Page MenuHomePhabricator
Create Task
Maniphest T277433

InstantCommons can render a wiki completely unavailable during an outage.
Closed, InvalidPublic
Actions

Description

During both the DDoS and the parent task, we noticed that third party wikis can be taken down if InstantCommons is unavailable.

By taken down, I mean a response will time out completely not just images are missing.

For me, it also affected non-InstantCommons wikis because Varnish depooled stuff.

This should fail gracefully. I originally thought this was fixed because during T272215: High latency on appservers images just didn't appear for us.

Related Objects
Search...

Event Timeline

RhinosF1 created this task.Mar 15 2021, 7:02 AM
RhinosF1 added a project: User-RhinosF1.Mar 15 2021, 7:25 AM
RhinosF1 moved this task from Radar to Miraheze-Linked on the User-RhinosF1 board.
taavi edited projects, added Sustainability (Incident Followup); removed Wikimedia-Incident.Mar 15 2021, 7:44 AM
RhinosF1 added a comment.Mar 15 2021, 7:47 AM

For the note, I know parsercache and squid proxies could both mitigate this but this focuses on assuming there is a standard install of InstantCommons.

Legoktm edited projects, added MediaWiki-File-management; removed MediaWiki-Uploading.Mar 15 2021, 7:47 AM

As far as I can tell, https://gerrit.wikimedia.org/g/mediawiki/core/+/fe289e90e1a2040a7caa8146c2c09562ccfedcc5/includes/filerepo/ForeignAPIRepo.php#506 defaults to $wgHTTPTimeout, which is 25 (seconds I assume). That seems a bit high for making API queries IMO, but reasonable for downloading images. Maybe a lower timeout should be set for those queries, which I assume is what hung your wikis?

For me, it also affected non-InstantCommons wikis because Varnish depooled stuff.

This seems like a configuration issue on your side, whatever health check you're using for Varnish shouldn't depend upon InstantCommons.

Restricted Application added a project: Commons. · View Herald TranscriptMar 15 2021, 7:47 AM
RhinosF1 added a comment.Mar 15 2021, 7:50 AM

For me, it also affected non-InstantCommons wikis because Varnish depooled stuff.

This seems like a configuration issue on your side, whatever health check you're using for Varnish shouldn't depend upon InstantCommons.

I will have a look at what wiki varnish checks but I think most of our wikis probably have it on. I agree though and it is on my list of follow ups from our incident to look at Health checks using a more minimalist wiki.

valerio.bozzolan subscribed.Mar 15 2021, 8:17 AM
Tgr subscribed.Mar 15 2021, 11:02 AM

$wgHTTPConnectTimeout is 5 sec if left at default value, and that's what should matter here (unless you don't have curl installed and are falling back to the pure PHP implementation, which is a bad idea in production).

RhinosF1 closed this task as Invalid.Mar 15 2021, 2:52 PM

The total timeout from MediaWiki/curl is 30 seconds which should stop this but then I smartly remembered we have Varnish which also has a 30 second mw* -> cp* akin to the WMF's setup.

I'd guess that Varnish needs a lower timeout than MediaWiki so despite me asking our team this 18 months ago and being told it didn't exist. I guess it does and it's our config.

Aklapper edited projects, added affects-Miraheze; removed User-RhinosF1.Aug 15 2022, 1:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits