@nuvlore/extension-bds 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/README.md +3 -0
- package/agents/bds-airflow-job-status-readonly.yaml +123 -0
- package/agents/bds-disk-investigator.yaml +112 -0
- package/agents/bds-inventory-readonly.yaml +60 -0
- package/agents/bds-oncall-reporter.yaml +113 -0
- package/agents/bds-prism-service-proxy-timeout-readonly.yaml +105 -0
- package/agents/bds-scylla-tenant-bucket-readonly.yaml +104 -0
- package/agents/bds-tenant-data-operation-log-readonly.yaml +98 -0
- package/agents/bds-yarn-app-health-readonly.yaml +114 -0
- package/agents/pharos-alert-investigator.yaml +81 -0
- package/package.json +60 -0
- package/skills/bds-airflow-job-status-investigation/SKILL.md +104 -0
- package/skills/bds-airflow-job-status-investigation/references/airflow-access-runbook.md +35 -0
- package/skills/bds-airflow-job-status-investigation/references/airflow-bas-dr-runbook.md +42 -0
- package/skills/bds-airflow-job-status-investigation/references/airflow-copy-and-migration-runbook.md +63 -0
- package/skills/bds-airflow-job-status-investigation/references/airflow-job-status-runbook.md +15 -0
- package/skills/bds-airflow-job-status-investigation/references/airflow-output-runbook.md +28 -0
- package/skills/bds-airflow-job-status-investigation/references/airflow-snapshot-runbook.md +38 -0
- package/skills/bds-disk-io-alert-investigation/SKILL.md +116 -0
- package/skills/bds-hadoop-review/SKILL.md +66 -0
- package/skills/bds-machine-inventory/SKILL.md +48 -0
- package/skills/bds-oncall-followup/SKILL.md +71 -0
- package/skills/bds-oncall-followup/references/oncall-followup-runbook.md +58 -0
- package/skills/bds-prism-service-proxy-timeout-investigation/SKILL.md +73 -0
- package/skills/bds-prism-service-proxy-timeout-investigation/references/service-proxy-timeout-runbook.md +48 -0
- package/skills/bds-scylla-tenant-bucket-investigation/SKILL.md +73 -0
- package/skills/bds-scylla-tenant-bucket-investigation/references/tenant-bucket-runbook.md +91 -0
- package/skills/bds-tenant-data-operation-log-investigation/SKILL.md +89 -0
- package/skills/bds-yarn-app-health-investigation/SKILL.md +77 -0
- package/skills/bds-yarn-app-health-investigation/references/yarn-app-health-runbook.md +53 -0
- package/skills/pharos-alert-investigation/SKILL.md +80 -0
- package/src/bds-atomic-log-tools.mjs +300 -0
- package/src/bds-team-membership-claude-output.mjs +36 -0
- package/src/bds-team-membership-quality.mjs +90 -0
- package/tools/bds_airflow_dag_log_read.mjs +24 -0
- package/tools/bds_airflow_job_status_command_pack.mjs +587 -0
- package/tools/bds_bas_log_read.mjs +23 -0
- package/tools/bds_bdm_httpd_log_read.mjs +24 -0
- package/tools/bds_chef_client_log_read.mjs +23 -0
- package/tools/bds_dashboard_links.mjs +178 -0
- package/tools/bds_dashboard_query_knowledge.mjs +258 -0
- package/tools/bds_dashboard_query_read.mjs +120 -0
- package/tools/bds_disk_io_alert_command_pack.mjs +287 -0
- package/tools/bds_environment_host_lookup.mjs +741 -0
- package/tools/bds_hdfs_datanode_log_read.mjs +23 -0
- package/tools/bds_hdfs_journalnode_log_read.mjs +23 -0
- package/tools/bds_hdfs_namenode_log_read.mjs +23 -0
- package/tools/bds_hdfs_path_knowledge.mjs +324 -0
- package/tools/bds_information_source_knowledge.mjs +356 -0
- package/tools/bds_kms_log_read.mjs +23 -0
- package/tools/bds_log_path_knowledge.mjs +267 -0
- package/tools/bds_machine_inventory.mjs +434 -0
- package/tools/bds_mapreduce_historyserver_log_read.mjs +23 -0
- package/tools/bds_migration_service_operation_command_pack.mjs +233 -0
- package/tools/bds_oncall_followup_payload_draft.mjs +285 -0
- package/tools/bds_pharos_query_pack.mjs +218 -0
- package/tools/bds_portal_operation_knowledge.mjs +212 -0
- package/tools/bds_prism_clone_status_links.mjs +129 -0
- package/tools/bds_prism_service_proxy_timeout_query_pack.mjs +224 -0
- package/tools/bds_public_cloud_pod_log_read.mjs +18 -0
- package/tools/bds_scylla_tenant_bucket_command_pack.mjs +323 -0
- package/tools/bds_service_proxy_log_read.mjs +23 -0
- package/tools/bds_spark_historyserver_log_read.mjs +32 -0
- package/tools/bds_spas_mt_log_read.mjs +23 -0
- package/tools/bds_tenant_data_operation_log_command_pack.mjs +321 -0
- package/tools/bds_yarn_app_health_command_pack.mjs +529 -0
- package/tools/bds_yarn_nodemanager_log_read.mjs +23 -0
- package/tools/bds_yarn_resourcemanager_log_read.mjs +23 -0
- package/tools/bds_zookeeper_log_read.mjs +23 -0
- package/tools/confluence_handoff_page_draft.mjs +173 -0
- package/vendor/dashboard/src/grafana-dashboard-query.mjs +61 -0
- package/vendor/extension-read-only-toolkit/LICENSE +202 -0
- package/vendor/extension-read-only-toolkit/README.md +29 -0
- package/vendor/extension-read-only-toolkit/package.json +46 -0
- package/vendor/extension-read-only-toolkit/src/devops-data-paths.mjs +222 -0
- package/vendor/extension-read-only-toolkit/src/devops-diagnostics.mjs +440 -0
- package/vendor/extension-read-only-toolkit/src/enterprise-api-read.mjs +180 -0
- package/vendor/extension-read-only-toolkit/src/read-only-command-pack.mjs +1 -0
- package/vendor/extension-read-only-toolkit/src/read-only-plan.mjs +45 -0
- package/vendor/extension-read-only-toolkit/src/read-only-shell-policy.d.mts +26 -0
- package/vendor/extension-read-only-toolkit/src/read-only-shell-policy.mjs +170 -0
- package/vendor/extension-workday-infra-access/LICENSE +202 -0
- package/vendor/extension-workday-infra-access/README.md +3 -0
- package/vendor/extension-workday-infra-access/agents/workday-infra-access-readonly.yaml +183 -0
- package/vendor/extension-workday-infra-access/package.json +49 -0
- package/vendor/extension-workday-infra-access/skills/workday-infra-access/SKILL.md +102 -0
- package/vendor/extension-workday-infra-access/skills/workday-infra-access/references/access-boundary-runbook.md +43 -0
- package/vendor/extension-workday-infra-access/skills/workday-infra-access/references/access-runbook.md +15 -0
- package/vendor/extension-workday-infra-access/skills/workday-infra-access/references/access-scylla-cloud-runbook.md +39 -0
- package/vendor/extension-workday-infra-access/skills/workday-infra-access/references/access-spc-argo-runbook.md +99 -0
- package/vendor/extension-workday-infra-access/src/workday-access-profiles.mjs +194 -0
- package/vendor/extension-workday-infra-access/tools/aws_cust_federated_readonly_command_pack.mjs +234 -0
- package/vendor/extension-workday-infra-access/tools/gcp_readonly_command_pack.mjs +167 -0
- package/vendor/extension-workday-infra-access/tools/public_cloud_access_status.mjs +48 -0
- package/vendor/extension-workday-infra-access/tools/workday_boundary_login.mjs +460 -0
- package/vendor/extension-workday-infra-access/tools/workday_private_cloud_sudo_readonly_command.mjs +386 -0
- package/vendor/extension-workday-infra-access/tools/workday_public_cloud_environment_map.mjs +189 -0
- package/vendor/extension-workday-infra-access/tools/workday_public_cloud_kubernetes_read.mjs +297 -0
- package/vendor/extension-workday-infra-access/tools/workday_public_cloud_spc_login.mjs +505 -0
- package/vendor/extension-workday-infra-access/tools/workday_spc_argo_readonly_command_pack.mjs +215 -0
- package/vendor/extension-workday-infra-access/workflows/public-cloud-readonly-investigation.js +99 -0
- package/workflows/bds-airflow-job-status-investigation.js +168 -0
- package/workflows/bds-disk-io-alert-investigation.js +173 -0
- package/workflows/bds-oncall-followup.js +112 -0
- package/workflows/bds-prism-service-proxy-timeout-investigation.js +69 -0
- package/workflows/bds-scylla-tenant-bucket-investigation.js +139 -0
- package/workflows/bds-tenant-data-operation-log-investigation.js +189 -0
- package/workflows/bds-yarn-app-health-investigation.js +217 -0
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# Airflow Access And Component Health Runbook
|
|
2
|
+
|
|
3
|
+
Use for Boundary access, kubeconfig checks, Airflow component health, namespace
|
|
4
|
+
events, scheduler/web logs, and generic DAG/config health evidence. Owner:
|
|
5
|
+
`bds-airflow-job-status-investigation/SKILL.md`.
|
|
6
|
+
|
|
7
|
+
## Access Details
|
|
8
|
+
|
|
9
|
+
- Private cloud access is `bauth init` followed by ordinary `ssh <host>`.
|
|
10
|
+
Use the explicit hostname from the refreshed environment config unchanged.
|
|
11
|
+
- For ATL, use the latest `BDS_ATL_CUST_AZ1` config before selecting a
|
|
12
|
+
control-plane host. Old hosts can disappear after config refresh; the learned
|
|
13
|
+
current ATL access path used `s-3m1d12123f.sys.az1.cust.atl.wd`.
|
|
14
|
+
- If the default SSH config routes through a stale `Atl-Nprd-Mgmt` bastion or
|
|
15
|
+
times out during banner exchange, explicitly use `-J proxy-jump.atl.bnd`
|
|
16
|
+
rather than inventing `.bnd` service-host aliases.
|
|
17
|
+
- If `kubectl get pod` as the SSH user fails with `localhost:8080 refused`,
|
|
18
|
+
treat it as missing normal-user kubeconfig, not cluster health evidence.
|
|
19
|
+
- If `sudo -n` needs a password, use
|
|
20
|
+
`workday_private_cloud_sudo_readonly_command`; agents and command packs must
|
|
21
|
+
not read Keychain directly or print the saved credential.
|
|
22
|
+
|
|
23
|
+
## Component Health
|
|
24
|
+
|
|
25
|
+
- Capture `airflow-scheduler` and `airflow-web` readiness, status, restarts,
|
|
26
|
+
age, node placement, namespace events, and bounded scheduler/web logs.
|
|
27
|
+
- Always query `-n airflow`; the default namespace can correctly show no pods.
|
|
28
|
+
- `GET /airflow/health ... 200` supports webserver health.
|
|
29
|
+
- `DagBag Failed to import` plus `FileNotFoundError` for
|
|
30
|
+
`/etc/hadoop/conf/bds_config.json` or
|
|
31
|
+
`/data/workday-bds-airflow/dr_to_dr_config/dr_to_dr_config.json` is a
|
|
32
|
+
DAG/config risk even when Airflow pods are healthy.
|
|
33
|
+
- Prometheus `superfluous response.WriteHeader` and sensu-client read-only
|
|
34
|
+
filesystem `chown` messages are noise unless paired with pod restarts, failed
|
|
35
|
+
readiness, or Airflow container errors.
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# Airflow BAS DR SLA And Bad Worker Runbook
|
|
2
|
+
|
|
3
|
+
Use for `bas_dr_sla_miss`, tenant-data DR copy SLA alerts, stale DR pods, bad
|
|
4
|
+
worker runtime, and BAS recovery validation. Owner:
|
|
5
|
+
`bds-airflow-job-status-investigation/SKILL.md`.
|
|
6
|
+
|
|
7
|
+
- Treat BAS mirror snapshot lag as the symptom. Prove whether the cause is
|
|
8
|
+
DistCp/copy failure, Airflow DAG/config failure, or Kubernetes worker runtime
|
|
9
|
+
cleanup failure by collecting DR task pod placement/status,
|
|
10
|
+
`deletionTimestamp`, finalizers, pod events, task logs, and bad-node runtime
|
|
11
|
+
evidence.
|
|
12
|
+
- Do not delete pods, stop host processes, restart kubelet/containerd, or
|
|
13
|
+
uncordon a bad node from this read-only workflow.
|
|
14
|
+
- If remediation is requested, recommend only an approved operator path: cordon
|
|
15
|
+
the bad worker, force-delete stale completed or terminating DR task pods after
|
|
16
|
+
logs show `Command exited with return code 0` and `Marking task as SUCCESS`,
|
|
17
|
+
let replacement pods schedule on healthy workers, and keep the bad node
|
|
18
|
+
cordoned for DC follow-up.
|
|
19
|
+
- Do not recommend force-deleting an actively progressing `Running` pod. First
|
|
20
|
+
read logs for source/destination snapshot ids, YARN app id, DistCp progress,
|
|
21
|
+
and success markers.
|
|
22
|
+
- A Kubernetes pod can remain `Running` on a degraded node after the Airflow task
|
|
23
|
+
has already completed successfully; classify that as a stale pod only with log
|
|
24
|
+
evidence.
|
|
25
|
+
- For a suspected bad worker, collect read-only node runtime evidence:
|
|
26
|
+
`kubectl get node -o wide`, pods by node, host `uptime`, `D`/`Z`/zombie
|
|
27
|
+
process counts, bounded `ps` lines for `defunct`, `runc`, `containerd`,
|
|
28
|
+
`kubelet`, `mount`, and `cgroup`, plus bounded `systemctl is-active kubelet
|
|
29
|
+
containerd` with timeout.
|
|
30
|
+
- Interpret kubelet/containerd service-query timeouts, stuck `runc`/mount/cgroup
|
|
31
|
+
cleanup, and many zombie processes as node-level runtime degradation.
|
|
32
|
+
- For recovery verification after approved cleanup, confirm new DR task pods on
|
|
33
|
+
healthy nodes, newer mirror snapshots such as `sYYYYMMDDHHMMr`, task logs show
|
|
34
|
+
success, and BAS lag is below the `3600s` threshold. The shorthand contract is
|
|
35
|
+
BAS lag below `3600s`.
|
|
36
|
+
- For BDS ASH BAS DR SLA verification, read the live Pharos script exporter
|
|
37
|
+
source on `s-11rdzb3.sys.az1.cust.ash.wd`: scrape config
|
|
38
|
+
`/etc/pharos_script_exporter/conf.d/chef_scrapes/bds_bas_dr_sla.yaml` and run
|
|
39
|
+
`sudo /data/pharos_script_exporter/scripts/bas_dr_sla_miss_metric.rb BDS_ASH_CUST_AZ1`.
|
|
40
|
+
- Count metric lines where `bds_bas_dr_sla_miss` is greater than `3600`, and
|
|
41
|
+
report `total_metrics`, `sla_missed_gt_3600`, `max_lag_seconds`,
|
|
42
|
+
`max_lag_tenant`, and top lagging tenants.
|
package/skills/bds-airflow-job-status-investigation/references/airflow-copy-and-migration-runbook.md
ADDED
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# Airflow Copy And Migration Runbook
|
|
2
|
+
|
|
3
|
+
Use for on-demand tenant copy, migration-service Slack incidents, and S3 VPCE
|
|
4
|
+
copy connectivity evidence. Owner:
|
|
5
|
+
`bds-airflow-job-status-investigation/SKILL.md`.
|
|
6
|
+
|
|
7
|
+
## On-Demand Tenant Copy
|
|
8
|
+
|
|
9
|
+
- If the control panel provides an ID like
|
|
10
|
+
`dag_tenant_data_copy_on_demand--1780713387370568`, treat the numeric suffix
|
|
11
|
+
as epoch microseconds when direct Airflow metadata does not match.
|
|
12
|
+
- Convert that suffix to UTC, then inspect the scheduler container task log:
|
|
13
|
+
`/data/workday-bds-airflow/logs/dag_tenant_data_copy_on_demand/manual__<UTC_ISO>/run_tenant_data_ondemand_restore_copy/1.log`.
|
|
14
|
+
- Use `Running command`, `--src-tenant`, `--dst-tenant`,
|
|
15
|
+
`Copy tenant data from cluster`, `Obtained Source Snapshot`,
|
|
16
|
+
`Latest remote matching Snapshot`, `Submitted application`, `map <percent>%`,
|
|
17
|
+
`Command exited with return code`, and `Marking task as SUCCESS` as the
|
|
18
|
+
authoritative evidence.
|
|
19
|
+
- In tenant-data namespace migration, the `tenant-data-copy` command shows
|
|
20
|
+
`--src-cluster`, `--dst-cluster`, `--src-env`, `--dst-env`, `--src-tenant`,
|
|
21
|
+
and `--dst-tenant`; `Copy tenant data from cluster ...` confirms the process.
|
|
22
|
+
`Obtained Source Snapshot` and `Starting: Building listing for
|
|
23
|
+
hdfs://.../.snapshot/<snapshot>` identify the source snapshot/path.
|
|
24
|
+
- A task pod that is `Ready=True`, has zero restarts, no pod events, and has
|
|
25
|
+
DistCp/YARN progress still advancing is a slow running copy rather than
|
|
26
|
+
Airflow component failure.
|
|
27
|
+
|
|
28
|
+
## Migration-Service Incidents
|
|
29
|
+
|
|
30
|
+
- Start from Slack thread facts: `migrationEventId`, source cluster,
|
|
31
|
+
source/target environments, tenant, migration run type, snapshot id, DAG run
|
|
32
|
+
id, failure timestamp, cutover window, and linked Jira. Treat Slack as event
|
|
33
|
+
source and Jira as tracking/follow-up evidence.
|
|
34
|
+
- Validate the state chain from read-only records before recommending action:
|
|
35
|
+
`FIRST_MIGRATION`, `DIFF_MIGRATION`, `CUTOVER_MIGRATION`, bucket sync,
|
|
36
|
+
`PRISM_READY`, and event `COMPLETED`.
|
|
37
|
+
- Derive the correct HDFS authority from cluster evidence. Do not guess by
|
|
38
|
+
shortening names; ATL CUST AZ1 tenant records may use
|
|
39
|
+
`hdfs://bdsatlcustaz11`, not `hdfs://bdsatlcustaz1`.
|
|
40
|
+
- Read-only tenant record files commonly include `operationsLog.csv`,
|
|
41
|
+
`s3MigrationCopyRecords.txt`, `s3MigrationDagRunRecords.txt`, and
|
|
42
|
+
`s3MigrationVerificationRecords.txt`.
|
|
43
|
+
- If a retry is requested during cutover, verify whether migration-service is
|
|
44
|
+
accepting only `CUTOVER_MIGRATION`; `Only cutover run allowed ... Discarding
|
|
45
|
+
message` for a discarded `DIFF_MIGRATION` is state-machine evidence.
|
|
46
|
+
- Recovery needs cutover success, verification source/target file count match,
|
|
47
|
+
bucket sync completion, `PRISM_READY`, and event `COMPLETED`, not only one
|
|
48
|
+
successful copy log.
|
|
49
|
+
|
|
50
|
+
## S3 VPCE Copy Failure
|
|
51
|
+
|
|
52
|
+
- Compare the failing S3 VPCE endpoint and any proposed alternate S3 VPCE from
|
|
53
|
+
the same worker/source IP before canceling, retriggering, or declaring the
|
|
54
|
+
migration unblocked.
|
|
55
|
+
- Use only DNS lookup, route lookup, and
|
|
56
|
+
`curl -k -sS -o /dev/null --connect-timeout ...` connect probes. Do not use
|
|
57
|
+
`aws s3 cp`, object writes, or migration retries as connectivity tests.
|
|
58
|
+
- If multiple ATL workers time out to one `bucket.vpce-...s3.<region>.vpce.amazonaws.com`
|
|
59
|
+
endpoint but the same worker/source IP reaches another VPCE, treat the issue
|
|
60
|
+
as endpoint/path-specific rather than a general worker or S3 outage.
|
|
61
|
+
- Interpret `http=000` plus connect timeout as failure before HTTP/S3
|
|
62
|
+
authorization; interpret an HTTP status such as `307` from the alternate
|
|
63
|
+
endpoint as proof that the worker can reach that S3 endpoint path.
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# BDS Airflow Job Status Runbook Router
|
|
2
|
+
|
|
3
|
+
This file is only a router for `bds-airflow-job-status-investigation/SKILL.md`.
|
|
4
|
+
Do not paste all Airflow procedure detail here. Load the smallest reference that
|
|
5
|
+
matches the incident class.
|
|
6
|
+
|
|
7
|
+
- Access, kubeconfig, component pods, events, scheduler/web logs:
|
|
8
|
+
`airflow-access-runbook.md`.
|
|
9
|
+
- On-demand tenant copy, migration-service Slack incidents, and S3 VPCE copy
|
|
10
|
+
failures: `airflow-copy-and-migration-runbook.md`.
|
|
11
|
+
- Snapshot cleanup, NameNode write locks, and PRISM `CreateDataFrame` latency:
|
|
12
|
+
`airflow-snapshot-runbook.md`.
|
|
13
|
+
- `bas_dr_sla_miss`, stale DR pods, bad worker runtime, and BAS recovery
|
|
14
|
+
validation: `airflow-bas-dr-runbook.md`.
|
|
15
|
+
- Requester-facing answer fields by scenario: `airflow-output-runbook.md`.
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Airflow Output Runbook
|
|
2
|
+
|
|
3
|
+
Use only when composing the requester-facing answer for an Airflow incident.
|
|
4
|
+
Owner: `bds-airflow-job-status-investigation/SKILL.md`.
|
|
5
|
+
|
|
6
|
+
- Slack event source and migration identifiers when the incident came from a
|
|
7
|
+
Slack migration-service thread.
|
|
8
|
+
- Control-plane host used and whether normal-user kubectl lacked kubeconfig.
|
|
9
|
+
- Airflow namespace pod readiness/status/restarts/age, events, and scheduler/web
|
|
10
|
+
log findings.
|
|
11
|
+
- DAG/run state if provided.
|
|
12
|
+
- Long-running task pod tenant/process, source cluster/path, destination
|
|
13
|
+
cluster/path, snapshot id, YARN app id, and latest progress when available.
|
|
14
|
+
- For `bas_dr_sla_miss`: affected tenants, last stale snapshot time, stuck pod
|
|
15
|
+
status and node placement, task success/failure markers, bad worker zombie and
|
|
16
|
+
runtime evidence, cordon/remediation recommendation, replacement pod
|
|
17
|
+
placement, new mirror snapshot id, and BAS lag versus the `3600s` threshold.
|
|
18
|
+
- S3 VPCE evidence when relevant: old/new endpoint hostnames, resolved IPs,
|
|
19
|
+
source worker IP, route gateway/device, curl `time_connect`, `http_code`, and
|
|
20
|
+
`errormsg`.
|
|
21
|
+
- Migration-service recovery evidence when relevant: cutover status, snapshot,
|
|
22
|
+
verification file counts, bucket sync status, `PRISM_READY`, and event
|
|
23
|
+
`COMPLETED`.
|
|
24
|
+
- Snapshot-cleanup latency evidence when relevant: cleanup cron/timeout from
|
|
25
|
+
cookbook_bitbucket, Airflow deleteSnapshot start/end, NameNode write-lock
|
|
26
|
+
duration/stack, fast-case metadata audit RPCs, and application timeout
|
|
27
|
+
boundary.
|
|
28
|
+
- Evidence gaps and blocked checks, if any.
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Airflow Snapshot Cleanup And NameNode Lock Runbook
|
|
2
|
+
|
|
3
|
+
Use for snapshot-cleanup latency, NameNode write-lock evidence, and PRISM
|
|
4
|
+
`CreateDataFrame` timeout investigations. Owner:
|
|
5
|
+
`bds-airflow-job-status-investigation/SKILL.md`.
|
|
6
|
+
|
|
7
|
+
- Read the cleanup schedule from
|
|
8
|
+
`/Users/boqiang.liang/500-work/cookbook_bitbucket/bds_kube/recipes/helm_deploy.rb`.
|
|
9
|
+
For `BDS_ASH_CUST_AZ1`, the learned schedule is
|
|
10
|
+
`SCHEDULE_ASH_CUST = '0 2,3,5 * * 3-5'` and the timeout is `3600` seconds.
|
|
11
|
+
- Keep the investigation read-only and collect Airflow `deleteSnapshot`
|
|
12
|
+
start/end lines, active NameNode `Longest write-lock held` lines, and the
|
|
13
|
+
`FSNamesystem.deleteSnapshot -> NameNodeRpcServer.deleteSnapshot` stack when
|
|
14
|
+
available.
|
|
15
|
+
- Bound log scans by evidence windows. First extract cleaner run start/end and
|
|
16
|
+
top delete durations from `dag_bulk_snapshot_cleaner` logs with `awk` over
|
|
17
|
+
`Deleting snapshot` and `Successfully deleted, duration(ms):`; then inspect
|
|
18
|
+
only the active NameNode log shard and hourly
|
|
19
|
+
`hdfs-audit.log.<yyyy-mm-dd>-<hour>.*.gz` files that overlap those
|
|
20
|
+
timestamps.
|
|
21
|
+
- Keep snapshot-cleanup searches bounded. The older shorthand
|
|
22
|
+
`hdfs-audit.log.<date>-<hour>` means the same hourly audit shard pattern as
|
|
23
|
+
`hdfs-audit.log.<yyyy-mm-dd>-<hour>.*.gz`.
|
|
24
|
+
- When Airflow shows repeated snapshot deletions for the same tenant, elevated
|
|
25
|
+
per-snapshot delete durations, matching NameNode `deleteSnapshot` long
|
|
26
|
+
write-locks, and read RPCs waiting behind the lock, classify the cause as
|
|
27
|
+
snapshot backlog or large diff cleanup.
|
|
28
|
+
- Do not claim exact diff/deleted-file counts unless a log line or an approved
|
|
29
|
+
bounded diff/count command proves it.
|
|
30
|
+
- For Spark/Delta metadata-read evidence, use fast-case NameNode audit logs
|
|
31
|
+
before or after the lock window to prove the path issues read-lock RPCs such
|
|
32
|
+
as target `_delta_log` `getfileinfo`.
|
|
33
|
+
- Treat `getFileInfo/getfileinfo`, `listStatus`, `open`, and
|
|
34
|
+
`getBlockLocations` as NameNode read-lock RPCs that wait behind the
|
|
35
|
+
`deleteSnapshot` write lock.
|
|
36
|
+
- During snapshot cleanup, report `deleteSnapshot` as expected lock behavior,
|
|
37
|
+
then separately document cleanup duration, configured low-risk schedule, and
|
|
38
|
+
whether the application timeout boundary was reached.
|
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bds-disk-io-alert-investigation
|
|
3
|
+
description: Read-only BDS storage alert RCA workflow for kernel medium errors, HDFS DataNode failed volumes, PERC virtual disks, physical disk predictive failure, and Hadoop disk handoff.
|
|
4
|
+
allowed-tools:
|
|
5
|
+
- Read
|
|
6
|
+
- Glob
|
|
7
|
+
- Grep
|
|
8
|
+
- mcp__devops_tool__bds_disk_io_alert_command_pack
|
|
9
|
+
- mcp__devops_tool__bds_environment_host_lookup
|
|
10
|
+
- mcp__devops_tool__bds_machine_inventory
|
|
11
|
+
- mcp__devops_tool__workday_boundary_login
|
|
12
|
+
- mcp__devops_tool__remote_readonly_command
|
|
13
|
+
---
|
|
14
|
+
|
|
15
|
+
# BDS Disk IO Alert Investigation
|
|
16
|
+
|
|
17
|
+
Use this skill when the incident is a BDS storage failure: disk IO errors,
|
|
18
|
+
kernel medium errors, bad blocks, HDFS DataNode failed volumes, PERC virtual
|
|
19
|
+
disk issues, or physical disk predictive failure on a BDS host. For example, a
|
|
20
|
+
DataNode failed-volume alert for a specific source host belongs here because
|
|
21
|
+
the first RCA boundary is the host's filesystem, kernel, and controller state.
|
|
22
|
+
|
|
23
|
+
Do not route DataNode failed-volume incidents to Scylla tenant-bucket, Airflow
|
|
24
|
+
job-status, or generic YARN health workflows unless disk investigation evidence
|
|
25
|
+
shows the symptom belongs to those domains.
|
|
26
|
+
|
|
27
|
+
## Rules
|
|
28
|
+
|
|
29
|
+
- Resolve the BDS evidence target host before any access or SSH attempt.
|
|
30
|
+
Preserve `active datanode`, alert `Source`, BDS cluster, namespace, and disk
|
|
31
|
+
path as separate fields. For DataNode failed-volume alerts, the active
|
|
32
|
+
DataNode host is usually the storage evidence target; the alert `Source`
|
|
33
|
+
label may be a Pharos/exporter label and must not be used as the SSH target
|
|
34
|
+
until verified.
|
|
35
|
+
- The required first host lookup tool is exactly
|
|
36
|
+
`mcp__devops_tool__bds_environment_host_lookup`. Use it with the BDS cluster
|
|
37
|
+
and `datanodes` role to confirm the target host belongs to the cluster. Use
|
|
38
|
+
`mcp__devops_tool__bds_machine_inventory` only when broader machine-type
|
|
39
|
+
inventory is needed.
|
|
40
|
+
- Do not invent host tools such as `workday_host_info`, `host_info`,
|
|
41
|
+
`host_query`, or `bds_enterprise_host_lookup`. Do not search the repo with
|
|
42
|
+
`grep`, `ls`, `Read`, or `Glob` to discover host information. The host
|
|
43
|
+
resolution path is the explicit MCP tool call to
|
|
44
|
+
`mcp__devops_tool__bds_environment_host_lookup`. If asked which tool to use,
|
|
45
|
+
name that exact MCP tool.
|
|
46
|
+
- Treat disk paths such as `/hadoop/disk5/dfs/dn` as remote paths on the
|
|
47
|
+
resolved DataNode. Never run local `execute`, Bash, `ls`, `test`, `stat`,
|
|
48
|
+
`find`, or file reads against those paths.
|
|
49
|
+
- If `mcp__devops_tool__bds_environment_host_lookup` is unavailable or fails,
|
|
50
|
+
stop and report the exact tool error as a tooling/access gap. Do not fall back
|
|
51
|
+
to local filesystem checks, repo search, or guessed host metadata.
|
|
52
|
+
- For private-cloud/DC hosts, always pass the Workday infra access gate before
|
|
53
|
+
host reads: call `workday_boundary_login action=status`; if not ready, use
|
|
54
|
+
`action=login` only after explicit operator approval. Login prepares local
|
|
55
|
+
Boundary/SSHCA auth state with `bauth init`; it must not mutate remote hosts.
|
|
56
|
+
- Only collect evidence. Do not unmount, repair, format, stop services, restart
|
|
57
|
+
services, mark disks offline, clear logs, or modify RAID state.
|
|
58
|
+
- This skill defines the investigation flow. Use
|
|
59
|
+
`mcp__devops_tool__bds_disk_io_alert_command_pack` only as an atomic helper to
|
|
60
|
+
normalize inputs and generate the read-only command pack.
|
|
61
|
+
- Prefer read-only non-sudo commands first: `lsblk`, `df`, `findmnt`, `iostat`,
|
|
62
|
+
and Dell `omreport` reads.
|
|
63
|
+
- If sudo is required for `journalctl -k` or hardware health commands, use it
|
|
64
|
+
only after explicit operator approval.
|
|
65
|
+
- Never print LDAP passwords, Keychain JSON, tokens, or sudo stdin.
|
|
66
|
+
- Do not put secrets in SSH command arguments. Pass secrets via stdin only.
|
|
67
|
+
|
|
68
|
+
## Evidence Order
|
|
69
|
+
|
|
70
|
+
1. Parse alert fields: alert name, active DataNode host, alert `Source` label,
|
|
71
|
+
BDS cluster, namespace, disk path, severity, and alert time.
|
|
72
|
+
2. Generate the validated read-only command pack with
|
|
73
|
+
`bds_disk_io_alert_command_pack`.
|
|
74
|
+
3. Resolve and confirm the evidence target host with
|
|
75
|
+
`bds_environment_host_lookup` using the cluster and `datanodes` role. Do not
|
|
76
|
+
run SSH, Boundary login, Bash, `grep`, `ls`, or tool-discovery searches in
|
|
77
|
+
this step. If host lookup fails, stop with the exact tool error.
|
|
78
|
+
4. Check Workday Boundary readiness with `workday_boundary_login action=status`.
|
|
79
|
+
Run `action=login` only after explicit operator approval, then use ordinary
|
|
80
|
+
SSH to the explicit private-cloud/DC hostname.
|
|
81
|
+
5. Confirm host identity, UTC time, boot time, kernel, and sudo timestamp state
|
|
82
|
+
on the resolved remote host only.
|
|
83
|
+
6. Map block devices to mount points with remote `lsblk`, `df`, and `findmnt`.
|
|
84
|
+
7. Capture current IO state with `iostat -xz 1 3`.
|
|
85
|
+
8. Read bounded kernel and DataNode-adjacent evidence for failed volumes,
|
|
86
|
+
`critical medium error`, `Sense Key`, `Unrecovered read error`, `megaraid`,
|
|
87
|
+
OS device, sector, virtual disk, and physical disk identifiers.
|
|
88
|
+
9. Read Dell controller status with `omreport storage controller`.
|
|
89
|
+
10. Read virtual disk status and bad-block state with
|
|
90
|
+
`omreport storage vdisk controller=0 vdisk=<id>`.
|
|
91
|
+
11. Read physical disk health with
|
|
92
|
+
`omreport storage pdisk controller=0 pdisk=<id>`.
|
|
93
|
+
12. Read Dell alert log entries for `PDR64`, `VDR58`, physical disk ID, and
|
|
94
|
+
virtual disk ID.
|
|
95
|
+
|
|
96
|
+
## RCA Standard
|
|
97
|
+
|
|
98
|
+
Return concise Markdown:
|
|
99
|
+
|
|
100
|
+
- Summary with alert, host, cluster, impacted OS device, mount point, virtual
|
|
101
|
+
disk, and physical disk.
|
|
102
|
+
- Evidence table for VD status, RAID layout, bad-block state, physical disk
|
|
103
|
+
`Failure Predicted`, serial number, and part number.
|
|
104
|
+
- Timeline table in UTC.
|
|
105
|
+
- Current state: host reachability, filesystem mounted or not, iostat state, and
|
|
106
|
+
redundancy/risk.
|
|
107
|
+
- Recommendation as manual human-reviewed action only: drain, decommission, or
|
|
108
|
+
isolate before disk replacement.
|
|
109
|
+
|
|
110
|
+
## Interpretation
|
|
111
|
+
|
|
112
|
+
- `Virtual Disk Bad Blocks: Yes` plus kernel `critical medium error` is a real
|
|
113
|
+
storage fault, not merely alert noise.
|
|
114
|
+
- `Failure Predicted: Yes` on the physical disk is replacement evidence.
|
|
115
|
+
- RAID-0 data disks have no disk redundancy. Treat continued writes as risky
|
|
116
|
+
until the platform runbook isolates or drains the affected disk/node.
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bds-hadoop-review
|
|
3
|
+
description: Use when reviewing Workday BDS Hadoop upgrade work, Hadoop release-line PRs, BDS cluster impacts, Hadoop CLI removals, or BDS Hadoop-specific Bitbucket review preparation.
|
|
4
|
+
tools:
|
|
5
|
+
- mcp__devops_tool__bitbucket_api_read
|
|
6
|
+
- mcp__devops_tool__jira_api_read
|
|
7
|
+
- mcp__devops_tool__bds_machine_inventory
|
|
8
|
+
- mcp__devops_tool__bds_scylla_tenant_bucket_command_pack
|
|
9
|
+
- mcp__devops_tool__git_repo_read
|
|
10
|
+
- mcp__devops_tool__repo_text_index
|
|
11
|
+
- mcp__devops_tool__apache_project_update
|
|
12
|
+
- mcp__devops_tool__pr_finding_validate
|
|
13
|
+
- mcp__devops_tool__pr_diff_grounding
|
|
14
|
+
- mcp__devops_tool__pr_changes_only_filter
|
|
15
|
+
- mcp__devops_tool__pr_comment_dedup
|
|
16
|
+
- mcp__devops_tool__pr_comment_footer
|
|
17
|
+
---
|
|
18
|
+
|
|
19
|
+
# BDS Hadoop Review
|
|
20
|
+
|
|
21
|
+
Ground review in PR diff, linked Jira scope, BDS cluster inventory, and official
|
|
22
|
+
Apache Hadoop update context when version changes are involved. Validate
|
|
23
|
+
findings with `pr_finding_validate`, ground them with `pr_diff_grounding`, and
|
|
24
|
+
filter with `pr_changes_only_filter` before drafting comments. Use
|
|
25
|
+
`pr_comment_dedup` and `pr_comment_footer` only for local comment text.
|
|
26
|
+
|
|
27
|
+
## BDM And bds-service-proxy CLI Changes
|
|
28
|
+
|
|
29
|
+
When reviewing or debugging BDM and bds-service-proxy base-image changes, do not
|
|
30
|
+
assume `hdfs` is present. New images may remove HDFS-specific CLI packages. For
|
|
31
|
+
non-HDFS object store paths such as S3A, prefer `hadoop fs`.
|
|
32
|
+
|
|
33
|
+
For BDM tenant-health questions, read the source repo before drawing data
|
|
34
|
+
conclusions:
|
|
35
|
+
|
|
36
|
+
- Repo: `https://bitbucket.workday.com/projects/BDS/repos/sirius/browse`
|
|
37
|
+
- Prefer `bitbucket_api_read`; use a human-reviewed local cache clone only when
|
|
38
|
+
grep/indexing is needed.
|
|
39
|
+
- Search for tenant health, `TenantHealth`, `tenant_health`, `unhealthy`,
|
|
40
|
+
`brokenDsInfo`, `consistency_check`, and `operationsLog`.
|
|
41
|
+
- Capture exact file path, function/class, and predicate, then map each
|
|
42
|
+
predicate to S3A evidence.
|
|
43
|
+
|
|
44
|
+
For Scylla tenant bucket checks, call
|
|
45
|
+
`mcp__devops_tool__bds_scylla_tenant_bucket_command_pack` first. The expected
|
|
46
|
+
read-only path is:
|
|
47
|
+
|
|
48
|
+
1. Confirm pods with `kcsb get pod`.
|
|
49
|
+
2. Read `bucketdetails-config` to get `bds-tenant.bucket.name`.
|
|
50
|
+
3. Use a BDM pod such as `bdm-0`.
|
|
51
|
+
4. Run `hadoop fs -ls s3a://<bds-tenant-bucket>/data/` and then tenant-specific
|
|
52
|
+
`hadoop fs -ls` or `hadoop fs -cat` reads when needed.
|
|
53
|
+
|
|
54
|
+
Tenant folders follow `data/tenants/<ENV_NAME>.<tenantName>`, for example
|
|
55
|
+
`data/tenants/WD504-IMPL.schellman1`. A listed tenant folder can contain
|
|
56
|
+
`operationsLog.csv`, `ted`, and `tmp`.
|
|
57
|
+
|
|
58
|
+
Avoid these false starts:
|
|
59
|
+
|
|
60
|
+
- `aws s3 ls` inside BDM or bds-service-proxy pods; observed behavior is
|
|
61
|
+
`NoCredentials`.
|
|
62
|
+
- `hdfs dfs -ls` in new BDM or bds-service-proxy images; `hdfs` may not exist.
|
|
63
|
+
- KDC pods as the default S3A inspection point; they may have `hdfs` but lack
|
|
64
|
+
the right S3A classpath.
|
|
65
|
+
- `hadoop fs -get` for listing; it downloads locally and can fail on local
|
|
66
|
+
directory creation.
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bds-machine-inventory
|
|
3
|
+
description: Use when the user asks for BDS machine lists, hostnames, CNAMEs, node types, or cluster inventory across dev, production, or non-production environments. Query the authoritative BDS config repositories through the bds_machine_inventory tool before answering concrete host or type questions.
|
|
4
|
+
tools:
|
|
5
|
+
- mcp__devops_tool__bds_environment_host_lookup
|
|
6
|
+
- mcp__devops_tool__bds_machine_inventory
|
|
7
|
+
- mcp__devops_tool__bds_log_path_knowledge
|
|
8
|
+
- mcp__devops_tool__workday_boundary_login
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# BDS Machine Inventory
|
|
12
|
+
|
|
13
|
+
Use this skill for concrete BDS environment inventory questions such as:
|
|
14
|
+
|
|
15
|
+
- "list all KMS machines in nprd"
|
|
16
|
+
- "what types of machines exist in prod?"
|
|
17
|
+
- "show node managers for cluster X"
|
|
18
|
+
- "any BDS env, any machine type"
|
|
19
|
+
|
|
20
|
+
## Workflow
|
|
21
|
+
|
|
22
|
+
1. Normalize the environment to `dev`, `production`, or `non-production`.
|
|
23
|
+
2. If the request asks for concrete private-cloud/DC hosts for a BDS cluster,
|
|
24
|
+
call `bds_environment_host_lookup` first. Use roles such as
|
|
25
|
+
`kube_control_planes`, `kube_workers`, `etcd`, `namenodes`, `datanodes`,
|
|
26
|
+
`resourcemanagers`, or `nodemanagers`.
|
|
27
|
+
3. If the request asks what machine types exist, call `bds_machine_inventory` with `action: "list_types"`.
|
|
28
|
+
4. If the request asks for hostnames by a broad inventory type, call `bds_machine_inventory` with `action: "list_hosts"` and either:
|
|
29
|
+
- `machineType` for semantic names such as `kms`, `resource_manager`, or `node_manager`
|
|
30
|
+
- `hostField` for an exact config path such as `bds.kms_nodes`
|
|
31
|
+
5. Use `cluster` only as a filter. If the user did not name a cluster, leave it empty and report that the answer spans all matching cluster JSON files.
|
|
32
|
+
6. Use the existing local cache or a user-provided `repoPath` by default. The
|
|
33
|
+
tool always runs `git pull --ff-only` before reading inventory so lookups use
|
|
34
|
+
the latest config code.
|
|
35
|
+
7. Do not set `allowCacheUpdate: true` unless the user explicitly permits
|
|
36
|
+
creating the missing local read-only config cache and the tool call includes
|
|
37
|
+
a complete `hitlApproval` object with `approved`, `approvedBy`, `action`,
|
|
38
|
+
`target`, `reason`, `expectedImpact`, and `risk`.
|
|
39
|
+
|
|
40
|
+
## Guardrails
|
|
41
|
+
|
|
42
|
+
- Treat BDS config repos as the source of truth for host inventory.
|
|
43
|
+
- Do not infer hostnames from memory or prior terminal output when a live config query is possible.
|
|
44
|
+
- Do not print secrets, LDAP tokens, or Boundary credentials.
|
|
45
|
+
- This skill lists inventory only. Use `workday-infra-access` or
|
|
46
|
+
`remote-readonly-investigation` before reading logs on a returned host.
|
|
47
|
+
- Use `bds_log_path_knowledge` for static server-type log path planning, then
|
|
48
|
+
verify paths on the host with read-only commands.
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bds-oncall-followup
|
|
3
|
+
description: Maintain BDS on-call Confluence handoff rows and BDS follow-up Jira drafts for BDS-owned on-call issues.
|
|
4
|
+
allowed-tools:
|
|
5
|
+
- Read
|
|
6
|
+
- Glob
|
|
7
|
+
- Grep
|
|
8
|
+
- mcp__devops_tool__bds_oncall_followup_payload_draft
|
|
9
|
+
- mcp__devops_tool__confluence_search_read
|
|
10
|
+
- mcp__devops_tool__confluence_content_read
|
|
11
|
+
- mcp__devops_tool__confluence_handoff_page_draft
|
|
12
|
+
- mcp__devops_tool__jira_api_read
|
|
13
|
+
- mcp__devops_tool__jira_ticket_draft
|
|
14
|
+
---
|
|
15
|
+
|
|
16
|
+
# BDS On-call Follow-up
|
|
17
|
+
|
|
18
|
+
Use this skill when a BDS on-call issue must be recorded on the current
|
|
19
|
+
Confluence handoff page or when a BDS-owned follow-up Jira needs to be drafted.
|
|
20
|
+
|
|
21
|
+
Load `references/oncall-followup-runbook.md` only for incident-specific row,
|
|
22
|
+
Jira, and verification details.
|
|
23
|
+
|
|
24
|
+
## Boundaries
|
|
25
|
+
|
|
26
|
+
- Keep content BDS-only. Exclude DB, MTP, TAR, rsync, or customer workflow
|
|
27
|
+
detail unless it explains a concrete BDS code or workflow gap.
|
|
28
|
+
- Use `bds_oncall_followup_payload_draft` first. It owns on-call range calculation,
|
|
29
|
+
report title shape, row normalization, and BDS follow-up Jira draft shape.
|
|
30
|
+
- For Slack-sourced incidents, use the Slack thread as Issue source and
|
|
31
|
+
narrative anchor. Do not force the Issue title to be the main Jira key.
|
|
32
|
+
- Confluence tools find/read current handoff pages and draft page bodies; they
|
|
33
|
+
do not create or update pages directly.
|
|
34
|
+
- Jira tools read existing tickets or produce Jira-ready drafts; they do not
|
|
35
|
+
create tickets directly.
|
|
36
|
+
- Do not mention Codex, assistant provenance, or internal thread/source names in
|
|
37
|
+
Confluence or Jira content. Use neutral labels such as `Discussion`.
|
|
38
|
+
- Do not over-specify Jira implementation. Identify the current code or workflow
|
|
39
|
+
problem, then leave the fix design to the assignee.
|
|
40
|
+
|
|
41
|
+
## Evidence Order
|
|
42
|
+
|
|
43
|
+
1. Determine the current two-week range with `bds_oncall_followup_payload_draft`.
|
|
44
|
+
2. Locate/read the current handoff page by exact title under parent page
|
|
45
|
+
`4259305001`; draft a child page if it does not exist.
|
|
46
|
+
3. Read the current handoff table and classify rows as exact match,
|
|
47
|
+
partial/mixed issue row, or unrelated row.
|
|
48
|
+
4. Read main Jira status/summary/`issuelinks` when present and prefer a linked
|
|
49
|
+
monitoring/product follow-up ticket over the main incident Jira.
|
|
50
|
+
5. Search Jira for existing follow-ups by tenant, cluster, alert, and issue
|
|
51
|
+
keywords before drafting a new ticket.
|
|
52
|
+
6. Draft paragraph-formatted Confluence row and BDS Jira text.
|
|
53
|
+
7. If writes happen through an approved external path, read back Jira and
|
|
54
|
+
Confluence before reporting completion.
|
|
55
|
+
|
|
56
|
+
## Defaults
|
|
57
|
+
|
|
58
|
+
- Confluence space: `BD`.
|
|
59
|
+
- Parent page id: `4259305001`.
|
|
60
|
+
- BDS on-call report title format:
|
|
61
|
+
`BDS On Call Handoff YYYY/MM/DD-YYYY/MM/DD`.
|
|
62
|
+
- Default two-week anchor: `2026/05/26`.
|
|
63
|
+
- Follow-up Jira project: `BDS`.
|
|
64
|
+
- Follow-up Jira type: `Story`.
|
|
65
|
+
- Follow-up Jira component: `Devops`.
|
|
66
|
+
|
|
67
|
+
## Output
|
|
68
|
+
|
|
69
|
+
Return either a concise confirmation with Confluence page URL, Jira URL, and
|
|
70
|
+
read-back verification, or a atomic-helper result containing the exact Jira draft and
|
|
71
|
+
paragraph-formatted Confluence row draft when write access is unavailable.
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# BDS On-call Follow-up Runbook
|
|
2
|
+
|
|
3
|
+
This reference holds row/Jira details for `bds-oncall-followup/SKILL.md`.
|
|
4
|
+
|
|
5
|
+
## Confluence Row Handling
|
|
6
|
+
|
|
7
|
+
- Before drafting an edit for an existing Confluence table, read the current
|
|
8
|
+
storage body and identify the exact target row. Preserve unrelated rows.
|
|
9
|
+
- If one row contains multiple issues, split issues into separate rows or append
|
|
10
|
+
the new row; do not replace the whole mixed row.
|
|
11
|
+
- Format every Confluence issue row as paragraphs. Split description,
|
|
12
|
+
RCA/evidence, impact, Slack/Jira links, and follow-up links into separate
|
|
13
|
+
`<p>` blocks instead of one dense paragraph per cell.
|
|
14
|
+
- If an operator has already created the Jira or Confluence page outside this
|
|
15
|
+
read-only runtime, read it back and prepare link text for the systems.
|
|
16
|
+
|
|
17
|
+
## Jira Handling
|
|
18
|
+
|
|
19
|
+
- For a main Jira that tracks the immediate fix, read `issuelinks` before
|
|
20
|
+
deciding the report Follow-up Jira. Use the linked monitoring/product
|
|
21
|
+
follow-up ticket when present.
|
|
22
|
+
- Before drafting a follow-up Jira for an approved external write path, search
|
|
23
|
+
for existing tickets with tenant, cluster, alert, and issue keywords. Reuse an
|
|
24
|
+
existing matching BDS Jira in the draft instead of proposing a duplicate.
|
|
25
|
+
- If follow-up is needed and no Jira exists, draft a BDS Jira that names the
|
|
26
|
+
BDS-owned code/workflow gap and includes a short code pointer when useful.
|
|
27
|
+
- The Jira should include what BDS behavior failed, why this is BDS-owned, the
|
|
28
|
+
current code/workflow block, why the bad state was left behind when known, and
|
|
29
|
+
acceptance criteria requiring tests and better diagnostics.
|
|
30
|
+
- Avoid long incident timelines, non-BDS repair details, Mermaid diagrams,
|
|
31
|
+
unsupported formatting, or telling the assignee exactly how to implement.
|
|
32
|
+
|
|
33
|
+
## DR Copy SLA / BAS Lag Incidents
|
|
34
|
+
|
|
35
|
+
- For `bas_dr_sla_miss` or DR copy SLA incidents, include affected tenants,
|
|
36
|
+
alert threshold/lag, stale mirror snapshot time, Airflow pod status, bad
|
|
37
|
+
worker node, zombie/node runtime evidence, remediation actions, verification
|
|
38
|
+
snapshot id, BAS lag recovery below `3600s`, and DC follow-up Jira when
|
|
39
|
+
present.
|
|
40
|
+
- Do not report the issue as resolved only because Slack/PagerDuty stopped
|
|
41
|
+
firing.
|
|
42
|
+
- When a bad Kubernetes worker caused stale Airflow task pods, distinguish
|
|
43
|
+
read-only evidence from approved operator actions. State whether the operator
|
|
44
|
+
cordoned the node, force-deleted stale completed pods, allowed replacement
|
|
45
|
+
pods to schedule on healthy nodes, and left the bad node cordoned pending DC
|
|
46
|
+
investigation or reboot.
|
|
47
|
+
- For DR copy SLA incidents, include both the immediate approval/remediation
|
|
48
|
+
Jira and the DC/node follow-up Jira when they are different tickets.
|
|
49
|
+
|
|
50
|
+
## Verification
|
|
51
|
+
|
|
52
|
+
- When an operator performs writes through an approved external path, read back
|
|
53
|
+
Jira and Confluence before reporting completion.
|
|
54
|
+
- For Confluence, verify the page version advanced, the target row contains the
|
|
55
|
+
Slack thread, main Jira, and follow-up Jira, paragraph formatting is preserved,
|
|
56
|
+
and unrelated rows are still present.
|
|
57
|
+
- Remove internal provenance wording such as `Codex` from requester-facing
|
|
58
|
+
report and Jira text.
|