BBlack has submitted this change and it was merged.
Change subject: Decom bits cluster varnish/lvs configuration
......................................................................
Decom bits cluster varnish/lvs configuration
Bug: T95448
Change-Id: Idcd578dfa3381dfdafe715fb3c56b3759de5bc0a
---
M hieradata/common/lvs/configuration.yaml
M hieradata/labs.yaml
M manifests/role/cache.pp
D modules/role/manifests/cache/bits.pp
M modules/role/manifests/cache/configuration.pp
M modules/role/manifests/lvs/balancer.pp
M modules/varnish/templates/vcl/wikimedia.vcl.erb
D templates/varnish/bits.inc.vcl.erb
8 files changed, 0 insertions(+), 350 deletions(-)
Approvals:
BBlack: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/common/lvs/configuration.yaml
b/hieradata/common/lvs/configuration.yaml
index 7abab08..f554a2e 100644
--- a/hieradata/common/lvs/configuration.yaml
+++ b/hieradata/common/lvs/configuration.yaml
@@ -12,19 +12,6 @@
ulsfo:
textlb: 198.35.26.96
textlb6: 2620:0:863:ed1a::1
- bits: &bits
- codfw:
- bitslb: 208.80.153.234
- bitslb6: 2620:0:860:ed1a::1:a
- eqiad:
- bitslb: 208.80.154.234
- bitslb6: 2620:0:861:ed1a::1:a
- esams:
- bitslb: 91.198.174.202
- bitslb6: 2620:0:862:ed1a::1:a
- ulsfo:
- bitslb: 198.35.26.106
- bitslb6: 2620:0:863:ed1a::1:a
upload: &upload
codfw:
uploadlb: 208.80.153.240
@@ -159,56 +146,6 @@
IdleConnection:
timeout-clean-reconnect: 3
max-delay: 300
- bits:
- description: "Site assets (CSS/JS) LVS service,
bits.%{::site}.wikimedia.org"
- class: high-traffic1
- sites:
- - codfw
- - eqiad
- - esams
- - ulsfo
- ip: *bits
- bgp: 'yes'
- depool-threshold: ".5"
- monitors:
- IdleConnection:
- timeout-clean-reconnect: 3
- max-delay: 300
- conftool:
- cluster: cache_bits
- service: varnish-fe
- icinga:
- uri:
bits.wikimedia.org!/static-current/resources/assets/poweredby_mediawiki_88x31.png
- sites:
- eqiad:
- hostname: bits-lb.eqiad.wikimedia.org
- esams:
- hostname: bits-lb.esams.wikimedia.org
- ulsfo:
- hostname: bits-lb.ulsfo.wikimedia.org
- bits-https:
- description: "Site assets (CSS/JS) LVS service,
bits.%{::site}.wikimedia.org"
- class: high-traffic1
- sites:
- - codfw
- - eqiad
- - esams
- - ulsfo
- ip: *bits
- port: 443
- scheduler: sh
- bgp: 'no'
- depool-threshold: ".5"
- monitors:
- ProxyFetch:
- url:
- - https://bits.wikimedia.org/pybal-test-file
- IdleConnection:
- timeout-clean-reconnect: 3
- max-delay: 300
- conftool:
- cluster: cache_bits
- service: nginx
upload:
description: "Images and other media, upload.%{::site}.wikimedia.org"
class: high-traffic2
diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml
index 7806563..7811796 100644
--- a/hieradata/labs.yaml
+++ b/hieradata/labs.yaml
@@ -26,9 +26,6 @@
cache::mobile::nodes:
eqiad:
- '127.0.0.1'
-cache::bits::nodes:
- eqiad:
- - '127.0.0.1'
cache::parsoid::nodes:
eqiad:
- '127.0.0.1'
@@ -39,8 +36,6 @@
- vdb
role::cache::upload::upload_domain: 'upload.beta.wmflabs.org'
role::cache::upload::top_domain: 'beta.wmflabs.org'
-role::cache::bits::bits_domain: 'bits.beta.wmflabs.org'
-role::cache::bits::top_domain: 'beta.wmflabs.org'
role::cache::text::bits_domain: 'bits.beta.wmflabs.org'
role::cache::text::top_domain: 'beta.wmflabs.org'
role::cache::mobile::zero_site: 'http://zero.wikimedia.beta.wmflabs.org'
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 299ec06..bb02cf5 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -8,10 +8,6 @@
@monitoring::group { 'cache_upload_eqiad': description => 'eqiad upload
Varnish' }
@monitoring::group { 'cache_upload_esams': description => 'esams upload
Varnish' }
@monitoring::group { 'cache_upload_ulsfo': description => 'ulsfo upload
Varnish' }
-@monitoring::group { 'cache_bits_codfw': description => 'codfw bits Varnish' }
-@monitoring::group { 'cache_bits_eqiad': description => 'eqiad bits Varnish' }
-@monitoring::group { 'cache_bits_esams': description => 'esams bits Varnish' }
-@monitoring::group { 'cache_bits_ulsfo': description => 'ulsfo bits Varnish' }
@monitoring::group { 'cache_mobile_codfw': description => 'codfw mobile
Varnish' }
@monitoring::group { 'cache_mobile_eqiad': description => 'eqiad mobile
Varnish' }
@monitoring::group { 'cache_mobile_esams': description => 'esams mobile
Varnish' }
diff --git a/modules/role/manifests/cache/bits.pp
b/modules/role/manifests/cache/bits.pp
deleted file mode 100644
index 119fd4a..0000000
--- a/modules/role/manifests/cache/bits.pp
+++ /dev/null
@@ -1,109 +0,0 @@
-class role::cache::bits (
- $bits_domain = 'bits.wikimedia.org',
- $top_domain = 'org'
-) {
- system::role { 'role::cache::bits':
- description => 'bits Varnish cache server',
- }
-
- include role::cache::1layer
-
- class { 'lvs::realserver':
- realserver_ips => $lvs::configuration::service_ips['bits'][$::site],
- }
-
- include role::cache::ssl::unified
-
- $cluster_options = {
- 'test_hostname' => 'test.wikipedia.org',
- 'enable_geoiplookup' => true,
- 'do_gzip' => true,
- 'bits_domain' => $bits_domain,
- 'top_domain' => $top_domain,
- }
-
- $varnish_directors = {
- 'one' => {
- 'backend' => {
- 'dynamic' => 'no',
- 'type' => 'random',
- 'backends' =>
$::role::cache::configuration::backends[$::realm]['bits_appservers'][$::mw_primary],
- },
- 'test_wikipedia' => {
- 'dynamic' => 'no',
- 'type' => 'random',
- 'backends' =>
$::role::cache::configuration::backends[$::realm]['test_appservers'][$::mw_primary],
- },
- },
- 'two' => {
- 'backend' => {
- 'dynamic' => 'no',
- 'type' => 'random',
- 'backends' =>
sort(flatten(values($role::cache::configuration::backends[$::realm]['bits']))),
- },
- }
- }
-
- $probe = $::site_tier ? {
- 'one' => 'bits',
- default => 'varnish',
- }
-
- # The cutoff here is somewhat arbitrary. Large-memory production hosts
- # use 2GB currently, and small-memory virtual hosts (some as little as 4G
- # total mem) use 1GB currently. It seems ok for now as a general rule
- # here: don't use the larger 2GB value unless it's a relatively-small
- # fraction of available memory.
- if $::memorysize_mb >= 16384 {
- $memory_storage_size = 2
- }
- else {
- $memory_storage_size = 1
- }
-
- require geoip
- require geoip::dev # for VCL compilation using libGeoIP
-
- varnish::instance { 'bits':
- name => '',
- vcl => 'bits',
- port => 80,
- admin_port => 6082,
- storage => "-s malloc,${memory_storage_size}G",
- directors => $varnish_directors[$::site_tier],
- vcl_config => {
- 'retry503' => 4,
- 'retry5xx' => 1,
- 'cache4xx' => '1m',
- 'layer' => 'frontend',
- },
- backend_options => {
- 'port' => 80,
- 'connect_timeout' => '5s',
- 'first_byte_timeout' => '35s',
- 'between_bytes_timeout' => '4s',
- 'max_connections' => 10000,
- 'probe' => $probe,
- },
- cluster_options => $cluster_options,
- }
-
- include role::cache::logging::eventlistener
- # Include a varnishkafka instance that will produce
- # eventlogging events to Kafka.
- include role::cache::kafka::eventlogging
-
- # ToDo: Remove production conditional once this works
- # is verified to work in labs.
- if $::realm == 'production' {
- # Install a varnishkafka producer to send
- # varnish webrequest logs to Kafka.
- class { 'role::cache::kafka::webrequest':
- topic => 'webrequest_bits',
- varnish_name => $::hostname,
- varnish_svc_name => 'varnish',
- }
-
- include role::cache::kafka::statsv
- }
-}
diff --git a/modules/role/manifests/cache/configuration.pp
b/modules/role/manifests/cache/configuration.pp
index a94f82b..5bb562a 100644
--- a/modules/role/manifests/cache/configuration.pp
+++ b/modules/role/manifests/cache/configuration.pp
@@ -9,12 +9,6 @@
'appservers' => $lvs::configuration::service_ips['apaches'],
'api' => $lvs::configuration::service_ips['api'],
'rendering' =>
$lvs::configuration::service_ips['rendering'],
- 'bits' => {
- 'eqiad' =>
flatten([$lvs::configuration::service_ips['bits']['eqiad']['bitslb']]),
- },
- 'bits_appservers' => {
- 'eqiad' =>
flatten([$lvs::configuration::service_ips['apaches']['eqiad']]),
- },
'test_appservers' => {
'eqiad' => [ 'mw1017.eqiad.wmnet' ],
},
@@ -42,18 +36,6 @@
],
},
'api' => {
- 'eqiad' => [
- '10.68.17.170', # deployment-mediawiki01
- '10.68.16.127', # deployment-mediawiki02
- ],
- },
- 'bits' => {
- 'eqiad' => [
- '10.68.17.170', # deployment-mediawiki01
- '10.68.16.127', # deployment-mediawiki02
- ],
- },
- 'bits_appservers' => {
'eqiad' => [
'10.68.17.170', # deployment-mediawiki01
'10.68.16.127', # deployment-mediawiki02
diff --git a/modules/role/manifests/lvs/balancer.pp
b/modules/role/manifests/lvs/balancer.pp
index 00a2029..ddedad3 100644
--- a/modules/role/manifests/lvs/balancer.pp
+++ b/modules/role/manifests/lvs/balancer.pp
@@ -14,7 +14,6 @@
# eqiad
/^(lvs100[14])$/ => [
$sip['text'][$::site],
- $sip['bits'][$::site],
$sip['mobile'][$::site],
],
/^(lvs100[25])$/ => [
@@ -44,7 +43,6 @@
# codfw (should mirror eqiad above, eventually, and become merged with
it via regex
/^(lvs200[14])$/ => [
$sip['text'][$::site],
- $sip['bits'][$::site],
$sip['mobile'][$::site],
],
/^(lvs200[25])$/ => [
@@ -62,7 +60,6 @@
# esams + ulsfo
/^(lvs[34]00[13])$/ => [
$sip['text'][$::site],
- $sip['bits'][$::site],
$sip['mobile'][$::site],
],
/^(lvs300[24])$/ => [
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 6fbde56..edd6ed6 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -60,18 +60,6 @@
# Backend probes
-probe bits {
- .request =
- "GET /w/load.php HTTP/1.1"
- "Host: en.wikipedia.<%= @cluster_options.fetch( "top_domain",
"org" ) %>"
- "User-agent: Varnish backend check"
- "Connection: close";
- .timeout = 1s;
- .interval = 1s;
- .window = 3;
- .threshold = 2;
-}
-
# frontends in front of other varnish instances should send
# probes that don't depend on the app backend
probe varnish {
diff --git a/templates/varnish/bits.inc.vcl.erb
b/templates/varnish/bits.inc.vcl.erb
deleted file mode 100644
index b12d187..0000000
--- a/templates/varnish/bits.inc.vcl.erb
+++ /dev/null
@@ -1,136 +0,0 @@
-// Varnish VCL include file for bits
-
-include "errorpage.inc.vcl";
-
-<% if @site_tier == "one" -%>
-sub mangle_request {
- // Transform backend url: /<sitename>/load.php -> /w/load.php
- // Set host header for backend to <sitename>
- if (req.url ~
"^/([a-zA-Z0-9-]+\.)?([a-zA-Z0-9-]+\.)?([a-zA-Z0-9-]+)\.<%=
Regexp.escape(@cluster_options.fetch("top_domain", "org")) %>/load\.php") {
- set bereq.http.host = regsub(req.url, "^/([^/]+)/(.*)$", "\1");
- set bereq.url = regsub(req.url, "^/([^/]+)/load\.php(.*)?",
"/w/load.php\2");
-<% if @cluster_options.fetch("test_hostname", false) -%>
-
- // Send test.wikipedia.org to the right backend server
- if (req.url ~ "^/<%=
Regexp.escape(@cluster_options.fetch("test_hostname")) %>/load\.php") {
- set req.backend = test_wikipedia;
- }
-<% end -%>
- }
-}
-<% end -%>
-
-sub vcl_recv {
- if (req.url ~ "^/(event\.gif|beacon\/[^/?]+|statsv[/?])") {
- // Logging beacon endpoints
- //
- // They are handled by log tailers (varnishkafka and
varnishncsa) that filter the
- // Varnish shm log for reqs to these endpoints and forward them
to log processors
- // for storage and analysis.
- //
- // * /event.gif is used by EventLogging (owner: analytics)
- // * /statsv is used by MediaWiki for statsd-like performance
metrics (owner: Ori)
- // * /beacon/ is used by all other applications.
- //
- // If you need a custom endpoint, don't modify this regex. Tack
on a path component
- // to /beacon to claim a namespace instead -- e.g.:
/beacon/images?...
- error 204;
- }
-
- if (req.request == "POST") {
- error 403 "HTTP method not allowed.";
- }
-
- if (req.http.host == "<%= @cluster_options.fetch("bits_domain",
"bits.wikimedia.org") %>") {
-<% if @site_tier == "one" -%>
- if (req.http.X-Wikimedia-Debug == "1") {
- set req.backend = test_wikipedia;
- }
-<% end -%>
- // For https-only wikis, the redirect from http to https for
bits assets should occur
- // in varnish instead of apache, since the apache redirect and
mediawiki doesn't
- // vary by protocol. This can result in a redirect loop and
assets not loading.
- if (req.url ~
"^/(auditcom|boardgovcom|board|chair|chapcom|checkuser|collab|donate|exec|fdc|grants|internal|movementroles|nomcom|office|otrs-wiki|searchcom|spcom|steward|wikimaniateam)\.wikimedia\.org/"
&& req.http.X-Forwarded-Proto != "https") {
- error 301 "https://<%=
@cluster_options.fetch("bits_domain", "bits.wikimedia.org") %>" + req.url;
- }
-
-<% if @cluster_options.fetch("enable_geoiplookup", false) -%>
- if (req.url == "/geoiplookup") {
- error 666 "geoiplookup";
- } else {
- return (lookup);
- }
-<% else -%>
- return (lookup);
-<% end -%>
- }
-<% if @cluster_options.fetch("enable_geoiplookup", false) -%>
- else if (req.http.host == "geoiplookup.wikimedia.org" ) {
- error 666 "geoiplookup";
- }
-<% end -%>
- else {
- error 403 "Requested target domain not allowed.";
- }
-}
-
-sub vcl_fetch {
- // Do not serialize calls for non-cachable objects.
- // Removing this would break debug=true in mediawiki.
- if (beresp.ttl <= 0s || req.http.X-Wikimedia-Debug == "1") {
- set beresp.ttl = 120s;
- return (hit_for_pass);
- }
-
-<% if @cluster_options.fetch("do_gzip", false) -%>
- // Compress ico and SVG files
- if (beresp.http.content-type ~
"^image/(x-icon|vnd\.microsoft\.icon|svg\+xml)$") {
- set beresp.do_gzip = true;
- }
-<% end -%>
-
- // Don't run the default vcl_fetch function
- return (deliver);
-}
-
-<% if @site_tier == "one" -%>
-sub vcl_miss {
- call mangle_request;
-}
-<% end -%>
-
-<% if @site_tier == "one" -%>
-// vcl_pass gets called by hit_for_pass objects in place of vcl_miss, so
-// we need to mangle the request object here as well. Actually, vcl_miss
-// and vcl_pass should probably be identical for the time being.
-sub vcl_pass {
- call mangle_request;
-}
-<% end -%>
-
-sub vcl_error {
-<% if @cluster_options.fetch("enable_geoiplookup", false) -%>
- // Support geoiplookup
- if (obj.status == 666) {
- call geoip_lookup;
- set obj.status = 200;
- set obj.http.Connection = "keep-alive";
- return (deliver);
- }
-<% end -%>
- // 204 responses shouldn't contain a body
- if (obj.status == 204) {
- set obj.http.Connection = "keep-alive";
- return (deliver);
- }
- // 301 redirects for https-only wikis
- if (obj.status == 301) {
- set obj.http.Location = obj.response;
- set obj.status = 301;
- set obj.http.Connection = "keep-alive";
- return (deliver);
- }
-
- call errorpage;
- return (deliver);
-}
--
To view, visit https://gerrit.wikimedia.org/r/228034
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idcd578dfa3381dfdafe715fb3c56b3759de5bc0a
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
