BBlack has submitted this change and it was merged. Change subject: Add cache_maps and related LVS config, using cp104[34] ......................................................................
Add cache_maps and related LVS config, using cp104[34] Bug: T105076 Change-Id: If05c07a32e89c8c5ec73716281cf4526943f5b7e --- M conftool-data/nodes/eqiad.yaml M conftool-data/services/cache.yaml M hieradata/common.yaml A hieradata/common/cache/ipsec/maps.yaml A hieradata/common/cache/maps.yaml M hieradata/common/lvs/configuration.yaml M hieradata/labs.yaml M manifests/role/cache.pp M manifests/site.pp M modules/role/manifests/cache/configuration.pp A modules/role/manifests/cache/maps.pp M modules/role/manifests/lvs/balancer.pp M modules/varnish/templates/vcl/wikimedia.vcl.erb A templates/varnish/maps-backend.inc.vcl.web A templates/varnish/maps-frontend.inc.vcl.erb 15 files changed, 243 insertions(+), 5 deletions(-) Approvals: BBlack: Looks good to me, approved jenkins-bot: Verified diff --git a/conftool-data/nodes/eqiad.yaml b/conftool-data/nodes/eqiad.yaml index 78bf1ee..3d45f13 100644 --- a/conftool-data/nodes/eqiad.yaml +++ b/conftool-data/nodes/eqiad.yaml @@ -259,6 +259,9 @@ cp1073.eqiad.wmnet: [varnish-fe, varnish-be, nginx] cp1074.eqiad.wmnet: [varnish-fe, varnish-be, nginx] cp1099.eqiad.wmnet: [varnish-fe, varnish-be, nginx] +cache_maps: + cp1043.eqiad.wmnet: [varnish-fe, varnish-be, nginx] + cp1044.eqiad.wmnet: [varnish-fe, varnish-be, nginx] pdf: ocg1001.eqiad.wmnet: [ocg] ocg1002.eqiad.wmnet: [ocg] diff --git a/conftool-data/services/cache.yaml b/conftool-data/services/cache.yaml index ad62f5e..70381f0 100644 --- a/conftool-data/services/cache.yaml +++ b/conftool-data/services/cache.yaml @@ -101,6 +101,28 @@ - eqiad - esams - ulsfo +cache_maps: + varnish-fe: + port: 80 + default_values: + "pooled": "no" + "weight": 1 + datacenters: + - eqiad + varnish-be: + port: 3128 + default_values: + "pooled": "no" + "weight": 100 + datacenters: + - eqiad + nginx: + port: 443 + default_values: + "pooled": "no" + "weight": 1 + datacenters: + - eqiad cache_misc: varnish-fe: port: 80 diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 8702339..d818b9c 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -215,6 +215,11 @@ id: 50 sites: codfw: [] + cache_maps: + name: "Maps caches" + id: 51 + sites: + eqiad: [] zookeeper_hosts: conf1001.eqiad.wmnet: '1101' conf1002.eqiad.wmnet: '1102' diff --git a/hieradata/common/cache/ipsec/maps.yaml b/hieradata/common/cache/ipsec/maps.yaml new file mode 100644 index 0000000..deafd12 --- /dev/null +++ b/hieradata/common/cache/ipsec/maps.yaml @@ -0,0 +1,4 @@ +nodes: + eqiad: + - 'cp1043.eqiad.wmnet' + - 'cp1044.eqiad.wmnet' diff --git a/hieradata/common/cache/maps.yaml b/hieradata/common/cache/maps.yaml new file mode 100644 index 0000000..deafd12 --- /dev/null +++ b/hieradata/common/cache/maps.yaml @@ -0,0 +1,4 @@ +nodes: + eqiad: + - 'cp1043.eqiad.wmnet' + - 'cp1044.eqiad.wmnet' diff --git a/hieradata/common/lvs/configuration.yaml b/hieradata/common/lvs/configuration.yaml index f554a2e..8835878 100644 --- a/hieradata/common/lvs/configuration.yaml +++ b/hieradata/common/lvs/configuration.yaml @@ -25,6 +25,10 @@ ulsfo: uploadlb: 198.35.26.112 uploadlb6: 2620:0:863:ed1a::2:b + maps: &maps + eqiad: + mapslb: 208.80.154.244 + mapslb6: 2620:0:861:ed1a::2:d apaches: &apaches eqiad: 10.2.2.1 codfw: 10.2.1.1 @@ -60,8 +64,6 @@ esams: dns_rec: 91.198.174.216 dns_rec6: 2620:0:862:ed1a::3:fe - osm: &osm - eqiad: 208.80.154.244 misc_web: &misc_web eqiad: misc_weblb: 208.80.154.241 @@ -196,6 +198,46 @@ conftool: cluster: cache_upload service: nginx + maps: + description: "Maps service maps.%{::site}.wikimedia.org" + class: high-traffic2 + sites: + - eqiad + ip: *maps + bgp: 'yes' + depool-threshold: ".5" + monitors: + IdleConnection: + timeout-clean-reconnect: 3 + max-delay: 300 + conftool: + cluster: cache_maps + service: varnish-fe + icinga: + uri: maps.wikimedia.org!/_info + sites: + eqiad: + hostname: maps-lb.eqiad.wikimedia.org + maps-https: + description: "Maps service maps.%{::site}.wikimedia.org" + class: high-traffic2 + sites: + - eqiad + ip: *maps + port: 443 + scheduler: sh + bgp: 'no' + depool-threshold: ".5" + monitors: + ProxyFetch: + url: + - https://maps.wikimedia.org/_info + IdleConnection: + timeout-clean-reconnect: 3 + max-delay: 300 + conftool: + cluster: cache_maps + service: nginx mobile: description: MediaWiki based mobile site class: high-traffic1 diff --git a/hieradata/labs.yaml b/hieradata/labs.yaml index 7811796..ca9326b 100644 --- a/hieradata/labs.yaml +++ b/hieradata/labs.yaml @@ -29,6 +29,9 @@ cache::parsoid::nodes: eqiad: - '127.0.0.1' +cache::maps::nodes: + eqiad: + - '127.0.0.1' role::cache::base::purge_host_only_upload_re: '^upload\.beta\.wmflabs\.org$' role::cache::base::purge_host_not_upload_re: '^(?!upload\.beta\.wmflabs\.org)' role::cache::2layer::storage_parts: diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp index bb02cf5..b5b7895 100644 --- a/manifests/role/cache.pp +++ b/manifests/role/cache.pp @@ -15,5 +15,6 @@ @monitoring::group { 'cache_parsoid_eqiad': description => 'Parsoid caches eqiad' } @monitoring::group { 'cache_parsoid_codfw': description => 'Parsoid caches codfw' } @monitoring::group { 'cache_misc_eqiad': description => 'Misc caches eqiad' } +@monitoring::group { 'cache_maps_eqiad': description => 'Maps caches eqiad' } # If you're looking for something that used to be here, check modules/role/manifests/cache/... diff --git a/manifests/site.pp b/manifests/site.pp index 9181bb8..a3bc805 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -395,8 +395,7 @@ node /^cp104[34]\.eqiad\.wmnet$/ { interface::add_ip6_mapped { 'main': } - include standard - # formerly eqiad misc-cluster + role cache::maps } node 'cp1045.eqiad.wmnet', 'cp1058.eqiad.wmnet' { diff --git a/modules/role/manifests/cache/configuration.pp b/modules/role/manifests/cache/configuration.pp index 5bb562a..f1896c6 100644 --- a/modules/role/manifests/cache/configuration.pp +++ b/modules/role/manifests/cache/configuration.pp @@ -27,6 +27,7 @@ }, 'swift' => $lvs::configuration::service_ips['swift'], 'security_audit' => { 'eqiad' => [] }, # no audit backend for prod at this time + 'kartotherian' => $lvs::configuration::service_ips['kartotherian'], }, 'labs' => { 'appservers' => { diff --git a/modules/role/manifests/cache/maps.pp b/modules/role/manifests/cache/maps.pp new file mode 100644 index 0000000..23ab69e --- /dev/null +++ b/modules/role/manifests/cache/maps.pp @@ -0,0 +1,104 @@ +class role::cache::maps() { + system::role { 'role::cache::maps': + description => 'maps Varnish cache server', + } + + class { 'varnish::htcppurger': varnish_instances => [ '127.0.0.1:80', '127.0.0.1:3128' ] } + + include role::cache::2layer + + class { 'lvs::realserver': + realserver_ips => $lvs::configuration::service_ips['maps'][$::site], + } + + $maps_nodes = hiera('cache::maps::nodes') + $site_maps_nodes = $maps_nodes[$::site] + + $memory_storage_size = 12 + + include role::cache::ssl::unified + + $varnish_be_directors = { + 'one' => { + 'backend' => { + 'dynamic' => 'no', + 'type' => 'random', + # XXX note explicit abnormal hack: cache only exists in eqiad, service only exists in codfw... + 'backends' => $role::cache::configuration::backends[$::realm]['kartotherian']['codfw'], + }, + }, + # XXX maps has no tier-2, yet + } + + if $::role::cache::configuration::has_ganglia { + include varnish::monitoring::ganglia::vhtcpd + } + + $cluster_options = { + 'https_redirects' => true, + } + + varnish::instance { 'maps-backend': + name => '', + vcl => 'maps-backend', + port => 3128, + admin_port => 6083, + runtime_parameters => ['default_ttl=86400'], + storage => $::role::cache::2layer::persistent_storage_args, + directors => $varnish_be_directors[$::site_tier], + vcl_config => { + 'cache4xx' => '1m', + 'layer' => 'backend', + }, + backend_options => array_concat($::role::cache::2layer::backend_scaled_weights, [ + { + 'backend_match' => '^cp[0-9]+\.eqiad.wmnet$', + 'port' => 3128, + 'probe' => 'varnish', + }, + { + 'port' => 4000, + 'connect_timeout' => '5s', + 'first_byte_timeout' => '35s', + 'between_bytes_timeout' => '4s', + 'max_connections' => 1000, + 'probe' => 'maps', + }, + ]), + cluster_options => $cluster_options, + } + + varnish::instance { 'maps-frontend': + name => 'frontend', + vcl => 'maps-frontend', + port => 80, + admin_port => 6082, + runtime_parameters => ['default_ttl=86400'], + storage => "-s malloc,${memory_storage_size}G", + directors => { + 'backend' => { + 'dynamic' => 'yes', + 'type' => 'chash', + 'backends' => $site_maps_nodes, + }, + }, + vcl_config => { + 'retry503' => 1, + 'cache4xx' => '1m', + 'layer' => 'frontend', + }, + backend_options => array_concat($::role::cache::2layer::backend_scaled_weights, [ + { + 'port' => 3128, + 'connect_timeout' => '5s', + 'first_byte_timeout' => '35s', + 'between_bytes_timeout' => '2s', + 'max_connections' => 100000, + 'probe' => 'varnish', + }, + ]), + cluster_options => $cluster_options, + } + + include role::cache::logging +} diff --git a/modules/role/manifests/lvs/balancer.pp b/modules/role/manifests/lvs/balancer.pp index ddedad3..23dfb7b 100644 --- a/modules/role/manifests/lvs/balancer.pp +++ b/modules/role/manifests/lvs/balancer.pp @@ -18,8 +18,8 @@ ], /^(lvs100[25])$/ => [ $sip['upload'][$::site], + $sip['maps'][$::site], $sip['dns_rec'][$::site], - $sip['osm'][$::site], $sip['misc_web'][$::site], $sip['parsoidcache'][$::site], $sip['stream'][$::site], diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index edd6ed6..2b44bcd 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -82,6 +82,14 @@ .threshold = 3; } +probe maps { + .url = "/_info"; + .interval = 5s; + .timeout = 1s; + .window = 5; + .threshold = 3; +} + # Backends # List of Puppet generated backends diff --git a/templates/varnish/maps-backend.inc.vcl.web b/templates/varnish/maps-backend.inc.vcl.web new file mode 100644 index 0000000..cc7532d --- /dev/null +++ b/templates/varnish/maps-backend.inc.vcl.web @@ -0,0 +1,21 @@ +// Varnish VCL include file for maps backends + +include "errorpage.inc.vcl"; + +sub vcl_recv { + call vcl_recv_purge; + return (lookup); +} + +sub vcl_fetch { + // Cap TTL to 1 day for now (purging still hasn't been sorted out...) + if (beresp.ttl > 1d) { + set beresp.ttl = 1d; + } + return (deliver); +} + +sub vcl_error { + call errorpage; + return (deliver); +} diff --git a/templates/varnish/maps-frontend.inc.vcl.erb b/templates/varnish/maps-frontend.inc.vcl.erb new file mode 100644 index 0000000..58463f4 --- /dev/null +++ b/templates/varnish/maps-frontend.inc.vcl.erb @@ -0,0 +1,21 @@ +// Varnish VCL include file for upload frontends + +include "errorpage.inc.vcl"; + +sub vcl_recv { + call vcl_recv_purge; + return (lookup); +} + +sub vcl_fetch { + // Cap TTL to 1 day for now (purging still hasn't been sorted out...) + if (beresp.ttl > 1d) { + set beresp.ttl = 1d; + } + return (deliver); +} + +sub vcl_error { + call errorpage; + return (deliver); +} -- To view, visit https://gerrit.wikimedia.org/r/230246 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If05c07a32e89c8c5ec73716281cf4526943f5b7e Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: Yurik <yu...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits