Page MenuHomePhabricator
Create Task
Maniphest T306352

Exclude /metrics from TLS enforcement
Closed, ResolvedPublicBUG REPORT
Actions

Description

In T305899#7861063, @akosiaris wrote:

@bd808

I think that you are right. Those numbers don't look ok. And I do notice the following

curl -v  http://10.64.64.13:8000/metrics
* Expire in 0 ms for 6 (transfer 0x55f5c7bab0f0)
*   Trying 10.64.64.13...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55f5c7bab0f0)
* Connected to 10.64.64.13 (10.64.64.13) port 8000 (#0)
> GET /metrics HTTP/1.1
> Host: 10.64.64.13:8000
> User-Agent: curl/7.64.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 18 Apr 2022 14:21:59 GMT
< Server: WSGIServer/0.2 CPython/3.7.3
< Content-Type: text/html; charset=utf-8
< Location: https://toolhub.wikimedia.org/metrics
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Request-ID: f94727d19759410f8aba8f003e518c90
< Connection: close

which just doesn't look right. I wonder what prometheus does in this case.

In T305899#7861232, @bd808 wrote:
In T305899#7861063, @akosiaris wrote:

which just doesn't look right. I wonder what prometheus does in this case.

That 301 redirect is basically the same issue that we saw with /healthz checks in T294072. I'll put up a patch to make the same fix for /metrics.

Details

SubjectRepoBranchLines +/-
toolhub: Bump container version to 2022-04-21-215651-productionoperations/deployment-chartsmaster+1 -1
config: Do not force TLS for metrics collectionwikimedia/toolhubmain+2 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 created this task.Apr 18 2022, 3:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 18 2022, 3:51 PM
bd808 changed the task status from Open to In Progress.Apr 18 2022, 3:52 PM
bd808 claimed this task.
bd808 triaged this task as High priority.
bd808 added a parent task: T305899: Improve grafana dashboard for monitoring Toolhub in production.
Restricted Application added a project: User-bd808. · View Herald TranscriptApr 18 2022, 3:52 PM
gerritbot added a comment.Apr 18 2022, 3:53 PM

Change 783858 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):

[wikimedia/toolhub@main] config: Do not forge TLS for metrics collection

https://gerrit.wikimedia.org/r/783858

gerritbot added a project: Patch-For-Review.Apr 18 2022, 3:53 PM
gerritbot added a comment.Apr 19 2022, 7:17 AM

Change 783858 merged by jenkins-bot:

[wikimedia/toolhub@main] config: Do not force TLS for metrics collection

https://gerrit.wikimedia.org/r/783858

Maintenance_bot removed a project: Patch-For-Review.Apr 19 2022, 7:30 AM
akosiaris mentioned this in T305899: Improve grafana dashboard for monitoring Toolhub in production.Apr 19 2022, 7:33 AM
akosiaris mentioned this in T306419: Prometheus: Disable following 3xx redirects by default in at least kubernetes pods scraping.Apr 19 2022, 8:36 AM
bd808 closed this task as Resolved.Apr 25 2022, 8:33 PM
bd808 moved this task from Groomed/Ready to Review on the Toolhub board.
gerritbot added a comment.Apr 26 2022, 3:49 PM

Change 786342 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):

[operations/deployment-charts@master] toolhub: Bump container version to 2022-04-21-215651-production

https://gerrit.wikimedia.org/r/786342

gerritbot added a project: Patch-For-Review.Apr 26 2022, 3:49 PM
gerritbot added a comment.Apr 26 2022, 4:00 PM

Change 786342 merged by jenkins-bot:

[operations/deployment-charts@master] toolhub: Bump container version to 2022-04-21-215651-production

https://gerrit.wikimedia.org/r/786342

Maintenance_bot removed a project: Patch-For-Review.Apr 26 2022, 4:32 PM
bd808 added a project: Developer-Advocacy (Apr-Jun 2022).Jun 30 2022, 4:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits