Page MenuHomePhabricator
Create Task
Maniphest T309171

syslog / centrallog log volume growth
Closed, ResolvedPublic
Actions

Assigned To
fgiunchedi
Authored By
fgiunchedi
May 25 2022, 7:40 AM
Tags
Referenced Files
Restricted File
Jun 16 2022, 10:02 AM
Restricted File
Jun 16 2022, 10:02 AM
Subscribers
Aklapper
fgiunchedi
jcrespo
MatthewVernon
Tokens
"Love" token, awarded by jcrespo.

Description

While investigating T300056 I took a look at what is causing so much (sys)log growth over time. Turns out, it is swift logs (!)

root@centrallog2002:~# du -hcs /srv/syslog | grep total
926G	total
root@centrallog2002:~# du -hcs /srv/syslog/*/swift* | grep total
712G	total

Details

SubjectRepoBranchLines +/-
swift: introduce rsyslog config to ban logs before centrallogoperations/puppetproduction+29 -18
swift: drop REPLICATE 'access log' from container-serveroperations/puppetproduction+6 -0
Customize query in gerrit

Related Objects

Event Timeline

fgiunchedi created this task.May 25 2022, 7:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 25 2022, 7:40 AM
lmata triaged this task as Medium priority.May 25 2022, 4:30 PM
fgiunchedi added a comment.May 26 2022, 8:32 AM

Followup from o11y team meeting yesterday:

  • Consider if it is doable and viable to trim retention for swift only
  • Medium/longer term consider ingesting swift logs in logstash (in terms of log volume and used space)
Stashbot added a comment.Jun 8 2022, 3:13 PM

Mentioned in SAL (#wikimedia-operations) [2022-06-08T15:13:42Z] <godog> trim swift logs older than 30d from centrallog2002 - T309171

Stashbot added a comment.Jun 8 2022, 3:17 PM

Mentioned in SAL (#wikimedia-operations) [2022-06-08T15:17:00Z] <godog> trim swift logs older than 30d from centrallog1001 - T309171

fgiunchedi added a subscriber: MatthewVernon.Jun 16 2022, 8:29 AM

This is back, I tracked it down to a lot of logs from container-server essentially the REPLICATE access log:

root@centrallog2002:~# grep -c REPLICATE /srv/syslog/ms-be1061/swift.log
2723041
root@centrallog2002:~# wc -l !$
wc -l /srv/syslog/ms-be1061/swift.log
3541507 /srv/syslog/ms-be1061/swift.log
root@centrallog2002:~#

This is new logging activity on Bullseye systems, whereas before REPLICATE activity wasn't there. I'm for dropping these logs altogether since it is essentially spam IMHO, very much like we did in https://gerrit.wikimedia.org/r/340142 . What do you think @MatthewVernon

gerritbot added a comment.Jun 16 2022, 8:36 AM

Change 806166 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] swift: drop REPLICATE 'access log' from container-server

https://gerrit.wikimedia.org/r/806166

gerritbot added a project: Patch-For-Review.Jun 16 2022, 8:36 AM
gerritbot added a comment.Jun 16 2022, 9:58 AM

Change 806166 merged by Filippo Giunchedi:

[operations/puppet@production] swift: drop REPLICATE 'access log' from container-server

https://gerrit.wikimedia.org/r/806166

jcrespo subscribed.Jun 16 2022, 10:02 AM

For context:

root@centrallog2002:~$ du -hcs /srv/syslog/ms-be* | grep total
804G    total
✔️ root@centrallog2002:~$ du -hcs /srv/syslog | grep total
1.1T    total
✔️

{F35246396}
{F35246398}

gerritbot added a comment.Jun 16 2022, 10:16 AM

Change 806173 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] swift: introduce rsyslog config to ban logs before centrallog

https://gerrit.wikimedia.org/r/806173

gerritbot added a comment.Jun 16 2022, 11:22 AM

Change 806173 merged by Filippo Giunchedi:

[operations/puppet@production] swift: introduce rsyslog config to ban logs before centrallog

https://gerrit.wikimedia.org/r/806173

Maintenance_bot removed a project: Patch-For-Review.Jun 16 2022, 11:30 AM
Stashbot added a comment.Jun 16 2022, 11:35 AM

Mentioned in SAL (#wikimedia-operations) [2022-06-16T11:35:21Z] <godog> trim swift logs older than 25d from centrallog hosts - T309171

fgiunchedi added a comment.Jun 16 2022, 12:26 PM

The immediate issue has been mitigated, we'll be seeing filesystem space going back to reasonable levels in the next few days, I'll leave the task open in the meantime

jcrespo awarded a token.Jun 16 2022, 12:45 PM
fgiunchedi closed this task as Resolved.Jun 30 2022, 7:01 AM
fgiunchedi claimed this task.

We're back to manageable levels (68-70% minimum), resolving!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL