Page MenuHomePhabricator
Create Task
Maniphest T372856

Configure graphite to be read only
Closed, ResolvedPublic
Actions

Description

This is a task that aims to track the planning and configuration implementation of the current Graphite stack to a read-only mode, allowing querying of existing metrics while blocking the ingestion of new metrics.

Target date: Apr 30th 2025 (5pm UTC)

High-level Steps:

Planning

  • Review all applications and services configuration, pushing metrics to Graphite and document ingress points.

Implementation

  • Modify firewall rules or ACLs to block traffic on the ports used for metric ingestion.
  • Ensure that queries to the existing Graphite metrics are still functional and accessible.

Testing & Post implementation clean-up

  • Test using Grafana to confirm that no new metrics are being ingested while old metrics remain queryable.
  • Document changes made to enforce read-only access.

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT228380 Tech debt: sunsetting of Graphite
 ResolvedNoneT372856 Configure graphite to be read only

Event Timeline

lmata created this task.Aug 20 2024, 3:20 AM
lmata mentioned this in T228380: Tech debt: sunsetting of Graphite.Aug 20 2024, 3:23 AM
Krinkle mentioned this in T382549: (mw.track) Migrate MediaWiki.edit_recovery.* to Prometheus.Dec 19 2024, 10:07 PM
Krinkle mentioned this in T359277: (mw.track) Migrate MediaWiki.RevisionSlider to statslib.
Krinkle mentioned this in T359341: (mw.track) Migrate MediaWiki.AdvancedSearch.event.* to statslib.
Krinkle mentioned this in T359467: (mw.track) Migrate MediaWiki.EntitySchema to statslib.
Krinkle mentioned this in T359237: (mw.track) Migrate MediaWiki.cx.campaign.*.accept to statslib.Dec 19 2024, 10:41 PM
Krinkle mentioned this in T359261: mw.track() Migrate MediaWiki.TwoColConflict.* to statslib.Dec 19 2024, 10:45 PM
Krinkle mentioned this in T359244: (mw.track) Migrate MediaWiki.RevisionSlider.* to statslib.Dec 19 2024, 10:52 PM
Krinkle mentioned this in T359252: [GRAFMIGR] Migrate MediaWiki.wikibase.view.* to statslib.Dec 19 2024, 10:55 PM
Krinkle mentioned this in T359251: [REPO][SW][GRAFMIGR] (mw.track) Migrate MediaWiki.wikibase.repo.* to statslib.Dec 19 2024, 10:59 PM
Krinkle mentioned this in T359347: (mw.track) Migrate MediaWiki.echo.* to statslib.Dec 19 2024, 11:04 PM
lmata triaged this task as High priority.Mar 14 2025, 8:04 PM
lmata updated the task description. (Show Details)
lmata updated the task description. (Show Details)
lmata edited projects, added SRE Observability (FY2024/2025-Q4); removed SRE Observability (FY2024/2025-Q3).
andrea.denisse awarded a token.Mar 18 2025, 11:07 PM
lmata set Due Date to Apr 16 2025, 2:00 AM.Apr 11 2025, 2:02 AM
lmata removed Due Date which was set to Apr 16 2025, 2:00 AM.Apr 11 2025, 2:07 AM
colewhite subscribed.Apr 14 2025, 4:15 PM

Affected dashboards: https://grafana.wikimedia.org/d/K6DEOo5Ik/grafana-graphite-datasource-utilization

colewhite added a comment.Apr 15 2025, 2:56 PM

@fgiunchedi noted

  • there is a dedicated statsite instance on CI hosts that should be removed as part of this
  • there are a handful of scripts that publish directly to graphite on port 2003
AndrewTavis_WMDE subscribed.Apr 15 2025, 3:00 PM
lmata updated the task description. (Show Details)Apr 15 2025, 4:26 PM
lmata updated the task description. (Show Details)EditedApr 30 2025, 9:56 PM

Graphite data intake reduction:
https://grafana.wikimedia.org/d/000000020/graphite-eqiad?from=1746028800000&orgId=1&to=1746057599000

Screenshot 2025-04-30 at 3.57.30 PM.png (1×2 px, 604 KB)

lmata added a comment.EditedApr 30 2025, 10:12 PM
In T228380#10782220, @gerritbot wrote:

Change #1135076 merged by Cwhite:

[operations/puppet@production] statsd: remove ferm rule for statsd port 8125

https://gerrit.wikimedia.org/r/1135076

To roll back, revert this patch

lmata updated the task description. (Show Details)Apr 30 2025, 10:17 PM
lmata added a comment.Apr 30 2025, 10:21 PM

Older data is available and new data not ingested: https://grafana.wikimedia.org/d/000000205/outdated-reading-web-performance?orgId=1&from=1743465600000&to=1746057599000

lmata updated the task description. (Show Details)Apr 30 2025, 10:22 PM
lmata updated the task description. (Show Details)Apr 30 2025, 10:46 PM

Graphite is read-only.

lmata updated the task description. (Show Details)Apr 30 2025, 11:19 PM
lmata added a comment.Apr 30 2025, 11:21 PM

Removed:

  • Alerts for new data being ingested into Graphite

We had an internal team discussion, and this alert is not needed because this case would require an SRE to undo the firewall change, and we find that unlikely to happen.

lmata closed this task as Resolved.Apr 30 2025, 11:23 PM
lmata claimed this task.
lmata moved this task from Inbox to Prioritized on the Observability-Metrics board.

All items are confirmed; I am boldly marking this task as completed.

lmata removed lmata as the assignee of this task.Apr 30 2025, 11:25 PM
lmata moved this task from Inbox to Done on the SRE Observability (FY2024/2025-Q4) board.
colewhite mentioned this in T393186: Remove dependency on liuggio/statsd-php-client.May 2 2025, 2:48 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits