Use DNS name instead of IP in PyBal alerts
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	bking
	Nov 3 2022, 9:30 PM

Description

While working thru T321605 , Search Platform SREs accidentally depooled all eqiad hosts for WCQS*.
This set off a Pybal alert, but we did not see it because the hostname was not in the alerts.

Luckily for us, @RhinosF1 dug up the IP address from our public-facing Puppet repo and contacted us.

Creating this ticket to request that we use DNS hostnames for Pybal VIP alerts instead of, or in addition to, IPs. For example, the current alert reads:

[15:55:54] <+icinga-wm> PROBLEM - PyBal IPVS diff check on lvs1019 is CRITICAL: CRITICAL: Services known to PyBal but not to IPVS: set([10.2.2.67:443]) https://wikitech.wikimedia.org/wiki/PyBal

An rDNS query of that IP reveals the VIP DNS name as wcqs.svc.eqiad.wmnet , so we'd like to see that in the alert instead of the IP.

Thanks and please let us know if you have any questions.

*WCQS has no official SLO yet, and codfw was not affected, so we don't consider this an official "incident"

Details

	Subject	Repo	Branch	Lines +/-
	pybal: Make check conform to the Nagios plugin API	operations/puppet	production	+56 -37
	pybal: Fix hostnames not being sent on alert	operations/puppet	production	+10 -6

Customize query in gerrit

Related Objects

Mentioned Here: T321605: Make WCQS/WDQS data transfer cookbook more reliable

Event Timeline

bking created this task.Nov 3 2022, 9:30 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 3 2022, 9:30 PM

bking updated the task description. (Show Details)Nov 3 2022, 9:31 PM

bking added a subscriber: RKemper.

RKemper updated the task description. (Show Details)Nov 3 2022, 9:38 PM

Maintenance_bot added a project: SRE.Nov 3 2022, 9:45 PM

The check is defined in:

modules/pybal/manifests/monitoring.pp:    nrpe::plugin { 'check_pybal_ipvs_diff':

so it runs a command via NRPE on the local machines. And the script it executes is:

./modules/pybal/files/check_pybal_ipvs_diff.py

code can be viewed via "gitiles" at: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/refs/heads/production/modules/pybal/files/check_pybal_ipvs_diff.py

and here is the latest change to it:

https://gerrit.wikimedia.org/r/c/operations/puppet/+/705375

bking removed a project: Discovery-Search.Nov 7 2022, 4:31 PM

TheresNoTime removed a subscriber: RhinosF1.Dec 15 2022, 11:35 PM

BCornwall changed the task status from Open to In Progress.Apr 28 2023, 12:33 AM

BCornwall claimed this task.

BCornwall triaged this task as Low priority.

BCornwall moved this task from Backlog to Traffic team actively servicing on the Traffic board.

Change 913004 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] pybal: Send service hostnames on alert

https://gerrit.wikimedia.org/r/913004

gerritbot added a project: Patch-For-Review.Apr 28 2023, 12:40 AM

@bking: My patch still keeps the IP addresses around since I feel that some information is better than no information in the case of DNS lookup failures.

BCornwall removed a project: SRE.May 1 2023, 4:47 PM

BCornwall added a subscriber: RhinosF1.

Change 913004 merged by BCornwall:

[operations/puppet@production] pybal: Fix hostnames not being sent on alert

https://gerrit.wikimedia.org/r/913004

BCornwall closed this task as Resolved.Jun 26 2023, 9:25 PM

Maintenance_bot removed a project: Patch-For-Review.Jun 26 2023, 9:30 PM

Change 933398 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] pybal: update check to conform to the nagios plugin api

https://gerrit.wikimedia.org/r/933398

gerritbot added a project: Patch-For-Review.Jun 27 2023, 9:38 AM

Change 933398 merged by BCornwall: