Page MenuHomePhabricator
Create Task
Maniphest T284479

Cirrussearch: spike in pool counter rejections related to full_text and entity_full_text queries
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

We're seeing ~10% of current requests being rejected by poolcounter: https://grafana-rw.wikimedia.org/d/qrOStmdGk/elasticsearch-pool-counters?editPanel=2&viewPanel=2&orgId=1&from=1623006099108&to=1623085934837

This is almost certainly due to the ~2x expected eqiad.full_text query volume and ~30x expected eqiad.entity_full_text query volume: https://grafana.wikimedia.org/d/000000455/elasticsearch-percentiles?viewPanel=47&orgId=1&from=1623010929480&to=1623086544830

We saw an initial spike of 2x eqiad.full_text query volume without the corresponding increase in eqiad.entity_full_text. During that spike there were [almost] no pool counter rejections, so it seems that the eqiad.entity_full_text going up ~30x in the subsequent spike is likely what tipped us over the edge of our capacity. See https://grafana.wikimedia.org/d/000000455/elasticsearch-percentiles?viewPanel=47&orgId=1&from=1623011239023&to=1623033287614 / https://grafana-rw.wikimedia.org/d/qrOStmdGk/elasticsearch-pool-counters?viewPanel=2&orgId=1&from=1623011239023&to=1623033287614 for just that initial spike

Details

SubjectRepoBranchLines +/-
Add pool counter for automated requestsmediawiki/extensions/CirrusSearchmaster+146 -3
Add pool counter for automated search requestsoperations/mediawiki-configmaster+11 -2
Revert "Revert "temp limit GAE/GCE traffic towards search API""operations/puppetproduction+13 -0
Revert "temp limit GAE/GCE traffic towards search API"operations/puppetproduction+0 -13
temp limit GAE/GCE traffic towards search APIoperations/puppetproduction+13 -0
Customize query in gerrit

Related Objects

Event Timeline

RKemper created this task.Jun 7 2021, 5:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 7 2021, 5:24 PM
RhinosF1 subscribed.Jun 7 2021, 5:27 PM
RKemper updated the task description. (Show Details)Jun 7 2021, 5:28 PM
EBernhardson subscribed.EditedJun 7 2021, 7:03 PM

Reviewing the mediawiki_cirrussearch_requests event log for 2020-06-07 10:00-11:00, the first full hour where things are failing, I found that almost all the requests that match entity_full_text, our 30x increase bucket, come from GAE ip address ranges (2600:1900.2000:*) and almost all include 'HeadlessChrome' in their user agent string.

gerritbot added a comment.Jun 7 2021, 7:10 PM

Change 698607 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/puppet@production] temp limit GAE/GCE traffic towards search API

https://gerrit.wikimedia.org/r/698607

gerritbot added a project: Patch-For-Review.Jun 7 2021, 7:11 PM
gerritbot added a comment.Jun 7 2021, 7:16 PM

Change 698607 merged by CDanis:

[operations/puppet@production] temp limit GAE/GCE traffic towards search API

https://gerrit.wikimedia.org/r/698607

Stashbot added a comment.Jun 7 2021, 7:19 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-07T19:19:53Z] <cdanis> T284479 ✔️ cdanis@cumin1001.eqiad.wmnet ~ 🕞🍵 sudo cumin -b16 'A:cp-text' "run-puppet-agent"

Stashbot added a comment.Jun 7 2021, 7:21 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-07T19:21:18Z] <ryankemper> T284479 [Cirrussearch] We're working on rolling out https://gerrit.wikimedia.org/r/698607, which will ban search API requests that match the Google App Engine IP range 2600:1900::0/28 AND whose user agent includes HeadlessChrome

Stashbot added a comment.Jun 7 2021, 7:25 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-07T19:25:40Z] <ryankemper> T284479 [Cirrussearch] Seeing the expected drop in entity_full_text requests here: https://grafana-rw.wikimedia.org/d/000000455/elasticsearch-percentiles?viewPanel=47&orgId=1&from=now-12h&to=now As a result we're no longer rejecting any requests

Stashbot added a comment.Jun 7 2021, 7:30 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-07T19:30:56Z] <ryankemper> T284479 [Cirrussearch] We'll keep monitoring. For now this incident is resolved. Glancing at our current volume relative to what we'd expect, the numbers we see match what we'd expect. If we're accidentally banning any innocent requests they must be an incredibly small percentage of the total otherwise we'd see significantly lower volume than expected

Maintenance_bot removed a project: Patch-For-Review.Jun 7 2021, 8:10 PM
EBernhardson added a comment.EditedJun 7 2021, 9:09 PM

It seems we could use some way to prevent automated requests from causing interactive requests to fail. One option could be to subdivide the CirrusSearch-Search pool counter into two, one for typical requests and one for requests that look like automation. This would allow automation to cap out without affecting interactive users. The heuristic could check for some common user agent substrings and/or check ip address against ranges known for bulk requests. It shouldn't be too hard to implement entirely from CirrusSearch, but something like maintaining a list of CIDR's for public clouds is unlikely to happen, meaning I expect if we maintain a list it will be updated in a reactionary manner. Traffic has some more info at T270391#7131736, but they aren't maintaining a full list yet either. Overall I'm not a huge fan of maintaining the 'request looks like automation' check in Cirrus, but if we could somehow leverage a more centralized definition this could be less reactionary.

Gehel triaged this task as Unbreak Now! priority.Jun 8 2021, 8:24 AM
gerritbot added a comment.Jun 8 2021, 9:53 PM

Change 698849 had a related patch set uploaded (by Ryan Kemper; author: Ryan Kemper):

[operations/puppet@production] Revert "temp limit GAE/GCE traffic towards search API"

https://gerrit.wikimedia.org/r/698849

gerritbot added a project: Patch-For-Review.Jun 8 2021, 9:53 PM
gerritbot added a comment.Jun 8 2021, 9:57 PM

Change 698849 merged by Ryan Kemper:

[operations/puppet@production] Revert "temp limit GAE/GCE traffic towards search API"

https://gerrit.wikimedia.org/r/698849

Stashbot added a comment.Jun 8 2021, 9:59 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T21:59:43Z] <ryankemper> T284479 Prior context: We put a block on a range of Google App Engine IPs yesterday to protect Cirrussearch from a bad actor; now we're going to try lifting the block and seeing if we're still getting slammed with traffic

Stashbot added a comment.Jun 8 2021, 10:01 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T22:01:44Z] <ryankemper> T284479 Merged https://gerrit.wikimedia.org/r/c/operations/puppet/+/698849, running puppet on cp3052.esams.wmnet

Stashbot added a comment.Jun 8 2021, 10:03 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T22:03:49Z] <ryankemper> T284479 Successful puppet run on cp3052, proceeding to rest of A:cp-text: sudo cumin -b 15 'A:cp-text' 'run-puppet-agent -q'

Stashbot added a comment.Jun 8 2021, 10:09 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T22:09:27Z] <ryankemper> T284479 Puppet run complete across all of cp-text. Monitoring https://grafana.wikimedia.org/d/000000455/elasticsearch-percentiles?viewPanel=47&orgId=1&from=now-1h&to=now over the next few minutes to see if we see a large spike in full_text and entity_full_text queries

Maintenance_bot removed a project: Patch-For-Review.Jun 8 2021, 10:10 PM
Stashbot added a comment.Jun 8 2021, 10:10 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T22:10:30Z] <ryankemper> T284479 Already starting to see a large upward spike in requests. Doing a quick sanity check to make sure this is out of the ordinary but I'll likely be putting the block back in place shortly

Stashbot added a comment.Jun 8 2021, 10:10 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T22:10:58Z] <ryankemper> T284479 Yup more than enough evidence of a strong upward spike now. Proceeding to revert

gerritbot added a comment.Jun 8 2021, 10:12 PM

Change 698850 had a related patch set uploaded (by Ryan Kemper; author: Ryan Kemper):

[operations/puppet@production] Revert "Revert "temp limit GAE/GCE traffic towards search API""

https://gerrit.wikimedia.org/r/698850

gerritbot added a project: Patch-For-Review.Jun 8 2021, 10:12 PM

Change 698850 merged by Ryan Kemper:

[operations/puppet@production] Revert "Revert "temp limit GAE/GCE traffic towards search API""

https://gerrit.wikimedia.org/r/698850

Stashbot added a comment.Jun 8 2021, 10:14 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T22:14:19Z] <ryankemper> T284479 Merged https://gerrit.wikimedia.org/r/c/operations/puppet/+/698850, running puppet on cp3052.esams.wmnet

Stashbot added a comment.Jun 8 2021, 10:15 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T22:15:47Z] <ryankemper> T284479 Successful puppet run on cp3052, proceeding to rest of A:cp-text: sudo cumin -b 19 'A:cp-text' 'run-puppet-agent -q'

Stashbot added a comment.Jun 8 2021, 10:21 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-08T22:21:56Z] <ryankemper> T284479 Block put back in place. We're back to expected traffic levels. We'll need a more granular mitigation in place before we can lift this block going forward.

Maintenance_bot removed a project: Patch-For-Review.Jun 8 2021, 11:10 PM
MPhamWMF set the point value for this task to 5.Jun 9 2021, 3:40 PM
MPhamWMF moved this task from Incoming to Ready for Dev -- SWE on the Discovery-Search (Current work) board.
MPhamWMF mentioned this in T270391: varnish filtering: should we automatically update public_cloud_nets .Jun 9 2021, 8:59 PM
EBernhardson moved this task from Ready for Dev -- SWE to In Progress on the Discovery-Search (Current work) board.Jun 10 2021, 5:34 PM
gerritbot added a comment.Jun 10 2021, 5:34 PM

Change 699257 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[operations/mediawiki-config@master] Add pool counter for automated search requests

https://gerrit.wikimedia.org/r/699257

gerritbot added a project: Patch-For-Review.Jun 10 2021, 5:34 PM
gerritbot added a comment.Jun 10 2021, 9:56 PM

Change 699311 had a related patch set uploaded (by Ebernhardson; author: Ebernhardson):

[mediawiki/extensions/CirrusSearch@master] Add pool counter for automated requests

https://gerrit.wikimedia.org/r/699311

gerritbot added a comment.Jun 21 2021, 6:29 PM

Change 699257 merged by jenkins-bot:

[operations/mediawiki-config@master] Add pool counter for automated search requests

https://gerrit.wikimedia.org/r/699257

Stashbot added a comment.Jun 21 2021, 6:30 PM

Mentioned in SAL (#wikimedia-operations) [2021-06-21T18:30:57Z] <urbanecm@deploy1002> Synchronized wmf-config/PoolCounterSettings.php: af61f1a9ffc4703ad9514eac96655c3dd9d491d8: Add pool counter for automated search requests (T284479) (duration: 00m 59s)

EBernhardson moved this task from In Progress to Needs review on the Discovery-Search (Current work) board.Jun 21 2021, 8:46 PM
gerritbot added a comment.Jun 22 2021, 3:58 PM

Change 699311 merged by jenkins-bot:

[mediawiki/extensions/CirrusSearch@master] Add pool counter for automated requests

https://gerrit.wikimedia.org/r/699311

ReleaseTaggerBot added a project: MW-1.37-notes (1.37.0-wmf.12; 2021-06-28).Jun 22 2021, 4:00 PM
dcausse moved this task from Needs review to To Be Deployed on the Discovery-Search (Current work) board.Jun 24 2021, 7:18 AM
Aklapper removed a project: Patch-For-Review.Aug 1 2021, 8:54 PM
Aklapper added a subscriber: dcausse.

@RKemper, @dcausse: This "Unbreak Now" priority ticket has not seen updates for five weeks. All linked patches have been merged.
Is there more to do here? If yes, should the priority be lowered? If not, can the task status be set to resolved?
Thanks in advance.

dcausse lowered the priority of this task from Unbreak Now! to High.Aug 2 2021, 7:32 AM
dcausse moved this task from To Be Deployed to Needs Reporting on the Discovery-Search (Current work) board.

Lowering to High to reflect reality, the new config option added to MW should help to throttle automated requests like the ones we saw here if it happens again in the future.

Gehel closed this task as Resolved.Aug 16 2021, 2:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL