[production] Enable `always_async_project_authorizations_refresh` feature flag : 10% to 100%, in 10% increments

Production Change

Change Summary

This is to rollout the feature flag always_async_project_authorizations_refresh, starting from 10%, reaching 100% in 10% increments, everyday

Rollout issue is: gitlab-org/gitlab#367683 (closed)

The expected change due to enablement of this feature flag is: gitlab-org/gitlab!92333 (comment 1033648348)

This change has been tested on staging and the QA pipelines are passing: gitlab-org/gitlab#367683 (comment 1056549407)

Change Details

  1. Services Impacted - ServiceSidekiq
  2. Change Technician - @manojmj
  3. Change Reviewer - DRI for the review of this change
  4. Time tracking - 5 minutes
  5. Downtime Component - No downtime expected

Detailed steps for the change

Change Steps - steps to take to execute the change

Estimated Time to Complete (mins) - 2 minutes

  • Set label changein-progress /label ~change::in-progress
  • /chatops run feature set always_async_project_authorizations_refresh 10 --random
  • /chatops run feature set always_async_project_authorizations_refresh 20 --random
  • /chatops run feature set always_async_project_authorizations_refresh 30 --random
  • /chatops run feature set always_async_project_authorizations_refresh 40 --random
  • /chatops run feature set always_async_project_authorizations_refresh 50 --random
  • /chatops run feature set always_async_project_authorizations_refresh 60 --random
  • /chatops run feature set always_async_project_authorizations_refresh 70 --random
  • /chatops run feature set always_async_project_authorizations_refresh 80 --random
  • /chatops run feature set always_async_project_authorizations_refresh 90 --random
  • /chatops run feature set always_async_project_authorizations_refresh 100 --random
  • Set label changecomplete /label ~change::complete

Rollback

Rollback steps - steps to be taken in the event of a need to rollback this change

Estimated Time to Complete (mins) - 1 minute

  • /chatops run feature set always_async_project_authorizations_refresh false
  • Set label changeaborted /label ~change::aborted

Monitoring

Key metrics to observe

This change is only moving refreshes that happened within Puma threads, inline to Sidekiq. There is no change in behaviour of the code, so the worst case scenario is: users facing a delay when trying to access projects where they were added as a member before a short while.

  • Metric: Sidekiq queue detail
    • Location: URL
    • What changes to this metric should prompt a rollback:
      • Increasing queue depth would mean that more and more jobs are waiting in the queue without being processed, and hence users trying to gain access might not be allowed to, even if they have been already added as a member.
      • QA smoke tests against production might fail due to lag in the new access levels reflecting in the project_authorizations table.

Change Reviewer checklist

C4 C3 C2 C1:

  • Check if the following applies:
    • The scheduled day and time of execution of the change is appropriate.
    • The change plan is technically accurate.
    • The change plan includes estimated timing values based on previous testing.
    • The change plan includes a viable rollback plan.
    • The specified metrics/monitoring dashboards provide sufficient visibility for the change.

C2 C1:

  • Check if the following applies:
    • The complexity of the plan is appropriate for the corresponding risk of the change. (i.e. the plan contains clear details).
    • The change plan includes success measures for all steps/milestones during the execution.
    • The change adequately minimizes risk within the environment/service.
    • The performance implications of executing the change are well-understood and documented.
    • The specified metrics/monitoring dashboards provide sufficient visibility for the change.
      • If not, is it possible (or necessary) to make changes to observability platforms for added visibility?
    • The change has a primary and secondary SRE with knowledge of the details available during the change window.
    • The labels blocks deployments and/or blocks feature-flags are applied as necessary

Change Technician checklist

  • Check if all items below are complete:
    • The change plan is technically accurate.
    • This Change Issue is linked to the appropriate Issue and/or Epic
    • Change has been tested in staging and results noted in a comment on this issue.
    • A dry-run has been conducted and results noted in a comment on this issue.
    • For C1 and C2 change issues, the change event is added to the GitLab Production calendar.
    • For C1 and C2 change issues, the SRE on-call has been informed prior to change being rolled out. (In #production channel, mention @sre-oncall and this issue and await their acknowledgement.)
    • For C1 and C2 change issues, the SRE on-call provided approval with the eoc_approved label on the issue.
    • For C1 and C2 change issues, the Infrastructure Manager provided approval with the manager_approved label on the issue.
    • Release managers have been informed (If needed! Cases include DB change) prior to change being rolled out. (In #production channel, mention @release-managers and this issue and await their acknowledgment.)
    • There are currently no active incidents that are severity1 or severity2
    • If the change involves doing maintenance on a database host, an appropriate silence targeting the host(s) should be added for the duration of the change.
Edited by Manoj M J [OOO]