Page MenuHomePhabricator
Create Task
Maniphest T333965

Check if it still makes sense to have 8 varnish sockets being used by HAProxy
Closed, ResolvedPublic
Actions

Description

Back in the day when the TLS termination layer used TCP to talk to varnish we set 8 different ports (3120 - 3127) to avoid experiencing port exhaustion issues. This has been replicated without further analysis when the TLS termination layer was assumed by HAProxy and UDS adopted. Check if this makes any sense nowadays or a single socket works as fine.

Details

SubjectRepoBranchLines +/-
varnish: remove TCP monitoringoperations/puppetproduction+0 -21
varnish: only listen on a single, local TCP portoperations/puppetproduction+4 -6
varnish: limit TCP listener to localhostoperations/puppetproduction+4 -6
Varnish: listen on only 1x UDSoperations/puppetproduction+0 -14
beta: haproxy->varnish single UDS configoperations/puppetproduction+0 -14
hiera: Use one socket on haproxy<-->varnish@ulsfooperations/puppetproduction+1 -22
hiera: Use a single UDS for haproxy<-->varnish trafficoperations/puppetproduction+0 -17
hiera: Use a single socket for haproxy/varnish on drmrsoperations/puppetproduction+0 -3
hiera: Use a single socket on haproxy/varnish on cp60[08,16]operations/puppetproduction+6 -0
Customize query in gerrit

Event Timeline

Vgutierrez created this task.Apr 4 2023, 2:17 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 4 2023, 2:17 PM
Vgutierrez triaged this task as Medium priority.Apr 4 2023, 2:17 PM
Vgutierrez moved this task from Backlog to Traffic team actively servicing on the Traffic board.
gerritbot added a comment.Apr 4 2023, 2:21 PM

Change 905643 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] hiera: Use a single socket on haproxy/varnish on cp60[08,16]

https://gerrit.wikimedia.org/r/905643

gerritbot added a project: Patch-For-Review.Apr 4 2023, 2:21 PM
gerritbot added a comment.Apr 4 2023, 2:24 PM

Change 905643 merged by Vgutierrez:

[operations/puppet@production] hiera: Use a single socket on haproxy/varnish on cp60[08,16]

https://gerrit.wikimedia.org/r/905643

Stashbot added a comment.Apr 4 2023, 2:28 PM

Mentioned in SAL (#wikimedia-operations) [2023-04-04T14:28:33Z] <vgutierrez> switch cp6008 (upload) and cp6016 (text) to use a single UDS socket between haproxy and varnish - T333965

Maintenance_bot added a project: SRE.Apr 4 2023, 2:29 PM
Maintenance_bot removed a project: Patch-For-Review.Apr 4 2023, 2:31 PM
gerritbot added a comment.Apr 12 2023, 8:54 AM

Change 908205 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] hiera: Use a single socket for haproxy/varnish on drmrs

https://gerrit.wikimedia.org/r/908205

gerritbot added a project: Patch-For-Review.Apr 12 2023, 8:54 AM
gerritbot added a comment.Apr 12 2023, 8:56 AM

Change 908205 merged by Vgutierrez:

[operations/puppet@production] hiera: Use a single socket for haproxy/varnish on drmrs

https://gerrit.wikimedia.org/r/908205

Maintenance_bot removed a project: Patch-For-Review.Apr 12 2023, 9:11 AM
gerritbot added a comment.Apr 18 2023, 2:22 PM

Change 909675 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] hiera: Use a single UDS for haproxy<-->varnish traffic

https://gerrit.wikimedia.org/r/909675

gerritbot added a project: Patch-For-Review.Apr 18 2023, 2:22 PM
KOfori subscribed.Apr 18 2023, 2:22 PM
gerritbot added a comment.Apr 18 2023, 2:26 PM

Change 909675 merged by Vgutierrez:

[operations/puppet@production] hiera: Use a single UDS for haproxy<-->varnish traffic

https://gerrit.wikimedia.org/r/909675

Vgutierrez closed this task as Resolved.Apr 18 2023, 2:26 PM
Vgutierrez claimed this task.
Maintenance_bot removed a project: Patch-For-Review.Apr 18 2023, 2:30 PM
gerritbot added a comment.Apr 18 2023, 2:50 PM

Change 909688 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] hiera: Use one socket on haproxy<-->varnish@ulsfo

https://gerrit.wikimedia.org/r/909688

gerritbot added a project: Patch-For-Review.Apr 18 2023, 2:50 PM
gerritbot added a comment.Apr 18 2023, 2:52 PM

Change 909688 merged by Vgutierrez:

[operations/puppet@production] hiera: Use one socket on haproxy<-->varnish@ulsfo

https://gerrit.wikimedia.org/r/909688

Maintenance_bot removed a project: Patch-For-Review.Apr 18 2023, 3:21 PM
gerritbot added a comment.Sep 13 2023, 7:47 PM

Change 957345 had a related patch set uploaded (by BBlack; author: BBlack):

[operations/puppet@production] beta: haproxy->varnish single UDS config

https://gerrit.wikimedia.org/r/957345

gerritbot added a project: Patch-For-Review.Sep 13 2023, 7:47 PM

Change 957346 had a related patch set uploaded (by BBlack; author: BBlack):

[operations/puppet@production] Varnish: listen on only 1x UDS

https://gerrit.wikimedia.org/r/957346

gerritbot added a comment.Sep 13 2023, 8:10 PM

Change 957348 had a related patch set uploaded (by BBlack; author: BBlack):

[operations/puppet@production] varnish: only listen on a single TCP port

https://gerrit.wikimedia.org/r/957348

gerritbot added a comment.Sep 13 2023, 8:10 PM

Change 957349 had a related patch set uploaded (by BBlack; author: BBlack):

[operations/puppet@production] varnish: remove TCP monitoring

https://gerrit.wikimedia.org/r/957349

gerritbot added a comment.Sep 13 2023, 8:10 PM

Change 957350 had a related patch set uploaded (by BBlack; author: BBlack):

[operations/puppet@production] varnish: limit TCP listener to localhost

https://gerrit.wikimedia.org/r/957350

gerritbot added a comment.Sep 14 2023, 1:47 PM

Change 957345 merged by BBlack:

[operations/puppet@production] beta: haproxy->varnish single UDS config

https://gerrit.wikimedia.org/r/957345

gerritbot added a comment.Sep 14 2023, 1:58 PM

Change 957346 merged by BBlack:

[operations/puppet@production] Varnish: listen on only 1x UDS

https://gerrit.wikimedia.org/r/957346

Fabfur subscribed.Oct 12 2023, 9:34 AM
gerritbot added a comment.Nov 13 2023, 1:36 PM

Change 957350 abandoned by BBlack:

[operations/puppet@production] varnish: limit TCP listener to localhost

Reason:

Merged into another related patch

https://gerrit.wikimedia.org/r/957350

gerritbot added a comment.Nov 13 2023, 1:52 PM

Change 957349 merged by BBlack:

[operations/puppet@production] varnish: remove TCP monitoring

https://gerrit.wikimedia.org/r/957349

gerritbot added a comment.Nov 13 2023, 1:52 PM

Change 957348 merged by BBlack:

[operations/puppet@production] varnish: only listen on a single, local TCP port

https://gerrit.wikimedia.org/r/957348

Maintenance_bot removed a project: Patch-For-Review.Nov 13 2023, 2:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits