Last modified: 2014-08-19 20:39:03 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T63754, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 61754 - Find a better auth mechanism for logstash in labs


Summary:	Find a better auth mechanism for logstash in labs

Status:	NEW

Product:	Wikimedia
Classification:	Unclassified
Component:	Logstash (Other open bugs)
Version:	wmf-deployment
Hardware:	All All

Importance:	Normal normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-02-21 16:42 UTC by Bryan Davis
Modified:	2014-08-19 20:39 UTC (History)
CC List:	6 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bryan Davis 2014-02-21 16:42:56 UTC

Due to the concerns about sending passwords with any material value into the labs environment, the logstash instances in labs use a shared password that is published on officewiki to allow access. This should be replaced with a better authentication mechanism such as openid from wikitech.

Comment 1 Bryan Davis 2014-02-21 16:44:36 UTC

Alternately, we could figure out what is sensitive log information from the beta labs feed and scrub it out before writing log events into elasticsearch. Then we could allow everyone into the logstash logs without needing authentication.

Comment 2 Daniel Zahn 2014-08-19 20:39:03 UTC

https://gerrit.wikimedia.org/r/152932

it is now stored within the project, accessible for roots on the deployment-bastion instance

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links