Page MenuHomeMiraheze

Goal-2021-Jul-DecGoal
ArchivedPublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Miraheze's Goals for the second half of 2021 (July 1st ~ December 31th).

Tasks added to this project must be at least one of the following:

a long-term project that can realistically be finished before December 31st,
a development project that will have a positive impact on Miraheze communities,
an objective for Site Reliability Engineers (infrastructure, introducing a new service, major work etc.).
MediaWiki and development tasks can be added freely by anyone assuming someone has in the past hinted at the possibility they would be willing to work on it or have a noticeable impact on communities.

Site Reliability Engineering tasks should only be added by members of the Site Reliability Engineer team as they have full control over their priorities and workflow, not subject to community benefit.

< Goal-2021-Jan-Jun | Goal-2022-Jan-Jun >

Recent Activity

Wed, Feb 14

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

I can now confirm that since notifications are fixed (thanks @Universal_Omega !) RequestSSL is operational.
What remains to be done is to add a check on-wiki for whether CNAME or NS is pointed (@Universal_Omega has an idea for how to do that easily) and then for the puppet API

Wed, Feb 14, 07:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Sat, Feb 10

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

@Reception123 If you want to get RequestSSL working right now, we could look at sending emails the way core does with Special:EmailUser

Sat, Feb 10, 15:03 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

@Reception123 If you want to get RequestSSL working right now, we could look at sending emails the way core does with Special:EmailUser

Sat, Feb 10, 11:01 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 21 2024

OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

Regarding step 4:

This is too Miraheze-specific for inclusion in the RequestSSL codebase in my opinion. It is better suited as part of T11710. In the Miraheze-specific setup of this extension, once RequestSSL sends the request to puppet, the server program receiving the request should take care of determining if we should add new DNS zones. So I think steps 4 and 5 should be merged together.

Just to be clear, what you propose is the following? In my example, the domain is pointed via NS.
1: User requests SSL
2: RequestSSL checks (with puppet181's help) whether domain is pointed or not
3: RequestSSL submitted
4: ssl-certificate script once again checks whether domain is pointed and if it's pointed via NS, adds zone to GitHub
5: RequestSSL marked as completed

EDIT: in the fully automated version, steps 2 and 4 would probably be repetitive and would need merging

Jan 21 2024, 18:33 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Regarding step 4:

This is too Miraheze-specific for inclusion in the RequestSSL codebase in my opinion. It is better suited as part of T11710. In the Miraheze-specific setup of this extension, once RequestSSL sends the request to puppet, the server program receiving the request should take care of determining if we should add new DNS zones. So I think steps 4 and 5 should be merged together.

Jan 21 2024, 18:01 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

Regarding step 4:

Jan 21 2024, 15:45 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

I’m not sure that ssl-admins should be decommissioned, as cert removals would still be done manually, and this would allow us to investigate should something go wrong, and also somebody might not want letsencrypt.

Jan 21 2024, 14:46 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
MacFan4000 added a comment to T7582: Create automated system for managing SSL requests.

I’m not sure that ssl-admins should be decommissioned, as cert removals would still be done manually, and this would allow us to investigate should something go wrong, and also somebody might not want letsencrypt.

Jan 21 2024, 14:44 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar moved T7582: Create automated system for managing SSL requests from Backlog to Currently blocked on the RequestSSL board.
Jan 21 2024, 12:11 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a subtask for T7582: Create automated system for managing SSL requests: T11710: Automate certificate generation.
Jan 21 2024, 12:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a parent task for T7582: Create automated system for managing SSL requests: T11709: Write mediawiki.org page for RequestSSL.
Jan 21 2024, 11:50 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 19 2024

Reception123 added a project to T7582: Create automated system for managing SSL requests: RequestSSL.
Jan 19 2024, 16:39 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

@Reception123 I think it's about time we get a RequestSSL project and workboard on Phab. Also, add me as a member of the project if it will not have an open join policy please.

Jan 19 2024, 12:18 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 18 2024

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Thinking about it, it would still definitely be useful to check whether the domain is pointing before the request is submitting but the python script running on puppet141 would still be needed in the end in order to be able to create the DNS zone for wikis pointing NS. The script already exists but needs some adjustments.

Jan 18 2024, 16:24 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 updated the task description for T7582: Create automated system for managing SSL requests.
Jan 18 2024, 16:23 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

@OrangeStar Thanks for the ideas. Indeed, it might be better to check whether the domain is pointed via PHP rather than having that in the python script and then having to contact the user afterwards and tell them it isn't. I guess what could be done then if it is not pointed is have an error display that clearly directs users to somewhere where they can get help pointing their domain.

Jan 18 2024, 16:15 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

Functional but not yet over! Can't do much right now since I'm waiting for T11680 which will introduce some utility functions (To avoid reinventing the wheel) that the server program that automates cert generation would need, but I want to cleanup some of my PRs (the ones yesterday were just to make stuff work), move strings into i18n, change existing i18n strings too, remove some ID leftovers I saw while skimming the code, and automate checking that the domain is pointed correctly at least.

Jan 18 2024, 16:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 17 2024

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Noting that the repo has been transferred to https://github.com/miraheze/requestssl

Jan 17 2024, 20:48 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Thanks to @OrangeStar, RequestSSL is now functional! There's unfortunately one late issue that I thought of that will mean it can still not be made operational. For custom domains it is quite often the case that users don't point their domains properly and need guidance. My understanding is that RequestSSL uses Echo to notify users when there's a comment on their request and if they don't manually enable email notifications they might not get any and would not know that there's been a comment.

Jan 17 2024, 20:42 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

https://github.com/Reception123/RequestSSL/pull/5

Jan 17 2024, 18:37 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.
  • Implement logging so that when RemoteWiki is executed with ManageWiki it logs it as if someone had changed managewiki on wiki

Does MediaWiki even have a concept of other wikis existing other than the one currently "running"? We could open the database for the remote wiki and manually write to the logs, but I don't think that's very good.

Assuming you want to log to the remote wiki's managewiki log.

Jan 17 2024, 17:36 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.
  • Implement logging so that when RemoteWiki is executed with ManageWiki it logs it as if someone had changed managewiki on wiki
Jan 17 2024, 17:25 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 16 2024

Reception123 added a comment to T7582: Create automated system for managing SSL requests.
Jan 16 2024, 19:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

https://github.com/Reception123/RequestSSL/pull/4

Jan 16 2024, 18:55 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

UO for the rescue! I was about to commit a grave sin against best practices.

Jan 16 2024, 17:24 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Universal_Omega added a comment to T7582: Create automated system for managing SSL requests.
  • Add a method so that $oldstatus and $newstatus is known in order for the updateManageWiki function to be executed only when the status is changed from something else to completed

So, I have an idea for this, but... it involves reading the $wgRequest global. Would this be acceptable? I'll keep searching for better ways to do this anyway.

Jan 16 2024, 17:23 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.
  • Add a method so that $oldstatus and $newstatus is known in order for the updateManageWiki function to be executed only when the status is changed from something else to completed
Jan 16 2024, 17:12 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 14 2024

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Heads up: some custom domains are pointed using CNAME flattening. So any automation attempts should not only check for CNAME records or whether the authoritative nameservers are pointed to us, but if the A or AAAA returned points to the known IPs of cp* servers.

Jan 14 2024, 17:24 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

Heads up: some custom domains are pointed using CNAME flattening. So any automation attempts should not only check for CNAME records or whether the authoritative nameservers are pointed to us, but if the A or AAAA returned points to the known IPs of cp* servers.

Jan 14 2024, 17:03 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Timestamps are no longer an issue. For any SRE that is a more competent developer than me (most will be!), the two remaining things for Step 3 are:

Jan 14 2024, 13:21 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 8 2024

Universal_Omega updated the task description for T7582: Create automated system for managing SSL requests.
Jan 8 2024, 23:57 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 4 2024

Reception123 raised the priority of T7582: Create automated system for managing SSL requests from Low to Normal.

Due to the large number of tasks in this area and the particular use that automation can provide, moving this task to normal priority. It'd be nice if at least the remaining fixes for RequestSSL (Step 3) can be completed soon.

Jan 4 2024, 17:52 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Mar 27 2023

Reception123 updated subscribers of T7582: Create automated system for managing SSL requests.
Mar 27 2023, 09:13 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Mar 14 2023

Reception123 updated the task description for T7582: Create automated system for managing SSL requests.
Mar 14 2023, 12:01 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 updated subscribers of T7582: Create automated system for managing SSL requests.

https://github.com/Reception123/RequestSSL has been created based on ImportDump. Things that are required to make it operational

  • Add a method so that $oldstatus and $newstatus is known in order for the updateManageWiki function to be executed only when the status is changed from something else to completed
  • Implement logging (can be copied from ManageWiki) so that when RemoteWiki is executed it logs it as if someone had changed managewiki on wiki
  • Fix issues with timestamp (might just be a problem with the SQL implemented on beta)

Due to limited knowledge on my part, it would be preferable if someone else had a go at this.

  • Check if all i18n messages make sense (can be done by anyone) [DONE!]
Mar 14 2023, 11:58 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Feb 1 2023

Reception123 updated the task description for T7582: Create automated system for managing SSL requests.
Feb 1 2023, 09:31 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Just so we don't forget, the current idea would be to try using https://github.com/wikimedia/acme-chief and have an API backend for ManageWiki with the web app being MediaWiki.

Feb 1 2023, 09:30 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 20 2023

Reception123 renamed T7582: Create automated system for managing SSL requests from Create better system for managing SSL requests to Create automated system for managing SSL requests.
Jan 20 2023, 13:20 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jan 2 2023

Reception123 added a project to T7582: Create automated system for managing SSL requests: Goal-2023-Jan-Jun.
Jan 2 2023, 11:21 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Dec 15 2022

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

While this hasn't been fully tested yet here is my not-so-perfect version of step 3 which I unfortunately didn't integrate into the ssl-certificate script due to lack of knowledge on how to do so properly and not wanting to make things too messy. Here is the current script that can be used in the meantime (not 100% sure if DNS works yet): https://phabricator.miraheze.org/P474 and hopefully be integrated into the main one soon so that step 4 can follow.

Dec 15 2022, 11:57 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Nov 26 2022

Reception123 updated the task description for T7582: Create automated system for managing SSL requests.
Nov 26 2022, 18:48 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Nov 11 2022

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Opened https://github.com/miraheze/puppet/pull/2996.

Nov 11 2022, 13:59 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Nov 10 2022

Unknown Object (User) updated the task description for T7582: Create automated system for managing SSL requests.
Nov 10 2022, 16:45 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

Jun 25 2022

Paladox closed T5044: Setup centralised logging for services as Resolved.

Resolved

Jun 25 2022, 15:54 · Monitoring, Goal-2022-Jan-Jun, Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Paladox updated the task description for T5044: Setup centralised logging for services.
Jun 25 2022, 15:54 · Monitoring, Goal-2022-Jan-Jun, Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
John added a comment to T5044: Setup centralised logging for services.

@Paladox less than a week until end of goal period - do we have an update on this?

Jun 25 2022, 13:02 · Monitoring, Goal-2022-Jan-Jun, Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun

May 28 2022

Reception123 updated the task description for T7582: Create automated system for managing SSL requests.
May 28 2022, 11:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

SSL certificates are now generated on puppet111 directly and private keys are automatically copied.

May 28 2022, 08:21 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, MediaWiki (SRE)

May 9 2022

Unknown Object (User) moved T5044: Setup centralised logging for services from Backlog to Central Logging on the Monitoring board.
May 9 2022, 19:26 · Monitoring, Goal-2022-Jan-Jun, Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun
Unknown Object (User) added a project to T5044: Setup centralised logging for services: Monitoring.
May 9 2022, 19:26 · Monitoring, Goal-2022-Jan-Jun, Goal-2021-Jul-Dec, Infrastructure (SRE), Goal-2021-Jan-Jun, Goal-2020-Jul-Dec, Goal-2020-Jan-Jun