2019, 2:23 PM · Restricted Project, Security-Team-Reviews, Services (watching), Core Platform Team Backlog (Watching / External), Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans

Jun 11 2019

Eevans added a comment to T219831: Security Review For Kask.

@sbassett is there anything remaining here before we close/resolve this?

Jun 11 2019, 7:36 PM · Restricted Project, Security-Team-Reviews, Services (watching), Core Platform Team Backlog (Watching / External), Core Platform Team (Session Management Service (CDP2)), User-Clarakosi, User-Eevans
Eevans closed T217650: Deployment strategy for the session storage application. as Resolved.
Jun 11 2019, 7:12 PM · Patch-For-Review, Kubernetes, serviceops, Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans closed T217650: Deployment strategy for the session storage application., a subtask of T206016: Create a service for session storage, as Resolved.
Jun 11 2019, 7:12 PM · Core Platform Team (Multi-DC (TEC1)), User-Clarakosi, Core Platform Team Backlog (Next), User-Eevans
Eevans updated subscribers of T209110: Logging for the session storage service.

I believe this issue is basically complete, but was been left open because we weren't certain whether or not we needed the @cee token to be prepended to log messages; @akosiaris is logging working as expected in k8s?

Jun 11 2019, 7:11 PM · Patch-For-Review, User-Clarakosi, Core Platform Team Backlog (Next), Core Platform Team (Session Management Service (CDP2)), User-Eevans
Eevans updated subscribers of T209109: Security model for session storage service.

I believe the current status here to be:

Jun 11 2019, 6:57 PM · Security-Team, User-Clarakosi, Core Platform Team Backlog (Next), Core Platform Team (Session Management Service (CDP2)), User-Eevans