Handoff Proton service to Reading Infrastructure
Closed, ResolvedPublic
Actions

Description

As the work on the new Proton service is done, we need to make sure that all requirements are fulfilled before we handoff the service to Reading Infrastructure.

Acceptance criteria

Verify that the code documentation is up to date
Project documentation exists on MediaWiki.org
How to deploy information is available on wikitech
Provide code coverage
Provide documentation about logs/grafana/stats
People from Reading Infrastructure have rights to access/deploy proton (see T211382)
Verify Proton can handle Queue timeouts properly
security review T177765
Drop proton-staging as it is not used (chromium-pdf.reading-web-staging.eqiad.wmflabs) - can be done after the handoff

Signoff notes

security review T177765

The security review was re-closed in T177765#4868192 after a handful of subtasks were created.

Related Objects
Search...

Status	Assigned	Task
Resolved	ovasileva	T181079 [GOAL] Provide an expanded reading experience by improving the ways that users can download articles of interest for later consumption
Resolved	None	T181084 [EPIC] Deploy the mediawiki-services-chromium-render service (Proton)
Resolved	phuedx	T210652 Handoff Proton service to Reading Infrastructure
Declined	pmiazga	T211375 Rename chromium-render gerrit project to Proton
Resolved	Dzahn	T211382 Requesting access to Proton for pmiazga, bearND, Mholloway, MSantos, Tgr
Resolved	pmiazga	T213363 Fix or clarify Proton Puppeteer sandboxing and SSL settings
Duplicate	• holger.knust	T215557 Remove electron pdf endpoint backend in RESTBase

Event Timeline

pmiazga created this task.Nov 28 2018, 8:06 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 28 2018, 8:06 PM

@Jhernandez are there any points you would like to add to the Acceptance Criteria section?

A couple of things come to mind:

A list of the current maintenance tasks with steps/descriptions
Project page on mediawiki.org with relevant information
A meeting to sync after the documentation has been delivered and the team has had a chance to look at it and prepare any questions

@Mholloway @bearND, anything else you can think about?

• Jhernandez moved this task from Needs triage to Tracking on the Product-Infrastructure-Team-Backlog-Deprecated board.Nov 28 2018, 8:17 PM

Nothing else from me. 👍

I hope the project page on mediawiki.org with relevant information also includes:

an architecture overview showing the major components. I know there's a queue involved. What are the other parts, etc.?
links to repo(s)
anything useful for debugging
how to solve/investigate typical issues

Jdlrobson moved this task from Incoming to Triaged but Future on the Web-Team-Backlog board.Nov 28 2018, 11:57 PM

In T210652#4782937, @Jhernandez wrote:

Project page on mediawiki.org with relevant information

Aklapper renamed this task from Handoff Proton service to Reading Infrastucture to Handoff Proton service to Reading Infrastructure.Nov 29 2018, 6:10 AM

@Jhernandez could you provide me with a list of people who requires access to deploy/manage Proton service? just @Mholloway and @bearND?

pmiazga updated the task description. (Show Details)Nov 29 2018, 9:43 PM

ovasileva triaged this task as High priority.Nov 29 2018, 9:45 PM

@pmiazga I'm not sure who will be working on it on the team so I'd suggest adding all the engineers, except for James who is working on multimedia right now: @bearND @Mholloway @MSantos @Tgr

ovasileva added a parent task: T181084: [EPIC] Deploy the mediawiki-services-chromium-render service (Proton).Nov 29 2018, 11:16 PM

Verify that generated PDFs are correct

Tracked in T210793: Verify that PDFs generated by Proton service are correct.

phuedx mentioned this in T181084: [EPIC] Deploy the mediawiki-services-chromium-render service (Proton).Nov 30 2018, 1:04 PM

In the spirit of minimising the number of tasks that Infra take on immediately after taking up maintenance of the service, we should squash T210460: Eliminate usage of mocha-eslint for Proton too.

ovasileva moved this task from Triaged but Future to Upcoming on the Web-Team-Backlog board.Nov 30 2018, 5:44 PM

ovasileva edited projects, added Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q2); removed Web-Team-Backlog.Dec 3 2018, 6:14 PM

pmiazga claimed this task.Dec 5 2018, 1:00 AM

pmiazga moved this task from To Do to Doing on the Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q2) board.

Unit tests coverage can be checked by using npm run coverage

=============================== Coverage summary ===============================
Statements   : 74.02% ( 436/589 )
Branches     : 44.83% ( 104/232 )
Functions    : 90% ( 54/60 )
Lines        : 74.61% ( 432/579 )
================================================================================

most important bits:

queue has 98.94% coverage
renderer.js has 68.42% coverage ( there are no tests related to extra safety checks when chromium returns something that it shouldn't, aborting requests and killing the chromium browser if it doesn't want to exit)
html2pdf-v1.js route has 78.57% coverage (not tested is aborting the request, and cases when HTTP request returns 500/503)

Not tested bits are swagger-ui.js and queueLogger.js which IMHO are not that important to test. QueueLogger subscribes to many Queue events and logs those, if something is wrong with QueueLogger both logs and Grafana dashboards would be empty.

pmiazga updated the task description. (Show Details)Dec 5 2018, 1:11 AM

Documentation is available on MediaWiki: https://www.mediawiki.org/wiki/Proton

Created ticket to grant access rights to the service: T211382

pmiazga added a subtask: T211382: Requesting access to Proton for pmiazga, bearND, Mholloway, MSantos, Tgr.Dec 6 2018, 10:04 PM

phuedx updated the task description. (Show Details)Dec 7 2018, 9:51 AM

akosiaris closed subtask T211382: Requesting access to Proton for pmiazga, bearND, Mholloway, MSantos, Tgr as Resolved.Dec 11 2018, 11:12 AM

Blocked on meeting (scheduled on Thursday, Dec 13th)

Thanks for the thorough introduction, @pmiazga!

Some notes I have from the meeting (not blockers, I just want to put them somewhere):

Discuss with ops how Chromium updates should work. If we pin Chromium, we don't get security updates, that's not great. If we don't pin it, the service can break with no warning whenever puppet updates the OS packages, that's also not great. Also we should document the steps on the beta server when we need to test with a specific Chromium version.
Need to find out how the service interacts with Varnish. (I imagine requests go through Varnish and get coalesced like everything else; whether to cache large PDF responses is not so trivial though. Also our multi-layered Varnish setup was meant for traffic spikes, which probably don't really happen for PDF downloads, so storing them in both a frontend and backend Varnish seems like a waste of space.)
T177765#4822198
File followup tasks about (eventual) language variant support.
We might want to figure out how to make the beta cluster service use production page content.

Note to self, it would be nice to have a vagrant role for this.

The information on how to deploy (and the beta cluster server name) is on Wikitech, today I'll push the tool that builds the API links for testing to toolforge. @alexhollender verified the PDFs and those look good. Now we wait till Rendering Infrastructure says "we take it from now on".

pmiazga updated the task description. (Show Details)Dec 19 2018, 4:03 PM

• Jhernandez closed subtask T211375: Rename chromium-render gerrit project to Proton as Declined.Dec 19 2018, 4:43 PM

MBinder_WMF moved this task from Readers-Web-Kanbanana-Board-2018-19-Q2 to Readers-Web-Kanbanana-Board-2018-19-Q3 on the Web-Team-Backlog board.Jan 2 2019, 5:31 PM

MBinder_WMF edited projects, added Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q3); removed Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q2).

MBinder_WMF moved this task from To Do to Blocked on Others on the Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q3) board.

Jdlrobson updated the task description. (Show Details)Jan 7 2019, 6:14 PM

Jdlrobson updated the task description. (Show Details)

Taskified the notes above:

T213366, T213362 and T213363 should probably block production switchover, the rest is not really urgent.

• Jhernandez added a subtask: T213366: [2 hrs] Decide on handling system updates for Proton.Jan 10 2019, 4:45 PM

• Jhernandez added a subtask: T213371: Document and possibly fine-tune how Proton interacts with Varnish.

• Jhernandez added a subtask: T213362: Limit what URLs Proton can access.

• Jhernandez added a subtask: T213363: Fix or clarify Proton Puppeteer sandboxing and SSL settings.

• Jhernandez added a subtask: T213368: Support language variants in Proton.

• Jhernandez added a subtask: T213370: Make it possible to use production wiki pages in Beta Proton.

• Jhernandez added a subtask: T213367: Add MediaWiki-Vagrant role for Proton.

Reflected your comment on the task relationships. if the three production blockers don't block the handoff I can fix that.

• Jhernandez removed a subtask: T213367: Add MediaWiki-Vagrant role for Proton.Jan 15 2019, 11:38 AM

• Jhernandez removed a subtask: T213370: Make it possible to use production wiki pages in Beta Proton.

• Jhernandez removed a subtask: T213368: Support language variants in Proton.Jan 15 2019, 11:43 AM

pmiazga updated the task description. (Show Details)Jan 23 2019, 4:42 PM

To clarify what I said above, I think the three tasks should block the production switchover. I have no opinion on whether they should block the handoff - that's something for managers to battle out :) I see no problem with RI taking over Proton now, then finishing up those issues, then deploying to traffic. (They are not much effort, in any case - T213363 is pretty much done at this point, T213362 is just a few lines of code and T213366 probably just involves waiting for ops to respond.) I should probably have said this sooner, sorry for the confusion.

Tgr removed a subtask: T213371: Document and possibly fine-tune how Proton interacts with Varnish.Feb 6 2019, 10:36 PM

Tgr closed subtask T213363: Fix or clarify Proton Puppeteer sandboxing and SSL settings as Resolved.Feb 7 2019, 2:32 AM

Removed the last two open so that they don't block the handoff task, and rather block only the deployment task

• alexhollender_WMF unsubscribed.Feb 7 2019, 6:03 PM

pmiazga reassigned this task from pmiazga to phuedx.Feb 7 2019, 8:50 PM

pmiazga moved this task from Blocked on Others to Ready for Signoff on the Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q3) board.

phuedx updated the task description. (Show Details)Feb 12 2019, 4:44 PM

Drop proton-staging as it is not used (chromium-pdf.reading-web-staging.eqiad.wmflabs) - can be done after the handoff

I've stopped the instance for now until @pmiazga confirms that it should be deleted.

This doesn't block me signing off this task.

phuedx updated the task description. (Show Details)Feb 12 2019, 4:55 PM

🎉

Per our (@Jhernandez, @Tgr, @pmiazga, and me) conversation in last Thursday's Audiences Platform Sync, Proton has officially been handed over to Readers Infrastructure for ongoing maintenance. I'll follow up with an email to [email protected] and [email protected] to confirm this.

phuedx closed this task as Resolved.Feb 12 2019, 5:01 PM

@ovasileva: Could you update https://phabricator.wikimedia.org/project/profile/2960/ accordingly?

In T210652#4948279, @phuedx wrote:

@ovasileva: Could you update https://phabricator.wikimedia.org/project/profile/2960/ accordingly?

Done.

Handoff Proton service to Reading InfrastructureClosed, ResolvedPublicActions