Page MenuHomePhabricator
Create Task
Maniphest T143553

Switching search traffic between datacenters should be faster
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

Currently, switching search traffic between datacenter requires a change in wmf-config. Traffic routing should be dynamic configuration, and should be extremely easy / fast to change in case of need.

It has been suggested to use etcd as a dynamic configuration store for this kind of configuration.

https://wikitech.wikimedia.org/wiki/Incident_documentation/20160818-Elasticsearch

Details

Other Assignee
RKemper
Related Changes in Gerrit:
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Gehel changed the point value for this task from 2 to 5.Jun 5 2023, 3:46 PM
Gehel moved this task from Incoming to Ready for Dev -- SRE/Ops on the Discovery-Search (Current work) board.
abi_ closed subtask T322284: Translate should have a way to configure readable and writable ttm services separately as Resolved.Jun 7 2023, 7:08 AM
Gehel added a project: Data-Platform-SRE.Jun 27 2023, 12:57 PM
Gehel moved this task from Incoming to Ready for Work on the Data-Platform-SRE board.
Gehel moved this task from Ready for Work to Misc on the Data-Platform-SRE board.Sep 13 2023, 8:55 AM
Gehel moved this task from Misc to Toil / Automation on the Data-Platform-SRE board.Dec 6 2023, 1:28 PM
bking mentioned this in T352872: Consider implementing Envoy for Elastic hosts.Dec 6 2023, 6:09 PM
Gehel removed a project: Discovery-Search (Current work).Jan 16 2024, 3:21 PM
Gehel added a project: Discovery-Search.
Gehel moved this task from needs triage to Ops / SRE on the Discovery-Search board.Jan 22 2024, 1:30 PM
Gehel moved this task from Toil / Automation to 2024.03.25 - 2024.04.14 on the Data-Platform-SRE board.Mar 22 2024, 8:58 AM
Gehel edited projects, added Data-Platform-SRE (2024.03.25 - 2024.04.14); removed Data-Platform-SRE.
Gehel moved this task from Backlog to Needs Review on the Data-Platform-SRE (2024.03.25 - 2024.04.14) board.Mar 22 2024, 9:07 AM
Gehel removed a project: Data-Platform-SRE (2024.03.25 - 2024.04.14).Apr 2 2024, 3:21 PM
Gehel moved this task from Ops / SRE to elastic / cirrus on the Discovery-Search board.
debt unsubscribed.Apr 4 2024, 2:33 PM
dcausse moved this task from elastic / cirrus to needs triage on the Discovery-Search board.Apr 1 2025, 2:24 PM
EBernhardson claimed this task.Apr 1 2025, 6:48 PM
EBernhardson edited projects, added Discovery-Search (2025.03.22 - 2025.04.11); removed Discovery-Search.
EBernhardson moved this task from Incoming to Needs Review on the Discovery-Search (2025.03.22 - 2025.04.11) board.Apr 1 2025, 8:45 PM
EBernhardson mentioned this in T390612: Search requests failing due to connection closure.Apr 3 2025, 4:35 PM
Gehel edited projects, added Discovery-Search (2025.04.11 - 2025.05.02); removed Discovery-Search (2025.03.22 - 2025.04.11).Apr 11 2025, 1:25 PM
Gehel moved this task from Incoming to Needs Review on the Discovery-Search (2025.04.11 - 2025.05.02) board.
EBernhardson added a comment.Apr 14 2025, 4:58 PM

When rolling this out we will also need to review envoy related alerts and make sure they are updated to the new discovery dns envoy cluster names.

gerritbot added a comment.Apr 14 2025, 5:04 PM

Change #1136422 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/alerts@master] search: Update envoy alerts for discovery dns names

https://gerrit.wikimedia.org/r/1136422

gerritbot added a project: Patch-For-Review.Apr 14 2025, 5:04 PM
gerritbot added a comment.Apr 24 2025, 9:01 AM

Change #1136422 merged by jenkins-bot:

[operations/alerts@master] search: Update envoy alerts for discovery dns names

https://gerrit.wikimedia.org/r/1136422

Gehel edited projects, added Discovery-Search (2025.05.02 - 2025.05.23); removed Discovery-Search (2025.04.11 - 2025.05.02).May 5 2025, 2:20 PM
Gehel moved this task from Incoming to Needs Review on the Discovery-Search (2025.05.02 - 2025.05.23) board.
gerritbot added a comment.May 6 2025, 1:19 PM

Change #838182 merged by Bking:

[operations/puppet@production] envoy: Add service proxys for cirrussearch read traffic

https://gerrit.wikimedia.org/r/838182

gerritbot added a comment.May 8 2025, 4:38 PM

Change #1143617 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/dns@master] search: add discovery records for secondary clusters

https://gerrit.wikimedia.org/r/1143617

gerritbot added a comment.May 8 2025, 5:09 PM

Change #1143622 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/puppet@production] search: Update dnsdisc envoy upstreams

https://gerrit.wikimedia.org/r/1143622

gerritbot added a comment.May 8 2025, 6:07 PM

Change #1143633 had a related patch set uploaded (by Bking; author: Bking):

[operations/puppet@production] cirrussearch: Add cluster-specific domain name as a SAN

https://gerrit.wikimedia.org/r/1143633

gerritbot added a comment.May 9 2025, 7:55 PM

Change #1143891 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/dns@master] search: cname specific search clusters to the lvs pool

https://gerrit.wikimedia.org/r/1143891

Gehel moved this task from Needs Review to In Progress on the Discovery-Search (2025.05.02 - 2025.05.23) board.May 12 2025, 3:29 PM
gerritbot added a comment.May 12 2025, 7:16 PM

Change #1143633 merged by Bking:

[operations/puppet@production] cirrussearch: Add cluster-specific domain name as a SAN

https://gerrit.wikimedia.org/r/1143633

gerritbot added a comment.May 12 2025, 7:33 PM

Change #1143891 merged by Bking:

[operations/dns@master] search: cname specific search clusters to the lvs pool

https://gerrit.wikimedia.org/r/1143891

gerritbot added a comment.May 12 2025, 7:33 PM

Change #1143617 merged by Bking:

[operations/dns@master] search: add discovery records for secondary clusters

https://gerrit.wikimedia.org/r/1143617

gerritbot added a comment.May 13 2025, 5:32 PM

Change #1145278 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/puppet@production] etcd data for search-{psi,omega} dns discovery

https://gerrit.wikimedia.org/r/1145278

RKemper subscribed.May 13 2025, 9:53 PM

Order of operations: cnames in LVS (https://gerrit.wikimedia.org/r/c/operations/dns/+/1145276) -> etcd data for psi & omega (https://gerrit.wikimedia.org/r/c/operations/puppet/+/1145278/) -> dyna records (https://gerrit.wikimedia.org/r/c/operations/dns/+/1145277) -> update dnsdisc envoy upstreams https://gerrit.wikimedia.org/r/c/operations/puppet/+/1143622

gerritbot added a comment.May 14 2025, 8:11 PM

Change #1145278 merged by Bking:

[operations/puppet@production] etcd data for search-{psi,omega} dns discovery

https://gerrit.wikimedia.org/r/1145278

gerritbot added a comment.May 14 2025, 8:31 PM

Change #1143622 merged by Bking:

[operations/puppet@production] search: Update dnsdisc envoy upstreams

https://gerrit.wikimedia.org/r/1143622

gerritbot added a comment.May 14 2025, 9:10 PM

Change #1146075 had a related patch set uploaded (by Ryan Kemper; author: Ssingh):

[operations/puppet@production] Revert "etcd data for search-{psi,omega} dns discovery"

https://gerrit.wikimedia.org/r/1146075

gerritbot added a comment.May 14 2025, 9:10 PM

Change #1146075 merged by Ryan Kemper:

[operations/puppet@production] Revert "etcd data for search-{psi,omega} dns discovery"

https://gerrit.wikimedia.org/r/1146075

bking added a comment.May 14 2025, 9:26 PM

Unfortunately, we had to roll back these changes for the second day in a row, and during the process, we set off alerts that paged on-call SREs.

The OpenSearch migration (T388610) is our primary focus for now, so let's revisit this ticket after the migration so we can give it the full attention it deserves.

bking added subscribers: ssingh, BCornwall.May 14 2025, 9:26 PM
bking moved this task from In Progress to Blocked / Waiting on the Discovery-Search (2025.05.02 - 2025.05.23) board.May 19 2025, 3:32 PM
Gehel edited projects, added Discovery-Search (2025.05.24 - 2025.06.13); removed Discovery-Search (2025.05.02 - 2025.05.23).May 23 2025, 1:01 PM
Gehel moved this task from Incoming to Blocked / Waiting on the Discovery-Search (2025.05.24 - 2025.06.13) board.
Gehel added a project: Data-Platform-SRE (2025.05.24 - 2025.06.13).May 27 2025, 2:59 PM
gerritbot added a comment.May 27 2025, 7:28 PM

Change #1151300 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/puppet@production] search: Add dnsdisc entries for omega and psi clusters

https://gerrit.wikimedia.org/r/1151300

gerritbot added a comment.May 27 2025, 7:41 PM

Change #1151303 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/dns@master] Add search-{psi,omega}.svc.$dc.wmnet cnames

https://gerrit.wikimedia.org/r/1151303

RKemper added a comment.EditedMay 27 2025, 7:46 PM

new proposed order of operations:

etcd data (https://gerrit.wikimedia.org/r/c/operations/puppet/+/1151308/)

puppet patch for service.yaml dnsdisc entries (https://gerrit.wikimedia.org/r/c/operations/puppet/+/1151300) ->

conftool commands for dnsdisc (https://wikitech.wikimedia.org/wiki/LVS#For_active/active_services)

dns patch for geoip dyna records (https://gerrit.wikimedia.org/r/c/operations/dns/+/1151304) ->

dns patch for cnames (https://gerrit.wikimedia.org/r/c/operations/dns/+/1151303) ->

puppet patch for envoy upstream config change (https://gerrit.wikimedia.org/r/c/operations/puppet/+/1151316)

gerritbot added a comment.May 27 2025, 7:55 PM

Change #1151308 had a related patch set uploaded (by Bking; author: Bking):

[operations/puppet@production] etcd data for search-{psi,omega} dns discovery

https://gerrit.wikimedia.org/r/1151308

gerritbot added a comment.May 27 2025, 8:22 PM

Change #1151316 had a related patch set uploaded (by Bking; author: Bking):

[operations/puppet@production] search: Update dnsdisc envoy upstreams

https://gerrit.wikimedia.org/r/1151316

Gehel moved this task from Backlog - project to Backlog - operations on the Data-Platform-SRE (2025.05.24 - 2025.06.13) board.May 28 2025, 9:49 AM
gerritbot added a comment.Jun 3 2025, 7:48 PM

Change #1151304 had a related patch set uploaded (by Ryan Kemper; author: Ebernhardson):

[operations/dns@master] search: Add search-{psi,omega} geoip discovery entries

https://gerrit.wikimedia.org/r/1151304

bking moved this task from Backlog - operations to In Progress on the Data-Platform-SRE (2025.05.24 - 2025.06.13) board.Jun 11 2025, 4:25 PM
bking updated Other Assignee, added: RKemper.
gerritbot added a comment.Jun 11 2025, 5:37 PM

Change #1151308 merged by Ryan Kemper:

[operations/puppet@production] etcd data for search-{psi,omega} dns discovery

https://gerrit.wikimedia.org/r/1151308

Stashbot added a comment.Jun 11 2025, 5:37 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-11T17:37:56Z] <ryankemper> T143553 Merged https://gerrit.wikimedia.org/r/c/operations/puppet/+/1151308 (first patch in plan https://phabricator.wikimedia.org/T143553#10861215)

gerritbot added a comment.Jun 11 2025, 5:46 PM

Change #1151300 merged by Ryan Kemper:

[operations/puppet@production] search: Add dnsdisc entries for omega and psi clusters

https://gerrit.wikimedia.org/r/1151300

Stashbot added a comment.Jun 11 2025, 5:48 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-11T17:48:35Z] <ryankemper> T143553 Merged https://gerrit.wikimedia.org/r/c/operations/puppet/+/1151300 to add dnsdisc entries for omega/psi clusters (second patch in plan https://phabricator.wikimedia.org/T143553#10861215)

Stashbot added a comment.Jun 11 2025, 5:50 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-11T17:50:52Z] <sukhe> running agent on A:dnsbox T143553

Stashbot added a comment.Jun 11 2025, 5:57 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-11T17:57:02Z] <ryankemper> T143553 Pooled dns-disc=search-(omega|psi) per plan in https://phabricator.wikimedia.org/T143553#10861215

gerritbot added a comment.Jun 11 2025, 6:02 PM

Change #1151304 merged by Ryan Kemper:

[operations/dns@master] search: Add search-{psi,omega} geoip discovery entries

https://gerrit.wikimedia.org/r/1151304

gerritbot added a comment.Jun 11 2025, 6:05 PM

Change #1151303 merged by Ryan Kemper:

[operations/dns@master] Add search-{psi,omega}.svc.$dc.wmnet cnames

https://gerrit.wikimedia.org/r/1151303

Stashbot added a comment.Jun 11 2025, 6:08 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-11T18:08:45Z] <sukhe> sudo cumin 'A:lvs-secondary-eqiad or A:lvs-secondary-codfw' 'run-puppet-agent': T143553

Stashbot added a comment.Jun 11 2025, 6:10 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-11T18:10:57Z] <sukhe> sudo cumin 'A:lvs-low-traffic-eqiad or A:lvs-low-traffic-codfw' 'run-puppet-agent': T143553

gerritbot added a comment.Jun 11 2025, 6:19 PM

Change #1151316 merged by Ryan Kemper:

[operations/puppet@production] search: Update dnsdisc envoy upstreams

https://gerrit.wikimedia.org/r/1151316

RKemper moved this task from In Progress to Blocked/Waiting on the Data-Platform-SRE (2025.05.24 - 2025.06.13) board.Jun 11 2025, 6:26 PM

We deployed this per the plan outlined in https://phabricator.wikimedia.org/T143553#10861215 (with the addition of some authdns updates and other stuff). Everything looks good; we should be ready to continue ahead on the next mediawiki train.

Gehel edited projects, added Data-Platform-SRE (2025.06.13 - 2025.07.04); removed Data-Platform-SRE (2025.05.24 - 2025.06.13).Jun 13 2025, 8:48 AM
Gehel moved this task from Backlog - project to Blocked/Waiting on the Data-Platform-SRE (2025.06.13 - 2025.07.04) board.
Gehel edited projects, added Discovery-Search (2025.06.13 - 2025.07.04); removed Discovery-Search (2025.05.24 - 2025.06.13).Jun 16 2025, 1:35 PM
Gehel moved this task from Incoming to Blocked / Waiting on the Discovery-Search (2025.06.13 - 2025.07.04) board.
gerritbot added a comment.Jun 18 2025, 8:26 PM

Change #838270 merged by jenkins-bot:

[operations/mediawiki-config@master] cirrus: Add services for read operations

https://gerrit.wikimedia.org/r/838270

Stashbot added a comment.Jun 18 2025, 8:26 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-18T20:26:48Z] <ebernhardson@deploy1003> Started scap sync-world: Backport for [[gerrit:838270|cirrus: Add services for read operations (T143553)]]

Stashbot added a comment.Jun 18 2025, 8:29 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-18T20:29:07Z] <ebernhardson@deploy1003> ebernhardson: Backport for [[gerrit:838270|cirrus: Add services for read operations (T143553)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.

Stashbot added a comment.Jun 18 2025, 8:38 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-18T20:37:59Z] <ebernhardson@deploy1003> Finished scap sync-world: Backport for [[gerrit:838270|cirrus: Add services for read operations (T143553)]] (duration: 11m 11s)

gerritbot added a comment.Jun 18 2025, 8:54 PM

Change #838271 merged by jenkins-bot:

[operations/mediawiki-config@master] Use discovery dns for elasticsearch read traffic

https://gerrit.wikimedia.org/r/838271

Stashbot added a comment.Jun 18 2025, 8:54 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-18T20:54:38Z] <ebernhardson@deploy1003> Started scap sync-world: Backport for [[gerrit:838271|Use discovery dns for elasticsearch read traffic (T143553)]]

Stashbot added a comment.Jun 18 2025, 8:56 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-18T20:56:52Z] <ebernhardson@deploy1003> ebernhardson: Backport for [[gerrit:838271|Use discovery dns for elasticsearch read traffic (T143553)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.

Stashbot added a comment.Jun 18 2025, 9:04 PM

Mentioned in SAL (#wikimedia-operations) [2025-06-18T21:04:52Z] <ebernhardson@deploy1003> Finished scap sync-world: Backport for [[gerrit:838271|Use discovery dns for elasticsearch read traffic (T143553)]] (duration: 10m 14s)

bking mentioned this in T397377: Update Elasticsearch/OpenSearch dashboards and alerts post-Envoy enablement.Jun 18 2025, 9:30 PM
EBernhardson added a comment.Jun 20 2025, 7:48 PM

This is mostly done, read traffic is all flowing through the dns-disc endpoints. Traffic can now move with the same tooling as everything else. Not quite done yet, as T397377 was opened for a change we noticed in the dashboards.

EBernhardson moved this task from Blocked / Waiting to In Progress on the Discovery-Search (2025.06.13 - 2025.07.04) board.Jun 23 2025, 3:16 PM
Gehel added a comment.Jun 23 2025, 3:16 PM

We should make a test of moving traffic. This should be a simple conftool command, which needs SRE super power.

EBernhardson added a comment.EditedJun 23 2025, 4:57 PM

In theory we should be able to depool codfw like so, causing all traffic to move to eqiad (from https://wikitech.wikimedia.org/wiki/DNS/Discovery):

for cluster in search-omega search-psi search; do
  sudo confctl --object-type discovery select "dnsdisc=${cluster},name=codfw" set/pooled=false
done

This can then be reversed with:

for cluster in search-omega search-psi search; do
  sudo confctl --object-type discovery select "dnsdisc=${cluster},name=codfw" set/pooled=true
done
EBernhardson moved this task from Blocked/Waiting to Done on the Data-Platform-SRE (2025.06.13 - 2025.07.04) board.Jun 23 2025, 7:14 PM

Traffic test complete, moved as expected. Commands have been documented at https://wikitech.wikimedia.org/wiki/Search/Elasticsearch_Administration#Multi-DC_%2F_Multi-Cluster_Operations

Dashboard updates still need to be performed, but there is a separate ticket for that.

EBernhardson moved this task from In Progress to Done on the Discovery-Search (2025.06.13 - 2025.07.04) board.Jun 24 2025, 7:09 PM
Gehel moved this task from Done to Reported on the Discovery-Search (2025.06.13 - 2025.07.04) board.Jun 27 2025, 8:25 AM
Gehel moved this task from Done to Reported on the Data-Platform-SRE (2025.06.13 - 2025.07.04) board.Jun 27 2025, 2:46 PM
Gehel closed this task as Resolved.Jun 27 2025, 3:00 PM
bking mentioned this in T398070: Migrate CirrusSearch TLS termination from nginx to envoy.Jun 27 2025, 4:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits