BBlack has submitted this change and it was merged. Change subject: Decom bits cluster varnish/lvs configuration ......................................................................
Decom bits cluster varnish/lvs configuration Bug: T95448 Change-Id: Idcd578dfa3381dfdafe715fb3c56b3759de5bc0a --- M hieradata/common/lvs/configuration.yaml M hieradata/labs.yaml M manifests/role/cache.pp D modules/role/manifests/cache/bits.pp M modules/role/manifests/cache/configuration.pp M modules/role/manifests/lvs/balancer.pp M modules/varnish/templates/vcl/wikimedia.vcl.erb D templates/varnish/bits.inc.vcl.erb 8 files changed, 0 insertions(+), 350 deletions(-) Approvals: BBlack: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/common/lvs/configuration.yaml b/hieradata/common/lvs/configuration.yaml index 7abab08..f554a2e 100644 --- a/hieradata/common/lvs/configuration.yaml +++ b/hieradata/common/lvs/configuration.yaml @@ -12,19 +12,6 @@ ulsfo: textlb: 198.35.26.96 textlb6: 2620:0:863:ed1a::1 - bits: &bits - codfw: - bitslb: 208.80.153.234 - bitslb6: 2620:0:860:ed1a::1:a - eqiad: - bitslb: 208.80.154.234 - bitslb6: 2620:0:861:ed1a::1:a - esams: - bitslb: 91.198.174.202 - bitslb6: 2620:0:862:ed1a::1:a - ulsfo: - bitslb: 198.35.26.106 - bitslb6: 2620:0:863:ed1a::1:a upload: &upload codfw: uploadlb: 208.80.153.240 @@ -159,56 +146,6 @@ IdleConnection: timeout-clean-reconnect: 3 max-delay: 300 - bits: - description: "Site assets (CSS/JS) LVS service, bits.%{::site}.wikimedia.org" - class: high-traffic1 - sites: - - codfw - - eqiad - - esams - - ulsfo - ip: *bits - bgp: 'yes' - depool-threshold: ".5" - monitors: - IdleConnection: - timeout-clean-reconnect: 3 - max-delay: 300 - conftool: - cluster: cache_bits - service: varnish-fe - icinga: - uri: bits.wikimedia.org!/static-current/resources/assets/poweredby_mediawiki_88x31.png - sites: - eqiad: - hostname: bits-lb.eqiad.wikimedia.org - esams: - hostname: bits-lb.esams.wikimedia.org - ulsfo: - hostname: bits-lb.ulsfo.wikimedia.org - bits-https: - description: "Site assets (CSS/JS) LVS service, bits.%{::site}.wikimedia.org" - class: high-traffic1 - sites: - - codfw - - eqiad - - esams - - ulsfo - ip: *bits - port: 443 - scheduler: sh - bgp: 'no' - depool-threshold: ".5" - monitors: - ProxyFetch: - url: - - https://bits.wikimedia.org/pybal-test-file - IdleConnection: - timeout-clean-reconnect: 3 - max-delay: 300 - conftool: - cluster: cache_bits - service: nginx upload: description: "Images and other media, upload.%{::site}.wikimedia.org" class: high-traffic2 diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index 7806563..7811796 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -26,9 +26,6 @@ cache::mobile::nodes: eqiad: - '127.0.0.1' -cache::bits::nodes: - eqiad: - - '127.0.0.1' cache::parsoid::nodes: eqiad: - '127.0.0.1' @@ -39,8 +36,6 @@ - vdb role::cache::upload::upload_domain: 'upload.beta.wmflabs.org' role::cache::upload::top_domain: 'beta.wmflabs.org' -role::cache::bits::bits_domain: 'bits.beta.wmflabs.org' -role::cache::bits::top_domain: 'beta.wmflabs.org' role::cache::text::bits_domain: 'bits.beta.wmflabs.org' role::cache::text::top_domain: 'beta.wmflabs.org' role::cache::mobile::zero_site: 'http://zero.wikimedia.beta.wmflabs.org' diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp index 299ec06..bb02cf5 100644 --- a/manifests/role/cache.pp +++ b/manifests/role/cache.pp @@ -8,10 +8,6 @@ @monitoring::group { 'cache_upload_eqiad': description => 'eqiad upload Varnish' } @monitoring::group { 'cache_upload_esams': description => 'esams upload Varnish' } @monitoring::group { 'cache_upload_ulsfo': description => 'ulsfo upload Varnish' } -@monitoring::group { 'cache_bits_codfw': description => 'codfw bits Varnish' } -@monitoring::group { 'cache_bits_eqiad': description => 'eqiad bits Varnish' } -@monitoring::group { 'cache_bits_esams': description => 'esams bits Varnish' } -@monitoring::group { 'cache_bits_ulsfo': description => 'ulsfo bits Varnish' } @monitoring::group { 'cache_mobile_codfw': description => 'codfw mobile Varnish' } @monitoring::group { 'cache_mobile_eqiad': description => 'eqiad mobile Varnish' } @monitoring::group { 'cache_mobile_esams': description => 'esams mobile Varnish' } diff --git a/modules/role/manifests/cache/bits.pp b/modules/role/manifests/cache/bits.pp deleted file mode 100644 index 119fd4a..0000000 --- a/modules/role/manifests/cache/bits.pp +++ /dev/null @@ -1,109 +0,0 @@ -class role::cache::bits ( - $bits_domain = 'bits.wikimedia.org', - $top_domain = 'org' -) { - system::role { 'role::cache::bits': - description => 'bits Varnish cache server', - } - - include role::cache::1layer - - class { 'lvs::realserver': - realserver_ips => $lvs::configuration::service_ips['bits'][$::site], - } - - include role::cache::ssl::unified - - $cluster_options = { - 'test_hostname' => 'test.wikipedia.org', - 'enable_geoiplookup' => true, - 'do_gzip' => true, - 'bits_domain' => $bits_domain, - 'top_domain' => $top_domain, - } - - $varnish_directors = { - 'one' => { - 'backend' => { - 'dynamic' => 'no', - 'type' => 'random', - 'backends' => $::role::cache::configuration::backends[$::realm]['bits_appservers'][$::mw_primary], - }, - 'test_wikipedia' => { - 'dynamic' => 'no', - 'type' => 'random', - 'backends' => $::role::cache::configuration::backends[$::realm]['test_appservers'][$::mw_primary], - }, - }, - 'two' => { - 'backend' => { - 'dynamic' => 'no', - 'type' => 'random', - 'backends' => sort(flatten(values($role::cache::configuration::backends[$::realm]['bits']))), - }, - } - } - - $probe = $::site_tier ? { - 'one' => 'bits', - default => 'varnish', - } - - # The cutoff here is somewhat arbitrary. Large-memory production hosts - # use 2GB currently, and small-memory virtual hosts (some as little as 4G - # total mem) use 1GB currently. It seems ok for now as a general rule - # here: don't use the larger 2GB value unless it's a relatively-small - # fraction of available memory. - if $::memorysize_mb >= 16384 { - $memory_storage_size = 2 - } - else { - $memory_storage_size = 1 - } - - require geoip - require geoip::dev # for VCL compilation using libGeoIP - - varnish::instance { 'bits': - name => '', - vcl => 'bits', - port => 80, - admin_port => 6082, - storage => "-s malloc,${memory_storage_size}G", - directors => $varnish_directors[$::site_tier], - vcl_config => { - 'retry503' => 4, - 'retry5xx' => 1, - 'cache4xx' => '1m', - 'layer' => 'frontend', - }, - backend_options => { - 'port' => 80, - 'connect_timeout' => '5s', - 'first_byte_timeout' => '35s', - 'between_bytes_timeout' => '4s', - 'max_connections' => 10000, - 'probe' => $probe, - }, - cluster_options => $cluster_options, - } - - include role::cache::logging::eventlistener - # Include a varnishkafka instance that will produce - # eventlogging events to Kafka. - include role::cache::kafka::eventlogging - - # ToDo: Remove production conditional once this works - # is verified to work in labs. - if $::realm == 'production' { - # Install a varnishkafka producer to send - # varnish webrequest logs to Kafka. - class { 'role::cache::kafka::webrequest': - topic => 'webrequest_bits', - varnish_name => $::hostname, - varnish_svc_name => 'varnish', - } - - include role::cache::kafka::statsv - } -} diff --git a/modules/role/manifests/cache/configuration.pp b/modules/role/manifests/cache/configuration.pp index a94f82b..5bb562a 100644 --- a/modules/role/manifests/cache/configuration.pp +++ b/modules/role/manifests/cache/configuration.pp @@ -9,12 +9,6 @@ 'appservers' => $lvs::configuration::service_ips['apaches'], 'api' => $lvs::configuration::service_ips['api'], 'rendering' => $lvs::configuration::service_ips['rendering'], - 'bits' => { - 'eqiad' => flatten([$lvs::configuration::service_ips['bits']['eqiad']['bitslb']]), - }, - 'bits_appservers' => { - 'eqiad' => flatten([$lvs::configuration::service_ips['apaches']['eqiad']]), - }, 'test_appservers' => { 'eqiad' => [ 'mw1017.eqiad.wmnet' ], }, @@ -42,18 +36,6 @@ ], }, 'api' => { - 'eqiad' => [ - '10.68.17.170', # deployment-mediawiki01 - '10.68.16.127', # deployment-mediawiki02 - ], - }, - 'bits' => { - 'eqiad' => [ - '10.68.17.170', # deployment-mediawiki01 - '10.68.16.127', # deployment-mediawiki02 - ], - }, - 'bits_appservers' => { 'eqiad' => [ '10.68.17.170', # deployment-mediawiki01 '10.68.16.127', # deployment-mediawiki02 diff --git a/modules/role/manifests/lvs/balancer.pp b/modules/role/manifests/lvs/balancer.pp index 00a2029..ddedad3 100644 --- a/modules/role/manifests/lvs/balancer.pp +++ b/modules/role/manifests/lvs/balancer.pp @@ -14,7 +14,6 @@ # eqiad /^(lvs100[14])$/ => [ $sip['text'][$::site], - $sip['bits'][$::site], $sip['mobile'][$::site], ], /^(lvs100[25])$/ => [ @@ -44,7 +43,6 @@ # codfw (should mirror eqiad above, eventually, and become merged with it via regex /^(lvs200[14])$/ => [ $sip['text'][$::site], - $sip['bits'][$::site], $sip['mobile'][$::site], ], /^(lvs200[25])$/ => [ @@ -62,7 +60,6 @@ # esams + ulsfo /^(lvs[34]00[13])$/ => [ $sip['text'][$::site], - $sip['bits'][$::site], $sip['mobile'][$::site], ], /^(lvs300[24])$/ => [ diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index 6fbde56..edd6ed6 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -60,18 +60,6 @@ # Backend probes -probe bits { - .request = - "GET /w/load.php HTTP/1.1" - "Host: en.wikipedia.<%= @cluster_options.fetch( "top_domain", "org" ) %>" - "User-agent: Varnish backend check" - "Connection: close"; - .timeout = 1s; - .interval = 1s; - .window = 3; - .threshold = 2; -} - # frontends in front of other varnish instances should send # probes that don't depend on the app backend probe varnish { diff --git a/templates/varnish/bits.inc.vcl.erb b/templates/varnish/bits.inc.vcl.erb deleted file mode 100644 index b12d187..0000000 --- a/templates/varnish/bits.inc.vcl.erb +++ /dev/null @@ -1,136 +0,0 @@ -// Varnish VCL include file for bits - -include "errorpage.inc.vcl"; - -<% if @site_tier == "one" -%> -sub mangle_request { - // Transform backend url: /<sitename>/load.php -> /w/load.php - // Set host header for backend to <sitename> - if (req.url ~ "^/([a-zA-Z0-9-]+\.)?([a-zA-Z0-9-]+\.)?([a-zA-Z0-9-]+)\.<%= Regexp.escape(@cluster_options.fetch("top_domain", "org")) %>/load\.php") { - set bereq.http.host = regsub(req.url, "^/([^/]+)/(.*)$", "\1"); - set bereq.url = regsub(req.url, "^/([^/]+)/load\.php(.*)?", "/w/load.php\2"); -<% if @cluster_options.fetch("test_hostname", false) -%> - - // Send test.wikipedia.org to the right backend server - if (req.url ~ "^/<%= Regexp.escape(@cluster_options.fetch("test_hostname")) %>/load\.php") { - set req.backend = test_wikipedia; - } -<% end -%> - } -} -<% end -%> - -sub vcl_recv { - if (req.url ~ "^/(event\.gif|beacon\/[^/?]+|statsv[/?])") { - // Logging beacon endpoints - // - // They are handled by log tailers (varnishkafka and varnishncsa) that filter the - // Varnish shm log for reqs to these endpoints and forward them to log processors - // for storage and analysis. - // - // * /event.gif is used by EventLogging (owner: analytics) - // * /statsv is used by MediaWiki for statsd-like performance metrics (owner: Ori) - // * /beacon/ is used by all other applications. - // - // If you need a custom endpoint, don't modify this regex. Tack on a path component - // to /beacon to claim a namespace instead -- e.g.: /beacon/images?... - error 204; - } - - if (req.request == "POST") { - error 403 "HTTP method not allowed."; - } - - if (req.http.host == "<%= @cluster_options.fetch("bits_domain", "bits.wikimedia.org") %>") { -<% if @site_tier == "one" -%> - if (req.http.X-Wikimedia-Debug == "1") { - set req.backend = test_wikipedia; - } -<% end -%> - // For https-only wikis, the redirect from http to https for bits assets should occur - // in varnish instead of apache, since the apache redirect and mediawiki doesn't - // vary by protocol. This can result in a redirect loop and assets not loading. - if (req.url ~ "^/(auditcom|boardgovcom|board|chair|chapcom|checkuser|collab|donate|exec|fdc|grants|internal|movementroles|nomcom|office|otrs-wiki|searchcom|spcom|steward|wikimaniateam)\.wikimedia\.org/" && req.http.X-Forwarded-Proto != "https") { - error 301 "https://<%= @cluster_options.fetch("bits_domain", "bits.wikimedia.org") %>" + req.url; - } - -<% if @cluster_options.fetch("enable_geoiplookup", false) -%> - if (req.url == "/geoiplookup") { - error 666 "geoiplookup"; - } else { - return (lookup); - } -<% else -%> - return (lookup); -<% end -%> - } -<% if @cluster_options.fetch("enable_geoiplookup", false) -%> - else if (req.http.host == "geoiplookup.wikimedia.org" ) { - error 666 "geoiplookup"; - } -<% end -%> - else { - error 403 "Requested target domain not allowed."; - } -} - -sub vcl_fetch { - // Do not serialize calls for non-cachable objects. - // Removing this would break debug=true in mediawiki. - if (beresp.ttl <= 0s || req.http.X-Wikimedia-Debug == "1") { - set beresp.ttl = 120s; - return (hit_for_pass); - } - -<% if @cluster_options.fetch("do_gzip", false) -%> - // Compress ico and SVG files - if (beresp.http.content-type ~ "^image/(x-icon|vnd\.microsoft\.icon|svg\+xml)$") { - set beresp.do_gzip = true; - } -<% end -%> - - // Don't run the default vcl_fetch function - return (deliver); -} - -<% if @site_tier == "one" -%> -sub vcl_miss { - call mangle_request; -} -<% end -%> - -<% if @site_tier == "one" -%> -// vcl_pass gets called by hit_for_pass objects in place of vcl_miss, so -// we need to mangle the request object here as well. Actually, vcl_miss -// and vcl_pass should probably be identical for the time being. -sub vcl_pass { - call mangle_request; -} -<% end -%> - -sub vcl_error { -<% if @cluster_options.fetch("enable_geoiplookup", false) -%> - // Support geoiplookup - if (obj.status == 666) { - call geoip_lookup; - set obj.status = 200; - set obj.http.Connection = "keep-alive"; - return (deliver); - } -<% end -%> - // 204 responses shouldn't contain a body - if (obj.status == 204) { - set obj.http.Connection = "keep-alive"; - return (deliver); - } - // 301 redirects for https-only wikis - if (obj.status == 301) { - set obj.http.Location = obj.response; - set obj.status = 301; - set obj.http.Connection = "keep-alive"; - return (deliver); - } - - call errorpage; - return (deliver); -} -- To view, visit https://gerrit.wikimedia.org/r/228034 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idcd578dfa3381dfdafe715fb3c56b3759de5bc0a Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits