Page MenuHomePhabricator
Create Task
Maniphest T325245

ship logs (apache, php-fpm) from doc machines to logstash
Closed, ResolvedPublic
Actions

Description

This came up on IRC, in context of T322357 and upgrading doc1002 from PHP 7.3 to PHP 7.4+. Krinkle wanted to check for errors in php-fpm logs on doc machines but did not have shell access to do so.

That made me think we also want to ship those to Logstash, just like we have tickets to do that for other services that don't have it yet.

Semi-relatedly there is a question about the log levels, because currently there is:

php.ini
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

But in this case we do NOT want to exclude DEPRECATED, while most of the time we did want to exclude it.

That is a little unrelated though. This ticket should focus on shipping the logs we want by default to logstash so users without shell can look at them.

Details

SubjectRepoBranchLines +/-
Add doc host apache/php-fpm logs to kafkaoperations/puppetproduction+3 -0
Adds php and apache logs for doc machinesoperations/puppetproduction+13 -0
Set log format to ecs on doc hostsoperations/puppetproduction+1 -1
Allow E_DEPRECATED logs to be shown on php-fpm in doc machinesoperations/puppetproduction+13 -3
Customize query in gerrit

Related Objects

Event Timeline

Dzahn created this task.Dec 14 2022, 9:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 14 2022, 9:03 PM
Dzahn added subscribers: Krinkle, hashar.Dec 14 2022, 9:05 PM
Krinkle updated the task description. (Show Details)Dec 14 2022, 10:06 PM
Krinkle updated the task description. (Show Details)
Dzahn added a comment.Dec 14 2022, 11:53 PM

Here is an example how this was done for a "misc apache" on the miscweb machines:

  1. make sure the apache logs are sent into the local syslog (via rsyslog), example change https://gerrit.wikimedia.org/r/c/operations/puppet/+/848547
  1. configure that they are being forwarded from there to kafka, example change: https://gerrit.wikimedia.org/r/c/operations/puppet/+/849169
LSobanski triaged this task as Medium priority.Jan 9 2023, 4:28 PM
LSobanski moved this task from Incoming to Backlog on the collaboration-services board.
eoghan claimed this task.Feb 21 2023, 6:27 PM
eoghan moved this task from Backlog to Work in Progress on the collaboration-services board.
hashar mentioned this in T322357: OOUI PHP demos page is broken (again).Feb 23 2023, 7:01 AM
hashar updated the task description. (Show Details)Feb 23 2023, 7:14 AM
eoghan moved this task from Work in Progress to Backlog on the collaboration-services board.Mar 6 2023, 3:24 PM
gerritbot added a comment.Mar 16 2023, 4:13 PM

Change 900369 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] Allow E_DEPRECATED logs to be shown on php-fpm in doc machines

https://gerrit.wikimedia.org/r/900369

gerritbot added a project: Patch-For-Review.Mar 16 2023, 4:13 PM
gerritbot added a comment.Mar 16 2023, 4:22 PM

Change 900375 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] Adds php and apache logs for doc machines

https://gerrit.wikimedia.org/r/900375

eoghan moved this task from Backlog to Work in Progress on the collaboration-services board.Mar 16 2023, 4:27 PM
gerritbot added a comment.Mar 16 2023, 6:01 PM

Change 900410 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] Add doc host apache/php-fpm logs to kafka

https://gerrit.wikimedia.org/r/900410

hashar mentioned this in T332672: ECS formatting for Apache error logs.Mar 21 2023, 9:02 AM
Dzahn added a comment.Mar 23 2023, 5:46 PM

We should probably have "ship to logstash" tickets for any service in our service matrix doc that isn't confirmed to have it yet.

gerritbot added a comment.Mar 27 2023, 10:48 AM

Change 900369 merged by EoghanGaffney:

[operations/puppet@production] Allow E_DEPRECATED logs to be shown on php-fpm in doc machines

https://gerrit.wikimedia.org/r/900369

gerritbot added a comment.Mar 27 2023, 12:13 PM

Change 903239 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] Set log format to ecs on doc hosts

https://gerrit.wikimedia.org/r/903239

gerritbot added a comment.Mar 27 2023, 2:01 PM

Change 903239 merged by EoghanGaffney:

[operations/puppet@production] Set log format to ecs on doc hosts

https://gerrit.wikimedia.org/r/903239

gerritbot added a comment.Mar 28 2023, 10:39 AM

Change 900375 merged by EoghanGaffney:

[operations/puppet@production] Adds php and apache logs for doc machines

https://gerrit.wikimedia.org/r/900375

gerritbot added a comment.Mar 28 2023, 11:52 AM

Change 900410 merged by EoghanGaffney:

[operations/puppet@production] Add doc host apache/php-fpm logs to kafka

https://gerrit.wikimedia.org/r/900410

Maintenance_bot removed a project: Patch-For-Review.Mar 28 2023, 12:11 PM
eoghan closed this task as Resolved.Mar 28 2023, 12:21 PM

These logs are now formatted as ECS (structured) logs and are being ingested into logstash.

hashar added a comment.Mar 28 2023, 1:03 PM

The access log can be found in the Apache ECS access log dashboard by filtering on url.domain: doc.wikimedia.org and I have confirmed with @eoghan that accesses indeed reach logstash.

Note: doc.wikimedia.org is behind ATS/Varnish and thus only uncached requests reaches Apache (ie most are served by the front end cache and thus never reaches Apache. To inspect those one would have to check the webaccess data set on Turnillo (which is private).

For the fpm errors, I am assuming they end up in syslog and would show up on the syslog dashboard. I don't have access to the raw files but they are rather quiet:

$ ls -lrta /var/log/php*fpm*
-rw------- 1 root root  73 Jan  1 00:00 /var/log/php7.3-fpm.log.12.gz
-rw------- 1 root root 250 Jan 12 10:41 /var/log/php7.3-fpm.log.11.gz
-rw------- 1 root root  73 Jan 15 00:00 /var/log/php7.3-fpm.log.10.gz
-rw------- 1 root root  73 Jan 22 00:00 /var/log/php7.3-fpm.log.9.gz
-rw------- 1 root root  73 Jan 29 00:00 /var/log/php7.3-fpm.log.8.gz
-rw------- 1 root root  73 Feb  5 00:00 /var/log/php7.3-fpm.log.7.gz
-rw------- 1 root root  73 Feb 12 00:00 /var/log/php7.3-fpm.log.6.gz
-rw------- 1 root root 219 Feb 22 16:23 /var/log/php7.3-fpm.log.5.gz
-rw------- 1 root root 225 Feb 28 20:50 /var/log/php7.3-fpm.log.4.gz
-rw------- 1 root root 223 Mar  9 15:45 /var/log/php7.3-fpm.log.3.gz
-rw------- 1 root root 190 Mar 15 08:40 /var/log/php7.3-fpm.log.2.gz
-rw------- 1 root root 339 Mar 25 07:54 /var/log/php7.3-fpm.log.1
-rw------- 1 root root  56 Mar 26 00:00 /var/log/php7.3-fpm.log
hashar mentioned this in T333347: Phabricator does not degrade properly when GitLab is unavailable.Mar 28 2023, 1:15 PM
Krinkle added a comment.EditedApr 30 2023, 1:40 PM

The most common warning on doc1002 in Logstash appears to be this one:

PHP message: PHP Warning:  array_key_exists(): The first argument should be either a string or an integer in /srv/doc/mediawiki-core/master/php/search_opensearch.php on line 99

This is actually not a deprecation warning but a long-standing bug in the OpenSearch implementation of Doxygen. This isn't visible in the user interface by default. But, if you add https://doc.wikimedia.org/mediawiki-core/master/php/ as a search engine in your browser and search for something, the autocomplete suggestions always said "1 result" even if there were multiple. Note that Doxygen does actually return all relevant suggestions, its just the label alongside it incorrectly summarises it as "1 result".

I've submitted a fix upstream to https://github.com/doxygen/doxygen/issues/10017.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL