On Mon, Jan 13, 2014 at 10:03 AM, Bryan Davis <bd808(a)wikimedia.org> wrote:
On Mon, Jan 13, 2014 at 7:54 AM, Chad
<innocentkiller(a)gmail.com> wrote:
On Jan 13, 2014 5:54 AM, "Brian Wolff"
<bawolff(a)gmail.com> wrote:
Total guess, quite likely wrong: dont outbound
http requests on cluster go
through a proxy? Perhaps that proxy also has a whitelist.
Correct. All MW http requests are proxied in production. Ones headed
externally are subject to a whitelist.
Not in front of my computer so I can't remember where...
Looking through the operations/puppet git repository a bit leads me to
believe that the
url-downloader.wikimedia.org proxy is configured
using the files/squid/copy-by-url-proxy.conf squid configuration file
via the misc::url-downloader puppet class. I'm not seeing any acls in
this configuration file that reference particular hosts (eg
flickr.com
&
staticflickr.com).
I'm fairly confident at this point that the problem is that Dan didn't
know that direct use of MWHttpRequest in the WMF production cluster
needs to explicitly set the 'proxy' option. There is a global that
would do this automatically but apparently we don't set it in the
production configuration.
Bryan
--
Bryan Davis Wikimedia Foundation <bd808(a)wikimedia.org>
[[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID
irc: bd808 v:415.839.6885 x6855