Incidents/2023-09-29 CloudVPS vms losing network connectivity

document status: final

During a package cleanup, 961005 was merged to remove some packages. This caused to bullseye VMs in the cloud realm to remove isc-dhcp-client, and once the ip leases for these started to expire the VMs started losing network connectivity.

This eventually included the proxies CloudVPS uses to serve external traffic, making any hosted project lose that traffic too.

This also took down the metricsinfra VMs that are in charge of the monitoring and alerting for CloudVPS hosted projects, so there were no alerts from it.

From there recovery included having to roll-reboot all the toolforge VMs that depend on the nfs servers as the nfs service itself got affected and clients got stuck (common procedure, but slow).

tools k8s nodes reboot: https://sal.toolforge.org/tools?d=2023-09-29

Alert logs (team=wmcs, there might be non-wmcs ones): https://logstash.wikimedia.org/goto/906ec4838ab338cc70e1484010ab7df2

IRC archives:

• https://wm-bot.wmcloud.org/logs/%23wikimedia-cloud-admin/20230929.txt
• https://wm-bot.wmcloud.org/logs/%23wikimedia-cloud/20230929.txt

All times in UTC.

28 September 2023:

• 11:07 OUTAGE BEGINS - kinda, patch is merged https://gerrit.wikimedia.org/r/c/operations/puppet/+/961005

29 September 2023:

• 04:14:00 - 07:06 - some users report connectivity issues on irc, no admins notice it - First user impact
• 06:24 - user reports connectivity issues https://phabricator.wikimedia.org/T347661
• 06:56 - outage task created by user https://phabricator.wikimedia.org/T347665
• 07:06 - admin starts looking into the issues as they notice alertmanager down (https://www.irccloud.com/pastebin/aA1NNmt1/), another admin joins
• 07:11:25 - find that project-proxy is not responding
• 07:16:13 - find out that dhclient is not installed on the VM (that otherwise looks ok)
• 07:18:06 - found that there was a patch that deleted the package through puppet by the apt logs
• 07:23:59 - revert sent, restore started (as they can't run puppet, we have to "manually" fix them), two efforts: one admin writing as script to automate the fix, the other admin starting to manually fix the core/critical VMs
• 07:31 - first email sent to cloud-announce about the outage
• 08:10 - a third admin joins, helps manually fixing the other critical VMs
• 08:21:23 - metricsinfra alerts restored (manually)
• 08:35 - we ran a script to fix the issues, running in parallel
• 09:16:58 - script finishes a first round through the whole fleet
• 09:32 - rebooting tools-nfs-2 since the network setup on nfs servers needs a reboot + puppet run (task T347681)
• 09:37 - start rebooting k8s worker nodes to release stuck nfs file handles
• 09:38:10 - admin paged: checker.tools.wmflabs.org/toolschecker: NFS read/writeable on labs instances
• 09:42 - grid reboot cookbook is failing as the nodes are stuck and it does not try to force-reboot through openstack
• 10:02 - rebooting all other NFS instances
• 10:08:42 - all grid bastions and workers rebooted
• 11:46 (Voila) OUTAGE ENDS - message on irc, all services running
• 13:03 - email to cloud-announce declaring the outage over

The issue was first detected by users, and it was not until the first admin started their work day that they noticed something was wrong.

The only page was received way after, once the recovery had started.

Note that the outage took one of the monitoring and alerting systems down, though we would not have been paged by any alert there (https://phabricator.wikimedia.org/T323510).

• task T347694 - investigate why we did not get any pages, and fix/add them
• task T288053 - add meta-monitoring for metricsinfra
• task T347683 - create a cookbook to run commands through virsh console
• task T347681 - improve current nfs setup so it does not require to reboot + run puppet to bring online (as it might take 30 min for puppet to run unattended)