Page MenuHomeMiraheze

Goal-2020-Jan-JunGoal
ArchivedPublic

Members (4)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Miraheze's Goals for the first half of 2020 (January 1st ~ June 31st).

Tasks added to this project must be at least one of the following:

  • a long-term project that can realistically be finished before June 31st,
  • a development project that will have a positive impact on Miraheze communities,
  • an objective for Site Reliability Engineers (infrastructure, introducing a new service, major work etc.).

MediaWiki and development tasks can be added freely by anyone assuming someone has in the past hinted at the possibility they would be willing to work on it or have a noticeable impact on communities.

Site Reliability Engineering tasks should only be added by members of the Site Reliability Engineer team as they have full control over their priorities and workflow, not subject to community benefit.

< Goal-2019-Jul-Dec | Goal-2020-Jul-Dec >

Recent Activity

Fri, Sep 3

RhinosF1 closed T7967: Icingaweb2 is down, a subtask of T4017: Reconfigure TLS settings inside MariaDB, as Resolved.
Fri, Sep 3, 18:22 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Thu, Sep 2

John closed T4017: Reconfigure TLS settings inside MariaDB, a subtask of T4016: Encrypt all traffic inside Miraheze Cluster, as Resolved.
Thu, Sep 2, 15:46 · Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John closed T4017: Reconfigure TLS settings inside MariaDB as Resolved.
Thu, Sep 2, 15:46 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Wed, Sep 1

John added a comment to T4017: Reconfigure TLS settings inside MariaDB.

Phabricator can not be done as it does not support MySQL SSL connections at all in the code.

Wed, Sep 1, 21:15 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John added a comment to T4017: Reconfigure TLS settings inside MariaDB.

TLS is now configured so only 1.2 and 1.3 can be used, and root has SSL encryption:

Wed, Sep 1, 13:30 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John added a comment to T4017: Reconfigure TLS settings inside MariaDB.

TLS setup is mostly well-defined for MariaDB. The length this task has been opened has meant it has lost its original purpose and the constant recycling of it has meant the purpose and end target is undefined.

Wed, Sep 1, 13:04 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Aug 18 2021

John moved T4017: Reconfigure TLS settings inside MariaDB from Long Term to Goals on the Infrastructure (SRE) board.
Aug 18 2021, 16:31 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Aug 11 2021

John moved T4017: Reconfigure TLS settings inside MariaDB from Backlog to Infrastructure on the Goal-2021-Jul-Dec board.
Aug 11 2021, 18:30 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Aug 10 2021

Paladox added a comment to T5044: Setup centralised logging for services.
In T5044#156437, @John wrote:

@Paladox has raised concerns with centralised-only logging. We should explore these concerns before pushing for things like nginx access logs as these are critical for debugging some traffic influx/DoS attacks.

Aug 10 2021, 16:57 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Reception123 added a comment to T5044: Setup centralised logging for services.

I agree with that. At least for some logs it's definitely useful to have logs stored locally in case something goes wrong and the logs don't get transmitted to graylog.

Aug 10 2021, 14:14 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
John claimed T4017: Reconfigure TLS settings inside MariaDB.

Re-assigning and goaling.

Aug 10 2021, 12:36 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John updated subscribers of T5044: Setup centralised logging for services.

@Paladox has raised concerns with centralised-only logging. We should explore these concerns before pushing for things like nginx access logs as these are critical for debugging some traffic influx/DoS attacks.

Aug 10 2021, 12:20 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Jul 31 2021

Universal_Omega updated subscribers of T5044: Setup centralised logging for services.
Jul 31 2021, 00:25 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Universal_Omega updated the task description for T5044: Setup centralised logging for services.
Jul 31 2021, 00:25 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Jul 3 2021

Universal_Omega moved T5044: Setup centralised logging for services from Backlog to Infrastructure on the Goal-2021-Jul-Dec board.
Jul 3 2021, 18:44 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Universal_Omega added a project to T5044: Setup centralised logging for services: Goal-2021-Jul-Dec.

Moving over to new goal period. Feel free to remove if it isn't wanted to be moved over.

Jul 3 2021, 18:43 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Jun 14 2021

Void added a comment to T5044: Setup centralised logging for services.

I could look into taking this over from @Paladox. Is there anything not on this task that I should be aware of if I do?

Jun 14 2021, 19:57 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox placed T5044: Setup centralised logging for services up for grabs.
Jun 14 2021, 18:59 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

May 3 2021

Southparkfan updated the task description for T5044: Setup centralised logging for services.
May 3 2021, 17:54 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Apr 19 2021

Paladox updated the task description for T5044: Setup centralised logging for services.
Apr 19 2021, 21:44 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox added a comment to T5044: Setup centralised logging for services.

there's one other log I didn't think we need to send for proxmox (wasn't really any info we needed I think).

Apr 19 2021, 21:44 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox added a comment to T5044: Setup centralised logging for services.

Added pve* logging via https://github.com/miraheze/puppet/pull/1713

Apr 19 2021, 21:44 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox added a comment to T5044: Setup centralised logging for services.

I will try and finish this now (for cloud*)

Apr 19 2021, 20:48 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Mar 27 2021

Universal_Omega moved T5105: Investigate and Implement basic Machine Learning concepts for automatic wiki creation from Backlog to Goals on the MediaWiki (SRE) board.
Mar 27 2021, 17:06 · MediaWiki (SRE), Goal-2021-Jan-Jun, Universal Omega, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun, CreateWiki

Mar 15 2021

Paladox added a comment to T5044: Setup centralised logging for services.

Done with:

Mar 15 2021, 00:30 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Mar 10 2021

John closed T5105: Investigate and Implement basic Machine Learning concepts for automatic wiki creation as Resolved.

https://github.com/miraheze/CreateWiki/pull/200 makes this task resolved, only setting a configuration in LS is required now to enable this.

Mar 10 2021, 16:40 · MediaWiki (SRE), Goal-2021-Jan-Jun, Universal Omega, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun, CreateWiki

Mar 9 2021

Southparkfan added a comment to T5044: Setup centralised logging for services.

We switched off syslog-ng logging on the cloud servers. Not sure if we want to switch it back on @John @Southparkfan ?

Yes, let's see if we can receive proxmox logs without further tweaking.

Mar 9 2021, 11:45 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox updated the task description for T5044: Setup centralised logging for services.
Mar 9 2021, 01:19 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox added a comment to T5044: Setup centralised logging for services.

So I've created and merge this pull https://github.com/miraheze/puppet/pull/1695. Essentially logs for puppetserver/puppetdb are now read and sent to graylog.

Mar 9 2021, 01:15 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Mar 8 2021

Paladox added a comment to T5044: Setup centralised logging for services.

We switched off syslog-ng logging on the cloud servers. Not sure if we want to switch it back on @John @Southparkfan ?

Mar 8 2021, 01:01 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox added a comment to T5044: Setup centralised logging for services.

I've created 3 new streams for gluster in graylog. I've only added the logs that we would be interested in (skipping some as I don't think that we need to have them in graylog).

Mar 8 2021, 01:00 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox updated the task description for T5044: Setup centralised logging for services.
Mar 8 2021, 00:58 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox added a comment to T5044: Setup centralised logging for services.

Puppet-agent logs to syslog in addition to it logs to logging to a file.

Mar 8 2021, 00:57 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Mar 7 2021

John closed T4016: Encrypt all traffic inside Miraheze Cluster as Invalid.

Tracking tasks are bad - as this task depends on sub tasks being doing rather than something actually being done.

Mar 7 2021, 15:58 · Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Feb 26 2021

Southparkfan lowered the priority of T4017: Reconfigure TLS settings inside MariaDB from Normal to Low.
Feb 26 2021, 21:47 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Feb 25 2021

John reassigned T5044: Setup centralised logging for services from Southparkfan to Paladox.

Quite a few actions are blocked on you.

Feb 25 2021, 20:24 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
John closed T4019: Encrypt Redis traffic as Declined.

Redis is no longer being used for caching

Feb 25 2021, 16:38 · Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John closed T4019: Encrypt Redis traffic, a subtask of T4016: Encrypt all traffic inside Miraheze Cluster, as Declined.
Feb 25 2021, 16:38 · Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Feb 11 2021

John added a comment to T4019: Encrypt Redis traffic.

We can install Redis v6, however to use TLS, we need PHP-Redis v5 >, which is not available in Buster, only in Bullseye (11). MediaWiki also does not have support for this, but it's a small modification to a regex in RedisConnectionPool which we can commit locally.

Feb 11 2021, 16:32 · Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Feb 10 2021

Universal_Omega updated the task description for T5044: Setup centralised logging for services.
Feb 10 2021, 21:09 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
John added a comment to T4019: Encrypt Redis traffic.

This is possible natively with Redis 6

Feb 10 2021, 17:55 · Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John added a comment to T5044: Setup centralised logging for services.

mon1 marked as done, Icinga logs need to be local for IRC bots however I set up icinga logs to go to graylog separately under T6798

Feb 10 2021, 12:21 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
John updated the task description for T5044: Setup centralised logging for services.
Feb 10 2021, 12:20 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
John added a comment to T5044: Setup centralised logging for services.

@Paladox are you able to give a look over the ones that SPF has marked for you to review please?

Feb 10 2021, 12:18 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Jan 31 2021

Southparkfan added a comment to T4017: Reconfigure TLS settings inside MariaDB.

db13

UserSource of connectionsCurrent TLS specsSupports TLS 1.3 w/ AES-{128,256}-GCM?
grafana@%Grafana app (monX)??
icinga@%Icinga monitoring agents/scripts (monX)??
icinga2@%Icinga master config (monX)??
icingaweb2@%Icinga web interface? (monX)Does not use TLS: puppet says yes, but the config is incorrect (and tcpdump verifies plaintext data)?
mediawiki@%MediaWiki app (mwX/testX)(hack in DatabaseMysqli.php on test2): TLS 1.2 ECDHE-RSA-AES128-GCM-SHA256No, TLS 1.3 is PHP 7.4+?
phabricator@%Phabricator app (phabX)?No, TLS 1.3 is PHP 7.4+?
piwik@%Matomo app (monX)?No, TLS 1.3 is PHP 7.4+?
replica@%Database replication (dbbackupX)?MariaDB master: (openssl s_client -starttls mysql) TLS_AES_128_GCM_SHA256 supported, TLS_AES_256_GCM_SHA384 supported. Replica connections unknwon.
root@localhostRoot access (mysql client on server)No TLS (but that's expected)Is supported (via local mysql client)
wikiadmin@%MediaWiki maintenance & jobrunner (jobrunnerX)sql.php (jobrunner1): TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256No, TLS 1.3 is PHP 7.4+?
roundcubemail@{2001:41d0:800:1056::9,51.89.160.134}Roundcube webmail (mailX)No TLS, has TLS supportNo, TLS 1.3 is PHP 7.4+?
Jan 31 2021, 22:29 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun

Jan 30 2021

John moved T4017: Reconfigure TLS settings inside MariaDB from Incoming to Long Term on the Infrastructure (SRE) board.
Jan 30 2021, 12:20 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John moved T4016: Encrypt all traffic inside Miraheze Cluster from Incoming to Long Term on the Infrastructure (SRE) board.
Jan 30 2021, 12:20 · Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John moved T4019: Encrypt Redis traffic from Incoming to Long Term on the Infrastructure (SRE) board.
Jan 30 2021, 12:20 · Infrastructure (SRE), Goal-2019-Jul-Dec, Goal-2020-Jan-Jun
John moved T5044: Setup centralised logging for services from Incoming to Goals on the Infrastructure (SRE) board.
Jan 30 2021, 12:20 · Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

Jan 15 2021

John added a comment to T5105: Investigate and Implement basic Machine Learning concepts for automatic wiki creation.

There is an issue with memory usage, given the nature of what it is that is being done here, the process itself can't be made more memory efficient as it is a memory intensive process by definition. Might have to evaluate alternative ways of doing this as the current method won't work on our environment it seems.

Jan 15 2021, 18:54 · MediaWiki (SRE), Goal-2021-Jan-Jun, Universal Omega, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun, CreateWiki