You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

HTTP timeouts: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Krinkle
No edit summary
imported>Krinkle
(→‎App server: Fix broken link to set-time-limit.php file)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Navigation Wikimedia infrastructure|expand=caching}}
{{Navigation Wikimedia infrastructure|expand=caching}}
This documents '''HTTP timeouts''' involved in a we requests from users to a service behind WMF traffic layers.
This documents '''HTTP timeouts''' involved in a web request from end-users to a service behind WMF traffic layers.


{{TOC|limit=2|clear=none}}
{{TOC|limit=2|clear=none}}


== TLS ==
== {{Anchor|TLS}}Frontend TLS ==


The entry point for a user is ats-tls, which node depends on the service and user IP address:
The entry point for external clients is ats-tls. Which of the "cp" hosts is routed through, depends on the service and end-user IP address:
{| class="wikitable"
{| class="wikitable"
|+
!TLS termination layer
!TLS termination layer
!SSL handshake timeout
!TLS handshake timeout
!connect timeout (origin server)
!connect timeout (origin server)
!TTFB (origin server)
!TTFB (origin server)
Line 22: Line 21:
|[https://github.com/wikimedia/puppet/blob/765d39f66320a4def7adccaa8a63fc970e278eb0/hieradata/common/profile/trafficserver/tls.yaml#L145 180 seconds]
|[https://github.com/wikimedia/puppet/blob/765d39f66320a4def7adccaa8a63fc970e278eb0/hieradata/common/profile/trafficserver/tls.yaml#L145 180 seconds]
|[https://github.com/wikimedia/puppet/blob/1410c8aa6043d002aaf32ca49cdc4bd4c3434927/hieradata/common/profile/trafficserver/tls.yaml#L140 120 seconds]
|[https://github.com/wikimedia/puppet/blob/1410c8aa6043d002aaf32ca49cdc4bd4c3434927/hieradata/common/profile/trafficserver/tls.yaml#L140 120 seconds]
|-
|nginx (deprecated)
|60 seconds (nginx default value)
|10 seconds (nginx default value)
|[https://github.com/wikimedia/puppet/blob/91c1a976955b0b8e16d808aa2371f3f66c1e8f3e/modules/tlsproxy/manifests/localssl.pp#L103 180 seconds]
|180 seconds (same config parameter as TTFB)
|[https://github.com/wikimedia/puppet/blob/1410c8aa6043d002aaf32ca49cdc4bd4c3434927/modules/tlsproxy/manifests/localssl.pp#L102 60 seconds]
|}
|}
Currently a big difference between nginx and ats-tls can be found on how they handle POST requests. nginx buffers the whole request completely before relying it to the origin (varnish-frontend) while ats-tls doesn't buffer it and relays the connection to varnish-frontend as soon as possible. On nginx, the timeout to fulfil the POST body is 60 seconds between read operations, this is the default value and it isn't explicitly configured.
Currently a big difference between ats-tls and nginx (used previously for frontend TLS) is in how they handle POST requests. nginx buffered the whole request completely before relaying it to the origin (varnish-frontend) while ats-tls doesn't buffer it and relays the connection to varnish-frontend as soon as possible. On nginx, the timeout to fulfil the POST body was 60 seconds between read operations, this its default value and it isn't explicitly configured.


== Caching ==
== Caching ==
Line 37: Line 29:


{| class="wikitable"
{| class="wikitable"
|+
!caching layer
!caching layer
!connect timeout
!connect timeout
Line 64: Line 55:
!request timeout
!request timeout
|-
|-
|Nginx (TLS)
|Envoy (TLS)
|180 seconds <sup>(appserver, api, parsoid)</sup> / 1200 seconds <sup>(jobrunner)</sup> / 86400 seconds <sup>(videoscaler)</sup>.
Configured by<code>proxy_read_timeout</code>. Time to first byte. Wall clock time.
|-
|Envoy (TLS/ats-be requests)
|[https://github.com/wikimedia/puppet/blob/bbc63d02c260e953f71dfd6535a0a67c4ad944a7/modules/envoyproxy/manifests/tls_terminator.pp#L68 1 second] <sup>(connect timeout)</sup> / [https://github.com/wikimedia/puppet/blob/production/modules/envoyproxy/manifests/tls_terminator.pp#L69 65 seconds] <sup>(route timeout)</sup>
|[https://github.com/wikimedia/puppet/blob/bbc63d02c260e953f71dfd6535a0a67c4ad944a7/modules/envoyproxy/manifests/tls_terminator.pp#L68 1 second] <sup>(connect timeout)</sup> / [https://github.com/wikimedia/puppet/blob/production/modules/envoyproxy/manifests/tls_terminator.pp#L69 65 seconds] <sup>(route timeout)</sup>
{{Outdated-inline}}
{{Outdated-inline}}
Line 86: Line 73:
|MediaWiki
|MediaWiki
|60 seconds <sup>(GET)</sup> / 200 seconds <sup>(POST)</sup> / 1200 seconds <sup>(jobrunner)</sup> / 86400 seconds <sup>(videoscaler)</sup>.
|60 seconds <sup>(GET)</sup> / 200 seconds <sup>(POST)</sup> / 1200 seconds <sup>(jobrunner)</sup> / 86400 seconds <sup>(videoscaler)</sup>.
This is configured [https://github.com/wikimedia/operations-mediawiki-config/blob/HEAD/wmf-config/set-time-limit.php#L14 using php-excimer]
This is configured [https://github.com/wikimedia/operations-mediawiki-config/blob/9d7f0b70266549bdbdf02838948b7e6bc44d468e/wmf-config/CommonSettings.php#L428-L455 using php-excimer]
|}
|}


Line 97: Line 84:
; PHP
; PHP
: The <code>max_execution_time</code> setting in php.ini measures CPU time (not wall clock time), and does not include syscalls.
: The <code>max_execution_time</code> setting in php.ini measures CPU time (not wall clock time), and does not include syscalls.
: Note that unlike all other settings, for videoscalers this setting is far lower than the higher-level timeouts (20min vs 24h). This is a compromise to prevent regular jobs from being able to spend 24h on the CPU, which would be very unexpected (as they share the same php-fpm configuration). Videoscaling jobs are expected to spend most of their time transcoding videos, which happens through syscalls so this is fine.
:Note that this is intentionally several seconds higher than the layers above and below because we generally want to avoid requests being stopped by this layer and prefer it to happen either earlier in MW or higher up in php-fpm.
:This layer is not able to differentiate between HTTP methods (GET/POST) or virtual hostnames (jobrunner vs videoscaler). As such, it has to accomodate both.
: For videoscalers this setting is actually lower than the surrounding layers (1200s/20min vs 86400s/24h). This is a compromise to prevent non-videoscaler jobs from being able to spend 24h on the CPU, which would be very unexpected. Regular jobrunners and videoscalers are forced to share the same php-fpm configuration. This is fine because while videoscaling jobs may use 24h to complete, they are expected to spend most of their time transcoding videos, which happens through syscalls that are not captured by PHP's cpu time.
; MediaWiki
; MediaWiki
: This is controlled by the <code>ExcimerTimer</code> interval value, in [https://github.com/wikimedia/operations-mediawiki-config/blob/HEAD/wmf-config/set-time-limit.php#L14 wmf-config/set-time-limit]. Upon reaching the timeout, [[mw:Excimer|php-excimer]] will throw a <code>WMFTimeoutException</code> exception once the current syscall returns.
: This is controlled by the <code>ExcimerTimer</code> interval value, in [https://github.com/wikimedia/operations-mediawiki-config/blob/HEAD/wmf-config/set-time-limit.php#L14 wmf-config/set-time-limit]. Upon reaching the timeout, [[mw:Excimer|php-excimer]] will throw a <code>WMFTimeoutException</code> exception once the current syscall returns.

Latest revision as of 22:31, 22 April 2022

This documents HTTP timeouts involved in a web request from end-users to a service behind WMF traffic layers.

Frontend TLS

The entry point for external clients is ats-tls. Which of the "cp" hosts is routed through, depends on the service and end-user IP address:

TLS termination layer TLS handshake timeout connect timeout (origin server) TTFB (origin server) successive reads (origin server) Keepalive timeout (client)
ats-tls 60 seconds 3 seconds 180 seconds 180 seconds 120 seconds

Currently a big difference between ats-tls and nginx (used previously for frontend TLS) is in how they handle POST requests. nginx buffered the whole request completely before relaying it to the origin (varnish-frontend) while ats-tls doesn't buffer it and relays the connection to varnish-frontend as soon as possible. On nginx, the timeout to fulfil the POST body was 60 seconds between read operations, this its default value and it isn't explicitly configured.

Caching

Our caching system is split in two layers (frontend, and backend). There is one implementation of the frontend layer (varnish) and one implementation of the backend layer (ats-be).

caching layer connect timeout TTFB successive reads
varnish-frontend 3 seconds (text) / 5 seconds (upload) 65 seconds (text) / 35 seconds (upload) 33 seconds (text) / 60 seconds (upload)
ats-backend 10 seconds 180 seconds 180 seconds

App server

After leaving the backend caching layer, the request reaches the appserver. Here are described the timeouts that apply to appservers and api:

As of March 2020
layer request timeout
Envoy (TLS) 1 second (connect timeout) / 65 seconds (route timeout)
Apache 202 seconds (appserver, api, parsoid) / 1202 seconds (jobrunner) / 86402 seconds (videoscaler).

Configured by Timeout. Entire request-response, including connection time. Wall clock time.

php-fpm 201 seconds (appservers) / 201 seconds (api) / 201 seconds (parsoid) / 86400 seconds (jobrunner, videoscaler).

Configured by profile::mediawiki::php::request_timeout. Wall clock time.

PHP 210 seconds (appserver, api, parsoid) / 1200 seconds (jobrunner, videoscaler).

Configured by max_execution_time. CPU time (not including syscalls and C functions from extensions).

MediaWiki 60 seconds (GET) / 200 seconds (POST) / 1200 seconds (jobrunner) / 86400 seconds (videoscaler).

This is configured using php-excimer

Notes

The app server timeouts might be larger than the ones on the caching layer, this is mainly to properly service internal clients.

php-fpm
The request_timeout setting the maximum time php-fpm will spend processing a request before terminating the worker process. This exists as a last-resort to kill PHP processes even if a long-running C function is not yielding to Excimer and/or if PHP raised max_execution_time at run-time.
PHP
The max_execution_time setting in php.ini measures CPU time (not wall clock time), and does not include syscalls.
Note that this is intentionally several seconds higher than the layers above and below because we generally want to avoid requests being stopped by this layer and prefer it to happen either earlier in MW or higher up in php-fpm.
This layer is not able to differentiate between HTTP methods (GET/POST) or virtual hostnames (jobrunner vs videoscaler). As such, it has to accomodate both.
For videoscalers this setting is actually lower than the surrounding layers (1200s/20min vs 86400s/24h). This is a compromise to prevent non-videoscaler jobs from being able to spend 24h on the CPU, which would be very unexpected. Regular jobrunners and videoscalers are forced to share the same php-fpm configuration. This is fine because while videoscaling jobs may use 24h to complete, they are expected to spend most of their time transcoding videos, which happens through syscalls that are not captured by PHP's cpu time.
MediaWiki
This is controlled by the ExcimerTimer interval value, in wmf-config/set-time-limit. Upon reaching the timeout, php-excimer will throw a WMFTimeoutException exception once the current syscall returns.