Page MenuHomePhabricator
Create Task
Maniphest T358830

Uploads fail due to 401 error from swift on wednesdays
Closed, ResolvedPublic
Actions

Description

I noticed recently in logs an upload failed due to 401 error in swift

Log entry (req id 98f9e25c-9b70-478a-86cc-d4fd52680b90 ):

Feb 29, 2024 @ 16:03:07 HTTP 401 (Unauthorized) in 'SwiftFileBackend::doGetFileStatMulti' (given '{"srcs":["mwstore://local-swift-codfw/local-temp/7/72/20240229155755!chunkedupload_cb23bd647e85.pdf"],"concurrency":1}')
Feb 29, 2024 @ 16:03:07 HTTP 401 (Unauthorized) in 'SwiftFileBackend::doGetFileStatMulti' (given '{"srcs":["mwstore://local-swift-codfw/local-temp/7/72/20240229155755!chunkedupload_cb23bd647e85.pdf"],"concurrency":50}')
Feb 29, 2024 @ 16:03:07 HTTP 401 (Unauthorized) in 'SwiftFileBackend::doGetFileStatMulti' (given '{"srcs":["mwstore://local-swift-codfw/local-public/archive/6/64/20240229160249!\u65b0\u9078\u5404\u540d\u516c\u91d1\u7389\u5c0d\u806f.pdf"],"concurrency":1}')
Feb 29, 2024 @ 16:03:07 HTTP 401 (Unauthorized) in 'SwiftFileBackend::doGetFileStatMulti' (given '{"srcs":["mwstore://local-swift-codfw/local-public/archive/6/64/20240229160249!\u65b0\u9078\u5404\u540d\u516c\u91d1\u7389\u5c0d\u806f.pdf"],"concurrency":50}')

The fact it happened multiple times in the same request suggest that MW might have been reusing bad credentials.

This seems pretty surprising. Long term, I'd like to make the publish job be auto retried on failure, which might make things like this not be an issue if they are transient. Nonetheless filing this, because it sounds like something that probably shouldn't happen.

Looking at broader logs https://logstash.wikimedia.org/goto/0fabf2fcc66a2fa897a042de4cb2489b - it seems like this issue happens on wednesdays. Maybe connected to the deploy somehow?

Details

SubjectRepoBranchLines +/-
filebackend: Retry Swift requests with new auth token on 401mediawiki/coremaster+339 -175
Customize query in gerrit

Related Objects

Event Timeline

Bawolff created this task.Mar 1 2024, 3:59 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 1 2024, 3:59 AM
Bawolff updated the task description. (Show Details)Mar 1 2024, 4:00 AM
Bawolff renamed this task from Uploads fail due to 401 error from swift to Uploads fail due to 401 error from swift on wednesdays.Mar 1 2024, 4:07 AM
Bawolff updated the task description. (Show Details)
Maintenance_bot added a project: Commons.Mar 1 2024, 4:30 AM
MarcoPena subscribed.Mar 1 2024, 4:49 AM
Umherirrender subscribed.Mar 1 2024, 5:42 PM

There are some information about the 401 status in T228292#7490101
There is also T206252: Spike of HTTP errors from SwiftFileBackend::doStoreInternal, which could be related, but other function

tstarling subscribed.Mar 8 2024, 7:50 AM

The tempauth expiry time is 7 days. MW considers the token to be expired after 7.5 minutes of caching, but Swift just gives it the same token every time, with a shorter and shorter remaining lifetime. Every server gets the same token -- it only varies by user, so the whole of MediaWiki gets a single token. Every 7 days, the token expires, and there is a burst of errors.

tstarling added a comment.Mar 8 2024, 8:42 AM

The current token in eqiad expires Wednesday 2024-03-13 14:47:20. The codfw token will expire the next day at 16:03:02.

tstarling claimed this task.Mar 11 2024, 4:07 AM
gerritbot added a comment.Mar 12 2024, 1:15 AM

Change 1010344 had a related patch set uploaded (by Tim Starling; author: Tim Starling):

[mediawiki/core@master] filebackend: Retry Swift requests with new auth token on 401

https://gerrit.wikimedia.org/r/1010344

gerritbot added a project: Patch-For-Review.Mar 12 2024, 1:15 AM
Krinkle added a project: MediaWiki-Engineering.Mar 12 2024, 10:23 PM
Krinkle subscribed.

Tagging MwEng group for visibility, given unowned code.

MSantos moved this task from Inbox, needs triage to Radar on the MediaWiki-Engineering board.Mar 13 2024, 1:46 PM
aaron awarded a token.Mar 15 2024, 9:38 PM
gerritbot added a comment.Mar 15 2024, 10:00 PM

Change 1010344 merged by jenkins-bot:

[mediawiki/core@master] filebackend: Retry Swift requests with new auth token on 401

https://gerrit.wikimedia.org/r/1010344

TheDJ awarded a token.Mar 15 2024, 10:07 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 15 2024, 10:30 PM
ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.23; 2024-03-19).Mar 15 2024, 11:00 PM
Reedy mentioned this in T360717: HTMLForm hidden fields gone -- CAPTCHA failure rate at 100%.Mar 21 2024, 9:21 PM
tstarling closed this task as Resolved.Fri, Apr 26, 12:48 AM
tstarling merged a task: T206252: Spike of HTTP errors from SwiftFileBackend::doStoreInternal.
tstarling added subscribers: Novem_Linguae, Tgr.
tstarling merged a task: T228292: API uploads fatal with UploadChunkFileException: Error storing file in '/tmp' backend-fail-internal.Fri, Apr 26, 12:52 AM
tstarling added subscribers: Legoktm, thcipriani, Krassotkin and 10 others.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL