Hello,
we are planning to change how Cloud VPS instances and Toolforge tools contact WMF-hosted wikis, in particular the source IP address for the network connection. The new IP address that wikis will see is 185.15.56.1.
The change is scheduled to go live on 2021-02-08.
More detailed information in wikitech:
https://wikitech.wikimedia.org/wiki/News/CloudVPS_NAT_wikis
If you are a Cloud VPS user or Toolforge developer, check your tools after that date to make sure they are properly running. If you detect a block, a rate-limit or similar, please let us know.
If you are a WMF SRE or engineer involved with the wikis, be informed that this address could generate a significant traffic volume, perhaps about 30%-40% total wiki edits. We are trying to smooth the change as much as possible, so please send your feedback if you think there is something we didn't account for yet.
Thanks, best regards.
Hi Arturo,
It's unfortunate that you used a public ipaddress from the most recent assigned block of IP space ( 185.15.56.0/24 ). You seem to have forgotten about updating the auto block whitelist, see for example https://meta.wikimedia.org/wiki/MediaWiki:Autoblock_whitelist . If that doesn't get updated, any block of a bot editing from Toolforge might cause the block of all bots running from Toolforge. We've seen that happen in the past.
I updated whitelists at Commons and Wikidata, did a request to update for meta and the English Wikipedia.
Maarten
On 25-01-2021 11:55, Arturo Borrero Gonzalez wrote:
Hello,
we are planning to change how Cloud VPS instances and Toolforge tools contact WMF-hosted wikis, in particular the source IP address for the network connection. The new IP address that wikis will see is 185.15.56.1.
The change is scheduled to go live on 2021-02-08.
More detailed information in wikitech:
https://wikitech.wikimedia.org/wiki/News/CloudVPS_NAT_wikis
If you are a Cloud VPS user or Toolforge developer, check your tools after that date to make sure they are properly running. If you detect a block, a rate-limit or similar, please let us know.
If you are a WMF SRE or engineer involved with the wikis, be informed that this address could generate a significant traffic volume, perhaps about 30%-40% total wiki edits. We are trying to smooth the change as much as possible, so please send your feedback if you think there is something we didn't account for yet.
Thanks, best regards.
Shouldn't this sort of autoblock_whitelist be universal for such an important IP address. It is not only Commons, Wikidata, Meta and enWP that utilise bots at Toolforge. Having to do this at 10s to 100s of wiki is just an interesting approach.
Could we at least have a note to all wikis through the tech newsletter if we require them to whitelist the IP, or not to block that IP or not to hardblock tools at toolforge. Thanks.
-- billinghurst
------ Original Message ------ From: "Maarten Dammers" maarten@mdammers.nl To: cloud@lists.wikimedia.org Sent: 27/01/2021 5:27:31 AM Subject: Re: [Cloud] Change to how Cloud VPS and Toolforge contact Wikis
Hi Arturo,
It's unfortunate that you used a public ipaddress from the most recent assigned block of IP space ( 185.15.56.0/24 ). You seem to have forgotten about updating the auto block whitelist, see for example https://meta.wikimedia.org/wiki/MediaWiki:Autoblock_whitelist . If that doesn't get updated, any block of a bot editing from Toolforge might cause the block of all bots running from Toolforge. We've seen that happen in the past.
I updated whitelists at Commons and Wikidata, did a request to update for meta and the English Wikipedia.
Maarten
On 25-01-2021 11:55, Arturo Borrero Gonzalez wrote:
Hello,
we are planning to change how Cloud VPS instances and Toolforge tools contact WMF-hosted wikis, in particular the source IP address for the network connection. The new IP address that wikis will see is 185.15.56.1.
The change is scheduled to go live on 2021-02-08.
More detailed information in wikitech:
https://wikitech.wikimedia.org/wiki/News/CloudVPS_NAT_wikis
If you are a Cloud VPS user or Toolforge developer, check your tools after that date to make sure they are properly running. If you detect a block, a rate-limit or similar, please let us know.
If you are a WMF SRE or engineer involved with the wikis, be informed that this address could generate a significant traffic volume, perhaps about 30%-40% total wiki edits. We are trying to smooth the change as much as possible, so please send your feedback if you think there is something we didn't account for yet.
Thanks, best regards.
Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
Hi Arturo,
a quick question: MediaWIki has a strict limit on bad logins. If all of WMCS will be NATed, that would mean that *any* bot having too many bad login attempts could block all other bots from logging in. Is that prevented through technical measures, somehow?
Thanks,
Martin
po 25. 1. 2021 v 11:56 odesílatel Arturo Borrero Gonzalez < aborrero@wikimedia.org> napsal:
Hello,
we are planning to change how Cloud VPS instances and Toolforge tools contact WMF-hosted wikis, in particular the source IP address for the network connection. The new IP address that wikis will see is 185.15.56.1.
The change is scheduled to go live on 2021-02-08.
More detailed information in wikitech:
https://wikitech.wikimedia.org/wiki/News/CloudVPS_NAT_wikis
If you are a Cloud VPS user or Toolforge developer, check your tools after that date to make sure they are properly running. If you detect a block, a rate-limit or similar, please let us know.
If you are a WMF SRE or engineer involved with the wikis, be informed that this address could generate a significant traffic volume, perhaps about 30%-40% total wiki edits. We are trying to smooth the change as much as possible, so please send your feedback if you think there is something we didn't account for yet.
Thanks, best regards.
Arturo Borrero Gonzalez SRE / Wikimedia Cloud Services Wikimedia Foundation
Ops mailing list Ops@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/ops
On 1/28/21 9:50 PM, Martin Urbanec wrote:
Hi Arturo,
a quick question: MediaWIki has a strict limit on bad logins. If all of WMCS will be NATed, that would mean that /any/ bot having too many bad login attempts could block all other bots from logging in. Is that prevented through technical measures, somehow?
Hi,
do you know where this limit configuration can be found?
thanks for the heads up.
regards.
This is sorta (under-)documented in https://www.mediawiki.org/wiki/Manual:$wgRateLimits
I made a patch for it but I'm not sure if I did it correctly.
On Fri, Jan 29, 2021 at 10:21 AM Arturo Borrero Gonzalez < aborrero@wikimedia.org> wrote:
On 1/28/21 9:50 PM, Martin Urbanec wrote:
Hi Arturo,
a quick question: MediaWIki has a strict limit on bad logins. If all of
WMCS
will be NATed, that would mean that /any/ bot having too many bad login
attempts
could block all other bots from logging in. Is that prevented through
technical
measures, somehow?
Hi,
do you know where this limit configuration can be found?
thanks for the heads up.
regards.
-- Arturo Borrero Gonzalez SRE / Wikimedia Cloud Services Wikimedia Foundation
Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
On 1/29/21 10:29 AM, Amir Sarabadani wrote:
This is sorta (under-)documented in https://www.mediawiki.org/wiki/Manual:$wgRateLimits https://www.mediawiki.org/wiki/Manual:$wgRateLimits
I made a patch for it but I'm not sure if I did it correctly.
Excellent, thanks!
Could you please share a link to gerrit so I can have such patch in my radar?
regards.
On 1/25/21 11:55 AM, Arturo Borrero Gonzalez wrote:
Hello,
we are planning to change how Cloud VPS instances and Toolforge tools contact WMF-hosted wikis, in particular the source IP address for the network connection. The new IP address that wikis will see is 185.15.56.1.
The change is scheduled to go live on 2021-02-08.
More detailed information in wikitech:
Hi there,
based on the feedback we have collected so far, we decided to extend the timeline. This change won't go live on 2021-02-08 but at a later date instead. We will use this extended timeline to review a few unexpected config changes that we need to introduce previous to this operation.
The exact new date is still to be decided, and we will share it once it is known.
Thanks to everyone for providing valuable feedback.
regards.