Page MenuHomePhabricator
Create Task
Maniphest T226703

rsyslog output modules (fwd, kafka) failures should not affect each other
Closed, ResolvedPublic
Actions

Description

Last message on logstash was at 2019-06-27T01:09:29 and the next one 2019-06-27T06:35:13 (going with @timestamp from logstash, however the dt field for the lagged messages is correct (i.e around 1.10)

Last 5xx:

@timestamp	      	2019-06-27T01:09:41
dt	      	2019-06-27T01:09:29

Then a single message at

@timestamp	      	2019-06-27T02:45:58
 dt	      	2019-06-27T01:09:32

Then resumed at

@timestamp	      	2019-06-27T06:35:13
dt	      	2019-06-27T01:10:22

Other than the fact that rsyslog didn't self recover, there's also these points we'll need to address:

  • rsyslog omfwd to central syslog failed, but omkafka delivery failed too, and they should fail independently instead
  • rsyslog omfwd actions should be given an explicit names so we have metrics for them (e.g. action_failed / action_processed)

    Starting with https://gerrit.wikimedia.org/r/c/operations/puppet/+/520012

Details

Related Changes in Gerrit:
Show related patches Customize query in gerrit

Related Objects

Event Timeline

fgiunchedi created this task.Jun 27 2019, 11:12 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 27 2019, 11:12 AM
fgiunchedi updated the task description. (Show Details)Jun 27 2019, 11:20 AM
fgiunchedi added a comment.Jun 27 2019, 11:31 AM

So kafkatee-webrequest wrote the logs as expected around that time frame, at least in journald

Jun 27 01:09:45 weblog1001 webrequest[5207]: @cee:
Jun 27 01:09:45 weblog1001 webrequest[5207]: @cee:
Jun 27 01:09:45 weblog1001 webrequest[5207]: @cee:
Jun 27 01:09:45 weblog1001 webrequest[5207]: @cee:
Jun 27 01:09:51 weblog1001 webrequest[5207]: @cee:
Jun 27 01:09:51 weblog1001 webrequest[5207]: @cee:
Jun 27 01:09:51 weblog1001 webrequest[5207]: @cee:
Jun 27 01:09:51 weblog1001 webrequest[5207]: @cee:
Jun 27 01:09:51 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:03 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:03 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:03 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:03 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:03 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:09 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:09 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:09 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:09 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:09 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:14 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:14 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:14 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:14 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:35 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:35 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:35 weblog1001 webrequest[5207]: @cee:
Jun 27 01:10:35 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:17 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:28 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:28 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:28 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:28 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:28 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:34 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:34 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:34 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:34 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:35 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:35 weblog1001 webrequest[5207]: @cee:
Jun 27 01:11:35 weblog1001 webrequest[5207]: @cee:
fgiunchedi added a comment.Jun 27 2019, 11:37 AM

On the central syslog servers it looks like a reoccurence of T199406: rsyslog's in:imtcp thread stuck on recvfrom loop from down/rebooted hosts which might explain the lagging

fgiunchedi added a comment.Jun 27 2019, 1:50 PM

Other than the fact that rsyslog didn't self recover, there's also these points we'll need to address:

  • rsyslog omfwd to central syslog failed, but omkafka delivery failed too, and they should fail independently instead
  • rsyslog omfwd actions should be given an explicit names so we have metrics for them (e.g. action_failed / action_processed)
herron subscribed.Jun 27 2019, 2:19 PM
gerritbot added a comment.Jul 1 2019, 1:45 PM

Change 520012 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] rsyslog: use named actions for central syslog hosts

https://gerrit.wikimedia.org/r/520012

gerritbot added a project: Patch-For-Review.Jul 1 2019, 1:45 PM
fgiunchedi updated the task description. (Show Details)Jul 2 2019, 12:14 PM
gerritbot added a comment.Jul 3 2019, 7:28 AM

Change 520012 merged by Filippo Giunchedi:
[operations/puppet@production] rsyslog: use named actions for central syslog hosts

https://gerrit.wikimedia.org/r/520012

Maintenance_bot removed a project: Patch-For-Review.Jul 3 2019, 8:10 AM
fgiunchedi updated the task description. (Show Details)Jul 3 2019, 1:24 PM
gerritbot added a comment.Jul 4 2019, 9:09 AM

Change 520709 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] Add rsyslog delivery actions failure alerts

https://gerrit.wikimedia.org/r/520709

gerritbot added a project: Patch-For-Review.Jul 4 2019, 9:09 AM
fgiunchedi moved this task from Inbox to In progress on the observability board.Jul 8 2019, 12:48 PM
gerritbot added a comment.Jul 17 2019, 8:30 AM

Change 520709 merged by Filippo Giunchedi:
[operations/puppet@production] Add rsyslog delivery actions failure alerts

https://gerrit.wikimedia.org/r/520709

Maintenance_bot removed a project: Patch-For-Review.Jul 17 2019, 9:10 AM
fgiunchedi added a project: User-fgiunchedi.Jul 18 2019, 11:09 AM
fgiunchedi mentioned this in T219634: Alert suspended rsyslog actions.Jul 22 2019, 2:22 PM
fgiunchedi moved this task from In progress to Inbox on the observability board.Oct 28 2019, 2:15 PM
fgiunchedi renamed this task from webrequest 5xx data in logstash stopped at ~1:10 2019/06/26 and catched up at ~6:30 2019/06/27 to rsyslog output modules (fwd, kafka) failures should not affect each other.Jul 6 2020, 11:44 AM
fgiunchedi moved this task from Inbox to Backlog on the observability board.
gerritbot added a comment.Sep 9 2020, 5:10 PM

Change 626186 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] base: add remote syslog queues

https://gerrit.wikimedia.org/r/626186

gerritbot added a project: Patch-For-Review.Sep 9 2020, 5:10 PM
gerritbot added a comment.Sep 14 2020, 8:11 AM

Change 626186 merged by Filippo Giunchedi:
[operations/puppet@production] base: add remote syslog queues

https://gerrit.wikimedia.org/r/626186

gerritbot added a comment.Sep 14 2020, 8:23 AM

Change 627232 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] hieradata: enable rsyslog queues in ulsfo/eqsin

https://gerrit.wikimedia.org/r/627232

gerritbot added a comment.Sep 14 2020, 4:09 PM

Change 627232 merged by Filippo Giunchedi:
[operations/puppet@production] hieradata: enable rsyslog queues in ulsfo/eqsin

https://gerrit.wikimedia.org/r/627232

fgiunchedi moved this task from Backlog to Doing on the User-fgiunchedi board.Sep 15 2020, 7:45 AM
gerritbot added a comment.Sep 15 2020, 7:47 AM

Change 627418 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] hieradata: enable rsyslog queues in esams/eqiad

https://gerrit.wikimedia.org/r/627418

gerritbot added a comment.Sep 15 2020, 8:03 AM

Change 627418 merged by Filippo Giunchedi:
[operations/puppet@production] hieradata: enable rsyslog queues in esams/eqiad

https://gerrit.wikimedia.org/r/627418

gerritbot added a comment.Sep 16 2020, 12:13 PM

Change 627816 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] hieradata: enable remote syslog queues in codfw

https://gerrit.wikimedia.org/r/627816

gerritbot added a comment.Sep 16 2020, 12:42 PM

Change 627821 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] base: remove obsolete enable_rsyslog_exporter

https://gerrit.wikimedia.org/r/627821

gerritbot added a comment.Sep 16 2020, 3:06 PM

Change 627865 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] profile: add queues to rsyslog kafka output

https://gerrit.wikimedia.org/r/627865

gerritbot added a comment.Sep 17 2020, 8:18 AM

Change 627816 merged by Filippo Giunchedi:
[operations/puppet@production] hieradata: enable remote syslog queues in codfw

https://gerrit.wikimedia.org/r/627816

gerritbot added a comment.Sep 17 2020, 9:10 AM

Change 627821 merged by Filippo Giunchedi:
[operations/puppet@production] base: remove obsolete enable_rsyslog_exporter

https://gerrit.wikimedia.org/r/627821

gerritbot added a comment.Sep 23 2020, 8:04 AM

Change 627865 merged by Filippo Giunchedi:
[operations/puppet@production] profile: add queues to rsyslog kafka output

https://gerrit.wikimedia.org/r/627865

fgiunchedi moved this task from Backlog to In progress on the observability board.Sep 29 2020, 12:26 PM
gerritbot added a comment.Oct 1 2020, 1:00 PM

Change 631438 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] profile: remove rollout flag for rsyslog queues

https://gerrit.wikimedia.org/r/631438

gerritbot added a comment.Oct 1 2020, 1:00 PM

Change 631439 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] hieradata: enable rsyslog kafka queues in ulsfo

https://gerrit.wikimedia.org/r/631439

gerritbot added a comment.Oct 1 2020, 1:31 PM

Change 631446 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] profile: look up rsyslog queue_size in scope

https://gerrit.wikimedia.org/r/631446

gerritbot added a comment.Oct 2 2020, 7:40 AM

Change 631438 merged by Filippo Giunchedi:
[operations/puppet@production] profile: remove rollout flag for rsyslog queues

https://gerrit.wikimedia.org/r/631438

gerritbot added a comment.Oct 5 2020, 10:55 AM

Change 631446 merged by Filippo Giunchedi:
[operations/puppet@production] profile: look up rsyslog queue_size in scope

https://gerrit.wikimedia.org/r/631446

gerritbot added a comment.Oct 5 2020, 10:56 AM

Change 631439 merged by Filippo Giunchedi:
[operations/puppet@production] hieradata: enable rsyslog kafka queues in ulsfo

https://gerrit.wikimedia.org/r/631439

gerritbot added a comment.Oct 6 2020, 4:09 PM

Change 632512 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] hieradata: enable rsyslog queues for kafka in esams/eqsin/eqiad

https://gerrit.wikimedia.org/r/632512

gerritbot added a comment.Oct 7 2020, 8:14 AM

Change 632512 merged by Filippo Giunchedi:
[operations/puppet@production] hieradata: enable rsyslog queues for kafka in esams/eqsin/eqiad

https://gerrit.wikimedia.org/r/632512

gerritbot added a comment.Oct 7 2020, 9:04 AM

Change 632655 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] hieradata: enable rsyslog queues for kafka in codfw

https://gerrit.wikimedia.org/r/632655

gerritbot added a comment.Oct 7 2020, 10:08 AM

Change 632655 merged by Filippo Giunchedi:
[operations/puppet@production] hieradata: enable rsyslog queues for kafka in codfw

https://gerrit.wikimedia.org/r/632655

fgiunchedi closed this task as Resolved.Oct 7 2020, 10:12 AM
fgiunchedi claimed this task.

This is complete now, we have local queues for all rsyslog outputs

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits