Page MenuHomePhabricator
Create Task
Maniphest T168519

Beta cluster varnish fails VCL compilation because citoid.wmflabs.org does not resolve
Closed, ResolvedPublic0 Estimated Story Points
Actions

Description

Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: Error:
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: Message from VCC-compiler:
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: Backend host '"citoid.wmflabs.org"' could not be resolved to an IP address:
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: Name or service not known
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: (Sorry if that error message is gibberish.)
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: ('/etc/varnish/wikimedia-common_text-backend.inc.vcl' Line 99 Pos 17)
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: .host = "citoid.wmflabs.org";
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: ----------------####################-
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: Running VCC-compiler failed, exited with 2
Jun 21 11:28:12 deployment-cache-text04 varnishd[12163]: VCL compilation failed

Seems that comes from conftool?

Details

SubjectRepoBranchLines +/-
(DO NOT SUBMIT) confftool: remove citoid to unbreak betaoperations/puppetproduction+0 -8
Customize query in gerrit

Related Objects
Search...

Event Timeline

hashar created this task.Jun 21 2017, 11:33 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 21 2017, 11:33 AM
hashar added a subtask: T168520: Could not find class role::etcd::common for deployment-conf03.deployment-prep.eqiad.wmflabs .Jun 21 2017, 11:45 AM
gerritbot subscribed.Jun 21 2017, 11:56 AM

Change 360639 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/puppet@production] (DO NOT SUBMIT) confftool: remove citoid to unbreak beta

https://gerrit.wikimedia.org/r/360639

gerritbot added a project: Patch-For-Review.Jun 21 2017, 11:56 AM
hashar added a comment.Jun 21 2017, 11:57 AM

I have cherry picked https://gerrit.wikimedia.org/r/360639 on the beta cluster. Somehow that causes the citoid backend to no more be in varnish and thus let it start just fine.

hashar added projects: Citoid, Services.Jun 21 2017, 3:34 PM

It seems most of the services on beta cluster are exposed via labs web proxy with: <service>-beta.wmflabs.org

On deployment-cache-text04 instance

/etc/varnish/wikimedia-common_text-backend.inc.vcl
backend be_citoid_wmflabs_org {
        .host = "citoid.wmflabs.org";
        .port = "1970";
        .connect_timeout = 5s;
        .first_byte_timeout = 180s;
        .max_connections = 1000;
}


backend be_cxserver_beta_wmflabs_org {
        .host = "cxserver-beta.wmflabs.org";
        .port = "8080";
        .connect_timeout = 5s;
        .first_byte_timeout = 180s;
        .max_connections = 1000;
}

Eg cxserver is setup properly but citoid is not. It should use the same trick.

Turns out the Hiera configuration is in Horizon https://horizon.wikimedia.org/project/prefixpuppet/ deployment-cache-text having:

cache::app_directors:
  citoid_backend:
    backends:
      eqiad: citoid.wmflabs.org
    be_opts:
      port: 1970
Restricted Application added a project: VisualEditor. · View Herald TranscriptJun 21 2017, 3:34 PM
Stashbot subscribed.Jun 21 2017, 3:35 PM

Mentioned in SAL (#wikimedia-releng) [2017-06-21T15:35:48Z] <hashar> deployment-prep changing Varnish director for citoid from citoid.wmflabs.org to citoid-beta.wmflabs.org ( via https://horizon.wikimedia.org/project/prefixpuppet/ ) - T168519

gerritbot added a comment.Jun 21 2017, 3:39 PM

Change 360639 abandoned by Hashar:
(DO NOT SUBMIT) confftool: remove citoid to unbreak beta

Reason:
fixed the rule in hiera

https://gerrit.wikimedia.org/r/360639

hashar edited projects, added Product-Infrastructure-Team-Backlog-Deprecated (Kanban); removed Patch-For-Review.Jun 21 2017, 3:42 PM

So varnish is fixed. Left over question is why does the beta cluster varnish cache uses the wmflabs web proxy has backend when it could reach the instance directly?

https://horizon.wikimedia.org/project/proxy/ has entries such as:

citoid-beta.wmflabs.org.http://10.68.20.183:1970
graphoid-beta.wmflabs.org.http://10.68.20.183:19000
restbase-beta.wmflabs.org.http://10.68.17.189:7231

And Varnish is configured via https://horizon.wikimedia.org/project/prefixpuppet/

mobrovac edited projects, added Services (watching); removed Product-Infrastructure-Team-Backlog-Deprecated (Kanban), Services.Jun 21 2017, 4:16 PM
mobrovac subscribed.

Since we use the horizon proxy, can't we just remove these from puppet altogether?

hashar closed this task as Resolved.Jun 22 2017, 2:13 PM
hashar claimed this task.

What I suspect is that this way:

  • all the backends are publicly exposed
  • changing IP/backend can be done directly in horizon
  • it does not require a puppet patch + cherry pick

So that is probably good :]

Restricted Application added projects: User-Ryasmeen, Release-Engineering-Team (Kanban). · View Herald TranscriptJun 22 2017, 2:13 PM
Jdforrester-WMF moved this task from To Triage to External and Administrivia on the VisualEditor board.Jun 24 2017, 10:58 AM
Jdforrester-WMF set the point value for this task to 0.
hashar moved this task from Backlog to Done (within RelEng) on the Release-Engineering-Team (Kanban) board.Jun 27 2017, 9:05 PM
Phabricator_maintenance edited projects, added RelEng-Archive-FY201718-Q1; removed Release-Engineering-Team (Kanban).Sep 26 2017, 11:45 PM
EddieGP closed subtask T168520: Could not find class role::etcd::common for deployment-conf03.deployment-prep.eqiad.wmflabs as Resolved.Apr 13 2018, 6:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits