Maniphest T320559

Trace header propagation for MediaWiki
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	CDanis
	Oct 11 2022, 7:01 PM

Description

Currently, when MediaWiki processes a request, it takes care to propagate the x-request-id header from the incoming request to any requests to other services it makes "on behalf" of that request as part of handling it (for instance if MediaWiki fetches from Restbase, or Shellbox).

In order to implement distributed tracing, we'll also need to similarly propagate the tracestate and traceparent headers.

In the future we'll likely want to integrate MediaWiki with the OpenTelemetry client library, so we can add other context to traces within MediaWiki. But for now we can simply propagating these two headers without modifying them or even parsing them (as is allowed by the W3C TraceContext Recommendation)

Details

Subject	Repo	Branch	Lines +/-
http: Propagate `tracestate` and `traceparent` headers	mediawiki/core	master	+306 -33
Use the new Telemetry state for handling requestId	mediawiki/extensions/EventBus	master	+40 -13
Filter tracing headers from the outside	operations/puppet	production	+3 -1

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T340551 distributed tracing epic
Open	None	T320549 distributed tracing v0 [minimum viable]
Open	None	T320556 Micro-specification for how service owners should propagate tracing headers
Resolved	pmiazga	T320559 Trace header propagation for MediaWiki
Resolved	pmiazga	T344926 Propagate x-request-id header from MultiHttpClient in MediaWiki (e.g. SessionStore)
Resolved	pmiazga	T345295 MultiHttpClient should handle headers from __construct
Resolved	Jdforrester-WMF	T365053 WikiLambda OrchestratorRequest does not propagate request tracing headers

Event Timeline

CDanis created this task.Oct 11 2022, 7:01 PM

CDanis removed a project: Epic.Oct 18 2022, 3:21 PM

CDanis updated the task description. (Show Details)Jun 27 2023, 2:08 PM

larissagaulia added a project: MediaWiki-Platform-Team.Jul 14 2023, 3:05 PM

larissagaulia assigned this task to pmiazga.Jul 14 2023, 3:17 PM

daniel updated the task description. (Show Details)Jul 18 2023, 6:45 AM

Krinkle renamed this task from Trace header propagation for Mediawiki to Trace header propagation for MediaWiki.Jul 18 2023, 2:10 PM

Krinkle updated the task description. (Show Details)

daniel updated the task description. (Show Details)Jul 18 2023, 2:29 PM

Change 940149 had a related patch set uploaded (by Pmiazga; author: Pmiazga):

[mediawiki/core@master] WIP: Propagate tracestate and traceheaders in MWHttpClient library

https://gerrit.wikimedia.org/r/940149

gerritbot added a project: Patch-For-Review.Jul 20 2023, 1:32 PM

Krinkle moved this task from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.Jul 31 2023, 4:06 PM

@Krinkle had a pretty good question regarding the wgAllowExternalReqID guard.

Should these be under the same $wgAllowExternalReqID guard? It seems risky to take in wild input from Internet clients making the first top-level request to MW and controlling unsanitized tracestate data of arbitrary length into internal services.

In production, we allow $wgAllowExternalReqID because our traffic layer (Varnish) strips these and then sets its own initial values.

And the question here - who will provide the tracestate and traceparent headers? Are we going to strip those on varnish and then re-inject before calling MW (envoy ?).
Is it possible for a client from outside to pass us those headers?

Are we stripping those at the edge currently?

Change 946617 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/puppet@production] Filter tracing headers from the outside

https://gerrit.wikimedia.org/r/946617

Change 946617 merged by CDanis:

[operations/puppet@production] Filter tracing headers from the outside

https://gerrit.wikimedia.org/r/946617

In T320559#9073767, @pmiazga wrote:

@Krinkle had a pretty good question regarding the wgAllowExternalReqID guard.

Should these be under the same $wgAllowExternalReqID guard? It seems risky to take in wild input from Internet clients making the first top-level request to MW and controlling unsanitized tracestate data of arbitrary length into internal services.

In production, we allow $wgAllowExternalReqID because our traffic layer (Varnish) strips these and then sets its own initial values.

And the question here - who will provide the tracestate and traceparent headers? Are we going to strip those on varnish and then re-inject before calling MW (envoy ?).

Yes, exactly.

Is it possible for a client from outside to pass us those headers?

Are we stripping those at the edge currently?

They're now being stripped at the edge, as of 2055 UTC today :)

Change 940149 merged by jenkins-bot:

[mediawiki/core@master] http: Propagate `tracestate` and `traceparent` headers

https://gerrit.wikimedia.org/r/940149

Maintenance_bot removed a project: Patch-For-Review.Aug 8 2023, 1:10 AM

ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.22; 2023-08-15).Aug 8 2023, 2:00 AM

abi_ mentioned this in T343893: TypeError: Argument 1 passed to MediaWiki\Http\Telemetry::overrideRequestId() must be of the type string, null given.Aug 9 2023, 2:08 PM

Change 947422 had a related patch set uploaded (by Pmiazga; author: Pmiazga):

[mediawiki/extensions/EventBus@master] Use the new Telemetry state for handling requestId

https://gerrit.wikimedia.org/r/947422

gerritbot added a project: Patch-For-Review.Aug 9 2023, 5:25 PM

Jdforrester-WMF subscribed.Aug 9 2023, 9:00 PM

Change 947422 merged by jenkins-bot:

[mediawiki/extensions/EventBus@master] Use the new Telemetry state for handling requestId

https://gerrit.wikimedia.org/r/947422

Maintenance_bot removed a project: Patch-For-Review.Aug 10 2023, 11:30 PM

pmiazga mentioned this in T344149: Proof of Concept: OpenTelemetry in MediaWiki.Aug 14 2023, 12:09 PM

pmiazga changed the task status from Open to In Progress.Aug 21 2023, 12:13 PM

pmiazga triaged this task as High priority.

@CDanis Can you confirm that you see traces on prod ?

Krinkle mentioned this in T340552: MediaWiki imports OpenTelemetry client instrumentation library for enhanced trace metadata.Aug 21 2023, 1:52 PM

larissagaulia subscribed.Aug 22 2023, 9:50 AM

In T320559#9105831, @pmiazga wrote:

@CDanis Can you confirm that you see traces on prod ?

Jaeger being able to receive traces is WIP (T343302 T344253) though I believe we can validate that otel-collector is indeed receiving traces? (as a question as I'm not sure, what do you think @CDanis?)

In T320559#9116244, @fgiunchedi wrote:

In T320559#9105831, @pmiazga wrote:

@CDanis Can you confirm that you see traces on prod ?

Jaeger being able to receive traces is WIP (T343302 T344253) though I believe we can validate that otel-collector is indeed receiving traces? (as a question as I'm not sure, what do you think @CDanis?)

I've been looking at this the past two days, with the intention to just verify that MediaWiki is indeed propagating headers if it receives them. It's been trickier than I expected to verify for a few different reasons.

One thing I did find is that MediaWiki isn't propagating anything (including x-request-id) when sending requests to sessionstore. I'll be filing another bug about that shortly.

CDanis mentioned this in T344926: Propagate x-request-id header from MultiHttpClient in MediaWiki (e.g. SessionStore).Aug 24 2023, 2:42 PM

Verified working for at least some code paths! With the known exception of T344926.

After having the epiphany that my earlier reproduction efforts weren't working because termbox SSR output gets cached in the application itself (either in the local appserver or in memcached, not sure which), I've managed to demonstrate tracestate/traceparent header propagation in production, after setting the headers identically in my incoming request to MediaWiki:

GET /termbox?entity=Q45429613&revision=1863914492&language=en&editLink=%2Fwiki%2FSpecial%3ASetLabelDescriptionAliases%2FQ45429613&preferredLanguages=en HTTP/1.1
Host: localhost:6008
X-Request-Id: e9120785-77cf-46d8-9064-c19dd73f3b1b
tracestate: xxxCDANISxxx_tracestate
traceparent: xxxCDANISxxx_traceparent
User-Agent: MediaWiki/1.41.0-wmf.23

larissagaulia added a subtask: T344926: Propagate x-request-id header from MultiHttpClient in MediaWiki (e.g. SessionStore).Aug 28 2023, 12:35 PM

Hey @CDanis I'm closing this one in favor of T344926. Please let us know if you detect any other code paths that need work.

T344926 is a standalone ticket as it's an existing issue. From a quick check, sessions can use RESTBagOStuff to store/retrieve session data. When setting up a RESTBagOStuff we can specify a custom HTTP client, or it will use MultiHttpClient by default.

It looks like it's a third HTTP client. And from quick skim, it doesn't look like it supports any kind of telemetry atm. I would say that first we should make RESTBagOStuff use a generic PSR HTTP client. I also noticed that there is a plenty of services that use this MultiHttpClient that most likely are affected too: