[07:13:49] 10Machine-Learning-Team, 10ORES, 10Wikimedia Enterprise: Investigate tools that use ORES - https://phabricator.wikimedia.org/T330854 (10elukey) @prabhat Thanks a lot for the explanation! Have you ever checked https://stream.wikimedia.org/v2/ui/#/?streams=mediawiki.revision-score ? It is basically the same th... [10:05:14] o/ [10:05:44] I'm going to merge the FastAPI patch and continue with a new one on top of that [10:05:57] actually new ones - in order to make reviews small [10:07:15] (03PS20) 10Ilias Sarantopoulos: feat: Create a migration endpoint between LiftWing/ORES [machinelearning/liftwing/inference-services] - 10https://gerrit.wikimedia.org/r/892998 (https://phabricator.wikimedia.org/T330414) [10:07:23] rebased --^ [10:11:09] isaranto: +1 [10:15:54] 10Machine-Learning-Team, 10SRE: Migrate ml-cache to Bullseye - https://phabricator.wikimedia.org/T331712 (10MoritzMuehlenhoff) [10:39:28] 10Machine-Learning-Team, 10Patch-For-Review: Create ORES migration endpoint (ORES/Liftwing translation) - https://phabricator.wikimedia.org/T330414 (10isarantopoulos) Since I'm merging the first patch adding this here as a note: as @AikoChou pointed out, currently ORES outputs the response as a formatted json... [10:39:57] ok I am merging! all future work (and things to be improved are already documented in the ticket) [10:40:04] (03CR) 10Ilias Sarantopoulos: [C: 03+2] feat: Create a migration endpoint between LiftWing/ORES [machinelearning/liftwing/inference-services] - 10https://gerrit.wikimedia.org/r/892998 (https://phabricator.wikimedia.org/T330414) (owner: 10Ilias Sarantopoulos) [10:43:42] created https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/896313 for the api-gateway, if accepted it should allow us to skip bearer token auth for the inference URI as well [10:44:10] so we'll have calls without JWT/Bearer-token with a certain rate limit, auth-ed ones with another [10:46:57] (03Merged) 10jenkins-bot: feat: Create a migration endpoint between LiftWing/ORES [machinelearning/liftwing/inference-services] - 10https://gerrit.wikimedia.org/r/892998 (https://phabricator.wikimedia.org/T330414) (owner: 10Ilias Sarantopoulos) [10:59:25] klausman: o/ [10:59:38] I checked the tokens retrieved from meta, and they all have "expires_in":14400 [10:59:45] (verified with b64decode) [11:00:07] so the access tokens returned all last a day, but IIRC you said that yours didn't expire that fast? [11:00:39] Correct [11:00:47] But I got mine on the portal [11:01:41] what do you mean on the portal? [11:02:15] https://api.wikimedia.org/wiki/Special:AppManagement [11:02:47] ok so Personal API token I suppose? [11:03:11] if you have a moment can you base64 decode it to see when it expires? [11:03:15] yep [11:03:26] So not something you'd ship with an app [11:04:11] yeah in that case one needs https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2 [11:04:18] for example to register a bot [11:04:22] okok now it makes more sense [11:05:23] I was trying to imagine people owning a bot, while migrating to lift wing [11:05:48] they'll need either to use unauthenticated request (with the caveat that they'll be more severely rate limited) or request a token tc.. [11:06:07] does it make sense? [11:06:24] for low traffic / test things unauthenticated seems good [11:06:26] well, it really depends on where the code runs. If it's all on your own hw/account, making a non-expiring personal key works, but of course you wouldn't do this for an Andorid app or something like that [11:06:48] And yes, unauth for "casual use" sounds good. [11:08:11] sure I am not talking about something as big as android apps [11:08:18] I talked about bot owners [11:08:52] either they refresh tokens or they request a more permantent one via https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2 [11:08:57] say for a toolforge project [11:09:34] Ack [11:15:21] do you have documented what you have discussed with Hugh about these things, or should I create a formal proposal so everybody is on the same page? [11:17:12] I think a formal proposal would be better. What notes I have are months old and a bit bare [11:19:21] Here it mentions that access tokens last 4 hours https://api.wikimedia.org/wiki/Documentation/Getting_started/Authentication#2._Get_an_access_token [11:19:46] And refresh tokens for a year [11:20:21] The token I have is from late November, so I dunno if it has an expiry at all [11:24:24] yeah but with the regular access token I think I don't have the refresh one [11:24:36] so one is forced to get another token every hour? [11:24:43] not sure will document myself, lunch! [11:25:15] Aye! (also lunch) [13:02:17] * isaranto lunch [13:15:58] 10Machine-Learning-Team, 10Add-Link, 10Growth-Team (Current Sprint), 10User-notice: Deploy "add a link" to 6th round of wikis - https://phabricator.wikimedia.org/T304550 (10Sgs) >>! In T304550#8679626, @Trizek-WMF wrote: > Note: we can add the three excluded wikis to the list if we have a fix before Monday... [13:18:56] 10Machine-Learning-Team, 10Add-Link, 10Growth-Team (Current Sprint), 10User-notice: Deploy "add a link" to 6th round of wikis - https://phabricator.wikimedia.org/T304550 (10kostajh) Visiting https://ch.wikipedia.org/wiki/Special:Random, my unscientific sample of 10 visits pulled up 10 one-sentence articles... [13:21:25] 10Machine-Learning-Team, 10Add-Link, 10Growth-Team (Current Sprint), 10User-notice: Deploy "add a link" to 6th round of wikis - https://phabricator.wikimedia.org/T304550 (10kostajh) >>! In T304550#8677050, @Sgs wrote: >> * **ce** search returns "There were no results matching the query." > I can't tell why... [13:28:51] 10Machine-Learning-Team, 10Add-Link, 10Growth-Team (Current Sprint), 10User-notice: Deploy "add a link" to 6th round of wikis - https://phabricator.wikimedia.org/T304550 (10kostajh) >>! In T304550#8683089, @kostajh wrote: >>>! In T304550#8677050, @Sgs wrote: >>> * **ce** search returns "There were no resul... [15:41:53] if anybody has time for a quick code review: https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/896371/ [15:44:56] on it! [15:45:49] thanksss [15:45:52] elukey: is this a conventions we need to follow? [15:45:58] _ vs - [15:46:21] yeah Andrew Otto asked us to use underscore in stream names, and I forgot that I had them set up like this in mediawiki-config [15:46:26] so now eventgate tells me [15:46:39] .. of schema at /mediawiki/revision/score/2.0.0 destined to stream mediawiki.revision-score-goodfaith is not allowed in stream; mediawiki.revision-score-goodfaith is configured but does not have any settings. [15:46:55] ack thanks! [15:47:27] let me know if you need any info about the ORES extension etc.. [15:47:33] LGTM! [15:47:58] thanks as well! [15:48:06] so now another round of deploymentes [15:48:07] sigh [15:48:20] deploymentes sounds Spanish ;) [15:50:41] definitely :D [15:50:54] also commented on the naming bit in the APIGW change [15:52:04] thanks, I'll wait for Hugh to comment, not sure if the change is in the right tpl [15:52:27] from the task Hugh mentioned the route one, but I think it may be misleading to people if we add it to it [15:53:11] with the new change we should be able to add /service/lw/inference as prefix with a helmfile config change [15:59:28] isaranto: not sure if you have followed the discussion about oauth and bots today, lemme know if you have ideas preferences etc.. [15:59:41] ideally we should document all use cases so people know what to choose [15:59:52] it will be very valuable for the ores migration [15:59:56] I saw this https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/896313/. [16:00:08] or is it irrelevant? anyway nice work on that one! [16:00:28] nono it is relevant, lemme summarize the idea [16:00:46] in theory with lift wing's api-gateway config we'll allow these use cases: [16:01:26] - no oauth token provided, the client will be rate limited in the anonymous groups with the rest, probably the first one that in case of need is throttled [16:01:59] - oauth provided, and in this case we'll see how logged-in users can be rate limited [16:02:51] in the latter use case though the bearer token can be retrieved in multiple ways, that differs basically for the token expiry time (from say a day to weeks) and the possibility to refresh the token or not [16:03:28] my main worry is to provide good documentation for the typical use case, like a researcher/community-member/etc.. owning a bot that scores revisions [16:03:35] cool, then I was already on board, thanks for clarifying thouhg [16:03:40] *though [16:03:51] super, do you have preferences with the above? Or does it sound good? [16:03:53] all sounds good/great to me! [16:04:13] super :) [16:04:45] please speak up anytime you see anything weird that I say on this matter, I am very ignorant in oauth [16:05:04] the only thing left then is rate-limiting for authenticated users [16:05:30] yeah and we have multiple possibility, like: do we rate limit on api-gw? Or on Lift Wing? [16:05:33] etc.. [16:05:51] I want to check if when a user is logged in on the api-gw we get some special http headers on the lift wing side [16:06:05] aa nice idea [16:24:05] tested autoscaling for goodfaith pods, it worked [16:30:06] 10Machine-Learning-Team, 10Add-Link, 10Growth-Team (Current Sprint), 10User-notice: Deploy "add a link" to 6th round of wikis - https://phabricator.wikimedia.org/T304550 (10Sgs) >>! In T304550#8683087, @kostajh wrote: > Visiting https://ch.wikipedia.org/wiki/Special:Random and https://cr.wikipedia.org/wiki... [16:38:08] all right logging off for today folks [16:38:14] have a good weekend! [16:41:05] 10Machine-Learning-Team, 10Add-Link, 10Growth-Team (Current Sprint), 10User-notice: Deploy "add a link" to 6th round of wikis - https://phabricator.wikimedia.org/T304550 (10kostajh) >>! In T304550#8683663, @Sgs wrote: >>>! In T304550#8683087, @kostajh wrote: >> Visiting https://ch.wikipedia.org/wiki/Specia... [16:50:44] logging off too , have a great weekend every1! [17:21:17] \o Heading out now as well