The WDQS Streaming Updater is an Apache Flink application whose purpose is to create a stream of diffs of RDF triples, meant to be fed into Blazegraph. It uses the available mediawiki change streams to calculate the diffs and push it to a Kafka topic.

Design

The application reads some of the topics populated by mw:Extension:EventBus and builds a diff of the RDF content as produced by mw:Wikibase/EntityData by comparing the last seen revision for this entity with the new revision seen from the mediawiki.revision-create topic. It is meant to integrate as a Stream processor part of the Modern Event Platform.

It relies on flink to provide:

• event time semantic to re-order the events out of multiple kafka topics
• state management consistent with the output of the stream
• scalability

The flink application (code name streaming-updater-producer) is responsible for producing its data to a kafka topic, a client (named streaming-updater-consumer) running on the same machines as the triple store (known as wdqs hosts) is responsible for reading this topic and performing updates.

The dependencies of the flink application are:

• The mediawiki application servers for mw:Wikibase/EntityData
• Kafka (main) for consuming Mediawiki changes and for producing its output
• Swift (thanos) for the object storage but the aim is to use future MOS
• K8S services cluster to run flink as a session cluster
• schema.wikimedia.org for verifying the validity of the event it emits against their Event_Platform/Schemas
• meta.wikimedia.org for fetching the stream configurations

The flink application is active/active and runs in both eqiad and codfw through the Kubernetes cluster hosting services. The WDQS machines in eqiad will consume the output of flink application running in eqiad and similarly for codfw. In other words if the flink application stops in eqiad all wdqs machines in eqiad will stop being updated.

The benefit of this approach are:

• simple to put in place in our setup: no need to have a fail-over strategy
• Symmetry of the k8s deployed services

Drawbacks:

• No guarantee that the output of both flink pipelines will be the same
• Double compute

See this presentation for a quick overview of the two strategies evaluated.

Operations

Kubernetes only hosts the flink session cluster responsible for running the flink-session-clusterflink job. K8s does only manage a flink session cluster using the flink-session-cluster chart with the rdf-streaming-updater values.

Deploying the chart to staging (on deployment.eqiad.wmnet):

$ cd /srv/deployment-charts/helmfile.d/services/rdf-streaming-updater/
$ helmfile -e staging -i apply

Looking at the jobmanager and then the taskmanager logs in staging

$ kube_env rdf-streaming-updater staging
$ kubectl logs -l component=jobmanager -c flink-session-cluster-main -f
$ kubectl logs -l component=taskmanager -c flink-session-cluster-main-taskmanager -f

The flink jobmanager UI and REST endpoint is exposed via the 4007 port.

This endpoint has no lvs endpoint setup and is only used for internal management (main application deploys):

• staging: https://staging.svc.eqiad.wmnet:4007/jobs
• eqiad: https://kubernetes1003.eqiad.wmnet:4007 (beware to disable TLS host verification here, e.g. using curl -k)
• codfw: https://kubernetes2003.codfw.wmnet:4007 (ditto regarding TLS host verification)

Note that the k8s cluster cannot yet be accessed via IPv6 thus IPv4 must be forced on your HTTP client (e.g. curl -4)

Logs

Flink logs are collected in logstash and can be filtered using: kubernetes.master_url:"https://kubemaster.svc.codfw.wmnet" AND kubernetes.namespace_name:"rdf-streaming-updater". Append kubernetes.labels.component:jobmanager to filter jobmanager's logs or taskmanager for the taskmanagers' logs.

If for some reasons the logs are not available in logstash they can still be inspected from the deployment server, e.g. to inspect the jobmanager and the taskmanager logs in staging:

$ kube_env rdf-streaming-updater staging
$ kubectl logs -l component=jobmanager -c flink-session-cluster-main -f
$ kubectl logs -l component=taskmanager -c flink-session-cluster-main-taskmanager -f

Add the --previous option to look at the logs of the previous run of the container if you want to debug why it crashed.

Managing the streaming-updater-producer

The flink job is managed using the flink/flink-job.py python script available in /srv/deployment/wdqs/wdqs/ on the deployment server.

The script supports two job name's, WDQS Streaming Updater and WCQS Streaming Updater, each with three environments:

All the flink-job.py commands default to WDQS, to operate against WCQS the job name must be set

Commands accepting a path to the swift container accepts either an absolute path in the form: swift://rdf-streaming-updater-staging.thanos-swift/<dataset>/savepoints/bootstrap-20210918 or a relative path savepoints/bootstrap-20210918. You should prefer the relative path approach to avoid mixing checkpoint/savepoint data between the swift containers.

Start the job

For example, to start the WDQS Streaming Updater job with the version 0.3.77 in eqiad from the savepoint savepoint/bootstrap-20210918.

python3 flink/flink-job.py \
       --env eqiad \
       --job-name "WDQS Streaming Updater" \
       deploy \
       --jar lib/streaming-updater-producer-0.3.77-jar-with-dependencies.jar \
       --options-file flink/rdf-streaming-updater.yaml \
       --initial-state savepoints/bootstrap-20210918

Deploy version upgrade

The code of the streaming-updater-producer has changed and needs to be updated. After releasing the wikidata/query/rdf repo and updating the wikidata/query/deploy repo.

for job in WDQS WCQS; do
  python3 flink/flink-job.py \
       --env eqiad \
       --job-name "${job} Streaming Updater" \
       redeploy \
       --jar lib/streaming-updater-producer-0.3.77-jar-with-dependencies.jar \
       --options-file flink/rdf-streaming-updater.yaml \
       --savepoint savepoints
done

The option --savepoints here just indicate when flink should store the savepoint to start the new code from. We do not rely on checkpoints for version upgrades.

Take a savepoint

Taking a savepoint might be needed for several reasons (inspect the state, backup) and can be done running:

python3 flink/flink-job.py \
       --env eqiad \
       --job-name "WDQS Streaming Updater" \
       save \
       --savepoint savepoints

The savepoint path is printed in the command output.

Stop the job

Stopping the job is generally not needed except when the flink image must be upgraded or when the helm chart requires incompatible changes to be deployed.

python3 flink/flink-job.py \
       --env eqiad \
       --job-name "WDQS Streaming Updater" \
       stop \
       --savepoint savepoints

The savepoint path is printed in the command output.

Flink/helm chart upgrade

1. stop the job and note the savepoint
2. apply the chart and wait for flink to be up and running
3. start the job from the savepoint taken

Recover from a checkpoint

If job has failed and was not recovered automatically by flink H/A capabalities you may have to restart it manually from the last valid checkpoint. To identify the checkpoint to use first identify the date of when the job stopped to work properly (e.g. the (Flink) Kafka Lag graph should stop being updated).

Inspect the logs for lines with the logstash query: kubernetes.master_url:"https://kubemaster.svc.codfw.wmnet" AND kubernetes.namespace_name:"rdf-streaming-updater" AND message:"Completed checkpoint" .

Lines with Completed checkpoint 55466 for job bd5a9619a6dd893243db926a456ef42c (146097536 bytes in 6194 ms) should appear with the last one around the time of the failure.

bd5a9619a6dd893243db926a456ef42c is the job id (beware to verify that it's the right one if this flink session cluster can run multiple jobs) and 55466 is the checkpoint number.

Verify in the corresponding swift container that this checkpoint is valid using the swift command line tool available on stat1004:

swift -A https://thanos-swift.discovery.wmnet/auth/v1.0 -U wdqs:flink -K PASSWORD list rdf-streaming-updater-codfw -l -p wikidata/checkpoints/bd5a9619a6dd893243db926a456ef42c/chk-55466/
504991 2021-09-14 12:54:30 application/octet-stream wikidata/checkpoints/bd5a9619a6dd893243db926a456ef42c/chk-55466/_metadata

If a _metadata is present then it's the correct checkpoint. If the checkpoint number cannot be found via the logs be sure to double check that you are inspecting the proper swift container (rdf-streaming-updater-codfw vs rdf-streaming-updater-eqiad). You can also list all the checkpoints under wikidata/checkpoints/$JOB_ID and verify that the one having a _metadata corresponds to the date the pipeline stopped.

Once the checkpoint is identified (e.g. checkpoints/bd5a9619a6dd893243db926a456ef42c/chk-55466) it can be used as the --initial-state of the #Start the job procedure.

Destroy all pods and prevent from being recreated

Make sure you're in the correct directory (see below!)

user@deploy1002:/srv/deployment-charts/helmfile.d/services/rdf-streaming-updater$ kube_env rdf-streaming-updater codfw
user@deploy1002:/srv/deployment-charts/helmfile.d/services/rdf-streaming-updater$ kubectl get pods
user@deploy1002:/srv/deployment-charts/helmfile.d/services/rdf-streaming-updater$ helmfile -e codfw destroy

Destroy all configmaps

Be sure to use the selector, otherwise you will destroy an istio job

(you need root on deploy for this)

$sudo -i

# kube_env admin ${ENV}

#kubectl delete cm -l type=flink-native-kubernetes -n rdf-streaming-updater

Clean up object storage

As seen in this phab ticket, a bug could potentially cause excessive disk space usage on our object storage, Thanos. When that happens, you can use the swiftly client to clean up, as described here.

The flink session cluster activity can be monitored using the flink-session-cluster and the wdqs-streaming-updater graphana dashboards.

Important metrics:

• flink job uptime in the flink-session-cluster dashboard (flink_jobmanager_job_uptime), indicates for how long the job has been running
  • a constant low uptime (below 10minutes) might indicate that the job is constantly restarting. Lag may start to rise.
• Triples Divergences on the wdqs-streaming-updater dashboard, gives an indication of the divergences detected when applying the diffs, sudden surge might indicate the following problems:
  • on a single machine, the blazegraph journal was corrupted or copied from another source or a serious bug in the streaming-updater-consumer.
  • on all the machines in one or two DC, might indicate a problem in the streaming-updater-producer.
• Consumer Poll vs Store time on the wdqs-streaming-updater gives an indication of the saturation of the writes of the streaming-updater-consumer. Poll time is how much time is spent polling/waiting on kafka, store time is how much is spent on writing to blazegraph.

The job is not starting

RdfStreamingUpdaterFlinkJobUnstable

The job uptime remains under 5 minutes probably means that the job is constantly restarting. The cause of the failed restarts must be identified by inspecting the #Logs, it might be that some of the #Dependencies are having issues. Containers constantly being killed may lead to this problem as well (use kubectl get pod -o yaml to inspect containerStatuses).

The job is not running

WdqsStreamingUpdaterFlinkJobNotRunning or WcqsStreamingUpdaterFlinkJobNotRunning

The job is not running, there are several reasons for this:

• someone is doing a maintenance operation and the alert was not down-timed
• flink is not running or crashing
• the job had crashed without being restarted

For the last two points try to identify the cause of the crash looking at the #Logs, it could be that the k8s cluster does have enough resource to instantiate the required pods. Once the cause is known the flink session cluster must be brought up if it was not running. The job should recover itself after the flink session cluster starts, if it is not the case then you might to recover from a checkpoint.

The job processing latency is high

RdfStreamingUpdaterFlinkProcessingLatencyIsHigh

The job processing time is higher than usual, it might be due to increased latencies of one or several of the job dependencies:

• the thanos swift cluster (checkpoint times)
• the kafka cluster
• mediawiki application servers

Cause should be identified and the impact on the pipeline monitored:

• backlog for the consumer group should not grow
• checkpoint times should not increase

The flink session cluster does not have enough task slots

RdfStreamingUpdaterNotEnoughTaskSlots

The session cluster is running low on task managers and the jobs it has to run are unlikely to have enough resource to be RUNNING and will stay in a SCHEDULED state. It is likely that the kubernetes cluster is failing to allocate a POD or start properly the required container, it may happen if a bogus k8s worker is not evicted from the cluster and where it still tries to restart the container. This alert will be accompanied with WdqsStreamingUpdaterFlinkJobNotRunning or WcqsStreamingUpdaterFlinkJobNotRunning telling which jobs are affected if not it might be that this alert is not properly configured. Remediation:

• verify the status of the k8s PODs, one or more are likely in a crash loop, evict them from their respective k8s nodes and investigate why these particular k8s nodes are misbehaving.
• verify the capacity of the k8s cluster, it might be that we are running out of capacity.

The consumers are backlogged

RdfStreamingUpdaterHighConsumerUpdateLag

The consumers pulling data out of the mutation kafka topic are backlogged and this might be due to:

• the machine was just restored from crash that lasted a long time: there's nothing to do other than waiting for the backlog to be absorbed.
• multiple machines triggered this alert and are the lag is increasing: try to see if the load increased and pool any resources that were possibly de-pooled for some reason to relieve the pressure on existing. Wait for the [MaxLag] to kick-in and slow down bot edits.

This section implies a lot of manual steps that may be dangerous if the flink job is currently running. Please be sure to coordinate with the Search Platform team if you believe you need run this.

The flink application must be given an initial-state, this initial state can be constructed from the RDF dumps using a flink job.

From stat1004.eqiad.wmnet install flink (same version as the one running in k8s) under your home directory.

Configure kerberos for analytics-search (in conf/flink-conf.yaml):

security.kerberos.login.use-ticket-cache: false
security.kerberos.login.keytab: /etc/security/keytabs/analytics-search/analytics-search.keytab
security.kerberos.login.principal: analytics-search/stat1004.eqiad.wmnet@WIKIMEDIA

Start flink:

sudo -u analytics-search kerberos-run-command analytics-search sh -c 'HADOOP_CLASSPATH="`hadoop classpath`" ./bin/yarn-session.sh -tm 8g -jm 2600m -s 4 -nm "WDQS Streaming Updater"'

Start the bootstrap job

FLINK_JOB=/home/dcausse/streaming-updater-producer-0.3.76-jar-with-dependencies.jar
DUMP_DATE=20210718
REV_FILE=hdfs://analytics-hadoop/wmf/data/discovery/wdqs/entity_revision_map/$DUMP_DATE/rev_map.csv
# Use rdf-streaming-updater-eqiad or rdf-streaming-updater-codfw to create the savepoint for the eqiad or codfw flink job
SAVEPOINT_DIR=swift://rdf-streaming-updater-staging.thanos-swift/wikidata/savepoints/init_20210718

sudo -u analytics-search kerberos-run-command analytics-search sh -c "export HADOOP_CLASSPATH=`hadoop classpath`; ./bin/flink run -p 12 -c org.wikidata.query.rdf.updater.UpdaterBootstrapJob $FLINK_JOB --job_name bootstrap --revisions_file $REV_FILE --savepoint_dir $SAVEPOINT_DIR"

Position the kafka offsets for the flink consumers.

First obtain the timestamp of the oldest start date of the dump script using hive.

select object
    from discovery.wikibase_rdf
    where `date` = '20210718' and wiki='wikidata' and
          subject = '<http://wikiba.se/ontology#Dump>' and
          predicate = '<http://schema.org/dateModified>'
    order by object asc
    limit 1;

Position the offsets according to that date (can be done from stat1004 as well):

# This is the most dangerous command of this procedure as it may break
# an existing flink job by messing up their kafka consumer offsets.
# Be sure to create and activate a conda env with kafka-python
# Start obtained from the hql query above
START_DATE=<changeme>2021-08-23T19:41:00
# Use kafka-main1001.eqiad.wmnet:9092 for eqiad and staging
KAFKA_BROKER=<changeme>kafka-main2001.codfw.wmnet:9092
# Must match the options consumer_group of the flink_job
# note: set_initial_offsets.py is available at https://gerrit.wikimedia.org/r/plugins/gitiles/wikidata/query/rdf/+/refs/heads/master/streaming-updater-producer/scripts/set_initial_offsets.py
CONSUMER_GROUP=<changeme>wdqs_streaming_updater

for c in eqiad codfw; do
    for t in mediawiki.revision-create mediawiki.page-delete mediawiki.page-undelete mediawiki.page-suppress; do
        python set_initial_offsets.py  -t $c.$t -c $CONSUMER_GROUP -b $KAFKA_BROKER -s $START_DATE;
    done;
done

Then start the flink job on k8s using the savepoint.