SLO/etcd main cluster

From Wikitech

SLO Worksheet - etcd Main


etcd is an open source key-value store with a focus on reliability that is used to store configuration and state data for distributed systems. At WMF we run a number of etcd clusters, this document addresses the two etcd Main clusters, one each installed in the primary datacenters, eqiad and codfw. A number of applications, including mediawiki read/write configuration store state data on etcd.


etcd is owned by the Service Operations SRE team, which is responsible for all aspects including operation, scalability, backups and software updates. Contact: and


An etcd Main cluster consists of 3 nodes. Each of the etcd nodes can answer read requests, but write requests are handled by a single node, the “leader”. If the leader node becomes non functional the remaining nodes (the “followers”) elect a new leader maintaining the cluster functional. The election of the new leader is managed via the RAFT algorithm. etcd itself replicates data between the nodes and each node has a complete copy of the data. High availability is provided by etcd out of the box, by a combination of etcd client and server software.

Hard Dependencies

Etcd is a foundational service and does not have any hard dependencies beyond hardware and networking. It is worth pointing out that server hardware and networking have their own failure rates that are in the 99% range. Etcd as configured is able to deal with a certain type of failures in a local datacenter.

Soft Dependencies

Etcd is a foundational service and does not have any soft dependencies beyond hardware and networking.



software use connection interval failure mode
(etcd down)
pybal/LVS retrieve LB pools servers lists, weights, state custom python/twisted, host only watch will keep working until restart
varnish/traffic retrieve list of backend servers confd 3s will keep working
gdnsd/auth dns Write admin state files for discovery.wmnet records confd 3s will keep working
scap/deployment Dsh lists confd 60 s will keep working
redis Replica configuration (changes NOT applied) confd 60 s will keep working
parsoid Use of http or https to connect to the mw api confd 60 s will keep working
MediaWiki fetch some config variables php-curl.

PHP requests at intervals, cached in APCu.

10 s will keep working until restart
Icinga servers Update a local cache of the last modified index to be used by other checks cURL 30 s the checks will use stale data for comparison
conftool/dbctl/cumin Used to pool/depool hosts or datacenters and populate data after a puppet-merge Python requests N/A Will fail, but that’s ok
spicerack/cookbooks Used to acquire distributed locks with concurrency and TTL to limit concurrent actions. python-etcd N/A Can be disabled via config file or on a per-run basis with the --no-locks CLI flag

Confd: a lightweight configuration management daemon focused on keeping local configuration files up-to-date using data stored in etcd - Wikitech

Host only: the client can only connect to a single host, has no failover capability.

Request Classes


  • GET/QGET/HEAD requests. Those are the requests that are only reading from the datastore. It’s the bulk of the requests, amounting over the course of 30 days to 120-130 Million GET requests and 350-400 Million Quorum GET (QGET) requests.


  • PUT/DELETE requests. Those are only sent by conftool, dbctl and cumin. They are very rare compared to the read requests. Over the course of 30 days, we count DELETEs in the ballpark of 50-100 and PUTs on the order of 3000-4000.

Service Level Indicators (SLI)

SRE looks at three SLIs for etcd: availability, acceptable latency rate and error rate.

We measure over a three-month SLO period that ends 1 month before the fiscal quarter for reporting reasons, i.e. the  SLO period is December, January, February and so forth.

Availability is determined by monitoring all transactions and calculated for the SLO period: dividing the difference of all transactions and the number of failed (all errors, except 404) or slow (i.e. over 32 ms) transactions by all transactions.

Acceptable latency is determined by monitoring all transactions against the etcd store and calculated over our SLO period: dividing the difference of all transactions and the number of transactions over 32 ms by all transactions.

Error rate is determined by monitoring all transactions against the etcd store and calculated over the SLO period: dividing the number of failed transactions by all transactions.

SLI for GET requests in %:

   100% * (all GET transactions - GET transaction slower than 32 ms) / all GET transactions

SLI for Errors:

    100% * (transactions with an error code >= 500) / all transactions

Reference: Golden signals includes latency, traffic, errors, and saturation



Sample values:

  • Latency: p99 +/- 15 ms GET
  • Latency: p99 +/-  2ms (that’s 50%) QGET
  • Failures: 0.00 fps about 300 rps

All errors are 404 at the moment, they are not counted, we only count 500 type errors.


The health of the etcd Main cluster is monitored by icinga. In case of alerts follow the troubleshooting procedures defined in the alert message, hosted on wikitech at Etcd/Main cluster.


The service isn’t often deployed. It only gets deployed when doing OS upgrades.

Service Level Objectives

  • Request SLO: 99.9% of requests will be successful, resulting in an Request Error Rate Budget of 0.1% of requests.
  • Latency SLO: 99.8% of requests will be under 32 ms, resulting in an Latency Error Budget of 0.2%.


Whole book - 2 copies Google SRE Drive

We do have metrics for etcd, we lack a dashboard - dashboard now exists:

Examples of past issues: Performance degradation due to RAID resyncing starving etcd from needed IOPS.

Hardware failures

  • AWS EC2 SLA: 90% single EC2 VM
  • Azure: 95% for single VM with HD, 99.5% for VM with SSD, Premium VM 99.9%