2020-01-27: ActionCable 500 errors
Summary
Error rates increased on the websockets
service due to invalid requests with a Client-IP
header set. This didn't cause any user impact and has been occurring on other backends as well but breached our websockets SLO since there is not as much traffic there.
The error condition occurs when both Client-IP
and X-Forwarded-For
are set and they don't match. https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/remote_ip.rb#L120-L139
The fix was to drop the Client-IP
header which we did at HAProxy since it is not used.
Timeline
All times UTC.
2021-01-27
-
08:12
- @bjk-gitlab declares incident in Slack. -
11:00
- @bjk-gitlab deploysClient-Ip
header filter to haproxy.
Corrective Actions
- Remove
Client-IP
header at HAProxy gitlab-cookbooks/gitlab-haproxy!271 (merged)
Click to expand or collapse the Incident Review section.
Incident Review
Summary
- Service(s) affected:
- Team attribution:
- Time to detection:
- Minutes downtime or degradation:
Metrics
Customer Impact
-
Who was impacted by this incident? (i.e. external customers, internal customers)
- ...
-
What was the customer experience during the incident? (i.e. preventing them from doing X, incorrect display of Y, ...)
- ...
-
How many customers were affected?
- ...
-
If a precise customer impact number is unknown, what is the estimated impact (number and ratio of failed requests, amount of traffic drop, ...)?
- ...
What were the root causes?
Incident Response Analysis
-
How was the incident detected?
- ...
-
How could detection time be improved?
- ...
-
How was the root cause diagnosed?
- ...
-
How could time to diagnosis be improved?
- ...
-
How did we reach the point where we knew how to mitigate the impact?
- ...
-
How could time to mitigation be improved?
- ...
-
What went well?
- ...
Post Incident Analysis
-
Did we have other events in the past with the same root cause?
- ...
-
Do we have existing backlog items that would've prevented or greatly reduced the impact of this incident?
- ...
-
Was this incident triggered by a change (deployment of code or change to infrastructure)? If yes, link the issue.
- ...
Lessons Learned
Guidelines
Resources
- If the Situation Zoom room was utilised, recording will be automatically uploaded to Incident room Google Drive folder (private)
Incident Review Stakeholders
Edited by John Jarvis