-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[smp]: move smp junit upload to new job #30198
base: main
Are you sure you want to change the base?
Conversation
While working with a colleague on another task, I noticed that fetching secrets took a surprisingly long time. Moving secrets fetching and our JUnit XML upload operations to a separate step helps clean up the signal we get from Pipeline Visibility regarding Regression Detector job execution times. Signed-off-by: Geoffrey M. Oxberry <[email protected]>
Gitlab CI Configuration ChangesModified Jobssingle-machine-performance-regression_detector single-machine-performance-regression_detector:
allow_failure: true
artifacts:
expire_in: 1 weeks
paths:
- submission_metadata
- ${CI_COMMIT_SHA}-baseline_sha
- outputs/report.md
- outputs/regression_signal.json
- outputs/bounds_check_signal.json
- outputs/junit.xml
when: always
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/docker_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- artifacts: false
job: single_machine_performance-amd64-a7
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: never
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- mkdir outputs
- touch outputs/report.md
- git fetch origin
- SMP_BASE_BRANCH=$(inv release.get-release-json-value base_branch)
- echo "Looking for merge base for branch ${SMP_BASE_BRANCH}"
- SMP_MERGE_BASE=$(git merge-base ${CI_COMMIT_SHA} origin/${SMP_BASE_BRANCH})
- echo "Merge base is ${SMP_MERGE_BASE}"
- AWS_NAMED_PROFILE="single-machine-performance"
- SMP_ACCOUNT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_ACCOUNT_ID) ||
exit $?
- SMP_ECR_URL=${SMP_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com
- SMP_AGENT_TEAM_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_AGENT_TEAM_ID)
|| exit $?
- SMP_API=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_API) || exit $?
- SMP_BOT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_BOT_ACCESS_KEY_ID)
|| exit $?
- SMP_BOT_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_BOT_ACCESS_KEY) ||
exit $?
- aws configure set aws_access_key_id "$SMP_BOT_ID" --profile ${AWS_NAMED_PROFILE}
- aws configure set aws_secret_access_key "$SMP_BOT_KEY" --profile ${AWS_NAMED_PROFILE}
- aws configure set region us-west-2 --profile ${AWS_NAMED_PROFILE}
- aws --profile single-machine-performance s3 cp s3://smp-cli-releases/v${SMP_VERSION}/x86_64-unknown-linux-gnu/smp
smp
- chmod +x smp
- BASELINE_SHA="${SMP_MERGE_BASE}"
- echo "Computing baseline..."
- echo "Checking if commit ${BASELINE_SHA} is recent enough..."
- FOUR_DAYS_BEFORE_NOW=$(date --date="-4 days +1 hour" "+%s")
- BASELINE_COMMIT_TIME=$(git -c log.showSignature=false show --no-patch --format=%ct
${BASELINE_SHA})
- "if [[ ${BASELINE_COMMIT_TIME} -le ${FOUR_DAYS_BEFORE_NOW} ]]\nthen\n echo\
\ \"ERROR: Merge-base of this branch is too old for SMP. Please update your branch\
\ by merging an up-to-date main branch into your branch or by rebasing it on an\
\ up-to-date main branch.\"\n exit 1\nfi\n"
- echo "Commit ${BASELINE_SHA} is recent enough"
- echo "Checking if image exists for commit ${BASELINE_SHA}..."
- "while [[ ! $(aws ecr describe-images --profile single-machine-performance --registry-id\
\ \"${SMP_ACCOUNT_ID}\" --repository-name \"${SMP_AGENT_TEAM_ID}-agent\" --image-ids\
\ imageTag=\"${BASELINE_SHA}-7-amd64\") ]]\ndo\n echo \"No image exists for\
\ ${BASELINE_SHA} - checking predecessor of ${BASELINE_SHA} next\"\n BASELINE_SHA=$(git\
\ rev-parse ${BASELINE_SHA}^)\n echo \"Checking if commit ${BASELINE_SHA} is\
\ recent enough...\"\n BASELINE_COMMIT_TIME=$(git -c log.showSignature=false\
\ show --no-patch --format=%ct ${BASELINE_SHA})\n if [[ ${BASELINE_COMMIT_TIME}\
\ -le ${FOUR_DAYS_BEFORE_NOW} ]]\n then\n echo \"ERROR: Merge-base of\
\ this branch is too old for SMP. Please update your branch by merging an up-to-date\
\ main branch into your branch or by rebasing it on an up-to-date main branch.\"\
\n exit 1\n fi\n echo \"Commit ${BASELINE_SHA} is recent enough\"\
\n echo \"Checking if image exists for commit ${BASELINE_SHA}...\"\ndone\n"
- echo "Image exists for commit ${BASELINE_SHA}"
- echo "Baseline SHA is ${BASELINE_SHA}"
- echo -n "${BASELINE_SHA}" > "${CI_COMMIT_SHA}-baseline_sha"
- aws s3 cp --profile single-machine-performance --only-show-errors "${CI_COMMIT_SHA}-baseline_sha"
"s3://${SMP_AGENT_TEAM_ID}-smp-artifacts/information/"
- BASELINE_IMAGE=${SMP_ECR_URL}/${SMP_AGENT_TEAM_ID}-agent:${BASELINE_SHA}-7-amd64
- echo "${BASELINE_SHA} | ${BASELINE_IMAGE}"
- COMPARISON_IMAGE=${SMP_ECR_URL}/${SMP_AGENT_TEAM_ID}-agent:${CI_COMMIT_SHA}-7-amd64
- echo "${CI_COMMIT_SHA} | ${COMPARISON_IMAGE}"
- RUST_LOG="info,aws_config::profile::credentials=error"
- RUST_LOG_DEBUG="debug,aws_config::profile::credentials=error"
- RUST_LOG="${RUST_LOG}" ./smp --team-id ${SMP_AGENT_TEAM_ID} --api-base ${SMP_API}
--aws-named-profile ${AWS_NAMED_PROFILE} job submit --baseline-image ${BASELINE_IMAGE}
--comparison-image ${COMPARISON_IMAGE} --baseline-sha ${BASELINE_SHA} --comparison-sha
${CI_COMMIT_SHA} --target-config-dir test/regression/ --submission-metadata submission_metadata
- RUST_LOG="${RUST_LOG}" ./smp --team-id ${SMP_AGENT_TEAM_ID} --api-base ${SMP_API}
--aws-named-profile ${AWS_NAMED_PROFILE} job status --wait --wait-delay-seconds
60 --submission-metadata submission_metadata
- RUST_LOG="${RUST_LOG}" ./smp --team-id ${SMP_AGENT_TEAM_ID} --api-base ${SMP_API}
--aws-named-profile ${AWS_NAMED_PROFILE} job sync --submission-metadata submission_metadata
--output-path outputs
- cat outputs/report.md | sed "s/^\$/$(echo -ne '\uFEFF\u00A0\u200B')/g"
- - DATADOG_API_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_API_KEY_ORG2"
- token)" || exit $?; export DATADOG_API_KEY
- - datadog-ci junit upload --service datadog-agent outputs/junit.xml
- RUST_LOG="${RUST_LOG}" ./smp --team-id ${SMP_AGENT_TEAM_ID} --api-base ${SMP_API}
--aws-named-profile ${AWS_NAMED_PROFILE} job result --submission-metadata submission_metadata
stage: functional_test
tags:
- runner:docker
timeout: 1h10m
variables:
SMP_VERSION: 0.16.0 Added Jobssingle-machine-performance-regression_detector-junit-uploadsingle-machine-performance-regression_detector-junit-upload:
allow_failure: true
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/docker_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- job: single-machine-performance-regression_detector
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: never
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- DATADOG_API_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_API_KEY_ORG2"
token)" || exit $?; export DATADOG_API_KEY
- datadog-ci junit upload --service datadog-agent outputs/junit.xml
stage: functional_test
tags:
- runner:docker Changes Summary
ℹ️ Diff available in the job log. |
[Fast Unit Tests Report] On pipeline 46779226 (CI Visibility). The following jobs did not run any unit tests: Jobs:
If you modified Go files and expected unit tests to run in these jobs, please double check the job logs. If you think tests should have been executed reach out to #agent-devx-help |
Regression DetectorRegression Detector ResultsRun ID: c856f8ff-2adc-4d73-b07a-a20c25a37db0 Metrics dashboard Target profiles Baseline: b0ca9e6 Performance changes are noted in the perf column of each table:
No significant changes in experiment optimization goalsConfidence level: 90.00% There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
|
perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
---|---|---|---|---|---|---|
➖ | basic_py_check | % cpu utilization | +1.02 | [-1.66, +3.69] | 1 | Logs |
➖ | idle_all_features | memory utilization | +0.74 | [+0.65, +0.83] | 1 | Logs bounds checks dashboard |
➖ | tcp_syslog_to_blackhole | ingress throughput | +0.50 | [+0.45, +0.55] | 1 | Logs |
➖ | idle | memory utilization | +0.48 | [+0.43, +0.52] | 1 | Logs bounds checks dashboard |
➖ | otel_to_otel_logs | ingress throughput | +0.35 | [-0.45, +1.16] | 1 | Logs |
➖ | file_to_blackhole_300ms_latency | egress throughput | +0.06 | [-0.12, +0.24] | 1 | Logs |
➖ | uds_dogstatsd_to_api | ingress throughput | +0.02 | [-0.08, +0.12] | 1 | Logs |
➖ | tcp_dd_logs_filter_exclude | ingress throughput | -0.00 | [-0.01, +0.01] | 1 | Logs |
➖ | file_to_blackhole_500ms_latency | egress throughput | -0.00 | [-0.25, +0.25] | 1 | Logs |
➖ | file_to_blackhole_0ms_latency | egress throughput | -0.01 | [-0.34, +0.33] | 1 | Logs |
➖ | file_to_blackhole_100ms_latency | egress throughput | -0.01 | [-0.23, +0.21] | 1 | Logs |
➖ | file_to_blackhole_1000ms_latency | egress throughput | -0.05 | [-0.52, +0.42] | 1 | Logs |
➖ | file_tree | memory utilization | -0.71 | [-0.83, -0.59] | 1 | Logs |
➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | -0.79 | [-1.50, -0.08] | 1 | Logs |
➖ | pycheck_lots_of_tags | % cpu utilization | -3.05 | [-5.42, -0.67] | 1 | Logs |
Bounds Checks
perf | experiment | bounds_check_name | replicates_passed |
---|---|---|---|
✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 |
✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 |
✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 |
✅ | file_to_blackhole_300ms_latency | memory_usage | 10/10 |
✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 |
✅ | idle | memory_usage | 10/10 |
✅ | idle_all_features | memory_usage | 10/10 |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
What does this PR do?
While working with a colleague on another task, I noticed that fetching secrets took a surprisingly long time. Moving secrets fetching and our JUnit XML upload operations to a separate step helps clean up the signal we get from Pipeline Visibility regarding Regression Detector job execution times.
Motivation
More meaningful statistics from SMP's Test Visibility monitoring.
Describe how to test/QA your changes
SMP tests should continue to be uploaded to Test Visibility.
Possible Drawbacks / Trade-offs
We use Pipeline Visibility to get a quick aggregate view of SMP's health in Agent CI -- particularly to understand if Agent CI jobs are terminating due to timeouts. If secrets fetching or uploading JUnit XML take nontrivial amounts of time (say, more than a dozen seconds each), then we mistakenly attribute GitLab CI timeouts to under-provisioning of SMP runners in our backend, potentially causing us to overallocate capacity. Moving the JUnit XML upload step to a separate job should fix that attribution problem.
Additional Notes
n/a