Page MenuHomePhabricator
Create Task
Maniphest T300246

Add alert for varnishkafka low/zero messages per second to alertmanager
Closed, ResolvedPublic1 Estimated Story Points
Actions

Description

As a result of this incident: T300164: Pageview Data loss due to wrong version of package installed on some varnishkafka instances
We have identified a requirement to add an alert for when a particular varnishkafka instance is not successfully sending messages to Kafka.

We currently have alerts configured in https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/profile/manifests/cache/kafka/varnishkafka_delivery_alert.pp using Prometheus metrics.

The metric that we wish to cause an alert is rdkafka_producer_topic_partition_msgs and its rate over a period such as 5 minutes.

Update: The check is now in place, but it has two important shortcomings.

1: It cannot detect when a caching proxy host has been intentionally depooled using confctl
2: It cannot detect whan a data centre has been intentionally depooled using GeoDNS

For the first of these I am attempting to add the conftool pooled/depooled status and weight values to prometheus, so that these can be integrated with the check. I am working on this feature in T309189: Add the conftool pooled/depooled status and weight into prometheus for each service

For the second I haven't got a solution at the moment. Maybe get the admin_state values into prometheus as well?

Details

SubjectRepoBranchLines +/-
Update the VarnishKafkaNoMessages alertoperations/alertsmaster+56 -17
Add a host's conftool pooled status and weight per service to prometheusoperations/puppetproduction+121 -1
Remove the statsv source from the VarnishkafkaNoMessages alertoperations/alertsmaster+1 -1
Add an alert for zero messages being generated by varnishkafka instancesoperations/alertsmaster+39 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

BTullis created this task.Jan 27 2022, 10:58 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 27 2022, 10:58 AM
BTullis added a parent task: T300164: Pageview Data loss due to wrong version of package installed on some varnishkafka instances.Jan 27 2022, 10:58 AM
BTullis removed a project: Data-Engineering-Kanban.
odimitrijevic triaged this task as High priority.Feb 7 2022, 10:41 PM
odimitrijevic added a project: Data-Engineering-Kanban.

Prioritizing for after the Catalog implementation.

EChetty edited projects, added Data-Catalog; removed Data-Engineering.Feb 8 2022, 11:36 AM
EChetty moved this task from Backlog to Next Up on the Data-Catalog board.
razzi subscribed.Feb 8 2022, 7:04 PM

I don't think this has to do with the data catalog

BTullis removed a project: Data-Catalog.Feb 9 2022, 4:54 PM
BTullis added a project: Data-Engineering.Mar 23 2022, 4:18 PM
EChetty moved this task from Incoming (new tickets) to Ops Week on the Data-Engineering board.Mar 24 2022, 3:10 PM
EChetty assigned this task to Milimetric.Mar 24 2022, 5:20 PM
Milimetric closed this task as Declined.Mar 24 2022, 7:25 PM

I'm going to decline this for now in favor of a sister task to look into possibly using etcd config to make robust high level alerts. If that doesn't pan out, we can open this up again. For now, the concern is that this would be hard to configure for other pipelines and might be hard to manage false positives for.

However, Andrew had a good suggestion for false positives which is that this alert could be coordinated with server downtime or depool time so that it doesn't fire when we wouldn't expect it to fire. Keeping that idea here in case we have to come back to it.

elukey reopened this task as Open.Mar 25 2022, 9:18 AM

Hey @Milimetric, can you add more info about what are the concerns for this task? It is a simple alert, we have similar ones like Kafka delivery errors, it shouldn't be too different. We may have false positives I agree, but we could start adding some alerts and see how it goes, rather than declining.

I saw T304651 and I am not 100% sure that it will replace an alert, since anything that runs batch on the hadoop cluster cannot (in my opinion) replace an alerting system maintained by SRE. If any of the batch job needs to be stopped or doesn't work we may loose monitoring data, meanwhile with an alert this cannot happen.

gerritbot added a comment.Mar 25 2022, 3:43 PM

Change 773801 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/alerts@master] Add an alert for zero messages being generated by varnishkafka instances

https://gerrit.wikimedia.org/r/773801

gerritbot added a project: Patch-For-Review.Mar 25 2022, 3:43 PM
BTullis added a comment.EditedMar 25 2022, 3:55 PM

I'm in agreement with @elukey I think. It seems sensible for us to implement this prometheus based check anyway, given that we already have the data.
I've no objection to the belt & braces approach of developing a parallel check with canary events or something, but personally I would implement this first.

So I've gone ahead and created an alert in alertmanager: https://gerrit.wikimedia.org/r/773801 to get us started.

Admittedly I think that this alert will fire when cp hosts are depooled. I'll have to see if there's any way that we can integrate a silence with confctl or similar.

BTullis added a subscriber: fgiunchedi.Mar 25 2022, 4:34 PM

I asked a question in #wikimedia-traffic on IRC about this. It seems that the ideal way to do it would be to get the pooled/depooled status of hosts into prometheus, so that we could integrate this status into the alert. Several people thought that this would be useful.

Tagging @fgiunchedi who might be able to advise further. In the meantime I'd be quite keen to get the alert deployed as-is, without the exclusion based on pooled/depooled status.

Milimetric added a comment.Mar 25 2022, 5:25 PM

Ok, sorry for the noise, and thanks for explaining. Makes sense. I would say that if the false positives get to be too noisy, just tweak it so that they're a lot less likely. Because the other approaches should cover the data loss cases, even if they're sporadically down.

fgiunchedi added a comment.Mar 28 2022, 7:54 AM
In T300246#7806879, @BTullis wrote:

Tagging @fgiunchedi who might be able to advise further. In the meantime I'd be quite keen to get the alert deployed as-is, without the exclusion based on pooled/depooled status.

Indeed the pooled/depooled status as a metric is sth we want for sure (I don't have the bandwidth to work on it ATM). And nowadays should be quite simple to add (happy to assist, out of scope for this task though)

HTH!

BTullis added a comment.Mar 28 2022, 8:30 AM

Indeed the pooled/depooled status as a metric is sth we want for sure (I don't have the bandwidth to work on it ATM). And nowadays should be quite simple to add (happy to assist, out of scope for this task though)

Great. I'm going to try to work on that. Will add you to any patches.

Volans subscribed.Mar 28 2022, 1:46 PM
In T300246#7806879, @BTullis wrote:

I asked a question in #wikimedia-traffic on IRC about this. It seems that the ideal way to do it would be to get the pooled/depooled status of hosts into prometheus, so that we could integrate this status into the alert. Several people thought that this would be useful.

Tagging @fgiunchedi who might be able to advise further. In the meantime I'd be quite keen to get the alert deployed as-is, without the exclusion based on pooled/depooled status.

Just to make sure the expectations are correct, one thing is the desired pooled state in etcd, another is if the host if effectively pooled for pybal, as pybal does its own health checks and can depool any host that fails that.

BTullis added a comment.Mar 28 2022, 2:09 PM

Just to make sure the expectations are correct, one thing is the desired pooled state in etcd, another is if the host if effectively pooled for pybal, as pybal does its own health checks and can depool any host that fails that.

Yes I see. I hadn't picked up on that nuance. I've effectively been looking at implementing the first of those elements, the desired pooled state from etc.

Come to think of it, we can already infer the realized pooled state from the node_ipvs_backend_weight (or other node_ipvs_*) values that we collect already, can't we?

gerritbot added a comment.Mar 29 2022, 10:04 AM

Change 773801 merged by Btullis:

[operations/alerts@master] Add an alert for zero messages being generated by varnishkafka instances

https://gerrit.wikimedia.org/r/773801

Maintenance_bot removed a project: Patch-For-Review.Mar 29 2022, 10:11 AM
BTullis added a subscriber: Joe.Mar 29 2022, 12:15 PM

The alert fired today, shortly after merging, when @Joe intentially depooled cp1079 in order to re-image it.

image.png (906×1 px, 250 KB)

While this was a false positive result, it was also quite a nice test to make sure that the alert condition works as expected and the dashboard link also works as expected.

I will continue working on the etcd/confd integration with pybal so that we can get the pooled/depooled status into prometheus and use that to remove these false positives.

BTullis added a subscriber: Vgutierrez.Apr 1 2022, 9:05 AM

We had a genuine alert for this today, from cp3050.

image.png (420×1 px, 105 KB)

Investigating now.

Stashbot added a comment.Apr 1 2022, 9:05 AM

Mentioned in SAL (#wikimedia-analytics) [2022-04-01T09:05:50Z] <btullis> restarted varnishkafka-eventlogging.service on cp3050 T300246

gerritbot added a comment.Apr 1 2022, 4:02 PM

Change 776225 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/puppet@production] Add initial config for pooled status

https://gerrit.wikimedia.org/r/776225

gerritbot added a project: Patch-For-Review.Apr 1 2022, 4:02 PM
BTullis claimed this task.Apr 4 2022, 11:06 AM
BTullis added a subscriber: Milimetric.

Claiming this ticket back again, to reflect what I'm currently working on. Hope that's OK.
I'm happy to transfer it back again once the prometheus check is fixed, so that we can think about a more comprehensive check as previously discussed.

gerritbot added a comment.Apr 4 2022, 11:08 AM

Change 776912 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/alerts@master] Remove the statsv source from the VarnishkafkaNoMessages alert

https://gerrit.wikimedia.org/r/776912

gerritbot added a comment.Apr 5 2022, 9:33 AM

Change 776912 merged by Btullis:

[operations/alerts@master] Remove the statsv source from the VarnishkafkaNoMessages alert

https://gerrit.wikimedia.org/r/776912

BTullis moved this task from Next Up to In Progress on the Data-Engineering-Kanban board.Apr 5 2022, 12:42 PM
BTullis updated the task description. (Show Details)May 25 2022, 10:52 AM
BTullis moved this task from In Progress to Paused on the Data-Engineering-Kanban board.

Moving this ticket to paused, while I work on T309189

Joe added a comment.Jul 8 2022, 6:22 AM

I might be very naive, but wouldn't it make sense to write a prometheus alert that checks if there are no / few messages in varnishkafka while there is traffic getting to varnish?

So basically your alert would become "rdkafka_producer_topic_partition_msgs is below a certain threshold and the varnish rps is above a certain threshold"

Is there a reason not to go this way?

Joe added a comment.Jul 8 2022, 7:30 AM

Specifically I just plotted

sum(irate(rdkafka_producer_topic_partition_msgs{instance="cp3050:9132", source="webrequest"}[5m])) / sum(irate(varnish_requests{instance="cp3050:3903", method!~"PURGE"}[5m]))

and on april 1st, when you've reported a genuine alert happening, the data says that ratio plunged to ~ 0, so it seems like this is a valid way of extracting the signal you want.

BTullis added a comment.Jul 8 2022, 8:42 AM

Thanks @Joe for the insight and clarity. I think you're quite right and I wasn't seeing the wood for all of the trees.

I can create a prometheus alert based on your suggestion and decline the over-complicated T309189: Add the conftool pooled/depooled status and weight into prometheus for each service

gerritbot added a comment.Jul 8 2022, 12:04 PM

Change 776225 abandoned by Btullis:

[operations/puppet@production] Add a host's conftool pooled status and weight per service to prometheus

Reason:

No longer necessary

https://gerrit.wikimedia.org/r/776225

Maintenance_bot removed a project: Patch-For-Review.Jul 8 2022, 12:30 PM
BTullis edited projects, added Data-Engineering-Planning; removed Data-Engineering, Data-Engineering-Kanban.Jul 14 2022, 8:46 AM
EChetty moved this task from Backlog to To be Discussed on the Data-Engineering-Planning board.Jul 25 2022, 10:02 AM
JArguello-WMF moved this task from To be Discussed to Sprint 02 on the Data-Engineering-Planning board.Aug 3 2022, 3:54 PM
JArguello-WMF edited projects, added Data-Engineering-Planning (Sprint 02); removed Data-Engineering-Planning.
JArguello-WMF moved this task from Ready to In progress on the Data-Engineering-Planning (Sprint 02) board.Aug 3 2022, 4:13 PM
BTullis set the point value for this task to 1.Aug 3 2022, 4:14 PM

Setting story points to 1 for the remaining work only.

gerritbot added a comment.Aug 11 2022, 12:23 PM

Change 822367 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/alerts@master] Update the VarnishKafkaNoMessages alert

https://gerrit.wikimedia.org/r/822367

gerritbot added a project: Patch-For-Review.Aug 11 2022, 12:23 PM
BTullis moved this task from In progress to In code review on the Data-Engineering-Planning (Sprint 02) board.Aug 11 2022, 12:44 PM

I now have an alert that I think I'm happy with.

https://gerrit.wikimedia.org/r/c/operations/alerts/+/822367

This compares the rate at which varnish requests arrive with the rate at which varnishkafka submits messages to kafka over a sliding 3 minute window.

If the rate of varnishkafka messages is less than 30% of the rate of varnish requests for a given host, then fire a warning.

If that rate is below 20% then fire a critical alert.

I've also included a test the checks we do not see any false alerts when both rates drop to zero.

Thanks to @Joe for the inspiration.

We can also look at this time series in thanos here.

Ottomata added a comment.Aug 11 2022, 1:01 PM

Cool!

gerritbot added a comment.Aug 11 2022, 3:32 PM

Change 822367 merged by jenkins-bot:

[operations/alerts@master] Update the VarnishKafkaNoMessages alert

https://gerrit.wikimedia.org/r/822367

BTullis moved this task from In code review to Done on the Data-Engineering-Planning (Sprint 02) board.Aug 11 2022, 3:34 PM
Maintenance_bot removed a project: Patch-For-Review.Aug 11 2022, 4:29 PM
BTullis closed this task as Resolved.Aug 11 2022, 4:38 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits