In order for TLS to be set up in a sensible way, there will be mcrouter <=> mcrouter communication. The puppet profile for wancache should changed/used to have mcrouter run all themc* servers (in addition to the app/maintenance servers).
Description
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
[WIP] Enable mcrouter on mediawiki memcached nodes | operations/puppet | production | +81 -40 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | aaron | T88445 MediaWiki active/active datacenter investigation and work (tracking) | |||
Resolved | aaron | T97562 WANObjectCache relay daemon or mcrouter support | |||
Duplicate | aaron | T194225 Enable mcrouter on the memcached servers themselves |
Event Timeline
Change 433913 had a related patch set uploaded (by Aaron Schulz; owner: Aaron Schulz):
[operations/puppet@production] [WIP] Enable mcrouter on mediawiki memcached nodes
Please see https://phabricator.wikimedia.org/T192771 which has a lot of considerations about the mcrouter architecture in production.
I actually decided to set up TLS everywhere and to have mcrouter use some "proxies" in each DC to do the ssl-ssl stuff.
A set of (still partial) patches are here:
https://gerrit.wikimedia.org/r/#/c/431736/
Closing this ticket as a duplicate.
To explain my reasoning further: mcrouter needs a non-negligible amount of memory to run as it maintains an internal queue of messages whenever you use something like AllFastRoute or any other route handler that does distribution of keys. This means it can use a significant amount of memory from time to time, and I'd prefer to avoid having any process using a variable amount of memory on the memcached nodes.
We could of course limit the maximum amount of memory mcrouter can use, but that could lead to instabilities, crashes, and lost messages, so I prefer to keep mcrouter in any non-trivial config out of those nodes.
Change 433913 abandoned by Aaron Schulz:
[WIP] Enable mcrouter on mediawiki memcached nodes
Reason:
Superceeded