From Wikitech
Jump to navigation Jump to search

Phabricator is Slow Troubleshooting

Grafana dashboard for Phabricator

Increased network traffic

Grafana link for performance data including network. Typical network traffic is between 3 and 5 Mbit/sec, a significant higher value (>10 Mbit/sec on Dec 15 2020 for example) can be an indication of higher than normal use and it is worth checking the apache access logs on the machine to see if there is a pattern that can be addressed, an IP or a certain distinctive User-Agent to ban.

Database traffic is usually correlated to high Phabricator usage.

Apache Access Logs

The access log is in /var/log/apache2/phabricator_access.log. 400 MB/day is a typical size. Tailing and watching the file might give an indication what requests dominate. To look for repeat accesses: cat /var/log/apache2/phabricator_access.log | awk 'BEGIN {FS="[\t]+"} {a[$19]++}END{for(i in a){print a[i] " " i}}' | sort -n will give a list of IPs and count. Compare to cat /var/log/apache2/phabricator_access.log | wc to judge whether any number is to large. Example: On Dec 15 2020 we had about 560,000 accesses from 2 IPs that represented about 2/3 of all accesses and were responsible for a significant (3x) increase in network traffic.

cat /var/log/apache2/phabricator_access.log | awk 'BEGIN {FS="[\t]+"} {a[$12]++}END{for(i in a){print a[i] " " i}}' | sort -n does the same report for the user-agent. Example: On Dec 15 2020, we had 1,100,00 accesses from user-agent vscode-phabricator.

cat /var/log/apache2/phabricator_access.log | grep vscode-phabricator | awk 'BEGIN {FS="[\t]+"} {a[$1]++}END{for(i in a){print a[i] " " i}}' | sort -n gives an overview of how many requests per second the User-Agent (or IP) in question is generating.

Banning an IP or User-Agent

Best to use edge based banning: [1] IP addresses to ban are specified in puppet/hiera in file common.yaml under phabricator_abusers, similar to varnish blacklists. User-agents are not implemented at the moment

But Phabricator also has a ban list in /etc/apache2/phabbanlist.conf, where IPs and User-Agent can be excluded from access (banned).

phanbanlist.conf is version controlled and managed by puppet. For temporary troubleshooting purposes it is acceptable to edit the local file and restart apache with systemctl reload apache2 but the change needs to be checked in and documented in a phabricator ticket.

Keywords: phab slow dos DDos phabbanlist