Add per user concurrent search request limiting
Closed, ResolvedPublic
Actions

Description

Per user concurrent search request limiting helps us with performance. There are a small handful of users who are hammering us with search queries, and with a really high limit this will help with performance.

Details

Subject	Repo	Branch	Lines +/-
Enable CirrusSearch per-user rate limiting	operations/mediawiki-config	master	+9 -0
Allow CIDR ranges to be opted into per-user poolcounter	mediawiki/extensions/CirrusSearch	master	+26 -5
New option to log but not fail per-user pool counter failures	mediawiki/extensions/CirrusSearch	master	+27 -9
Enable the CirrusSearch per-user pool counter everywhere	operations/mediawiki-config	master	+5 -16
Enable CirrusSearch-PerUser PoolCounter on group0 only	operations/mediawiki-config	master	+17 -0

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		EBernhardson	T76497 Add per user concurrent search request limiting
		Resolved		• Manybubbles	T77923 Add support for taking multiple locks in pool counter.

Event Timeline

• Manybubbles created this task.Dec 2 2014, 5:10 PM

• Manybubbles raised the priority of this task from to Needs Triage.

• Manybubbles updated the task description. (Show Details)

• Manybubbles added projects: MediaWiki-Core-Team, CirrusSearch.

• Manybubbles moved this task to In Dev/Progress on the MediaWiki-Core-Team board.

• Manybubbles changed Security from none to None.

• Manybubbles subscribed.

• Manybubbles moved this task from In Dev/Progress to Needs Review/Feedback on the MediaWiki-Core-Team board.Dec 8 2014, 9:32 PM

aaron assigned this task to • Manybubbles.Dec 9 2014, 6:33 AM

• bd808 closed subtask T77923: Add support for taking multiple locks in pool counter. as Resolved.Dec 22 2014, 10:46 PM

Ricordisamoa subscribed.Feb 5 2015, 2:50 AM

What is this blocked on?

No longer blocked. Can be worked on if we have time. All we have to do is configure the config in Cirrus to do it. I suggest doing this only on group0 for a few days before rolling it to more. OTOH I don't really have time to work on it now.

Stalled for lack of time?

Any objection to moving this to the core backlog (from needs review), to be consistent with its state in the cirrus project?

None.

• ksmith moved this task from Needs Review/Feedback to Backlog on the MediaWiki-Core-Team board.Mar 19 2015, 4:37 PM

• ksmith removed • Manybubbles as the assignee of this task.Apr 2 2015, 6:01 PM

• bd808 edited projects, added Discovery-ARCHIVED; removed MediaWiki-Core-Team.Apr 7 2015, 4:56 PM

• Manybubbles updated the task description. (Show Details)May 6 2015, 7:15 PM

• Manybubbles added a project: Discovery-Search (Current work).

• Manybubbles moved this task from Needs triage to On Sprint Board on the Discovery-ARCHIVED board.May 7 2015, 8:00 PM

EBernhardson claimed this task.May 8 2015, 8:02 PM

EBernhardson moved this task from Incoming to not in use - please delete on the Discovery-Search (Current work) board.

Change 209802 had a related patch set uploaded (by EBernhardson):
Enable CirrusSearch-PerUser PoolCounter on group0 only

https://gerrit.wikimedia.org/r/209802

gerritbot added a project: Patch-For-Review.May 8 2015, 8:16 PM

EBernhardson moved this task from not in use - please delete to Needs review on the Discovery-Search (Current work) board.May 8 2015, 8:25 PM

Change 209802 merged by jenkins-bot:
Enable CirrusSearch-PerUser PoolCounter on group0 only

https://gerrit.wikimedia.org/r/209802

EBernhardson mentioned this in rOMWCd53fe9e5a82f: Enable CirrusSearch-PerUser PoolCounter on group0 only.May 11 2015, 11:44 PM

Deployed, but after a quick test using nodejs to spit out 20 concurrent search requests to test.wikipedia.org, i'm not able to trigger an api request that returns the "cirrussearch-backend-error" that should be output. Not sure why yet. It could simply be that i'm not getting 5 requests inside the critical section at the same time, or it might not be working.

Verified this can trigger rate limiting, via a small nodejs test script. Seems safe to promote to all wikis.

var i,
    request = require('request'),
    handler = function(error, response, data) {
        if (error) {
                console.log(error);
                return;
        }
        var decoded = JSON.parse(data);
        if (decoded['error'] && decoded['error']['info'] === 'Search is currently too busy.  Please try again later.' ) {
                console.log('rate limited');
        }
    },
    options = {
        url: "http://test.wikipedia.org/w/api.php?action=query&format=json&list=search&srsearch=foo",
        pool: { maxSockets: Infinity },
    };

for (i=0; i<20; i++) {
        request(options, handler);
}

Change 210622 had a related patch set uploaded (by EBernhardson):
Enable the CirrusSearch per-user pool counter everywhere

https://gerrit.wikimedia.org/r/210622

greg subscribed.May 18 2015, 5:56 PM

Change 210622 merged by jenkins-bot:
Enable the CirrusSearch per-user pool counter everywhere

https://gerrit.wikimedia.org/r/210622

• Manybubbles mentioned this in rOMWC5f4ea053c35b: Enable the CirrusSearch per-user pool counter everywhere.May 20 2015, 12:38 AM

Change 214039 had a related patch set uploaded (by EBernhardson):
New option to log but not fail per-user pool counter failures

https://gerrit.wikimedia.org/r/214039

Change 214039 merged by jenkins-bot:
New option to log but not fail per-user pool counter failures

https://gerrit.wikimedia.org/r/214039

EBernhardson mentioned this in rECIRf3139ef2dcc5: New option to log but not fail per-user pool counter failures.May 27 2015, 2:13 PM

Diffusion mentioned this in rMEXTa10c9f59f17d: Updated mediawiki/extensions Project: mediawiki/extensions/CirrusSearch….May 27 2015, 2:13 PM

• Manybubbles moved this task from Needs review to not in use - please delete on the Discovery-Search (Current work) board.Jun 3 2015, 3:16 PM

Stakeholders: Cirrus operators (and maybe more)
Benefits: Makes it more difficult for people that would abuse the system to do so. Ultimately part of some security recommendations.
Estimate: Its complicated. Code is simple - took a day. But turning it on safely is more complex. Its taking lots of effort.

EBernhardson moved this task from not in use - please delete to Incoming on the Discovery-Search (Current work) board.Jun 10 2015, 10:07 PM

EBernhardson moved this task from Incoming to not in use - please delete on the Discovery-Search (Current work) board.Jun 30 2015, 3:35 AM

Backlogging this because I don't think it's important. Scream at me if you disagree and we can talk. :-)

• Deskana removed a project: Discovery-Search (Current work).Jul 2 2015, 4:44 PM

Could go either way, this doesn't need much work anymore all the relevant code has been merged and is deploying today. For future reference what remains to be done: Turn on $wgCirrusSearchBypassPerUserFailure and restore the config changes in https://gerrit.wikimedia.org/r/#/c/210622 to prod. Last time we turned that patch on there was a wave of rejected queries. These will now report but not block the query. Monitor fluorine.eqiad.wmnet:/a/mw-log/poolcounter.log.

The hard part is trying to determine what to do with this data, if some ip's need to be whitelisted (proxys, such as qatar) or if some ip's are being correctly blocked.

I feel like this is one of those things that seems simple on the surface but stands a high chance of blowing up into a much, much larger time sink in order to get it exactly right for the reasons you mention (e.g. countries like Qatar going through two IPs, as you say).. Unless there's some significant problem that not doing this is causing, putting it in the freezer seems prudent for now to me.

Change 232650 had a related patch set uploaded (by EBernhardson):
Allow CIDR ranges to be opted into per-user poolcounter

https://gerrit.wikimedia.org/r/232650

Change 232650 merged by jenkins-bot:
Allow CIDR ranges to be opted into per-user poolcounter

https://gerrit.wikimedia.org/r/232650

EBernhardson mentioned this in rMEXT5b7f8a2a052f: Updated mediawiki/extensions Project: mediawiki/extensions/CirrusSearch….Aug 25 2015, 1:47 PM

• dcausse mentioned this in rECIR6db7cec3c9c9: Allow CIDR ranges to be opted into per-user poolcounter.Aug 25 2015, 1:48 PM

• Forrestbot added a project: WMF-deploy-2015-08-25_(1.26wmf20).Aug 25 2015, 2:00 PM

Change 235274 had a related patch set uploaded (by EBernhardson):
Enable CirrusSearch per-user rate limiting

https://gerrit.wikimedia.org/r/235274

Change 235274 merged by jenkins-bot:
Enable CirrusSearch per-user rate limiting

https://gerrit.wikimedia.org/r/235274

EBernhardson mentioned this in rOMWC43839309c328: Enable CirrusSearch per-user rate limiting.Sep 8 2015, 11:32 PM