False positive "HighNumberOfFailedGRPCRequests Watch " alarms?
1,210 views
Skip to first unread message
peter schulten
Feb 9, 2018, 5:11:55 AM2/9/18
to etcd-dev
Hi,
I installed the *awesome* prometheus operator in my kubernetes cluster and configured a service monitor for my external etcds.
I added your suggested alerting rules from https://github.com/coreos/etcd/blob/f5d02f02791716ed99c489ffa2441b8cc7925457/Documentation/op-guide/etcd3_alert.rules.yml#L68 and now run into an endless loop of
[FIRING:2] (HighNumberOfFailedGRPCRequests Watch etcdserverpb.Watch)
and
[RESOLVED] (HighNumberOfFailedGRPCRequests Watch etcdserverpb.Watch)
every 5 minutes
Using the prometheus console with:
sum(grpc_server_handled_total{job="etcd"}) BY (grpc_code, grpc_method) > 0
sum(grpc_server_handled_total{job="etcd"}) BY (grpc_code, grpc_method) > 0
I see:
| Element | Value |
|---|---|
| {grpc_code="Unavailable",grpc_method="LeaseKeepAlive"} | 226 |
| {grpc_code="OK",grpc_method="MemberRemove"} | 1 |
| {grpc_code="OK",grpc_method="Txn"} | 167011 |
| {grpc_code="OK",grpc_method="LeaseGrant"} | 1555 |
| {grpc_code="OK",grpc_method="Range"} | 752031 |
| {grpc_code="Unavailable",grpc_method="Watch"} | 1270 |
| {grpc_code="Unavailable",grpc_method="Txn"} | 2 |
| {grpc_code="OK",grpc_method="Compact"} | 291 |
| {grpc_code="Unavailable",grpc_method="Range"} | 2 |
| {grpc_code="OK",grpc_method="MemberList"} | 1 |
My etcds (v3.3.0 ) are run like this:
# /etc/systemd/system/etcd.service
#v7
[Unit]
Description=etcd
Documentation=https://github.com/coreos
After=network.target r53update.service rejoin.service
Requires=r53update.service
[Service]
Type=notify
EnvironmentFile=/etc/metadata.env
ExecStart=/usr/bin/etcd \
--discovery-srv=${kube_domain_name} \
--cert-file=/etc/ssl/COMPANY/etcd_peer_cert.pem \
--client-cert-auth \
--peer-client-cert-auth \
--key-file=/etc/ssl/COMPANY/etcd_peer_key.pem \
--peer-cert-file=/etc/ssl/COMPANY/etcd_peer_cert.pem \
--peer-key-file=/etc/ssl/COMPANY/etcd_peer_key.pem \
--trusted-ca-file=/etc/ssl/COMPANY/ca_cert.pem \
--peer-trusted-ca-file=/etc/ssl/COMPANY/ca_cert.pem \
--initial-cluster-token=${cluster_name}-etcd-token \
--initial-advertise-peer-urls=https://etcd-${AVAILABILITY_ZONE}.${kube_domain_name}:2380 \
--advertise-client-urls=https://etcd-${AVAILABILITY_ZONE}.${kube_domain_name}:2379 \
--listen-client-urls=https://${DEFAULT_IPV4}:2379,http://127.0.0.1:2379 \
--listen-peer-urls=https://0.0.0.0:2380 \
--data-dir=/var/lib/etcd \
--name=%H
#Restart=always
#RestartSec=10
#StartLimitInterval=200s
#StartLimitBurst=10
#TimeoutStartSec=0
LimitNOFILE=40000
[Install]
WantedBy=multi-user.target
Is there something wrong with my setup because I have so many "Unavailable" grpc codes metrics?
/peter
Gyuho Lee
Feb 15, 2018, 5:05:35 PM2/15/18
to etcd-dev
Can you share client or server logs when you get Unavailable request errors?
peter schulten
Feb 16, 2018, 8:34:03 AM2/16/18
to Gyuho Lee, etcd-dev
Hi @gyuho
I rebooted the server in eu-central-1a shortly before.
client logs:
server logs:
| Time | COMM | aws_private_ip | aws_az | MESSAGE | |
|---|---|---|---|---|---|
| 14:05:36 | |||||
| 14:05:36 | |||||
| 14:05:36 | |||||
| 14:05:36 | |||||
| 14:05:36 | |||||
| 14:05:36 | |||||
| 14:05:35 | |||||
| 14:05:35 | |||||
| 14:05:34 | |||||
| 14:05:34 | |||||
| 14:05:34 | |||||
| 14:05:34 | |||||
| 14:05:34 | |||||
| 14:05:34 |
Time | COMM | aws_private_ip | aws_az | MESSAGE | |
|---|---|---|---|---|---|
| 14:05:34 | |||||
| 14:05:34 | |||||
| 14:05:34 | |||||
| 14:05:33 | |||||
| 14:05:33 | |||||
| 14:05:33 | |||||
| 14:05:32 | |||||
| 14:05:32 | |||||
| 14:05:29 | |||||
| 14:05:29 | |||||
| 14:05:29 | |||||
| 14:05:28 | |||||
| 14:05:28 | |||||
| 14:05:28 | |||||
| 14:05:27 | |||||
| 14:05:27 | |||||
| 14:05:24 | |||||
| 14:05:24 | |||||
| 14:05:24 | |||||
| 14:05:23 | |||||
| 14:05:23 | |||||
| 14:05:23 | |||||
| 14:05:22 | |||||
| 14:05:22 | |||||
| 14:05:19 | |||||
| 14:05:19 | |||||
| 14:05:19 | |||||
| 14:05:18 | |||||
| 14:05:18 | |||||
| 14:05:18 | |||||
| 14:05:17 | |||||
| 14:05:17 | |||||
| 14:05:14 | |||||
| 14:05:14 | |||||
| 14:05:14 | |||||
| 14:05:13 | |||||
| 14:05:13 | |||||
| 14:05:13 | |||||
| 14:05:13 | |||||
| 14:05:13 |
The kubernetes cluster runs fine. I didn't notice anything problematic
(bibi:kube-system) pschu@ip-192-168-178-115 ~> kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-2 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
etcd-0 Healthy {"health":"true"}
I used the cert guide from here: https://coreos.com/os/docs/latest/generate-self-signed-certificates.html
/peter
--
You received this message because you are subscribed to a topic in the Google Groups "etcd-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/etcd-dev/ujWldr3ys9M/unsubscribe.
To unsubscribe from this group and all its topics, send an email to etcd-dev+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
peter schulten
Mar 5, 2018, 2:18:09 PM3/5/18
to etcd-dev
Hey,
running curl with the certs and keys the api-server node uses, runs fine. Is this a client, server or setup problem? Can this be ignored?
Thanks,
Peter
/peter
To unsubscribe from this group and all its topics, send an email to etcd-dev+unsubscribe@googlegroups.com.
Message has been deleted
peter schulten
May 1, 2018, 4:18:54 AM5/1/18
to etcd-dev
Hi all,
the problem seems to be gone after upgrading to etcd v3.3.4 and kube v1.10.2
/peter
Denis Arslanbekov
Nov 29, 2018, 11:08:48 AM11/29/18
to etcd-dev
Pls, check this issue: https://github.com/etcd-io/etcd/issues/10289
Reply all
Reply to author
Forward
0 new messages