Date |
|
Authors | Andy Nash (Unlicensed) Joseph (Pepe) Kelly John Simmons (Deactivated) Andy Dingley Simon Meredith (Unlicensed) Paul Hoang (Unlicensed) Sachin Mehta (Unlicensed) |
Status | LiveDefect resolved. Actions being ticketed up (Andy Nash (Unlicensed)) |
Summary | On Friday evening we noticed the server used to build our applications and run scheduled jobs was struggling. It then crashed, subsequently causing ETL (scheduled data flows between systems) and data related issues. Systems used to search, transfer and display data in TIS along with data stores then also froze between Friday and Saturday |
Impact | No Stage or Production environments. No data synchronisation between systems |
Timeline
0600 Friday 16th October 2020 | We have a system to automatically upgrade versions of software, and keep these versions and dependencies between systems synchronised. This ensures software is patched and up to date. A large number of these upgrades were triggered at one time which caused our build server to build the application multiple times in order to run the automated tests against them prior to deployment. | |
0630 Friday 16th October 2020 | One of our search servers failed | |
0730 Friday 16th October 2020 | More search server failures Stage environment suffers various server failures | |
1630 Friday 16th October | Build server fails | |
0110 Saturday 17th October | High number of messages in ESR system waiting to be processed | |
0600 Saturday 17th October | ESR scheduled job process failed to start | |
0800 Saturday 17th October | Multiple server failures by this point and TIS search non-operational |
Root Causes
An update to the operating system was automatically applied without any need to restart servers
This caused a conflict of versions with our containerisation platform that we use to host our applications. This is the first time we have seen this since TIS went live so we need to assess if this is a one-off occurrence
The trainee data used for our search function was unavailable (we use elasticsearch but this was unreachable)
The version conflict caused a domino effect which resulted in multiple server failures. The was compounded by our automated dependency system (Dependabot) which created multiple versions of the application which caused the build server to fail (not enough RAM)
Many downstream processes rely on the build server
We haven’t configured the monthly Dependabot sweep to stagger the automated builds
Trigger
6am patch caused a version conflict which required a restart of the platform running our applications (Docker)
Failure of Docker to restart put pressure on the build server as well as many other servers
ElasticSearch issues compromised the search function for users of the app
Dependencies of many timed jobs on the build server being available
Resolution
Restarted build server
Restarted National Data Warehouse ETLs on Stage environment
Restarted Docker on search server
Restarted Neo4J GraphDB
Turned on Change Data Capture system to deal with backlog of data changes from TIS to ESR
Removed all the old images from MongoDB, one of our databases
Detection
Good news is that there were lots of monitoring alerts in various channels in Slack and from the graphs, below, there was probably enough evidence there to have alerted us to a problem needing resolution
Users pointed out the issue with search not functioning correctly on TIS
Bad news is we didn’t act on the initial Friday indicators (they didn’t appear to be as serious an indicator as they were)
Technical Detail
Summary
On Friday evening we saw Jenkins struggling, and then fell over, subsequently causing ETL and data related issues. Elasticsearch, RabbitMQ and MongoDB then also fell over between Friday and Saturday
...
First trigger | |||
| Friday |
| |
Starting Friday and continuing over the weekend | |||
| Friday |
| because of sharding, users may have been seeing only partial results at this point) (PH) 👈 need to look into and confirm this assumption… |
Then | |||
| Saturday |
| |
…at this point ☝ pretty much everything is being effected by the combination of issues | |||
👇 shall I remove this section of the timeline completely from this incident log? Seems overkill, given pretty much everything was down at this point | |||
| Saturday |
|
Root Cause(s)
OS
apt
patch running every morning used the LivePatch function to apply the patch without needing to restart everything.This caused conflict with Docker - Note, however, that this conflict has not been seen before since TIS’s inception. So the working theory is that this was a one-off conflict that is not likely to reoccur.
The index of trainees for the searchpage (elasticsearch) was unreachable and couldn’t start up.
The conflict then compromised everything else in a domino effect, compounded by the backed up Dependabot PRs and builds which, in the case of the ESR area, creates multiple concurrent containers which trips Jenkins up (not enough RAM)
Many downstream processes rely on Jenkins being up
We haven’t configured the monthly Dependabot sweep to stagger the hit of PRs / builds
Trigger
6am OS patch process auto-applied the patches via LivePatch, causing a conflict with Docker which needed to be restarted
Failure of Docker restarting following the OS patch puts strain on ElasticSearch and Jenkins (and everything else)
ElasticSearch issues compromised the search function for users of the app
Dependencies of many timed jobs on Jenkins being available
Not enough configuration of retries
Resolution
Restarted Jenkins
Restarted NDW ETLs on Stage (current and PaaS)
Restarted Docker on ES nodes
Restarted Neo4J container (rather than the service)
Spun up CDC (Paul) - looking at the HUGE backlog of messages from changes to TIS data (which started coming down rapidly. Phew!)
Removed all the dangling volumes from Mongo (several times) (old images that are taking up space)
Detection
Good news is that there were lots of monitoring alerts in various channels in Slack and from the graphs, below, there was probably enough evidence there to have alerted us to a problem needing resolution
Users pointed out the issue with search not functioning correctly on TIS
Bad news is we didn’t act on the initial Friday indicators (they didn’t appear to be as serious an indicator as they were)
...
Everything fell over | Comments following catch up 2020-10-21 | |
---|---|---|
|
| Jenkins could to with some TLC. ES went down too (before Jenkins). However, there is an underlying OS update issue that we believe triggered everything. |
Initial discussion, along with short and longer term actionsWhat can we do about Dependabot creating and building simultaneously? Dependabot does run sequentially, but much faster than Jenkins can process things so everything appears concurrent.
ESR preoccupied with launching New World, understandably! Can perm team keep on top of ESR stuff when they leave? Even when keeping on top of things, will it eventually be too much anyway? Original Jenkins build was never designed to handle this much load - underlying architecture isn’t there for the level of automation we now have. It is designed for a single node, not load-balancing Is Jenkins the right tool for everything it’s being asked to do? No:
|
...