Page MenuHomePhabricator
Create Task
Maniphest T156009

Create an etcd cluster in codfw
Closed, ResolvedPublic
Actions

Description

We need to set up a second etcd cluster in codfw.

I would adopt the following tactics:

  • Create a 3-node cluster on the conf2xxx servers already used for ZK
  • Use an nginx proxy instead of the builtin etcd auth for additional scalability
  • Replicate from the eqiad cluster with a process we can start/stop depending on which of the two clusters is the master.

Unfortunately the replication would be very easy to accomplish with etcd 3, as etcdctl has a "mirror maker" function that allows to do just that.

I'd stay short of suggesting we upgrade to etcd3 at the moment (although it might be a good idea at a later point).

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
profile::etcd::replication: refactor to make failover easieroperations/puppetproduction+89 -22
role::configcluster: enable replication from eqiad to codfwoperations/puppetproduction+72 -0
etcd: add missing group definition for codfw clusteroperations/puppetproduction+3 -0
conf2xx: install etcd clusteroperations/puppetproduction+58 -14
Add SRV records for etcd peer discovery in codfwoperations/dnsmaster+5 -0
profile::etcd::tlsproxy: nginx auth proxy for etcdoperations/puppetproduction+123 -0
role::etcd::common: move to profile, refactoroperations/puppetproduction+146 -15
etcd: add ability to use a TLS/auth proxyoperations/puppetproduction+20 -6
Customize query in gerrit

Related Objects
Search...

Event Timeline

Joe created this task.Jan 23 2017, 3:29 PM
Joe added a project: User-Joe.
Joe claimed this task.Jan 24 2017, 8:34 AM
Joe moved this task from Backlog to Doing on the User-Joe board.
gerritbot subscribed.Jan 25 2017, 2:26 PM

Change 334123 had a related patch set uploaded (by Giuseppe Lavagetto):
etcd: add ability to use a TLS/auth proxy

https://gerrit.wikimedia.org/r/334123

gerritbot added a project: Patch-For-Review.Jan 25 2017, 2:26 PM

Change 334124 had a related patch set uploaded (by Giuseppe Lavagetto):
role::etcd::common: move to profile, refactor

https://gerrit.wikimedia.org/r/334124

gerritbot added a comment.Jan 25 2017, 2:26 PM

Change 334126 had a related patch set uploaded (by Giuseppe Lavagetto):
profile::etcd::tlsproxy: nginx auth proxy for etcd

https://gerrit.wikimedia.org/r/334126

gerritbot added a comment.Jan 25 2017, 2:26 PM

Change 334127 had a related patch set uploaded (by Giuseppe Lavagetto):
conf2xx: install etcd cluster

https://gerrit.wikimedia.org/r/334127

gerritbot added a comment.Jan 25 2017, 4:11 PM

Change 334123 merged by Giuseppe Lavagetto:
etcd: add ability to use a TLS/auth proxy

https://gerrit.wikimedia.org/r/334123

gerritbot added a comment.Jan 25 2017, 5:09 PM

Change 334124 merged by Giuseppe Lavagetto:
role::etcd::common: move to profile, refactor

https://gerrit.wikimedia.org/r/334124

gerritbot added a comment.Jan 26 2017, 9:26 AM

Change 334126 merged by Giuseppe Lavagetto:
profile::etcd::tlsproxy: nginx auth proxy for etcd

https://gerrit.wikimedia.org/r/334126

gerritbot added a comment.Jan 26 2017, 11:49 AM

Change 334312 had a related patch set uploaded (by Giuseppe Lavagetto):
Add SRV records for etcd peer discovery in codfw

https://gerrit.wikimedia.org/r/334312

gerritbot added a comment.Jan 26 2017, 11:51 AM

Change 334312 merged by Giuseppe Lavagetto:
Add SRV records for etcd peer discovery in codfw

https://gerrit.wikimedia.org/r/334312

gerritbot added a comment.Jan 26 2017, 3:44 PM

Change 334127 merged by Giuseppe Lavagetto:
conf2xx: install etcd cluster

https://gerrit.wikimedia.org/r/334127

gerritbot added a comment.Jan 26 2017, 8:42 PM

Change 334426 had a related patch set uploaded (by Volans):
etcd: add missing group definition for codfw cluster

https://gerrit.wikimedia.org/r/334426

gerritbot added a comment.Jan 26 2017, 8:44 PM

Change 334426 merged by Volans:
etcd: add missing group definition for codfw cluster

https://gerrit.wikimedia.org/r/334426

Joe added a comment.Jan 30 2017, 11:25 AM

The cluster in codfw is installed and tested to work correctly with conftool. The performance of the cluster using nginx as a TLS/proxy auth seems to be much better too.

For now, we are able to dump and load the content from the eqiad cluster to the codfw cluster.

I am looking at ways to do replication, but apart from people asking for it I found very little about this for etcd version 2, while there is an official tool within etcdctl for etcd version 3, mirror-maker.

I would say our best bet is to port mirror-maker to version 2 of the API, where its logic should even be simpler. Or to just reproduce the functionality; in fact I wrote a small replication system yesterday as a proof-of-concept; depending how confident I feel with it I might propose to use it.

Stashbot subscribed.Feb 7 2017, 10:02 AM

Mentioned in SAL (#wikimedia-operations) [2017-02-07T10:02:48Z] <_joe_> uploaded etcd-mirror 0.0.1 to jessie-wikimedia (T156009)

gerritbot added a comment.Feb 8 2017, 9:55 AM

Change 336596 had a related patch set uploaded (by Giuseppe Lavagetto):
role::configcluster: enable replication from eqiad to codfw

https://gerrit.wikimedia.org/r/336596

gerritbot added a comment.Feb 8 2017, 12:09 PM

Change 336596 merged by Giuseppe Lavagetto:
role::configcluster: enable replication from eqiad to codfw

https://gerrit.wikimedia.org/r/336596

Joe added a comment.Feb 9 2017, 7:36 AM

The codfw cluster is getting replicated data from eqiad under /eqiad.wmnet/conftool.

What remains to be done:

  • Monitoring the replication process (it exposes both its health and prometheus-style metrics)
  • Deploy etcd-mirror 0.0.2 which has an important fix
  • Change puppet so that it's easy for us to change both the replica direction and which cluster we're using.
gerritbot added a comment.Feb 9 2017, 5:56 PM

Change 336850 had a related patch set uploaded (by Giuseppe Lavagetto):
profile::etcd::replication: refactor to make failover easier

https://gerrit.wikimedia.org/r/336850

gerritbot added a comment.Feb 10 2017, 8:23 AM

Change 336850 merged by Giuseppe Lavagetto:
profile::etcd::replication: refactor to make failover easier

https://gerrit.wikimedia.org/r/336850

Joe closed this task as Resolved.Feb 24 2017, 5:27 PM
Krinkle edited projects, added Multiple-active-datacenters archived; removed Wikimedia-Multiple-active-datacenters.May 3 2017, 7:46 PM
Krinkle edited projects, added Sustainability (MediaWiki-MultiDC); removed Multiple-active-datacenters archived.May 3 2017, 7:58 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits