Page MenuHomePhabricator

Streaming Updater must make all requests to proxy endpoints
Closed, ResolvedPublic

Description

All applications deployed in the Kubernetes cluster must make their requests through envoy. Currently the streaming updater makes requests to other services:

Event Timeline

Those are the public endpoints and are not on purpose (in order to preserve the edge caches from accidental pollution as well as debuggability) accessible from inside the cluster. What you want instead is to send HTTP requests to:

localhost: 6500 (also known as api-rw.discovery.wmnet internally) for the latter 2 with the correct HTTP Host: meta.wikimedia.org and Host: wikidata.org` header for the latter 2

For schema.discovery.wmnet we don't have an envoy endpoint yet, but we can sure add one.

Change 675591 had a related patch set uploaded (by Mstyles; author: Mstyles):
[wikidata/query/rdf@master] wikibaseRepository: add new config option for proxy

https://gerrit.wikimedia.org/r/675591

@akosiaris: I wanted to clarify for Swift as well, will there be proxies to connect to the swift auth url (https://thanos-swift.discovery.wmnet/auth/v1.0) and connecting to the thanos swift cluster (swift://updater.thanos-swift/wdqs_streaming_updater_test/checkpoints) for storing checkpoint data in the swift cluster ?

@akosiaris: I wanted to clarify for Swift as well, will there be proxies to connect to the swift auth url (https://thanos-swift.discovery.wmnet/auth/v1.0) and connecting to the thanos swift cluster (swift://updater.thanos-swift/wdqs_streaming_updater_test/checkpoints) for storing checkpoint data in the swift cluster ?

There are already. See https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/refs/heads/production/hieradata/common/profile/services_proxy/envoy.yaml

eqiad on port 6101 and codfw 6201. Those will need to be enabled on the helmfile.d level (e.g. like mwapi-async in https://gerrit.wikimedia.org/r/plugins/gitiles/operations/deployment-charts/+/refs/heads/master/helmfile.d/services/linkrecommendation/values.yaml#39), but otherwise they should be ready for use.

@akosiaris the swift proxies in there seem are pointing to the swift cluster that we use (thano-swift). We'll need additional proxies set up for that as well. Would it be more helpful to have a separate ticket for the proxies that need to be created? (meta.wikimedia.org and thanos-swift). Additionally, looking at the list of proxies from envoy, I didn't see anything for wikidata. Am I missing something? @dcausse also wanted to know if there can be a api-ro.discovery.wmnet proxy in addition to api-rw.discovery.wmnet, since we only read from Mediawiki.

Change 676329 had a related patch set uploaded (by Alexandros Kosiaris; author: Alexandros Kosiaris):

[operations/puppet@production] services_proxy: Add thanos-{query,swift}

https://gerrit.wikimedia.org/r/676329

@akosiaris the swift proxies in there seem are pointing to the swift cluster that we use (thano-swift). We'll need additional proxies set up for that as well. Would it be more helpful to have a separate ticket for the proxies that need to be created?

There you go, no need for more tasks. https://gerrit.wikimedia.org/r/676329

(meta.wikimedia.org and thanos-swift). Additionally, looking at the list of proxies from envoy, I didn't see anything for wikidata. Am I missing something?

Those are wikis, so it's mwapi-async. Just don't forget to set the HTTP Host: wikidata.org or Host: meta.wikimedia.org headers so that the correct apache virtualhost answers.

@dcausse also wanted to know if there can be a api-ro.discovery.wmnet proxy in addition to api-rw.discovery.wmnet, since we only read from Mediawiki.

I 'd hold a bit on that. We are revisiting the -ro part as its usage hasn't panned out as much as we had hoped.

Change 676329 merged by Alexandros Kosiaris:

[operations/puppet@production] services_proxy: Add thanos-{query,swift} and schema

https://gerrit.wikimedia.org/r/676329

@akosiaris the swift proxies in there seem are pointing to the swift cluster that we use (thano-swift). We'll need additional proxies set up for that as well. Would it be more helpful to have a separate ticket for the proxies that need to be created?

There you go, no need for more tasks. https://gerrit.wikimedia.org/r/676329

Done.

Change 681222 had a related patch set uploaded (by Mstyles; author: Mstyles):

[wmf-jvm-utils@master] customRoutePlanner: add implementation

https://gerrit.wikimedia.org/r/681222

Change 681222 merged by jenkins-bot:

[wmf-jvm-utils@master] customRoutePlanner: add implementation

https://gerrit.wikimedia.org/r/681222

Change 675591 merged by jenkins-bot:

[wikidata/query/rdf@master] WikibaseRepository: add new config option for proxy

https://gerrit.wikimedia.org/r/675591