Create a mwdebug deployment for mediawiki on kubernetes
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Joe
	May 18 2021, 7:46 AM

Description

We need to create a deployment on k8s corresponding to our current mwdebug cluster, for functional testing of our mediawiki on kubernetes installation first, and to use as mwdebug service in the future.

Create namespace, user on all kubernetes service clusters
Create a mediawiki "mwdebug" deployment
Functional testing of the new mwdebug cluster on k8s
Add a mechanism to the traffic layer to point to this installation
Add a kubernetes option to the mwdebug browser extension
Add a new build variant to mediawiki-multiversion that installs php-tideways-xhprof
Filter MediaWiki logs from mediawiki on kubernetes to a separate dashboard.
Implement a simple mechanism for deployers to deploy to mediawiki on kubernetes when they deploy with scap

Details

Subject	Repo	Branch	Lines +/-
trafficserver::text: open mwdebug on k8s again	operations/puppet	production	+2 -29
Add the experimental kubernetes backend to mwdebug	operations/mediawiki-config	master	+2 -1
profile::trafficserver: fix mwdebug on k8s support	operations/puppet	production	+18 -1
Add mwdebug discovery record	operations/dns	master	+2 -0
add mwdebug service to LVS 5	operations/puppet	production	+1 -1
add mwdebug service to LVS 5	operations/puppet	production	+1 -1
add mwdebug service to LVS 4	operations/puppet	production	+2 -5
add mwdebug service to LVS 3	operations/puppet	production	+1 -1
add mwdebug service to LVS 2	operations/puppet	production	+41 -0
Add discovery for mwdebug	operations/dns	master	+2 -0
Add discovery for mwdebug	operations/dns	master	+2 -0
conftool-data: add mwdebug discovery 1	operations/puppet	production	+1 -0
Add entries for mwdebug service	operations/dns	master	+2 -0
mwdebug: add helmfile configuration	operations/deployment-charts	master	+224 -1
Add kubernetes mwdebug user	labs/private	master	+8 -0
Add a namespace for mwdebug service	operations/deployment-charts	master	+1 -0
Add tokens and users for mwdebug service	operations/puppet	production	+10 -0
Add tokens for mwdebug service	labs/private	master	+4 -0

Related Objects
Search...

Status	Assigned	Task
Stalled	None	T255792 Quibble runs core:unit tests twice!
Open	None	T328919 Upgrade to PHPUnit 10
Open	None	T338103 Micro-optimize ApiResult::isMetadataKey with str_starts_with once we support PHP8+
Open	None	T328921 Drop PHP 7.4 support from MediaWiki
Stalled	None	T334726 Use return type `never` in Wikibase
Open	None	T328922 Drop PHP 8.0 support from MediaWiki
Stalled	None	T319055 Upgrade to psr/container 2.x
Stalled	Krinkle	T319432 Migrate WMF production from PHP 7.4 to PHP 8.1
Open	None	T291916 Tracking task for Bullseye migrations in production
Stalled	None	T356293 Migrate MW appservers' base images to bullseye
Open	None	T290536 Serve production traffic via Kubernetes
Resolved	Joe	T283056 Create a mwdebug deployment for mediawiki on kubernetes
Resolved	Joe	T284417 Add the puppet CA to the MediaWiki deployment
Resolved	None	T284418 Add conditional to mediawiki-config for stuff running on kubernetes
Resolved	jijiki	T284420 Add all redis and memcached backends to mw on k8s automatically
Resolved	jijiki	T284421 Enable TLS termination on the mwdebug deployment. fix the service definition in the chart
Resolved	dancy	T284581 Ownership of the /tmp/mw-cache directories should be www-data in the mediawiki-multiversion image
Resolved	dancy	T284582 The restricted/mediawiki-multiversion image should include the production version of private/PrivateSettings.php
Resolved	Joe	T285298 Make all httpbb tests pass on the mwdebug deployment.
Resolved	Joe	T285309 Install wiki-specific php extensions in the mediawiki production image
Resolved	jeena	T285325 Check out www-portals repo in the mediawiki-webserver and in the mediawiki-multiversion images
Resolved	Joe	T285232 The restricted/mediawiki-webserver image should include skins and resources
Resolved	Joe	T286491 Access mwdebug kubernetes deployment via the 'X-Wikimedia-Debug' header
Resolved	dancy	T287512 GitInfo is missing from mwdebug-kubernetes deployment
Resolved	Joe	T287570 Ensure the code is deployed to mediawiki on k8s when it is deployed to production
Resolved	• dpifke	T288164 Ensure WikimediaDebug "log" and "profile" features work with k8s-mwdebug
Resolved	dancy	T287495 Create a variant of mediawiki-multiversion which installs php-tideways-xhprof
Resolved	Joe	T288851 Make logging work for mediawiki in k8s
Resolved	Clement_Goubert	T326794 Ingest php-slowlog in logstash
Resolved	colewhite	T328318 Index orchestrator object fields from ECS 1.11.0 in OpenSearch
Resolved	jijiki	T290485 mediawiki-debug image does not produce profiling info
Resolved	• dpifke	T288165 Create separate ArcLamp pipeline for k8s-mwdebug
Resolved	Legoktm	T288848 Make HTTP calls work within mediawiki on kubernetes

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Joe triaged this task as High priority.May 18 2021, 7:46 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 18 2021, 7:46 AM

jijiki updated the task description. (Show Details)May 18 2021, 5:21 PM

Change 692667 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] Add tokens and users for mwdebug service

https://gerrit.wikimedia.org/r/692667

gerritbot added a project: Patch-For-Review.May 18 2021, 5:30 PM

Change 692672 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[labs/private@master] Add tokens and users for mwdebug

https://gerrit.wikimedia.org/r/692672

Change 692672 merged by Effie Mouzeli:

[labs/private@master] Add tokens for mwdebug service

https://gerrit.wikimedia.org/r/692672

Change 692667 merged by Effie Mouzeli:

[operations/puppet@production] Add tokens and users for mwdebug service

https://gerrit.wikimedia.org/r/692667

jijiki mentioned this in rLPRI4c4b84f0929d: Add tokens for mwdebug service.May 20 2021, 6:57 AM

Maintenance_bot removed a project: Patch-For-Review.May 20 2021, 7:10 AM

Change 693124 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/deployment-charts@master] Add a namespace for mwdebug service

https://gerrit.wikimedia.org/r/693124

gerritbot added a project: Patch-For-Review.May 20 2021, 7:33 AM

Change 693124 merged by jenkins-bot:

[operations/deployment-charts@master] Add a namespace for mwdebug service

https://gerrit.wikimedia.org/r/693124

Maintenance_bot removed a project: Patch-For-Review.May 20 2021, 8:10 AM

Joe updated the task description. (Show Details)May 20 2021, 12:41 PM

Change 693169 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[labs/private@master] Add kubernetes mwdebug user

https://gerrit.wikimedia.org/r/693169

gerritbot added a project: Patch-For-Review.May 20 2021, 2:39 PM

Change 693169 merged by Effie Mouzeli:

[labs/private@master] Add kubernetes mwdebug user

https://gerrit.wikimedia.org/r/693169

jijiki updated the task description. (Show Details)May 20 2021, 4:12 PM

jijiki mentioned this in rLPRI9a0c30a3f2e6: Add kubernetes mwdebug user.May 20 2021, 4:13 PM

Maintenance_bot removed a project: Patch-For-Review.May 20 2021, 5:10 PM

Change 693875 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/deployment-charts@master] mwdebug: add helmfile configuration

https://gerrit.wikimedia.org/r/693875

gerritbot added a project: Patch-For-Review.Jun 1 2021, 10:10 AM

Change 693875 merged by Effie Mouzeli:

[operations/deployment-charts@master] mwdebug: add helmfile configuration

https://gerrit.wikimedia.org/r/693875

Maintenance_bot removed a project: Patch-For-Review.Jun 1 2021, 11:10 AM

Joe moved this task from Backlog to In Progress on the MW-on-K8s board.Jun 4 2021, 8:43 AM

Joe updated the task description. (Show Details)Jun 5 2021, 2:48 PM

After solving various problems with the deployment, the situation now is:

curl -H 'Host: en.wikipedia.org' http://10.64.75.196:8080/wiki/Main_Page
<br />
<b>Fatal error</b>:  Uncaught ConfigException: Failed to load configuration from etcd: (curl error: 60) SSL peer certificate or SSH remote key was not OK in /srv/mediawiki/php-1.37.0-wmf.4/includes/config/EtcdConfig.php:205

We definitely need to add the puppet CA at the very least to the php container. We also have the alternative of adding new discovery endpoints from envoy, but I think it's worth actually adding the certificate to the image inside /etc/ssl/certs/ca-certificates.crt which we can easily add via a configmap.

dancy closed subtask T284581: Ownership of the /tmp/mw-cache directories should be www-data in the mediawiki-multiversion image as Resolved.Jun 8 2021, 6:24 PM

dancy closed subtask T284582: The restricted/mediawiki-multiversion image should include the production version of private/PrivateSettings.php as Resolved.Jun 8 2021, 7:35 PM

jijiki added a project: User-jijiki.Jun 24 2021, 3:49 PM

Joe closed subtask T284417: Add the puppet CA to the MediaWiki deployment as Resolved.Jun 25 2021, 3:07 PM

Joe closed subtask T284421: Enable TLS termination on the mwdebug deployment. fix the service definition in the chart as Resolved.Jun 28 2021, 9:46 AM

jijiki closed subtask T284420: Add all redis and memcached backends to mw on k8s automatically as Resolved.Jun 28 2021, 9:50 AM

I've deployed the mwdebug deployment to all clusters; for now it's running pinned to kubernetes1017/kubernetes2017 via a nodeSelector constraint, so that new copies of the mediawiki image can be deployed by pre-pulling them with

$ sudo cumin 'kubernetes*017*' 'docker --config /var/lib/kubelet pull docker-registry.discovery.wmnet/restricted/mediawiki-multiversion:2021-07-01-232810-publish'

before running helmfile.

jijiki added a subtask: T286491: Access mwdebug kubernetes deployment via the 'X-Wikimedia-Debug' header.Jul 12 2021, 4:48 PM

jijiki moved this task from Inbox 🐅 to In Progress 🏋️‍♀️ on the User-jijiki board.Jul 12 2021, 4:52 PM

Change 704799 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] conftool-data: add mwdebug discovery

https://gerrit.wikimedia.org/r/704799

gerritbot added a project: Patch-For-Review.Jul 15 2021, 2:44 PM

Change 704948 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/dns@master] Add entries for mwdebug service

https://gerrit.wikimedia.org/r/704948

Change 704964 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] service::catalog: add mwdebug service 2

https://gerrit.wikimedia.org/r/704964

Change 704948 merged by Effie Mouzeli:

[operations/dns@master] Add entries for mwdebug service

https://gerrit.wikimedia.org/r/704948

Change 705860 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/dns@master] Add discovery for mwdebug

https://gerrit.wikimedia.org/r/705860

Change 704799 merged by Effie Mouzeli:

[operations/puppet@production] conftool-data: add mwdebug discovery 1

https://gerrit.wikimedia.org/r/704799

Change 705860 abandoned by Effie Mouzeli:

[operations/dns@master] Add discovery for mwdebug

Reason:

nah

https://gerrit.wikimedia.org/r/705860

Change 705862 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/dns@master] Add discovery for mwdebug

https://gerrit.wikimedia.org/r/705862

Change 705862 merged by Effie Mouzeli:

[operations/dns@master] Add discovery for mwdebug

https://gerrit.wikimedia.org/r/705862

Change 704964 merged by Effie Mouzeli:

[operations/puppet@production] add mwdebug service to LVS 2

https://gerrit.wikimedia.org/r/704964

Change 706340 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] add mwdebug service to LVS 3

https://gerrit.wikimedia.org/r/706340

Change 706355 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] add mwdebug service to LVS 4

https://gerrit.wikimedia.org/r/706355

Change 706356 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] add mwdebug service to LVS 5

https://gerrit.wikimedia.org/r/706356

Change 706340 merged by Effie Mouzeli:

[operations/puppet@production] add mwdebug service to LVS 3

https://gerrit.wikimedia.org/r/706340

Change 706355 merged by Effie Mouzeli:

[operations/puppet@production] add mwdebug service to LVS 4

https://gerrit.wikimedia.org/r/706355

Change 706356 abandoned by Effie Mouzeli:

[operations/puppet@production] add mwdebug service to LVS 5

Reason:

rebase hell

https://gerrit.wikimedia.org/r/706356

Change 706502 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] add mwdebug service to LVS 5

https://gerrit.wikimedia.org/r/706502

Change 706502 merged by Effie Mouzeli:

[operations/puppet@production] add mwdebug service to LVS 5

https://gerrit.wikimedia.org/r/706502

Change 706506 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/dns@master] Add mwdebug discovery record

https://gerrit.wikimedia.org/r/706506

Change 706506 merged by Effie Mouzeli:

[operations/dns@master] Add mwdebug discovery record

https://gerrit.wikimedia.org/r/706506

Change 708248 had a related patch set uploaded (by Giuseppe Lavagetto; author: Giuseppe Lavagetto):

[operations/puppet@production] profile::trafficserver: fix mwdebug on k8s support

https://gerrit.wikimedia.org/r/708248

Change 708248 merged by Giuseppe Lavagetto:

[operations/puppet@production] profile::trafficserver: fix mwdebug on k8s support

https://gerrit.wikimedia.org/r/708248

Joe updated the task description. (Show Details)Jul 27 2021, 9:23 AM

Change 708255 had a related patch set uploaded (by Giuseppe Lavagetto; author: Giuseppe Lavagetto):

[operations/mediawiki-config@master] Add the experimental kubernetes backend to mwdebug

https://gerrit.wikimedia.org/r/708255

Change 708255 merged by jenkins-bot:

[operations/mediawiki-config@master] Add the experimental kubernetes backend to mwdebug

https://gerrit.wikimedia.org/r/708255

Mentioned in SAL (#wikimedia-operations) [2021-07-27T11:20:32Z] <oblivian@deploy1002> Synchronized debug.json: Config: [[gerrit:708255|Add the experimental kubernetes backend to mwdebug (T283056)]] (duration: 00m 56s)

Status update:

the mwdebug installation is now reachable from external users via the Wikimedia Debug browser extension. As of today, the following things don't work:

The release currently working on the mwdebug server is not the one that is currently deployed everywhere else. We need to make it simple for deployers to also deploy the code to mwdebug on k8s.
Profiling doesn't work because we need to create a new variant of the mediawiki image which includes tideways-xhprof

Joe updated the task description. (Show Details)Jul 27 2021, 4:10 PM

Joe updated the task description. (Show Details)

dancy subscribed.Jul 27 2021, 4:14 PM

Joe closed subtask T286491: Access mwdebug kubernetes deployment via the 'X-Wikimedia-Debug' header as Resolved.Jul 27 2021, 4:14 PM

• dpifke subscribed.Jul 27 2021, 4:51 PM

ArielGlenn subscribed.Jul 28 2021, 9:52 AM

Tarrow subscribed.Jul 28 2021, 9:58 AM

• ema subscribed.Aug 2 2021, 8:55 AM

Change 709392 had a related patch set uploaded (by Giuseppe Lavagetto; author: Giuseppe Lavagetto):

[operations/puppet@production] trafficserver::text: open mwdebug on k8s again

https://gerrit.wikimedia.org/r/709392

Change 709392 merged by Giuseppe Lavagetto: