Page MenuHomePhabricator
Create Task
Maniphest T358117

Adapt scap's testing strategy to mw-on-k8s
Closed, ResolvedPublic
Actions

Description

scap does swagger checks on bare metal canaries. To replicate that for mw-on-k8s, we need to find a way to route requests to the canary releases directly while also keeping them as part of the normal traffic path.
Currently, canaries use routed_via: main

However, the bigger number of replicas used for canaries in mw-on-k8s compared to bare-metal means swagger checks would end up testing only one or two of the many canary pods. As such, we've decided to use httpbb to do more in-depth testing of mwdebug before proceeding to canary deployment, and rely on logstash error-rate detection for canary testing.

Details

SubjectRepoBranchLines +/-
scap.cfg.erb: Set testservers_check_cmd_* in productionoperations/puppetproduction+2 -3
Customize query in gerrit
TitleReferenceAuthorSource BranchDest Branch
exp/files/php/scap.cfg: Set testservers_check_cmd_* for deploy containerrepos/releng/train-dev!48dancymain-I3c22e6a1f9cd1195ac0c612b5d7573c010202779main
Dockerfile.deploy: Add httpbbrepos/releng/train-dev!47dancymain-I67368cd5d0f00406bf4c35f62c1b1f423eb0493bmain
scap sync-world: Add support for testserver checksrepos/releng/scap!230dancymaster-I617844a5319d104e8d9a8303dcf29f8ea34c05b7master
Customize query in GitLab

Related Objects
Search...

Event Timeline

Clement_Goubert triaged this task as Medium priority.Feb 21 2024, 4:22 PM
Clement_Goubert created this task.
Clement_Goubert moved this task from Incoming 🐫 to this.quarter 🍕 on the serviceops board.
Clement_Goubert updated the task description. (Show Details)Feb 21 2024, 4:29 PM
Clement_Goubert added a comment.Feb 22 2024, 10:47 AM

We've talked this over, and while doing swagger checks made sense when there were just a few canaries on bare-metal servers, these checks would now hit a random pod from ~3% of each deployment, making them of little potential value compared to the actual traffic being sent immediately to the canaries on deployment, the validity of which would be checked through the logstash error rate.

thcipriani added a comment.Feb 22 2024, 8:54 PM
In T358117#9566949, @Clement_Goubert wrote:

We've talked this over, and while doing swagger checks made sense when there were just a few canaries on bare-metal servers, these checks would now hit a random pod from ~3% of each deployment, making them of little potential value compared to the actual traffic being sent immediately to the canaries on deployment, the validity of which would be checked through the logstash error rate.

I agree the checks don't provide much value in their current format—we know very quickly if something is wrong via the logstash checks on those canaries.

Also the swagger checks are only a subset of what httpbb (as I understand it) checks.

But a swagger/httpbb check would be useful if it first ran on a server without any production traffic. Then a deploy that immediately breaks all wikis would never serve any production traffic before we know that something is wrong.

Running httpbb against an mwdebug server before rolling to canaries would provide some additional safety to deploys that the swagger checks in their current format do not provide.

Clement_Goubert added a comment.Feb 23 2024, 10:24 AM
In T358117#9570020, @thcipriani wrote:

...
Running httpbb against an mwdebug server before rolling to canaries would provide some additional safety to deploys that the swagger checks in their current format do not provide.

Agreed, scap could run the httpbb appserver test suite on mwdebug.discovery.wmnet:4444 before proceeding instead of the swagger check. This would add about 15s.

thcipriani added a comment.Feb 23 2024, 5:13 PM

so httpbb /srv/deployment/httpbb-tests/appserver/* --hosts=mwdebug.discovery.wmnet --https_port=4444 from the deploy server after deploying to mwdebug should work?

@dancy what do you think of ^ ?

dancy added a comment.Feb 23 2024, 5:16 PM
In T358117#9572625, @thcipriani wrote:

so httpbb /srv/deployment/httpbb-tests/appserver/* --hosts=mwdebug.discovery.wmnet --https_port=4444 from the deploy server after deploying to mwdebug should work?

@dancy what do you think of ^ ?

Looks straightforward. I tested that command on the deploy server.

Clement_Goubert added a comment.Feb 26 2024, 9:21 AM

Yep, that's the check we also do hourly on all non-jobrunner releases.

Clement_Goubert renamed this task from Find a way to address canary releases directly to Adapt scap's testing strategy to mw-on-k8s.Feb 26 2024, 9:27 AM
Clement_Goubert changed the task status from Open to In Progress.
Clement_Goubert updated the task description. (Show Details)
dancy moved this task from Backlog to In progress on the Release-Engineering-Team (Now this 🫠) board.Feb 29 2024, 9:18 PM
CodeReviewBot added a project: Patch-For-Review.Mar 1 2024, 6:56 PM

dancy opened https://gitlab.wikimedia.org/repos/releng/scap/-/merge_requests/230

Optionally run checks after deploying to testservers

gerritbot added a comment.Mar 1 2024, 7:03 PM

Change 1007956 had a related patch set uploaded (by Ahmon Dancy; author: Ahmon Dancy):

[operations/puppet@production] scap.cfg.erb: Set testservers_check_cmd to httppb in production

https://gerrit.wikimedia.org/r/1007956

dancy added a comment.Mar 5 2024, 12:25 AM

@Clement_Goubert We have some questions:

  1. Does mwdebug.discovery.wmnet resolve to a random bare-metal/k8s target?
  2. Do you anticipate a case where you'd want to check only k8s testservers (e.g., when using scap sync-world --k8s-only), or only bare metal testservers? If so, what's the best way to achieve this?
Clement_Goubert added a comment.EditedMar 5 2024, 11:52 AM
In T358117#9598846, @dancy wrote:

@Clement_Goubert We have some questions:

  1. Does mwdebug.discovery.wmnet resolve to a random bare-metal/k8s target?

It's an active/active discovery record, so it resolves to the closest mw-debug deployment, k8s only.
Edit: Actually, it is active/active, but only pooled in the primary datacentre.

  1. Do you anticipate a case where you'd want to check only k8s testservers (e.g., when using scap sync-world --k8s-only), or only bare metal testservers? If so, what's the best way to achieve this?

I don't really anticipate a case where I would want to check bare-metal specifically, but someone may. Testing only mwdebug.discovery.wmnet when doing --k8s-only would be a good idea, and would test only mw-on-k8s.

CodeReviewBot added a comment.Mar 5 2024, 9:40 PM

dancy opened https://gitlab.wikimedia.org/repos/releng/train-dev/-/merge_requests/47

Dockerfile.deploy: Add httpbb

CodeReviewBot added a comment.Mar 5 2024, 9:41 PM

dancy merged https://gitlab.wikimedia.org/repos/releng/train-dev/-/merge_requests/47

Dockerfile.deploy: Add httpbb

CodeReviewBot added a comment.Mar 5 2024, 9:50 PM

dancy opened https://gitlab.wikimedia.org/repos/releng/train-dev/-/merge_requests/48

exp/files/php/scap.cfg: Set testservers_check_cmd_* for deploy container

CodeReviewBot added a comment.Mar 6 2024, 11:10 PM

thcipriani merged https://gitlab.wikimedia.org/repos/releng/scap/-/merge_requests/230

scap sync-world: Add support for testserver checks

CodeReviewBot added a comment.Mar 7 2024, 3:59 PM

dancy merged https://gitlab.wikimedia.org/repos/releng/train-dev/-/merge_requests/48

exp/files/php/scap.cfg: Set testservers_check_cmd_* for deploy container

dancy mentioned this in T239376: Run Swagger checks in Scap before exposing to prod MW traffic .Mar 7 2024, 4:58 PM
gerritbot added a comment.Mar 7 2024, 5:08 PM

Change 1007956 merged by Clément Goubert:

[operations/puppet@production] scap.cfg.erb: Set testservers_check_cmd_* in production

https://gerrit.wikimedia.org/r/1007956

Stashbot added a comment.Mar 7 2024, 5:14 PM

Mentioned in SAL (#wikimedia-operations) [2024-03-07T17:14:41Z] <dancy@deploy2002> Started scap: testing T358117

Stashbot added a comment.Mar 7 2024, 5:25 PM

Mentioned in SAL (#wikimedia-operations) [2024-03-07T17:25:56Z] <dancy@deploy2002> Finished scap: testing T358117 (duration: 11m 15s)

dancy closed this task as Resolved.Mar 7 2024, 5:29 PM

Changes deployed and tested. Resolving this task.

dancy moved this task from In progress to Done on the Release-Engineering-Team (Now this 🫠) board.Mar 7 2024, 5:29 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 7 2024, 5:31 PM
Clement_Goubert added a comment.Mar 7 2024, 5:32 PM

@dancy Thanks a bunch! \o/

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL