Page MenuHomePhabricator
Create Task
Maniphest T248736

ats-tls ran out of FDs on cp1089
Closed, ResolvedPublic
Actions

Assigned To
Vgutierrez
Authored By
Vgutierrez
Mar 28 2020, 8:40 AM
Tags
Referenced Files
F31707693: image.png
Mar 28 2020, 8:54 AM
F31707691: image.png
Mar 28 2020, 8:54 AM
F31707674: image.png
Mar 28 2020, 8:43 AM
Subscribers
Aklapper
BBlack
CDanis
ema
Marostegui
Ottomata
Vgutierrez
Tokens
"Pterodactyl" token, awarded by ema.

Description

It looks like cp1089 ran out of FDs:

Mar 27 23:00:14 cp1089 traffic_manager[27021]: [Mar 27 23:00:14.216] [LOG_FLUSH] ERROR: Error opening logging directory /srv/trafficserver/tls/var/log to perform a space check: Too many open files.

and on the next reload to refresh OCSP data ats-tls show errors initialing the SSL context, accessing host.db and reloading the tls.lua script:

Mar 27 23:35:53 cp1089 traffic_manager[27021]: [Mar 27 17:50:07.069] [ET_TASK 1] NOTE: ssl_multicert.config done reloading!
Mar 27 23:35:53 cp1089 traffic_manager[27021]: [Mar 27 22:56:32.353] [ACCEPT 0:443] WARNING: accept thread received transient error: errno = 24
Mar 27 23:35:53 cp1089 traffic_manager[27021]: [Mar 27 23:05:52.570] [ET_TASK 0] WARNING: Unable to finalize sync of cache to disk /srv/trafficserver/tls/var/run/host.db: Bad file descriptor
[...]
Mar 28 05:50:03 cp1089 traffic_manager[27021]: [Mar 28 05:50:03.226] [ET_TASK 1] ERROR: [ts_lua][ts_lua_reload_module] luaL_loadfile /srv/trafficserver/tls/etc/lua/tls.lua failed: cannot open /srv/trafficserver/tls/etc/lua/tls.lua: Too many open files
[...]
Mar 28 06:57:53 cp1089 traffic_manager[27021]: [Mar 28 06:57:52.916] [ET_NET 7] ERROR: failed to create SSL server session

Details

SubjectRepoBranchLines +/-
ATS: disable transaction_active_timeout_in for test eventstreamsoperations/puppetproduction+17 -0
Revert "ATS: disable transaction_active_timeout_in for EventStreams"operations/puppetproduction+1 -13
Customize query in gerrit

Related Objects

Event Timeline

Vgutierrez created this task.Mar 28 2020, 8:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 28 2020, 8:40 AM
Vgutierrez added a comment.Mar 28 2020, 8:43 AM

cp1089 shows a ramp up of inuse TCP sockets that began yesterday around 12:00:

image.png (608×1 px, 111 KB)

Vgutierrez added a comment.Mar 28 2020, 8:54 AM

even though ats-tls reports the same amount of connections being used since 12:00, from the memory graph data, it looks like ats-tls is the process leaking the sockets:

image.png (612×1 px, 165 KB)

image.png (608×1 px, 80 KB)

Vgutierrez triaged this task as Medium priority.Mar 28 2020, 8:54 AM
Vgutierrez moved this task from Backlog to TLS on the Traffic board.
Vgutierrez added a comment.Mar 28 2020, 8:58 AM

@ema we need to check if this can be related to https://gerrit.wikimedia.org/r/c/operations/puppet/+/583295

Stashbot added a comment.Mar 28 2020, 11:32 AM

Mentioned in SAL (#wikimedia-operations) [2020-03-28T11:32:31Z] <vgutierrez> restart ats-tls on cp1077 - T248736

gerritbot added a comment.Mar 28 2020, 12:03 PM

Change 584110 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] Revert "ATS: disable transaction_active_timeout_in for EventStreams"

https://gerrit.wikimedia.org/r/584110

gerritbot added a project: Patch-For-Review.Mar 28 2020, 12:03 PM
Stashbot added a comment.Mar 28 2020, 12:05 PM

Mentioned in SAL (#wikimedia-operations) [2020-03-28T12:05:29Z] <vgutierrez> preemptive restart of ats-tls on cp1081 and cp3062 - T248736

gerritbot added a comment.Mar 28 2020, 12:29 PM

Change 584110 merged by Vgutierrez:
[operations/puppet@production] Revert "ATS: disable transaction_active_timeout_in for EventStreams"

https://gerrit.wikimedia.org/r/584110

Maintenance_bot removed a project: Patch-For-Review.Mar 28 2020, 1:10 PM
CDanis subscribed.Mar 28 2020, 2:06 PM
ema mentioned this in T248067: check_trafficserver_log_fifo: false positives when changing log format.Mar 30 2020, 8:39 AM
ema mentioned this in T242767: EventStreams drops the connection after 15 minutes, which makes it unreliable.Mar 30 2020, 8:43 AM
ema awarded a token.
Ottomata subscribed.Mar 31 2020, 12:57 PM

Would love to get this fixed ASAP! Let me know if I can help!

stjn mentioned this in T250912: EventStreams socket stays connected without any traffic incoming.Apr 22 2020, 2:34 PM
Ottomata added a comment.Apr 29 2020, 6:55 PM

Is there a more permanent fix? Any idea why ATS was leaking the socket FDs?

gerritbot added a comment.Apr 30 2020, 2:05 PM

Change 593517 had a related patch set uploaded (by Ema; owner: Ema):
[operations/puppet@production] ATS: disabling transaction_active_timeout_in for test eventstreams

https://gerrit.wikimedia.org/r/593517

gerritbot added a project: Patch-For-Review.Apr 30 2020, 2:05 PM
ema added a comment.Apr 30 2020, 2:08 PM
In T248736#6094878, @Ottomata wrote:

Is there a more permanent fix? Any idea why ATS was leaking the socket FDs?

Nope, we'll try to reproduce next week in isolation with https://gerrit.wikimedia.org/r/593517

BBlack edited projects, added Traffic-Icebox; removed Traffic.Sep 1 2021, 11:21 PM
BBlack subscribed.

The swap of Traffic for Traffic-Icebox in this ticket's set of tags was based on a bulk action for all such tickets that haven't been updated in 6 months or more. This does not imply any human judgement about the validity or importance of the task, and is simply the first step in a larger task cleanup effort. Further manual triage and/or requests for updates will happen this month for all such tickets. For more detail, have a look at the extended explanation on the main page of Traffic-Icebox . Thank you!

Marostegui subscribed.May 19 2022, 8:41 AM

@Vgutierrez is it worth keeping this task open?

Vgutierrez closed this task as Resolved.May 19 2022, 8:44 AM
Vgutierrez claimed this task.

I believe that we can safely close this one now as we moved away from ats-tls

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits