Page MenuHomePhabricator

Find a better auth mechanism for logstash in labs
Closed, ResolvedPublic

Description

Due to the concerns about sending passwords with any material value into the labs environment, the logstash instances in labs use a shared password that is published on officewiki to allow access. This should be replaced with a better authentication mechanism such as openid from wikitech.


Version: wmf-deployment
Severity: normal

Details

Reference
bz61754

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:01 AM
bzimport set Reference to bz61754.
bzimport added a subscriber: Unknown Object (MLST).

Alternately, we could figure out what is sensitive log information from the beta labs feed and scrub it out before writing log events into elasticsearch. Then we could allow everyone into the logstash logs without needing authentication.

https://gerrit.wikimedia.org/r/152932

it is now stored within the project, accessible for roots on the deployment-bastion instance

If we implement T76784: Make logstash in beta public instead we can just decline this as irrelevant.

If we implement T76784: Make logstash in beta public instead we can just decline this as irrelevant.

Done long ago.