User Details
- User Since
- Oct 4 2016, 5:18 PM (429 w, 2 d)
- Availability
- Available
- IRC Nick
- pmiazga
- LDAP User
- Pmiazga
- MediaWiki User
- PMiazga (WMF) [ Global Accounts ]
Wed, Dec 4
So the problem is with PHP8.2 and upwards. Not with our target PHP8.1 and PHP7.4
Nov 26 2024
To summarise - looks like everything works and we don't need to upgrade the library at this moment. I'll be bold and resolve this ticket.
If you notice any problems regarding WebAuthn and PHP8.1 or have a use case when it doesn't work - please let me know and I'll investigate it.
Nov 22 2024
Also, webauthn version I was using:
pmiazga@wmf3273:~/projects/mediawiki/extensions/WebAuthn » docker compose exec mediawiki composer info web-auth/webauthn-lib 1 ↵ name : web-auth/webauthn-lib descrip. : FIDO2/Webauthn Support For PHP keywords : FIDO2, fido, webauthn versions : * v3.3.12 type : library license : MIT License (MIT) (OSI approved) https://spdx.org/licenses/MIT.html#licenseText homepage : https://github.com/web-auth source : [git] https://github.com/web-auth/webauthn-lib.git 5ef9b21c8e9f8a817e524ac93290d08a9f065b33 dist : [zip] https://api.github.com/repos/web-auth/webauthn-lib/zipball/5ef9b21c8e9f8a817e524ac93290d08a9f065b33 5ef9b21c8e9f8a817e524ac93290d08a9f065b33 path : /var/www/html/w/vendor/web-auth/webauthn-lib names : web-auth/webauthn-lib
I tested two docker images: registry.wikimedia.org/dev/buster-php74-fpm:1.0.0-s3 and docker-registry.wikimedia.org/dev/buster-php81-fpm:1.0.1-s2. When testing I used or composer to install all dependencies under vendor folder, or cloned the bundled vendor (https://gerrit.wikimedia.org/r/mediawiki/vendor).
I also played with ExtensionDistributor to retrieve the WebAuthn library with dependencies.
Nov 21 2024
A quick note - I tried logging in/logging out between two versions - docker-registry.wikimedia.org/dev/buster-php74-fpm:1.0.0-s3 and docker-registry.wikimedia.org/dev/buster-php81-fpm:1.0.1-s2 -> and the keys worked. EG - the key created under 7.4 worked when trying to log in on 8.1 -> and the same vice versa - 2FA created on 8.1 worked on 7.4.
I got fixated on the composer issue and spend most of my time trying to rebuild composer/etc. But I definitely see a valid point in getting keys set up on 7.4, then bump to 8.1 and try to log in again -> I'll try to do it right now - plus for 7.4 I'll fetch the mediawiki/vendor
I don't think it's a problem anymore. I tried to find out what could fix it but at first glance I don't see it. At this moment - I'm at:
- MediaWiki core - latest master branch
- OATHAuth and WebAuthn - latest branch
On docker I'm running PHP 8.1.20 - composer install/update scripts worth without errors - I removed all vendor folders across the app.
~/projects/mediawiki(master○) » docker compose exec mediawiki php -v Copyright (c) The PHP Group Zend Engine v4.1.20, Copyright (c) Zend Technologies with Zend OPcache v8.1.20, Copyright (c), by Zend Technologies with Xdebug v3.2.1, Copyright (c) 2002-2023, by Derick Rethans
composer update output:
~/projects/mediawiki(master○) » docker compose exec mediawiki composer update > MediaWiki\Composer\VersionChecker::onEvent Loading composer repositories with package information Updating dependencies Nothing to modify in lock file Installing dependencies from lock file (including require-dev) Package operations: 0 installs, 0 updates, 0 removals Package fgrosse/phpasn1 is abandoned, you should avoid using it. No replacement was suggested. Package web-auth/metadata-service is abandoned, you should avoid using it. Use web-auth/webauthn-lib instead. Generating optimized autoload files 70 packages you are using are looking for funding. Use the `composer fund` command to find out more! > MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
Nov 18 2024
Work is done, the difference between Graphite and Prometheus stats is caused by how those process stats.
Nov 14 2024
Nov 7 2024
Nov 4 2024
Dashboards are updated.
Oct 31 2024
I'm tagging observability as they could be interested in this topic. I would like to look into it, and I'll push some POC soon.
Oct 28 2024
I need to update dashboards on our side, and then I'll close this ticket.
Oct 24 2024
Unassigning myself as I'm not actively working on it and I don't want to give a false impression. Huge kudos to @ArthurTaylor and @kostajh for driving it.
Oct 22 2024
Looks like error is gone.
Oct 21 2024
so one more prometheus label domain: ["central"|"local"]?
Oct 18 2024
do we have any updates on this matter? I see the last log from yesterday
Ok, quick update, I followed the code little bit more, looks like may be a limitation somewhere. From the code I see that samples do not contain labels as a map/associative array - it's a list of values.
It looks like it's an arbitrary limitation of the library. The reason why this happens is the fact that stats buffering library is stateful. The StatsFactory::getCounter that calls ::getMetric() uses cache to buffer all metrics.
Oct 17 2024
Looks like this is still happening in T375658
Oct 16 2024
Oct 11 2024
Updated ticket title to match the current state of things. yesterday we merged the minimal OTEL tracing library. Thank you @mszabo for great work!.
Oct 9 2024
This is already possible and we're kinda already doing it by injecting custom Monolog Processors - for example we add WikiProcessor (https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/e976dcf9860096df1c81a891947d886fe49f7eec/wmf-config/logging.php#117)
Oct 7 2024
I wonder if we want to inject the Monolog processor to the entire stack. We could do something like that:
Oct 2 2024
Sep 30 2024
One of the reasons why we might need to support HTTP mode is the TLS overhead (performance cost) but I don't think it justifies the additional complexity we need to maintain. I wonder if we have any use cases or requirements to support mixed mode? Only thing that comes to my mind is dev environments - but those are just HTTP mode (without SSL).
Sep 24 2024
@kostajh yes, I think you can get those rates from this work. Once I get a green light I'll implement this solution. I expect to land it by the end of this week.
Sep 23 2024
After a quick analysis of our logging system:
Sep 20 2024
Where this job could log in when it fails? Maybe it could push messages to mediawiki-core-bots channel for better visibility?
@kostajh - one question that got me thinking - I assume that expiryAfterDays won't be changed often, but it probably won't change at all. Do we foresee any scenarios when this value gets changed on prod? If we increase it - is it going to "re-enable" all temp-accounts that were previously expired but are still "active" ?
This sounds good to me. Thank you for handling this. @kostajh most likely this ticket should be assigned to you and @ArthurTaylor were the drivers of this work.
Sep 17 2024
Moving to the current sprint as the work is almost done. If we need further changes, then please move it to Soon.
@kostajh it's not a blocker for IP Masking deployment. We need it to monitor account creations to catch possible misbehavior of the system. We will pick it up soon.
Moving to current sprint as we're currently investigating login issues ( T372702 )
Moving to current sprint as this is could be related to the ticket we're currently working on - T372702.
could be caused by recent Account-Vanishing changes. @Seddon could you investigate this issue?
@kostajh moving to radar - in case you need our help please ping us.
Sep 9 2024
Sep 6 2024
I cannot reproduce this behavior.
Sep 5 2024
@Krinkle do you have any thoughts on this one ?
Aug 27 2024
I would say that in our architecture, Skin class is hidden somewhere deep and it is not last thing to call, it's usually called by some EntryPoint, that calls OutputPage, which later on calls the Skin, and then on the return -> we still allow some modifications. In other words -> Skin::outputPage() is not the last thing that happens, therefore I'm not sure if this is supposed to echo stuff.
Aug 19 2024
Aug 14 2024
There is a quick way already - Telemetry::getRequestHeaders().
Aug 12 2024
Aug 5 2024
Regression is caused by https://gerrit.wikimedia.org/r/c/mediawiki/libs/less.php/+/1013381
I agree with @Krinkle on the sizing -> I was surprised how much code the PHP open-telemetry introduces. It's important to notice that php-otel provides not only traces, but also metrics and logging functionality. We would need only tracing capabilities but PHP OTel SDK comes as bundle.
We could skip the protobuf extension and send data in json format - slower and requires more throughput. The google/protobuf lib is not recommended:
The native protobuf library is significantly slower than the extension. We strongly encourage the use of the extension.
For exporter we could use Guzzle which is already part of MediaWiki - but we would require all HTTP messaging/factory interfaces from PSR and I don't think we have it.