Page MenuHomePhabricator
Create Task
Maniphest T232319

PyBal ProxyFetch checks using HTTP/1.0 with https and HTTP/1.1 with plain http
Closed, ResolvedPublic
Actions

Description

After adding the restbase-ssl service https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/534462/ in the context of T210411 we have noticed that all ProxyFetch checks were failing:

Sep 09 09:59:39 lvs1016 pybal[22763]: [restbase-https_7443 ProxyFetch] WARN: restbase1019.eqiad.wmnet (disabled/partially up/not pooled): Fetch failed (https://localhost/), 5.419 s

The reason for this is that, according to ats-tls logs on a upload node, PyBal's ProxyFetch checks use HTTP/1.0 when factory.scheme is set to https:

Date:2019-09-09 Time:09:40:38 Client-IP:2001:df2:e500:101:10:132:0:12 HTTPVersion:HTTP/1.0 SSL:1 SSLVersion:TLSv1.2 SSLCipher:ECDHE-ECDSA-CHACHA20-POLY1305 SSLCurve:X25519 ReqMethod:GET RespStatus:200 OriginStatus:200 ReqURL:https://varnishcheck.wikimedia.org/from/pybal BereqURL:GET http://127.0.0.2:3120/from/pybal HTTP/1.0 ReqHeader:User-Agent:Twisted PageGetter ReqHeader:Host:varnishcheck.wikimedia.org

When the check uses plain HTTP, the protocol used is HTTP/1.1 instead:

127.0.0.1 - - [09/Sep/2019:09:50:27 +0000] "GET http://varnishcheck.wikimedia.org/from/pybal HTTP/1.1" 200 40 "-" "Twisted PageGetter"

By default, envoy responds with 426 to HTTP/1.0 requests, making the ProxyFetch checks fail. We can instruct envoy not to do so by setting accept_http_10, but still PyBal's behavior should be fixed.

Details

SubjectRepoBranchLines +/-
envoyproxy: accept HTTP/1.0operations/puppetproduction+2 -0
Customize query in gerrit

Related Objects

Event Timeline

ema created this task.Sep 9 2019, 10:05 AM
Restricted Application added a project: SRE. · View Herald TranscriptSep 9 2019, 10:05 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
ema triaged this task as Medium priority.Sep 9 2019, 10:06 AM
ema moved this task from Backlog to LoadBalancer on the Traffic board.
gerritbot added a comment.Sep 9 2019, 10:29 AM

Change 535142 had a related patch set uploaded (by Ema; owner: Ema):
[operations/puppet@production] envoyproxy: accept HTTP/1.0

https://gerrit.wikimedia.org/r/535142

gerritbot added a project: Patch-For-Review.Sep 9 2019, 10:29 AM
ema added a subscriber: Vgutierrez.Sep 9 2019, 10:32 AM
gerritbot added a comment.Sep 9 2019, 10:47 AM

Change 535142 merged by Ema:
[operations/puppet@production] envoyproxy: accept HTTP/1.0

https://gerrit.wikimedia.org/r/535142

Maintenance_bot removed a project: Patch-For-Review.Sep 9 2019, 11:10 AM
BBlack edited projects, added Traffic-Icebox; removed Traffic.Sep 1 2021, 11:21 PM
BBlack subscribed.

The swap of Traffic for Traffic-Icebox in this ticket's set of tags was based on a bulk action for all such tickets that haven't been updated in 6 months or more. This does not imply any human judgement about the validity or importance of the task, and is simply the first step in a larger task cleanup effort. Further manual triage and/or requests for updates will happen this month for all such tickets. For more detail, have a look at the extended explanation on the main page of Traffic-Icebox . Thank you!

BCornwall closed this task as Resolved.May 2 2023, 8:00 PM
BCornwall claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits