Page MenuHomePhabricator
Create Task
Maniphest T314118

Reduce IRC flood/spam during incidents
Closed, ResolvedPublic
Actions

Description

As part of this quarter's o11y OKRs we'll be looking into reducing the amount of alerting IRC flood/spam that occurs during incidents, mostly from per-host alerts all firing together. Solutions for said alerts include:

  • Evaluate if the alert can be eliminated altogether
  • If not, lower its severity to non-IRC notifications
  • Evaluate whether a (possibly higher-level) aggregate alert on IRC is warranted

The list of alerts affected includes:

  • Apache HTTP on <appserver> icinga talks http to the appserver asking for en.wikipedia.org (check_http_wikipedia)
  • PHP7 rendering on <appserver> icinga talks http to the appserver/jobrunner sending the PHP_ENGINE=php7 cookie (check_http_wikipedia_main_php7 check_http_jobrunner_php7)
  • confd template for <file> on <host> the nrpe script check_confd_template does sanity/compilation/staleness checks
  • mediawiki-installation DSH group on <host> the check_dsh_groups script does basic consistency checks when hosts are not in the groups they are supposed to be. This alert will "naturally" go away with mw-on-k8s, holding off for now
  • MediaWiki EtcdConfig up-to-date on <host> basic sanity check via check_etcd_mw_config_lastindex.py on whether the appserver has an up to date etcd index
  • Confd vcl based reload can fire per-host simultaneously and thus spam IRC
  • PROBLEM - restbase endpoints health on restbase1027 is CRITICAL: /en.wikipedia.org/v1/page/title/{title} (Get rev by title from storage) is CRITICAL: Test Get
  • PROBLEM - Restbase edge ulsfo on text-lb.ulsfo.wikimedia.org is CRITICAL: /api/rest_v1/transform/wikitext/to/html/{title} (Transform wikitext to html) is
  • (will be replaced by checks in T320620: Port openapi/swagger checks/alerts to Prometheus) PROBLEM - Restbase/mobileapps/wikifeeds/termbox LVS codfw on restbase.svc.codfw.wmnet is CRITICAL
  • RECOVERY - Maps HTTPS on maps2006 is OK: HTTP OK: HTTP/1.1 200 OK - 956 bytes
  • PROBLEM - aqs endpoints health on aqs1014 is CRITICAL

Details

Related Changes in Gerrit:
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

fgiunchedi created this task.Jul 29 2022, 8:44 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 29 2022, 8:44 AM
RhinosF1 subscribed.Jul 29 2022, 8:55 AM
fgiunchedi added a comment.EditedJul 29 2022, 2:40 PM

A sample of alerts I found while looking for IRC floods from icinga-wm (reporting a sample of alert, not repeating the flood here)

2022-04-20T14:01:08 -icinga-wm:#wikimedia-operations- PROBLEM - MediaWiki EtcdConfig up-to-date on mw1322 is CRITICAL: etcd last index (474291) is outdated compared to the master one (474294) URL
2021-06-15T16:32:04 -icinga-wm:#wikimedia-operations- PROBLEM - Hadoop NodeManager on an-worker1137 is CRITICAL: PROCS CRITICAL: 0 processes with command name java, args org.apache.hadoop.yarn.server.nodemanager.NodeManager URL
2021-07-16T15:26:37 -icinga-wm:#wikimedia-operations- PROBLEM - restbase endpoints health on restbase1018 is CRITICAL: /en.wikipedia.org/v1/page/title/{title} (Get rev by title from storage) is CRITICAL: Test Get rev by title from storage returned the unexpected status 503 (expecting: 200) URL
2021-07-26T10:35:03 -icinga-wm:#wikimedia-operations- PROBLEM - Apache HTTP on mw2310 is CRITICAL: CRITICAL - Socket timeout after 10 seconds URL
2021-07-26T10:35:03 -icinga-wm:#wikimedia-operations- PROBLEM - PHP7 rendering on mw2274 is CRITICAL: CRITICAL - Socket timeout after 10 seconds URL
2021-09-07T14:06:12 -icinga-wm:#wikimedia-operations- PROBLEM - Check systemd state on restbase1019 is CRITICAL: CRITICAL - degraded: The following units failed: prometheus_puppet_agent_stats.service URL
2021-09-12T18:13:18 -icinga-wm:#wikimedia-operations- PROBLEM - Varnish HTTP upload-frontend - port 3126 on cp3061 is CRITICAL: CRITICAL - Socket timeout after 10 seconds URL
2021-10-03T06:01:18 -icinga-wm:#wikimedia-operations- PROBLEM - ats-tls HTTPS wikiworkshop.org RSA on cp2027 is CRITICAL: SSL CRITICAL - OCSP staple validity for wikiworkshop.org has 86323 seconds left URL
2022-01-13T13:13:00 -icinga-wm:#wikimedia-operations- PROBLEM - Confd template for /srv/config-master/pybal/codfw/upload-URL on puppetmaster2001 is CRITICAL: Compilation of file /srv/config-master/pybal/codfw/upload-URL is broken URL
2022-03-01T15:43:05 -icinga-wm:#wikimedia-operations- PROBLEM - mediawiki-installation DSH group on mw1407 is CRITICAL: Host mw1407 is not in mediawiki-installation dsh group URL
2022-03-02T19:28:15 -icinga-wm:#wikimedia-operations- PROBLEM - Ensure local MW versions match expected deployment on mw1434 is CRITICAL: CRITICAL: 528 mismatched wikiversions URL
2022-04-28T07:35:33 -icinga-wm:#wikimedia-operations- PROBLEM - Confd template for /etc/varnish/dynamic.actions.inc.vcl on cp6005 is CRITICAL: File not found: /etc/varnish/dynamic.actions.inc.vcl URL
2022-06-22T13:50:22 -icinga-wm:#wikimedia-operations- PROBLEM - nova-compute proc maximum on cloudvirt1027 is CRITICAL: PROCS CRITICAL: 0 processes with PPID = 1, regex args ^/usr/bin/pytho[n].* /usr/bin/nova-compute URL
11:39 -icinga-wm:#wikimedia-operations- PROBLEM - confd service on doh1002 is CRITICAL: CRITICAL - Expecting active 
          but unit confd is activating https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
Dzahn subscribed.EditedJul 29 2022, 6:10 PM

For "Apache HTTP on mw" I guess ideally it would be replaced by 2 things:

  • a paging alert based on "too many mw servers have failed apaches" with some threshold
  • a non-paging alert (IRC, maybe automatic ticket) for each individual server BUT that does only trigger if we are not also above the treshold

my 2 cents, pending discussion with more serviceops

Dzahn added a project: serviceops-radar.Jul 29 2022, 6:11 PM
lmata subscribed.Aug 1 2022, 6:49 PM
fgiunchedi added a comment.Aug 2 2022, 2:43 PM
In T314118#8116129, @Dzahn wrote:

For "Apache HTTP on mw" I guess ideally it would be replaced by 2 things:

  • a paging alert based on "too many mw servers have failed apaches" with some threshold
  • a non-paging alert (IRC, maybe automatic ticket) for each individual server BUT that does only trigger if we are not also above the treshold

Yeah sth like that would work I think, as things stand today I think our highest "bang for buck" for the above and PHP rendering (and possibly other of the same nature) is the following:

  • Use up metric for apache-exporter and php-fpm-exporter as proxy metrics to signal that sth is wrong with the fleet itself (i.e. we can't collect metrics), like we have now the JobUnavailable alert but tailored for php/apache on mw, and make it paging
  • Downgrade the per-host apache/php alerts above to warning so we still have visibility into per-host status and no IRC spam during incidents
fgiunchedi moved this task from Backlog to Doing on the User-fgiunchedi board.Aug 2 2022, 2:43 PM
LSobanski subscribed.Aug 8 2022, 3:54 PM
ayounsi subscribed.Aug 8 2022, 4:08 PM

FYI, I made this dashboard a while ago: https://logstash.wikimedia.org/app/dashboards#/view/AWm67Kpk8aQffZ3HmRpW hopefully it can help with the investigation work.

Joe subscribed.Aug 8 2022, 4:27 PM
lmata assigned this task to fgiunchedi.Aug 9 2022, 2:16 PM
lmata triaged this task as Medium priority.
lmata moved this task from Inbox to In progress on the SRE Observability (FY2022/2023-Q1) board.
RhinosF1 added a comment.Aug 10 2022, 11:13 AM

12:13:30 <icinga-wm> PROBLEM - Confd template for /etc/ferm/conf.d/00_defs_requestctl on thumbor2006 is CRITICAL: File not found: /etc/ferm/conf.d/00_defs_requestctl https://wikitech.wikimedia.org/wiki/Confd%23Monitoring

Is another fairly noisy alert

gerritbot added a comment.Aug 23 2022, 12:46 PM

Change 825742 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] mediawiki: stop checking per-appserver availability

https://gerrit.wikimedia.org/r/825742

gerritbot added a project: Patch-For-Review.Aug 23 2022, 12:46 PM
fgiunchedi updated the task description. (Show Details)Aug 30 2022, 10:24 AM
Joe added a comment.Sep 1 2022, 10:14 AM

Regarding the appserver alerts, I think we should go in the following direction:

  • Have one metric that tells us if apache is up; I think that AppserversUnreachable is checking up{job="apache"}, instead than apache_up which is what the exporter uses to signal if the apache server is reachable or not. But otherwise, we're covered and we can remove the individual server alerts
  • I'd also add a per-server alert if apache is down for more than 3 hours on that specific server, though - just so that if a server has been left misconfigured or broken for any reason we'll notice.
  • We also need a metric that tells us if php-fpm is able to respond to queries, although that is mostly covered by the PHPBusyWorkers alerts
  • Finally, and this is still lacking in alertmanager, we need a metric similar to the php7 rendering one, basically we need an http check of an url that involves calling the mediawiki code. Probably a good candidate is what pybal check.
gerritbot added a comment.Sep 7 2022, 10:36 AM

Change 830582 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/alerts@master] sre: check apache_up too as part of AppserversUnreachable

https://gerrit.wikimedia.org/r/830582

fgiunchedi added a comment.EditedSep 7 2022, 10:48 AM

Thank you for the feedback!

In T314118#8205484, @Joe wrote:

Regarding the appserver alerts, I think we should go in the following direction:

  • Have one metric that tells us if apache is up; I think that AppserversUnreachable is checking up{job="apache"}, instead than apache_up which is what the exporter uses to signal if the apache server is reachable or not. But otherwise, we're covered and we can remove the individual server alerts

Indeed, I've addressed this in https://gerrit.wikimedia.org/r/c/operations/alerts/+/830582

  • I'd also add a per-server alert if apache is down for more than 3 hours on that specific server, though - just so that if a server has been left misconfigured or broken for any reason we'll notice.

I'm a little skeptical on the value of such an alert, has this come up before and wasn't covered e.g. by puppet stale alerts?

  • We also need a metric that tells us if php-fpm is able to respond to queries, although that is mostly covered by the PHPBusyWorkers alerts

Agreed

  • Finally, and this is still lacking in alertmanager, we need a metric similar to the php7 rendering one, basically we need an http check of an url that involves calling the mediawiki code. Probably a good candidate is what pybal check.

Unless I'm mistaken this is the probes section in service::catalog calling /w/health-check.php ?

gerritbot added a comment.Sep 12 2022, 2:28 PM

Change 830582 merged by Filippo Giunchedi:

[operations/alerts@master] sre: check apache_up too as part of AppserversUnreachable

https://gerrit.wikimedia.org/r/830582

fgiunchedi updated the task description. (Show Details)Oct 3 2022, 2:36 PM
fgiunchedi added a comment.Oct 5 2022, 1:51 PM

re: MediaWiki EtcdConfig up-to-date over the last 90d we got ~10 floods of varying intensity, ranging from 80 to 10-15 for the most part: https://logstash.wikimedia.org/goto/a17e70746f78e8259665be97b88e65b4

2022-10-05-155047_1066x495_scrot.png (495×1 px, 33 KB)

fgiunchedi updated the task description. (Show Details)Oct 5 2022, 1:51 PM
gerritbot added a comment.Oct 10 2022, 9:35 AM

Change 825742 merged by Filippo Giunchedi:

[operations/puppet@production] mediawiki: stop checking per-appserver availability

https://gerrit.wikimedia.org/r/825742

fgiunchedi updated the task description. (Show Details)Oct 10 2022, 12:55 PM
fgiunchedi closed subtask T319272: Export confd template status as Prometheus metrics as Resolved.Oct 11 2022, 3:14 PM
gerritbot added a comment.Oct 11 2022, 3:50 PM

Change 841549 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/alerts@master] sre: issue confd per-template alerts

https://gerrit.wikimedia.org/r/841549

gerritbot added a comment.Oct 12 2022, 10:08 AM

Change 841549 merged by Filippo Giunchedi:

[operations/alerts@master] sre: issue confd per-template alerts

https://gerrit.wikimedia.org/r/841549

gerritbot added a comment.Oct 12 2022, 10:20 AM

Change 841886 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] confd: remove check_confd_template icinga check

https://gerrit.wikimedia.org/r/841886

gerritbot added a comment.Oct 12 2022, 10:20 AM

Change 841887 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] WIP mediawiki: remove PHP7 icinga checks

https://gerrit.wikimedia.org/r/841887

gerritbot added a comment.Oct 18 2022, 8:43 AM

Change 841886 merged by Filippo Giunchedi:

[operations/puppet@production] confd: remove check_confd_template icinga check

https://gerrit.wikimedia.org/r/841886

fgiunchedi updated the task description. (Show Details)Oct 18 2022, 8:54 AM
fgiunchedi closed subtask T321678: Clean up stale/old confd errors automatically as Resolved.Oct 27 2022, 9:18 AM
lmata edited projects, added SRE Observability (FY2022/2023-Q2); removed SRE Observability (FY2022/2023-Q1).Oct 28 2022, 6:28 PM
BTullis subscribed.Oct 31 2022, 4:25 PM
gerritbot added a comment.Nov 29 2022, 1:57 PM

Change 861850 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] varnish: teach confd-reload-vcl to write a Prometheus state file

https://gerrit.wikimedia.org/r/861850

gerritbot added a comment.Nov 30 2022, 1:53 PM

Change 861850 merged by Filippo Giunchedi:

[operations/puppet@production] varnish: teach confd-reload-vcl to write a Prometheus state file

https://gerrit.wikimedia.org/r/861850

fgiunchedi updated the task description. (Show Details)Nov 30 2022, 1:56 PM
gerritbot added a comment.Nov 30 2022, 2:05 PM

Change 862266 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] varnish: check vcl reload for old and new state

https://gerrit.wikimedia.org/r/862266

gerritbot added a comment.Nov 30 2022, 2:14 PM

Change 862266 merged by Filippo Giunchedi:

[operations/puppet@production] varnish: check vcl reload for old and new state

https://gerrit.wikimedia.org/r/862266

gerritbot added a comment.Dec 8 2022, 8:53 AM

Change 866264 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/alerts@master] sre: exclude confd-reload-vcl from textfile staleness

https://gerrit.wikimedia.org/r/866264

gerritbot added a comment.Dec 8 2022, 10:58 AM

Change 866264 merged by Filippo Giunchedi:

[operations/alerts@master] sre: exclude confd-reload-vcl from textfile staleness

https://gerrit.wikimedia.org/r/866264

fgiunchedi edited projects, added SRE Observability (FY2022/2023-Q3); removed SRE Observability (FY2022/2023-Q2).Jan 13 2023, 9:12 AM
Dzahn unsubscribed.Jan 13 2023, 4:08 PM
fgiunchedi closed subtask T320627: Alert on individual pybal backend hosts being down for a long time as Resolved.Apr 11 2023, 8:32 AM
fgiunchedi edited projects, added SRE Observability (FY2022/2023-Q4); removed SRE Observability (FY2022/2023-Q3).Apr 14 2023, 8:21 AM
lmata moved this task from Inbox to Epics In Progress on the SRE Observability (FY2022/2023-Q4) board.May 2 2023, 1:58 PM
fgiunchedi updated the task description. (Show Details)May 25 2023, 2:39 PM
fgiunchedi updated the task description. (Show Details)May 29 2023, 1:11 PM
lmata edited projects, added SRE Observability (FY2023/2024-Q1); removed SRE Observability (FY2022/2023-Q4).Jul 18 2023, 4:56 PM
fgiunchedi updated the task description. (Show Details)Jul 25 2023, 9:59 AM
gerritbot added a comment.Jul 25 2023, 12:41 PM

Change 841887 merged by Filippo Giunchedi:

[operations/puppet@production] mediawiki: remove PHP7 icinga checks

https://gerrit.wikimedia.org/r/841887

Maintenance_bot removed a project: Patch-For-Review.Jul 25 2023, 1:11 PM
fgiunchedi updated the task description. (Show Details)Jul 25 2023, 1:26 PM
fgiunchedi updated the task description. (Show Details)Aug 14 2023, 2:55 PM
fgiunchedi moved this task from Doing to Up next on the User-fgiunchedi board.Sep 5 2023, 7:39 AM
gerritbot added a comment.Sep 8 2023, 11:55 AM

Change 955915 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] nagios: emit warnings from check_dsh_groups

https://gerrit.wikimedia.org/r/955915

gerritbot added a project: Patch-For-Review.Sep 8 2023, 11:55 AM
gerritbot added a comment.Sep 8 2023, 12:21 PM

Change 955915 merged by Filippo Giunchedi:

[operations/puppet@production] nagios: emit warnings from check_dsh_groups

https://gerrit.wikimedia.org/r/955915

Maintenance_bot removed a project: Patch-For-Review.Sep 8 2023, 12:31 PM
fgiunchedi mentioned this in T346893: Investigate swagger-exporter failures.Sep 20 2023, 12:19 PM
gerritbot added a comment.Sep 26 2023, 7:13 AM

Change 961002 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] service: allow disabling icinga checks for 'node'

https://gerrit.wikimedia.org/r/961002

gerritbot added a project: Patch-For-Review.Sep 26 2023, 7:13 AM

Change 961003 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] restbase: disable per-host icinga checks

https://gerrit.wikimedia.org/r/961003

gerritbot added a comment.Sep 26 2023, 9:36 AM

Change 961002 merged by Filippo Giunchedi:

[operations/puppet@production] service: allow disabling icinga checks for 'node'

https://gerrit.wikimedia.org/r/961002

gerritbot added a comment.Sep 26 2023, 9:38 AM

Change 961003 merged by Filippo Giunchedi:

[operations/puppet@production] restbase: disable per-host icinga checks

https://gerrit.wikimedia.org/r/961003

fgiunchedi updated the task description. (Show Details)Sep 26 2023, 9:47 AM
Stashbot added a comment.Sep 26 2023, 9:48 AM

Mentioned in SAL (#wikimedia-operations) [2023-09-26T09:48:15Z] <godog> remove per-host restbase healthchecks, replaced by service-level swagger-exporter checks - T314118

gerritbot added a comment.Sep 26 2023, 9:58 AM

Change 961062 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] maps: remove per-host healthchck

https://gerrit.wikimedia.org/r/961062

gerritbot added a comment.Oct 2 2023, 7:28 AM

Change 961062 merged by Filippo Giunchedi:

[operations/puppet@production] maps: remove per-host healthchck

https://gerrit.wikimedia.org/r/961062

fgiunchedi updated the task description. (Show Details)Oct 2 2023, 7:29 AM
Maintenance_bot removed a project: Patch-For-Review.Oct 2 2023, 7:30 AM
lmata edited projects, added SRE Observability (FY2023/2024-Q2); removed SRE Observability (FY2023/2024-Q1).Oct 9 2023, 4:27 PM
fgiunchedi updated the task description. (Show Details)Nov 6 2023, 2:12 PM
fgiunchedi edited projects, added Observability-Alerting; removed SRE Observability (FY2023/2024-Q2).Jan 15 2024, 11:15 AM
Joe closed subtask T322523: Check confd last index in a mw-on-k8s world as Declined.Aug 8 2024, 8:48 AM
fgiunchedi closed this task as Resolved.Aug 8 2024, 8:55 AM

I'm going to call this resolved, we can reopen or start a new task to audit alerts causing floods on irc during incidents

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits