Page MenuHomePhabricator
Create Task
Maniphest T177850

Page if the grid engine master is unreachable
Closed, DeclinedPublic
Actions

Description

This happened today (due to labservices issues) and icinga noticed but /I/ didn't notice until someone mentioned it on IRC.

Details

SubjectRepoBranchLines +/-
icinga: enable paging and set contact_group for grid engine checksoperations/puppetproduction+4 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved BstormT199271 Upgrade the tools gridengine system
 DeclinedNoneT177850 Page if the grid engine master is unreachable

Event Timeline

Andrew created this task.Oct 10 2017, 3:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 10 2017, 3:35 PM
bd808 edited projects, added cloud-services-team (Kanban), Toolforge, observability; removed cloud-services-team.Oct 12 2017, 8:13 PM
chasemp added a parent task: T178405: create a wmcs alerting group in icinga and review alerting.Mar 13 2018, 1:45 PM
Dzahn subscribed.Apr 3 2018, 5:25 PM

@Andrew What would be a command line to check if this is the case? Is it about a running process or actually connecting to it? Over which protocol?

Dzahn added a comment.Apr 3 2018, 5:26 PM

Oh wait.. it's an existing Icinga check and this is only about changing the notification commands? That's easy enough.. taking it.

Dzahn claimed this task.EditedApr 3 2018, 5:26 PM

Who exactly should receive the pages please? I assume wmcs team.

Dzahn moved this task from Inbox to Up next on the observability board.Apr 3 2018, 5:26 PM
gerritbot subscribed.Apr 20 2018, 12:12 AM

Change 427833 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] icinga: enable paging and set contact_group for grid engine checks

https://gerrit.wikimedia.org/r/427833

gerritbot added a project: Patch-For-Review.Apr 20 2018, 12:12 AM
Dzahn added a comment.Apr 20 2018, 12:27 AM

@Andrew Are the "Auth DNS TCP" and "Auth DNS UDP" checks the ones this is about?

https://icinga.wikimedia.org/cgi-bin/icinga/status.cgi?search_string=grid

I think my patch above will result in "all ops get SMS and additionally wmcs people get emails (or whatever their notification method is)" but it would not (yet) mean "SMS are sent but only to wmcs" people. Is the latter what you wanted?

chasemp removed a parent task: T178405: create a wmcs alerting group in icinga and review alerting.Apr 26 2018, 7:34 PM
Dzahn removed Dzahn as the assignee of this task.Apr 30 2018, 3:25 PM
Dzahn moved this task from Up next to Externally blocked on the observability board.
gerritbot added a comment.May 2 2018, 7:32 PM

Change 427833 abandoned by Dzahn:
icinga: enable paging and set contact_group for grid engine checks

Reason:
probably not what was intended on ticket, but not sure

https://gerrit.wikimedia.org/r/427833

Bstorm subscribed.Jun 22 2018, 4:49 PM

@Dzahn That's pdns and not the same thing. The service here would be the gridengine gridmaster services (unreachable would probably mean it's network is shot?)

I'd say we should be checking that port 6444 is available on tools-grid-master.tools.eqiad.wmflabs if we wanted to verify if it was specifically reachable. Otherwise, we could monitor for the /usr/lib/gridengine/sge_qmaster process if the problem was the process dying. (I lack the full context here).

Bstorm added a parent task: T199271: Upgrade the tools gridengine system.Jul 11 2018, 4:51 PM
Dzahn added a comment.Jul 25 2018, 12:55 AM

@Bstorm Ok, thanks. I could add the check for port 6444 to Icinga. I note though that the original ticket says "icinga noticed" so i was trying to find which existing check that is. Then we just have to make that send SMS (instead of just email) to resolve this ticket.

Bstorm added a comment.Aug 8 2018, 3:22 PM

Point! I can take a peek at that. I just jumped on this one randomly and was responding to comments. :)

Bstorm added a comment.Aug 8 2018, 3:24 PM

Here's a question I have, how did Icinga notice? I don't think it monitors the VPS VMs. The grid master is a tools VM.

Bstorm added a comment.Aug 8 2018, 3:26 PM

Maybe that is what the ticket intended!

Volans subscribed.Aug 8 2018, 3:36 PM

@Bstorm on Icinga we have a couple of checks for Check for gridmaster host resolution {TCP,UDP}, could be those ones?

Dzahn added a comment.Aug 8 2018, 5:15 PM
modules/profile/manifests/openstack/base/pdns/auth/monitor/host_check.pp:        description   => 'Check for gridmaster host resolution UDP',
modules/profile/manifests/openstack/base/pdns/auth/monitor/host_check.pp:        description   => 'Check for gridmaster host resolution TCP',
class profile::openstack::base::pdns::auth::monitor::host_check(
    $target_host = hiera('profile::openstack::base::pdns::host'),
    $target_fqdn = hiera('profile::openstack::base::pdns::monitor::target_fqdn'),
    ) {

    monitoring::service { "${target_host} Resolution":
        description   => 'Auth DNS',
        check_command => "check_dns!${target_host}",
    }

    monitoring::service { "${target_host} Auth DNS UDP":
        description   => 'Check for gridmaster host resolution UDP',
        check_command => "check_dig!${target_host}!${target_fqdn}",
    }

    monitoring::service { "${target_host} Auth DNS TCP":
        description   => 'Check for gridmaster host resolution TCP',
        check_command => "check_dig_tcp!${target_host}!${target_fqdn}",
    }
}
GTirloni subscribed.Dec 1 2018, 6:38 AM

I'm not completely familiar with our network security policies but I believe icinga1001 can't resolve .wmflabs addresses and connections to 10.68.20.158:6444 aren't allowed either.

It seems this check would have to be done on... Shinken ("The Exorcist" soundtrack plays in the background).

GTirloni unsubscribed.Dec 20 2018, 6:50 PM
Bstorm added a subscriber: GTirloni.Feb 6 2019, 6:56 PM

@GTirloni The check in icinga works by using cloudcontrol1003 as the checking host.

Bstorm added a comment.Feb 6 2019, 6:57 PM

https://icinga.wikimedia.org/cgi-bin/icinga/extinfo.cgi?type=2&host=cloudservices1003&service=Check+for+gridmaster+host+resolution+TCP

Incidentially, we now have two grid masters :) So I suppose this should monitor tools-sgegrid-master as well.

Bstorm added a comment.Feb 6 2019, 7:02 PM

@Andrew Are those the right things you wanted to alert on? It's just a DNS check, vs making sure the actual services are live, but the wording of the ticket suggests that's what this was. If so, we probably need to add the new grid master and then turn on the paging in general.

chasemp subscribed.Feb 6 2019, 7:11 PM

In theory there are tests that submit things to the grid via tools-checker
than ensure the gridmaster itself is functioning but previously we had
issues where DNS was faulty and that cascaded down IIRC so we put in some
service level checking there

Andrew added a comment.Feb 6 2019, 7:33 PM

@Bstorm yes, noticing and paging with the actual grid master VMs are down would be a good start. So probably that's just setting a flag and then copy/pasting for the additional grid.

GTirloni unsubscribed.Mar 21 2019, 9:06 PM
Andrew moved this task from Inbox to Clinic Duty on the cloud-services-team (Kanban) board.Sep 11 2019, 3:17 PM
Maintenance_bot removed a project: Patch-For-Review.Sep 11 2019, 4:10 PM
Bstorm closed this task as Declined.Oct 23 2019, 3:34 PM

This is a strange ticket. It seems like we have accrued all the pieces needed to find out if the grid is down now, but this one is specific and perhaps too historical to be as clearly resolved now as it may have been when created.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits