Page MenuHomePhabricator
Create Task
Maniphest T258245

Move mjolnir kafka daemon from ES to search-loader VMs
Closed, ResolvedPublic
Actions

Description

In T258189, search-loader[12]001 VMs were created to host the following profiles (maybe more):

  • profile::mjolnir::kafka_bulk_daemon
  • profile::mjolnir::kafka_msearch_daemon

The final goal for Analytics is to whitelist only search-loader* to pull data from Kafka Jumbo (via Ferm rules), rather than from all ES hosts.

Details

SubjectRepoBranchLines +/-
profile::prometheus::ops: change mjolnir's target classesoperations/puppetproduction+2 -2
mjolnir: Provide primary cirrus cluster url to msearch daemonoperations/puppetproduction+5 -2
Add search-loader dsh groupoperations/puppetproduction+4 -0
Move mjolnir daemons from cirrus hosts to dedicated instancessearch/MjoLniR/deploymaster+7 -12
Support daemons working against remote elasticsearchsearch/MjoLniRmaster+34 -9
role::search::loader: add URL of elastic search endpoingoperations/puppetproduction+5 -2
Move mjolnir's daemons to search-loader hostsoperations/puppetproduction+62 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

elukey created this task.Jul 17 2020, 9:28 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 17 2020, 9:28 AM
elukey renamed this task from Move to Move mjolnir kafka daemon from ES to search-loader VMs.Jul 17 2020, 9:28 AM
elukey added a comment.Jul 22 2020, 8:22 AM

@EBernhardson @RKemper if you have time this/next week do you think that we could prioritize this task? I am asking since I'd love to add ferm rules to Kafka Jumbo asap, to be able to test them carefully on one node first etc.. but I don't want to break anybody in the process :)

If you are already packed with things to do don't worry, I'll wait!

Gehel added a project: Discovery-Search.Jul 24 2020, 9:16 AM
Gehel moved this task from needs triage to Ops / SRE on the Discovery-Search board.
gerritbot added a comment.Jul 24 2020, 1:41 PM

Change 616101 had a related patch set uploaded (by Elukey; owner: Elukey):
[operations/puppet@production] Move mjolnir's daemons to search-loader hosts

https://gerrit.wikimedia.org/r/616101

gerritbot added a project: Patch-For-Review.Jul 24 2020, 1:41 PM
elukey added a comment.Jul 24 2020, 2:03 PM

While working on https://gerrit.wikimedia.org/r/c/operations/puppet/+/616101/, I realized that mjolnir is also used on relforge, and with different settings, so in theory we'd need a multi-instance daemon to run on search-loader hosts? We cannot really share the configs in hiera afaics, @EBernhardson thoughts?

RKemper added a comment.Jul 24 2020, 5:58 PM

@elukey In response to your earlier ping in this thread - yup, let's work to get this moving next week

elukey added a comment.Jul 27 2020, 6:25 AM

The main blocker at the moment seems to be the fact that mjolnir runs in two places:

  • role::elasticsearch::cirrus, that includes profile::mjolnir::kafka_msearch_daemon and profile::mjolnir::kafka_bulk_daemon
  • role::elasticsearch::relforge that includes profile::mjolnir::kafka_msearch_daemon

After a chat on the discovery chan on IRC it is not clear if the latter really needs mjolnir, but if so we'd have a problem since the current puppetization doesn't allow to have multiple instances of mjolnir running on the same host (that would be either of the search-loader vms). So I see two possible way to move forward:

  1. We don't need mjolnir on relforge now, so we can remove it and re-add it if needed when the cluster will run inside the Analytics VLAN (since all the hosts inside will be able to query Kafka Jumbo without restrictions). This would allow to review/merge https://gerrit.wikimedia.org/r/c/operations/puppet/+/616101/ if good.
  2. We need mjolnir on relforge, and we have a plan to deploy it on multiple clusters in the future. In this case we probably need to adjust the mjolnir puppet code to use systemd multi-instance units (basically they use a template with placeholders/variables) and allow mjolnir to run in multiple separate instances. We do it in a lot of places so it shouldn't be super hard to do.
EBernhardson added a comment.EditedJul 27 2020, 3:25 PM

We can kill the relforge installation of the daemons. The msearch daemon lets us run search queries, but as mentioned the plan is for the new relforge instances to live in the analytics network where we can directly do this without having some intermediary like the mjolnir kafka_msearch_daemon

gerritbot added a comment.Aug 4 2020, 5:33 PM

Change 616101 merged by Elukey:
[operations/puppet@production] Move mjolnir's daemons to search-loader hosts

https://gerrit.wikimedia.org/r/616101

Maintenance_bot removed a project: Patch-For-Review.Aug 4 2020, 6:10 PM
gerritbot added a comment.Aug 4 2020, 6:21 PM

Change 618364 had a related patch set uploaded (by Ebernhardson; owner: Ebernhardson):
[search/MjoLniR@master] Parameterize elastic endpoint for msearch daemon

https://gerrit.wikimedia.org/r/618364

gerritbot added a project: Patch-For-Review.Aug 4 2020, 6:21 PM

Change 618365 had a related patch set uploaded (by Elukey; owner: Elukey):
[operations/puppet@production] role::search::loader: add URL of elastic search endpoing

https://gerrit.wikimedia.org/r/618365

gerritbot added a comment.Aug 4 2020, 6:28 PM

Change 618365 merged by Elukey:
[operations/puppet@production] role::search::loader: add URL of elastic search endpoing

https://gerrit.wikimedia.org/r/618365

gerritbot added a comment.Aug 4 2020, 7:45 PM

Change 618382 had a related patch set uploaded (by Ebernhardson; owner: Ebernhardson):
[operations/puppet@production] Add search-loader dsh group

https://gerrit.wikimedia.org/r/618382

gerritbot added a comment.Aug 4 2020, 7:57 PM

Change 618364 merged by jenkins-bot:
[search/MjoLniR@master] Support daemons working against remote elasticsearch

https://gerrit.wikimedia.org/r/618364

gerritbot added a comment.Aug 4 2020, 8:07 PM

Change 618383 had a related patch set uploaded (by Ebernhardson; owner: Ebernhardson):
[search/MjoLniR/deploy@master] Deploy mjolnir to search-loader hosts

https://gerrit.wikimedia.org/r/618383

gerritbot added a comment.Aug 4 2020, 8:12 PM

Change 618383 merged by Ebernhardson:
[search/MjoLniR/deploy@master] Move mjolnir daemons from cirrus hosts to dedicated instances

https://gerrit.wikimedia.org/r/618383

gerritbot added a comment.Aug 4 2020, 8:35 PM

Change 618391 had a related patch set uploaded (by Ebernhardson; owner: Ebernhardson):
[operations/puppet@production] mjolnir: Provide primary cirrus cluster url to msearch daemon

https://gerrit.wikimedia.org/r/618391

gerritbot added a comment.Aug 4 2020, 8:42 PM

Change 618382 abandoned by Ebernhardson:
[operations/puppet@production] Add search-loader dsh group

Reason:
unnecessary per CR

https://gerrit.wikimedia.org/r/618382

gerritbot added a comment.Aug 4 2020, 8:44 PM

Change 618391 merged by Elukey:
[operations/puppet@production] mjolnir: Provide primary cirrus cluster url to msearch daemon

https://gerrit.wikimedia.org/r/618391

gerritbot added a comment.Aug 5 2020, 8:31 AM

Change 618493 had a related patch set uploaded (by Elukey; owner: Elukey):
[operations/puppet@production] profile::prometheus::ops: change mjolnir's target classes

https://gerrit.wikimedia.org/r/618493

gerritbot added a comment.Aug 5 2020, 8:34 AM

Change 618493 merged by Elukey:
[operations/puppet@production] profile::prometheus::ops: change mjolnir's target classes

https://gerrit.wikimedia.org/r/618493

elukey moved this task from Backlog to Q1 2020/2021 on the Analytics-Clusters board.Aug 5 2020, 9:55 AM
elukey added a parent task: Restricted Task.Aug 5 2020, 10:09 AM
elukey added a comment.Aug 6 2020, 7:02 AM

Remaining things to do:

  1. evaluate correctness and performances of mjolnir on search-loader VMs (currently in progress - @EBernhardson).
  2. clean up puppet to remove mjolnir's profiles from relforge/cirrus roles (will be done at the end if we decide not to rollback the current settings).
Gehel edited projects, added Discovery-Search (Current work); removed Discovery-Search.Aug 18 2020, 7:02 PM
Gehel moved this task from Incoming to In Progress on the Discovery-Search (Current work) board.
Nuria subscribed.Sep 3 2020, 4:14 PM

Any updates on this from the mjonlir work?

elukey changed the task status from Open to Stalled.Sep 4 2020, 6:18 AM

We are currently blocked on T260305, next week we should be able to deploy a new puppet patch for multi-instance mjolnir and we'll see how it goes. There are still some problems (including performance) that need to be fixed before calling this migration done (namely no possibility of rolling back to ES).

EBernhardson moved this task from In Progress to Ready for Dev -- SWE on the Discovery-Search (Current work) board.Sep 17 2020, 5:00 PM
EBernhardson moved this task from Ready for Dev -- SWE to Needs Reporting on the Discovery-Search (Current work) board.

The daemons are moved. A few followups might be required elsewhere, but this task should be complete.

elukey closed this task as Resolved.Sep 23 2020, 10:11 AM
elukey claimed this task.

Closing it then, thanks a lot!

Gehel closed subtask T260305: mjolnir-kafka-msearch-daemon dropping produced messages after move to search-loader[12]001 as Resolved.Sep 28 2020, 2:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL