You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org

Difference between revisions of "Shellbox"

From Wikitech-static
Jump to navigation Jump to search
imported>Legoktm
(link to Score-specific dashboard)
imported>Legoktm
(→‎Shellboxes: update, add planned shellboxes)
Line 14: Line 14:


== Shellboxes ==
== Shellboxes ==
We currently have two Shellboxes deployed:
We currently have two Shellboxes in active use with more on the way:


* shellbox: for Score, with lilypond, ghostscript, fluidsynth, lame installed
* shellbox: for Score, with lilypond, ghostscript, fluidsynth, lame and noto fonts installed
**Available internally at https://shellbox.discovery.wmnet:4008 and http://localhost:6024 on appservers
**Available internally at https://shellbox.discovery.wmnet:4008 and http://localhost:6024 on appservers
**[[phab:T281423|T281423: New Service Request Shellbox]]
**[[phab:T281423|T281423: New Service Request Shellbox]]
Line 24: Line 24:
**[[phab:T285104|T285104: Deploy Shellbox instance (shellbox-constraints) for Wikidata constraint regexes]]
**[[phab:T285104|T285104: Deploy Shellbox instance (shellbox-constraints) for Wikidata constraint regexes]]
**8 replicas, 1 CPU / 2G memory per pod, 10s timeout
**8 replicas, 1 CPU / 2G memory per pod, 10s timeout
*shellbox-media: TBD
*shellbox-syntaxhighlight: for SyntaxHighlight, with pygments installed
**Available internally at TBD
**[[phab:T289227|T289227: Convert SyntaxHighlight to use Shellbox]]
**4 replicas, 1 CPU / 2G memory per pod, ?? timeout
*shellbox-timeline: for EasyTimeline, with librsvg, perl, ploticus and various fonts installed
**Available internally at TBD
**[[phab:T289226|T289226: Convert EasyTimeline extension to use Shellbox]]
**4 replicas, 1 CPU / 2G memory per pod, ?? timeout


== Monitoring ==
== Monitoring ==

Revision as of 18:24, 15 September 2021

Shellbox safely sandboxes unsafe command execution.

Shellbox is a library for remote command execution, and a server for secure command execution. It was primarily implemented to sandbox lilypond (used by the Score extension) and provide a way for MediaWiki to utilize external binaries without needing them to be in the same container. Shellbox relies on Kubernetes (and Linux containers/namespaces) to provide isolation and resource limits for external commands.

Documentation for integration in MediaWiki is available at mw:Shellbox, operational aspects are here on Wikitech.

Architecture

Architecture overview of Shellbox

Requests come into an Apache httpd container, which contains the Shellbox secret key as a configmap. The request is passed onto a php-fpm container, which contains the Shellbox code and necessary binaries. Once the request is authenticated, Shellbox executes the command as the www-data user. The response is then sent back. Yeah.

MediaWiki talks to Shellbox over a local envoyproxy.

Shellboxes

We currently have two Shellboxes in active use with more on the way:

Monitoring

Shellbox provides a /healthz endpoint that can be used to quickly check if the service is up, e.g.:

user@host$ curl https://shellbox.discovery.wmnet:4008/healthz
{
    "__": "Shellbox running",
    "pid": 10782
}

All other requests are harder to externally construct since they need to be signed with the Shellbox secret key.

Bugs should be reported/tracked in #Shellbox on Phabricator.

Logs

All logs from httpd and php-fpm should end up in logstash. You can filter for a specific Shellbox deployment with kubernetes.namespace_name:"shellbox-constraints". The actual log text is under the field log (not message like MediaWiki).

All Shellbox invocations should still be logged under MediaWiki's exec log channel too.

Source code