[ABLD-267] improve nghttp2 bazel config #45154
Conversation
aiuto
added
changelog/no-changelog
qa/no-code-change
github-actions
bot
added
medium review
Static quality checks✅ Please find below the results from static quality gates 31 successful checks with minimal change (< 2 KiB)
On-wire sizes (compressed)
|
Regression DetectorRegression Detector ResultsMetrics dashboard Baseline: 028a6cf Optimization Goals: ✅ No significant changes detected
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | docker_containers_cpu | % cpu utilization | +1.49 | [-1.61, +4.58] | 1 | Logs |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | docker_containers_cpu | % cpu utilization | +1.49 | [-1.61, +4.58] | 1 | Logs |
| ➖ | quality_gate_metrics_logs | memory utilization | +1.30 | [+1.08, +1.51] | 1 | Logs bounds checks dashboard |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +0.48 | [+0.39, +0.58] | 1 | Logs |
| ➖ | ddot_metrics_sum_delta | memory utilization | +0.30 | [+0.10, +0.50] | 1 | Logs |
| ➖ | quality_gate_logs | % cpu utilization | +0.26 | [-1.26, +1.79] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_idle | memory utilization | +0.24 | [+0.20, +0.29] | 1 | Logs bounds checks dashboard |
| ➖ | ddot_metrics_sum_cumulativetodelta_exporter | memory utilization | +0.23 | [+0.00, +0.46] | 1 | Logs |
| ➖ | ddot_metrics | memory utilization | +0.22 | [-0.00, +0.44] | 1 | Logs |
| ➖ | otlp_ingest_logs | memory utilization | +0.13 | [+0.04, +0.22] | 1 | Logs |
| ➖ | quality_gate_idle_all_features | memory utilization | +0.06 | [+0.02, +0.09] | 1 | Logs bounds checks dashboard |
| ➖ | file_to_blackhole_0ms_latency | egress throughput | +0.03 | [-0.48, +0.54] | 1 | Logs |
| ➖ | file_to_blackhole_100ms_latency | egress throughput | +0.03 | [-0.02, +0.07] | 1 | Logs |
| ➖ | file_to_blackhole_1000ms_latency | egress throughput | +0.02 | [-0.39, +0.43] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | -0.00 | [-0.09, +0.09] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | -0.01 | [-0.14, +0.12] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api_v3 | ingress throughput | -0.02 | [-0.14, +0.10] | 1 | Logs |
| ➖ | file_to_blackhole_500ms_latency | egress throughput | -0.04 | [-0.43, +0.35] | 1 | Logs |
| ➖ | file_tree | memory utilization | -0.11 | [-0.16, -0.06] | 1 | Logs |
| ➖ | otlp_ingest_metrics | memory utilization | -0.12 | [-0.27, +0.03] | 1 | Logs |
| ➖ | uds_dogstatsd_20mb_12k_contexts_20_senders | memory utilization | -0.18 | [-0.23, -0.13] | 1 | Logs |
| ➖ | ddot_metrics_sum_cumulative | memory utilization | -0.19 | [-0.36, -0.02] | 1 | Logs |
| ➖ | docker_containers_memory | memory utilization | -0.23 | [-0.30, -0.16] | 1 | Logs |
| ➖ | ddot_logs | memory utilization | -0.69 | [-0.76, -0.62] | 1 | Logs |
Bounds Checks: ✅ Passed
| perf | experiment | bounds_check_name | replicates_passed | links |
|---|---|---|---|---|
| ✅ | docker_containers_cpu | simple_check_run | 10/10 | |
| ✅ | docker_containers_memory | memory_usage | 10/10 | |
| ✅ | docker_containers_memory | simple_check_run | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_1000ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_100ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_500ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 | |
| ✅ | quality_gate_idle | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | lost_bytes | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | cpu_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | lost_bytes | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | memory_usage | 10/10 | bounds checks dashboard |
Explanation
Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
CI Pass/Fail Decision
✅ Passed. All Quality Gates passed.
- quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
chouquette
left a comment
chouquette
left a comment
There was a problem hiding this comment.
Preserve the fetch-ocsp-response tool from version 1.58. It is dropped at head, so if we want to continue shipping it AND update versions of, we'll need to provide it another way.
I don't follow, we are using 1.58, then it should still be present in the sources we expend, and if we update to a version that doesn't ship it, I'd rather we adapt to its removal instead of commiting to maintain it
deps/nghttp2/nghttp2.BUILD.bazel
Outdated
| # It must be a separate pkg_install because it has to go to | ||
| # / on the build machine, not {install_dir} |
There was a problem hiding this comment.
Could you extend on that comment? I don't understand what you mean
There was a problem hiding this comment.
I changed to comment here and at the other install to clarify that they get installed into different roots.
| }, | ||
| ) | ||
|
|
||
| # This is a hack to work around a bug in rules_pkg. |
There was a problem hiding this comment.
Could you maybe add a link to that bug for more context? Just in case someone else encounters the same bug
There was a problem hiding this comment.
There is no bug filed yet. The description of the problem is a few lines below, where this target is used.
I'll create that at the end of the month when I do rules_pkg backlog.
| # "@@//third_party/nghttp2:fetch-ocsp-response" | ||
| # here, but rules_pkg calculates the path as a relative ref to @nghttp2 |
There was a problem hiding this comment.
I may have a look since one of my earlier contributions got accepted by their BDFLs.
There was a problem hiding this comment.
There seems to be a workaround by means of a strip_prefix helper function:
https://github.com/bazelbuild/rules_pkg/blob/3bbfc0b95aa6407386e0c5def9b629a7a0ed463b/tests/mappings/external_repo/pkg/test.bzl#L59-L60
There was a problem hiding this comment.
Don't bother fixing anything in rules_pkg right now. We are probably going to throw out the intermediate manifest and replace it with the thing from rules_img. Work until then is potentially throwaway.
There was a problem hiding this comment.
whether we keep rules_pkg or not, the change wasn't that difficult to implement: bazelbuild/rules_pkg#1004
There was a problem hiding this comment.
We can keep rules_pkg, it's just that the implementation underneath the remapping will change to interoperate with rules_img.
github-actions
bot
added
long review
- Follows the standard pattern. - Preserve the fetch-ocsp-response tool from version 1.58. It is dropped at head, so if we want to continue shipping it AND update versions of, we'll need to provide it another way. - make the globs explicit to guard against unexpected extra code. This is not in use yet. - Still investigating why the .so size is larger. blocked on better toolchains - When used with curl, other random things start to fail linking. This is bonkers.
There are a few independent things going on.
So, the prudent thing to do now is get poised to make a quick update if we want it. |
aiuto
changed the title
| user_link_flags = select({ | ||
| "@platforms//os:linux": [ | ||
| "-Wl,--gc-sections", | ||
| "-Wl,--strip-all", |
There was a problem hiding this comment.
This will not generate the debug symbols at all instead of stripping them later on.
Personally I'm very fine with it, as I doubt anyone will ever need the agent's nghttp2's debug symbols, but that is technically a breaking change.
There was a problem hiding this comment.
Ack. We should move this all to the toolchain anyway.
And there is still another round of tuning after I do the lib file comparison to see why the size change is dramatic.
It does not have to be right now, since it is not replacing omnibus. But having the baseline allows forking work into two independent PRs that deal with size and overall link correctness.
There was a problem hiding this comment.
Why do we have to vendor this file?
There was a problem hiding this comment.
We discussed that in the main thread.
- We are very out of date in versions: using 1.58 instead of 1.68
- 1.68 drops the file.
- In order to update and avoid a breaking change, we'll need to copy it out of 1.58 and preserve it.
Doing this now makes it easy to do a fast update to 1.68 without rediscovering this problem.
There was a problem hiding this comment.
Ack.
Although, I can't find any usage of this fine in neither curl nor the agent, so I suppose this is out of safety rather than an actual need? If so we should create a task to remove it as followup work
chouquette
left a comment
chouquette
left a comment
There was a problem hiding this comment.
LGTM with a couple nits
There was a problem hiding this comment.
Ack.
Although, I can't find any usage of this fine in neither curl nor the agent, so I suppose this is out of safety rather than an actual need? If so we should create a task to remove it as followup work
Yes. Removing things is a recurring problem. https://datadoghq.atlassian.net/browse/ABLD-350 |
|
/merge |
|
View all feedbacks in Devflow UI.
This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
devflow unqueued this merge request: It did not become mergeable within the expected time |
|
/merge |
|
View all feedbacks in Devflow UI.
This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
The expected merge time in
|
ABLD-267 Build nghttp2 with Bazel.
This does not hook into curl right now.
Getting this build file a little better will let us explore both forks of the new problems indepenedently.
Desk check