Wednesday, 2025-06-25

« Tuesday, 2025-06-24 Index Thursday, 2025-06-26 »
opendevreviewMichal Nasiadka proposed openstack/diskimage-builder master: Add Rocky Linux 10 support to rocky-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/95254804:44
opendevreviewMichal Nasiadka proposed openstack/diskimage-builder master: Add Rocky Linux 10 support to rocky-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/95254804:48
opendevreviewMichal Nasiadka proposed openstack/diskimage-builder master: Add Rocky Linux 10 support to rocky-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/95254804:49
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu Bionic and Focal image definitions  https://review.opendev.org/c/opendev/zuul-providers/+/95326804:54
mnasiadkaclarkb: ^^ - I assume there's no need for arm64 versions04:54
tonybmnasiadka: That's correct04:55
tonyb(that we only need x86_64(amd64) images for the old distros)04:56
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu Bionic and Focal image definitions  https://review.opendev.org/c/opendev/zuul-providers/+/95326804:56
mnasiadkatonyb: great - if you can single merge ^^ - I can make the actual build working before clarkb and others wake up ;-)04:58
opendevreviewMerged opendev/zuul-providers master: Add Ubuntu Bionic and Focal image definitions  https://review.opendev.org/c/opendev/zuul-providers/+/95326805:00
tonybmnasiadka: ^^ done :)05:00
mnasiadkayay05:01
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu bionic/focal builds, labels and provider config  https://review.opendev.org/c/opendev/zuul-providers/+/95326905:14
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu bionic/focal builds, labels and provider config  https://review.opendev.org/c/opendev/zuul-providers/+/95326905:15
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu bionic/focal builds, labels and provider config  https://review.opendev.org/c/opendev/zuul-providers/+/95326905:28
opendevreviewMerged openstack/diskimage-builder master: Add new openstack/devstack based functional testing  https://review.opendev.org/c/openstack/diskimage-builder/+/94994205:45
opendevreviewMerged openstack/diskimage-builder master: Disable nodepool testing  https://review.opendev.org/c/openstack/diskimage-builder/+/95324605:45
opendevreviewMerged openstack/diskimage-builder master: Add support for CentOS Stream 10  https://review.opendev.org/c/openstack/diskimage-builder/+/93404505:45
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu bionic/focal builds, labels and provider config  https://review.opendev.org/c/opendev/zuul-providers/+/95326905:49
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu bionic/focal builds, labels and provider config  https://review.opendev.org/c/opendev/zuul-providers/+/95326905:50
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu bionic/focal builds, labels and provider config  https://review.opendev.org/c/opendev/zuul-providers/+/95326905:56
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu bionic/focal builds, labels and provider config  https://review.opendev.org/c/opendev/zuul-providers/+/95326906:01
opendevreviewMichal Nasiadka proposed opendev/zuul-providers master: Add Ubuntu bionic/focal builds, labels and provider config  https://review.opendev.org/c/opendev/zuul-providers/+/95326906:17
opendevreviewMichal Nasiadka proposed opendev/glean master: Ensure files are created with 0600 perms  https://review.opendev.org/c/opendev/glean/+/95327606:34
opendevreviewMichal Nasiadka proposed openstack/diskimage-builder master: Add Rocky Linux 10 support to rocky-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/95254806:34
fricklerinfra-root: looks like gitea might be a bit flakey, see e.g. the failures on https://review.opendev.org/c/opendev/zuul-providers/+/953269 (note they are for old images, not the added ones) https://zuul.opendev.org/t/opendev/build/632f2848f8cb4ccd9961852b598b5e4012:03
fungifrickler: i'm still waking up, but consistent with the gitea servers getting bombarded by crawlers again?12:13
fricklerthat might be possible, didn't check the servers yet12:15
opendevreviewDaniel Bengtsson proposed opendev/irc-meetings master: Drop the oslo team meeting.  https://review.opendev.org/c/opendev/irc-meetings/+/95330512:52
opendevreviewMerged opendev/irc-meetings master: Drop the oslo team meeting.  https://review.opendev.org/c/opendev/irc-meetings/+/95330513:17
opendevreviewMichal Nasiadka proposed opendev/glean master: Ensure files are created with 0600 perms  https://review.opendev.org/c/opendev/glean/+/95327613:23
opendevreviewDmitriy Rabotyagov proposed openstack/diskimage-builder master: Add support for building Fedora 40  https://review.opendev.org/c/openstack/diskimage-builder/+/92210913:47
fricklermaybe we're also dossing ourselves if we run 15 image builds in parallel that all clone the whole opendev git tree? might be an option for further improvement to do that only once per buildset and have each real image copy from there?13:52
Clark[m]They should start with the existing image cache so not a full clone but an update or the existing data to current data13:55
Clark[m]It may still be a dos though13:56
mnasiadkaclarkb: Added the bionic and jammy images here https://review.opendev.org/c/opendev/zuul-providers/+/953269 - had to fix a case where zuul.image_formats is not populated (probably because the image does not exist yet in zuul)14:01
corvusmnasiadka: oops, that's an oversight on my part, sorry!14:19
mnasiadkacorvus: no worries, I traced back the patch in Zuul to understand what is happening there - using default filter did the trick for now (unless you want it to be different in future, but I guess that's a followup)14:19
corvusthat seems like a good fix for now...14:20
mnasiadkagreat, so needs another +2 now to make unmaintainers happy ;-)14:20
corvusi'll need to think a bit about whether zuul can come up with a value for that in a speculative state... it... may not be possible.... so that might be the permanent fix.14:20
mnasiadkacorvus: you would probably need to have a definition per provider on accepted image formats to limit those formats to less than the usual three we default to14:21
corvuslgtm; i didn't +w in case Clark wants to look14:22
mnasiadkasure, let's wait14:22
mnasiadkawas that the only reason for insta-revert yesterday?14:22
corvusmnasiadka: zuul does know the image formats for the providers normally -- it's just that it isn't going to speculatively attach a new image to providers, so we wouldn't know which formats it needs until after the change to add the image to providers merges14:24
mnasiadkaah right, so then default makes sense14:24
corvuswe could try to do something to special case that during the config validation... but honestly, i think we ought to be able to run those jobs even when not attached to providers, so i'm more and more thinking that just having a default makes sense.14:24
fricklermnasiadka: iiuc https://review.opendev.org/c/zuul/zuul/+/953244 was the reason14:25
corvusmnasiadka: no, the insta-revert was because a cloud blew up and we didn't handle that in the request assignment loop, so the launcher spun.  simple bug/fix.14:25
corvusyeah that one14:25
mnasiadkaah, nice14:26
corvusi plan to try again today once i get some stuff out of the way14:26
opendevreviewMichal Nasiadka proposed opendev/glean master: Ensure files are created with 0600 perms  https://review.opendev.org/c/opendev/glean/+/95327614:29
opendevreviewMichal Nasiadka proposed opendev/glean master: Stop adding uuid= in keyfiles  https://review.opendev.org/c/opendev/glean/+/95332014:29
opendevreviewMichal Nasiadka proposed openstack/diskimage-builder master: Add Rocky Linux 10 support to rocky-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/95254814:29
mnasiadkaok, it's weird NM in RHEL-clone has different issues than the one in CentOS Stream 10, but whatever ;-)14:30
opendevreviewMichal Nasiadka proposed opendev/glean master: Ensure files are created with 0600 perms  https://review.opendev.org/c/opendev/glean/+/95327614:35
opendevreviewMichal Nasiadka proposed opendev/glean master: Stop adding uuid= in keyfiles  https://review.opendev.org/c/opendev/glean/+/95332014:35
opendevreviewMichal Nasiadka proposed opendev/glean master: Stop adding uuid= in keyfiles  https://review.opendev.org/c/opendev/glean/+/95332014:42
opendevreviewMichal Nasiadka proposed opendev/glean master: Stop adding uuid= in keyfiles  https://review.opendev.org/c/opendev/glean/+/95332014:43
opendevreviewClark Boylan proposed opendev/system-config master: Update etherpad to v2.3.1  https://review.opendev.org/c/opendev/system-config/+/95332815:17
fungipopping out to run lunch errands, back in an hour15:20
fricklercorvus: was there a change in zuul/nodepool (likely deployed this weekend), that would make private_ipv4 point to the FIP instead of the internal tenant IP? cf. https://c4d77360c4f137c70770-625a0eb0440aa527fbdb216e8991f5a6.ssl.cf1.rackcdn.com/openstack/2b5b978a4bde4afa913491107676f422/zuul-info/inventory.yaml15:21
opendevreviewClark Boylan proposed opendev/system-config master: DNM force etherpad failure to hold node  https://review.opendev.org/c/opendev/system-config/+/84097215:25
fricklercompare to an earlier run https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_900/openstack/9002bca23bf34476bdcaa7ee2b79c981/zuul-info/inventory.yaml15:26
clarkbdoing a nodepool list --detail shows that the private ip == public ip for all nodes in raxflex sjc3 right now15:27
clarkbI wonder if this is an oepsntack sdk update that got pulled in by other changes15:28
clarkbthere was a new release on june 315:28
fricklerthat's another option, yes. do we pull in only released sdk?15:28
clarkbyes nodepool only uses released sdk. However, june 3 is long enough ago that I think we would have seen this problem sooner. I know I updated nodepool here: https://review.opendev.org/c/zuul/nodepool/+/952587 which merged on the 13th15:29
corvusmay 7, june 13, june 23 are the update dates for the nodepool latest image15:30
fricklernothing obvious in the sdk git log, too. checking nodepool next15:30
frickleror maybe raxflex changed something in their API? nodepool doesn't have any obvious changes either15:31
clarkbyes that seems possible as well15:32
fricklerdo we have an easy way to find a zuul-launcher run on raxflex? just to compare the inventory there15:32
clarkbDFW3 does not exhibit this issue15:33
clarkbit is our only other floating ip cloud in nodepool. To me that does seem to point at something region specific and not nodepool or openstacksdk specific15:33
corvusis this all 3 old rax regions, or only rax-dfw?15:34
fricklerok, ok, that would support the API version theory15:35
fricklerdfw3 is the second raxflex region I think?15:35
clarkbyes sjc3 and dfw3 are both in raxflex. They are the only nodepool providers using floating IPs. rax classic ahs public and private ips on separate interfaces but both are directly attached to the nodes15:35
clarkblet me see what nodepool list --detail reports for rax classic15:36
corvuswhat's the behavior for raxflex-sjc3?15:36
corvusthe two most recent nodepool builds (from june 13 and june 23) both used openstacksdk-4.6.0-py3-none-any.whl15:36
clarkbcorvus: raxflex-sjc3 has public ip == private ip using the public ip address. raxflex-dfw3, rax-dfw, rax-iad, rax-ord all have different public and private ips on each node15:37
corvusoh ok, so raxflex-sjc3 is the only place we see this15:38
clarkbcorvus: the problem is that since raxflex-sjc3 uses floating ips jobs are running assuming they can bind sockets to the private ip safely (but not the public ip). But this assumption breaks when we don't have nodepool properly setting the private up15:38
clarkbyes raxflex-sjc3 seems to be unique here15:38
clarkbI think if raxflex-dfw3 exhibited this behavior I would be more sketical of nodepool or openstacksdk themselves. Given their behavior differs I wonder if there is some configuration difference (either in our clouds.yaml or in the cloud resources themselves that cause this change)15:39
fricklerhmm, doing "openstack server list" on sjc3 + dfw3 show both public+private IPs as expected15:40
clarkbfrickler: ya and server show against instances in both shows entries that look similar to my eye15:40
fricklerso the API side seems fine15:40
clarkbwe probably need to see how openstacksdk distinguishes and work form there15:41
fricklerI'm wary of doing deeper nodepool debugging right now in case the issue goes away with z-l15:41
corvusnodepool may be involved here -- nodepool does its own server listing for efficiency15:42
corvuslet me see if i can do a manual version of that on bridge or something...15:42
clarkbcorvus: nodepool seems to do a listing then when a list entry matches it calls sdk's expand_server_interfaces() function. That function then does `server['private_v4'] = get_server_private_ip(server, cloud) or ''`15:46
clarkbget_server_private_ip() has a docstring explaining its method of determining the private ip. I'm guessing that process is what fails for us15:47
clarkbI've started looking at the mechanics of replacing zookeeper cluster nodes and I have realized that while nodepool will automatically detect changes to the zookeeper server list and update its zk client it doesn't appear that zuul does so. Zuul's zk client tooling does have the same resetHosts() method that is found in nodepool but it doesn't seem that anything calls it. Do we think16:02
clarkbadding support for that in zuul makes sense before replacing zk servers or should I just plan to do a full zuul restart each time a zk host is added/removed to the cluster?16:02
corvusclarkb: what about a restart to add 3 new servers, then a restart to remove the old one.  it shouldn't matter that dns doesn't resolve.16:03
corvuss/old one/old ones/16:03
clarkbcorvus: and then manage the actual cluster in a rolling fashion behind the scenes to avoid split brain potential?16:04
corvusya16:04
frickleroh, the working example I posted earlier was from dfw3 because I was focusing only on raxflex. so possibly sjc3 has been broken for longer, just did not hit the issue often enough to be noticed16:04
clarkbthat should work. One complication for that is we get the list of servers from ansible inventory so I'll need to add all of them to our inventory. But I think that is manageable with the emergency file list to avoid the cluster growing/shrinking inappropriately16:05
corvuscould you just grow to 6 then shrink to 3?16:05
clarkbI think technically you can. The main risk there is if during that period we split brain into 3 and 3 there won't be a correct winner. However, maybe we just grow to 6 then immediately shutdown one of the old ones so that we're at 516:06
clarkbthen we can restart zuul so that it knows to connect to the new ones, then shutdown the remaining 2 old servers, then restart zuul again so that it stops trying to use the old servers16:07
rubencabrera[m]Hi! This is my first contribution and I don't know if I'm missing anything to get it merged:  https://review.opendev.org/c/openstack/diskimage-builder/+/95287516:07
rubencabrera[m]Zuul gave a +1 but both `Verified` and `Workflow` are `UNSATISFIED`. Does this need any action on my side?16:07
fricklerthe only delta I see between the regions is that for a "network list", PUBLICNET comes before opendevzuul-network1 in SJC3 and the other way round in DFW3. since neither is named "public" or "private", this might affect the magic that mordred weaved into the sdk16:08
corvushttps://paste.opendev.org/show/bClgsWkAoGHM6F7YaSyI/16:09
clarkbrubencabrera[m]: when a reviewer approves the change that will satisfy the workflow vote requirement. That triggers CI to test and ensure that the change continues to work against the last tip of master and if so CI +2's on the verify label which satisfies that requirement. Then the CI system will automatically submit the change16:09
fricklerrubencabrera[m]: this change is just waiting for a second review, no action needed on your side16:09
corvusfrickler: clarkb i ran that paste on bridge, once for each region16:09
corvusfor sjc3 i got output like: 66.70.103.103 10.0.17.62 66.70.103.10316:10
corvusfor dfw3 i got: 174.143.59.80 10.0.19.227 174.143.59.8016:10
corvusthat looks correct to me16:10
rubencabrera[m]Thank you very much for the kind explanation!16:10
clarkbcorvus: agreed that is what I would expect in a working situation16:11
clarkbcorvus: I wonder if there is a difference in our cloud.yaml files?16:11
fricklercorvus: yes, still we see something else than 10.0.16/20 in private_ipv4 in the inventory16:12
clarkbyou know, there was the issues with api response time in sjc3 recently ish16:12
corvusyeah, and nodepool list is still showing the bad behavior, so new nodes are getting that...16:12
clarkbI wonder if nodepool's openstacsdk instance for the cloud cached bad/incomplete data as a result of that16:12
corvusi'll try running the test script on nl05 to eliminate/confirm clouds.yaml16:12
corvusif that doesn't get us anywhere -- maybe clarkb is suggesting we turn it off and on again? :)16:13
clarkbcorvus: ya think that is what I'd do next unfortauntely16:14
corvusrunning the test script in the container on nl05 for sjc3 produces normal looking data16:15
corvusi think we're at turn it off and on again16:15
corvusi can do that if other folks are ready for that step16:16
clarkbI'm ready if you are16:17
corvusrestarting now16:17
corvusbehavior changed16:19
clarkbwow ok16:19
corvus| 0041230215 | raxflex-sjc3        | ubuntu-noble             | 13768ec8-acbd-4d7e-8b77-acbcdbe9b759 | 66.70.103.127   |      | ready    | 00:00:00:34   | locked   | main |          | 10.0.17.160     | az116:19
clarkbcorvus: the heuristics in get_server_private_ip() must rely on cached data then16:20
clarkbwhcih is probably good 99.9% of the time :)16:20
corvusthat 10. ip is the private ip16:20
corvusyeah16:20
fricklerok, I just found a working example from z-l https://zuul.opendev.org/t/zuul/build/1a5d69e6895d4dc892d9f4bfb09096af/log/zuul-info/inventory.yaml#2216:20
corvuspresumably zl didn't happen to have the bad cached data; i would guess it would have been affected if it did16:21
clarkbcorvus: ya its likely a timing thing from the June 23 nodepool update since we auto restart nodepool launchers16:22
clarkband June 23 is when there were api issues  in that region16:22
fricklerthat would match the starting date mentioned in https://bugs.launchpad.net/bugs/2115338 , I'll update that bug now16:22
clarkbre zk I think I've convinced myself it should be safe to grow to 6 and then immediately reduce to 5. Then restart services. Then reduce to 3, then restart services again to avoid unnecessary config. The process will be add 3 new zk's to inventory and have them deploy, immediately after that is done put zk06 in the emergency file and shutdown zk on that server. Then do a complete zuul16:24
clarkbrestart. Then remove zk04-06 from inventory and shutdown their zk instances. Then do another complete zuul restart.16:24
clarkbinfra-root ^ let me know if there are any concerns with that appraoch. I can get things started by booting new servers and updating dns before we have to commit to the actual replacement strategy16:25
clarkbcorvus: and I geuss let me know how you think we should coordinate that around other zuul updates that are in flight16:25
clarkbfrickler: corvus sdk's _find_interesting_networks() has `if self._network_list_stamp: return` in it. I think that is the caching check16:27
clarkbinterestingly this means if you add new networks later I think you may be in a similar situation?16:27
clarkbfor zk risk I think the major risk is if we simultaneously turned out 3 new zookeepers because then they would have equivalent quorum power to the existing 3?16:30
clarkbbut our playbook does one zookeeper at a time so I think we'll add one at a time and quorum of 3 then 4 then 5 will beat 116:31
clarkbhrm except we may need to restart each of the old servers to pick up the new server membership16:38
corvusi think it would be too much work to coordinate zuul upgrades with zk; let's keep them orthogonal16:40
clarkbya each zk server currently has a list of all servers in the cluster in its static config. Our playbooks don't seem to do anything with dynamic config (they may predate that existing?). I think this means we would need to restart the existing servers for them to be aware of the new servers. And since we go in increasing order by zk number that wouldn't happen until all three zk16:42
clarkbservers are up16:42
clarkb*until all three new zk servers are up16:42
clarkband it doesnt' look like we auto restart on config changes either so would need to be manual or update the ansible. I could add each new zk one at a time ensuring that it becomes part of the quorum successfully before adding the next I guess16:43
fungiwow, i miss a lot by going to lunch!16:43
clarkbyes I think we should consider adding one at a time. This way we can ensure each node is added properly by restaring all non leader nodes then the leader last and checking that we have a new leader and quorum. Then add another server.16:49
clarkbrinse and repeat. Once we got all new servers into the cluster we can shutdown 06 and then work on zuul restarts16:49
mordredlooks like I missed some fun here with sdk and everyone's favorite logic to figure out what the ip address is16:51
mordredand yeah - there's definitely caching in there because networks usually don't change nearly as frequently as servers do, and the number of API calls needed to build up the metadata is pathological16:51
mordredprobably wouldn't be a bad idea to add in a staleness/expiration though16:52
fungiif i'd known in advance i would have popped some popcorn16:52
fungiwell, i guess there's still time...16:52
opendevreviewClark Boylan proposed opendev/system-config master: Add config option to disable zookeeper process management  https://review.opendev.org/c/opendev/system-config/+/95333717:02
clarkbI'm not convinced ^ is actually helpful yet. But I think it may be. Basically this would allow me to add all three new zk's to inventory so that our config files update without restarting any of the zookeeper processes to pick up the change. Then I can manually start each new zk server and the non leader then the leader in turn to build of the new quorum relatively quickly17:03
clarkband then when that is done we remove a non leader zk from the 04-06 set from the inventory and repeat17:03
clarkbI think what I'm beginning to realize is this process is a bit complicated which is made worse by zuul needing restarts to pick up the changes on the zuul side and also our relatively slow deployment process for inventory updates (which is thankfully much faster than it once was)17:05
clarkbhrm except when I start zk01 and restart zk04-06 they will all have zk02-03 in their configuration as well17:07
opendevreviewMichal Nasiadka proposed openstack/diskimage-builder master: Add Rocky Linux 10 support to rocky-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/95254817:07
clarkbwhich gets us back to the 3 vs 3 problem17:07
clarkbso ya I think we really want to do these one at a time to keep as many things on the quorum side as possible while we restart services17:08
clarkbI wonder ifI can find the old etherpad from when I did this last time17:09
fungiyou could do pattern search queries in the backing db17:10
clarkbzookeeper is the backing db? this is why I want to be careful17:11
fungii meant etherpad's db17:11
fungisearching for the pad from where you last did this17:11
clarkbah17:12
clarkbhttps://etherpad.opendev.org/p/opendev-zookeeper-upgrade-202117:14
clarkbI found it looking at the created timestamp of zk04 and checking irc logs on that date17:14
fungialso an option i've used in the past17:14
clarkbok I'm glad I dug that up. I like it because it is something I've done before so is somewhat proven, but also seems that I did a manual zuul config update sothat only one zuul restart was needed17:17
clarkbbasically the process used before was to replace the first two servers one at a time so that we're always running with a quorum of three. Then with 2 new servers and one old server we update the zuul config out of band to contain only the three new servers (our final config state) and restart all of zuul. Then we replace the last server17:18
clarkbI need to take a break but I'll copy that over into a new document and start filling in details for this round17:19
clarkbcorvus: both service-zookeeper.yaml and service-zuul.yaml include a noopy debug task against the zookeeper group with comments indicating that this is done to ensure that group host vars are populated for later use by configuration files listing the servers. service-nodepool.yaml does not do this. Do you know if service-nodepool.yaml is figuring it out through some other mechanism or17:34
clarkbmaybe this is no longer necessary?17:34
clarkboh one difference is nodepool does the zookeeper group lookup within ansible itself the other two do it within jinja templates. Maybe that explains it17:36
corvusi've read the commit 446b24c52f696e7c0912072ed486c9ba507228c4 and i still don't understand it17:37
corvusoh i might understand it17:38
clarkbyou know I wonder if we were relying on hostnames with ansible inventory in the past and not hardcoded ips back then17:39
clarkbso we'd have to connect to the host and gather facts to populate the ip address information. But now we hardcode that into the inventory so maybe its always available?17:39
corvusi think he was saying that disabled hosts won't end up in the hostvars, so he's running a task on all the hosts17:39
clarkbohhhh17:40
clarkbalso reading my old etherpad the very end of the etherpad has a list of considerations that I need to followup on which may impact whether or not we use zk01, zk02, zk03 again17:40
corvusserver.{{ host | regex_replace('^zk(\d+)\.open.*\.org$', '\1') | int }}={{ (hostvars[host].public_v4) }}:2888:388817:40
clarkbspecifically whether or not we can add a lower numbered id to the existing cluster and whether or not a new zk01 would somehow conflict with the ancient zk0117:41
corvusthat's from zoo.cfg and looks like it's still using hostvars17:41
clarkbcorvus: playbooks/roles/nodepool-base/tasks/main.yaml also uses hostvars though17:42
corvusyeah... so maybe with our change to inventory that's not necessary?17:42
clarkbI think either nodepool is buggy or that extra step is no longer necessary17:42
clarkb"You do not want an existing id value to join without having knowledge of transactions previously ACKd by the id." and "A new server with a lower id than has previously been in the cluster may refuse to join because ZK considers id ordinality. Higher values can join clusters of lower values." are the etherpad considerations I'm now worried about17:43
clarkbcorvus: I suspect we'll be ok ignoring that difference in setup behavior between the playbooks for now17:43
clarkbcorvus: it is easy enough to manually edit the nodepool config if it comes to that17:43
corvusclarkb: there's something fishy about option b... i'm pretty sure you can blow away the data for one of the nodes and it can recover from the others17:51
corvuslike.... without that ability... the system would not be very robust... pretty much any outage would cause it to fail17:52
corvusso i'm interested in where "You do not want an existing id value to join without having knowledge of transactions previously ACKd by the id." comes from17:52
clarkbcorvus: ya option A is what we ultimately used last time. I'm currently trying to understand that consideration now17:53
clarkbcorvus: I found https://serverfault.com/questions/760320/zookeeper-faulty-cluster-member-replacement which isn't super helpful but does seem to point in that direction17:54
corvustbh, i'd also like to know where "A new server with a lower id than has previously been in the cluster may refuse to join because ZK considers id ordinality. Higher values can join clusters of lower values." comes from too17:54
corvusthat SO question also just has an unsourced assertion17:56
corvusi just created 3 zk servers, set a timestamp value at /test using a connection to zk01, deleted zk01, started zk01 again with no data, reconnected to zk01, got the value (it was correct) and set another one.18:04
corvusi think that suggests that "delete the entire data directory and start from scratch" is a viable replacement or recovery strategy for zk servers. (which has been by understanding for a while)18:05
clarkbreading up on zab it seems that if a server knows of a higher zxid than the leader this can cause problems. However with data loss you'd not know of any zxids so the leader continues as is18:06
corvusyes, that makes sense18:07
clarkband the server id value is used for zxid collisions. With the higher id winning18:07
clarkbso if two servers are aware of the same zxid then the one with the larger myid value would become the leader18:08
clarkbfor "You do not want an existing id value to join without having knowledge of transactions previously ACKd by the id." I wonder if the issue is that other members may "know" that a server that went away and came back had a certain zxid level ackd and if it doesn't internally know about that it could become a leader and create problems?18:09
clarkbbut thats a bit of a stretch I'm still trying to understand the impact of the server id on operations within the larger cluster18:10
corvusi just removed zk01, added zk04 (empty disk), performed a transaction, removed zk04, added zk01 (empty disk) and it worked fine18:14
corvusso i have doubts about both of those assertions18:14
corvusthe quorum members talk to each other and sync missing transactions18:15
clarkback18:16
clarkbI found "Never list more than one joiner as participant in the initial configuration" in https://zookeeper.apache.org/doc/r3.8.0/zookeeperReconfig.html so I think we do want to add one server at a time at least18:17
clarkbyou can add more than one at a time but it requires additional coordination listing the extra servers as observers rather than participants18:17
clarkbwhich confirms my concern about creating a split brain on startup18:18
corvusthat seems fair18:18
clarkbserver ids must also be unique which seems like a given18:20
clarkbbut ya I'm having a hard time finding any indication that we can't use a lower numbered id or that we can't go back to using an id from several years ago18:21
clarkbcorvus: ya so far I have only been able to determine that myid must be unique for each ensemble member and that the values must be between 1 to 255. Then the value influences leader election for tie breaking18:33
corvus++18:33
clarkbso I think I can use option A to upgrade again and just add 01 then 02 then 03 similar to what was done before and things should work18:34
clarkbI just have to add each new node to the cluster one at a time18:34
corvussgtm18:35
clarkband then option A only needs one zuul restart18:36
opendevreviewMichal Nasiadka proposed opendev/glean master: Ensure files are created with 0600 perms  https://review.opendev.org/c/opendev/glean/+/95327618:38
clarkbcorvus: something like this: https://etherpad.opendev.org/p/opendev-zookeeper-upgrade-2025 for the process18:51
clarkbthere was a naive part of me that thought I'd be mostly done by the end of today and now I feel like I'm just starting heh18:53
clarkbcorvus: that doc indicates using the zuul_restart.yaml playbook after 2 of 3 nodes are rotated in to pick up the future state of all three new servers in zuul config. I think that is the non graceful restart. That is still probably the best way to do this right?18:59
clarkbI guess I'll start booting new servers after lunch and can update that document with even more details and update the ansible playbook to update zuul under the hood19:01
corvusthe graceful will take 24h... non-graceful is probably fine unless there's some kind of critical release job running... but even then they should be idempotent, so probably ok)19:02
clarkback19:02
opendevreviewMichal Nasiadka proposed opendev/glean master: Ensure files are created with 0600 perms  https://review.opendev.org/c/opendev/glean/+/95327620:04
opendevreviewMichal Nasiadka proposed opendev/glean master: Stop adding uuid= in keyfiles  https://review.opendev.org/c/opendev/glean/+/95332020:05
clarkbarg I forgot to add the --image flag to launch node and my new zk01 is booting on jammy. I'll clean delete it and clear out the zk01 ansible facts after its done then try again20:12
clarkb"Exception: Node has less than 2 CPUs" <- the check I added to catch the noble issue tripped. Glad I added that now20:43
funginice! glad it's actually workin20:44
fungig20:44
opendevreviewClark Boylan proposed opendev/zone-opendev.org master: Add DNS records for three new zk servers  https://review.opendev.org/c/opendev/zone-opendev.org/+/95335320:55
opendevreviewClark Boylan proposed opendev/system-config master: Small playbook to set zuul zk hosts config  https://review.opendev.org/c/opendev/system-config/+/78834220:58
opendevreviewClark Boylan proposed opendev/system-config master: Replace zk06 with zk01  https://review.opendev.org/c/opendev/system-config/+/95116421:02
clarkbI think it is safe to land 953353 whenever. 788342 doesn't need to be merged. I've just pushed an update to it for record keeping purposes and clarity. 951164 should probably be landed first thing on $day so that we can try and get through the entire cluster in one day. If reviewers are happy with these chagne and the process outlined in21:03
clarkbhttps://etherpad.opendev.org/p/opendev-zookeeper-upgrade-2025 and tomorrow doesn't have any early fires I can probably start then. otherwise I'll wait for a quiet morning where I think I can get through the whole set in one big push21:03
corvus953353+321:04
corvusi think that the zuul launchers have not been able to keep up with image uploads due to all the recent errors and restarts.  things are looking better with the current code, but i think i'd like to see them fully catch up before we drown the logs in node launches21:05
opendevreviewMerged opendev/zone-opendev.org master: Add DNS records for three new zk servers  https://review.opendev.org/c/opendev/zone-opendev.org/+/95335321:05
corvusso i think i'm going to let that run for a bit before i look into re-applying the openstack move21:06
clarkbwfm21:06
opendevreviewClark Boylan proposed opendev/system-config master: Update etherpad to v2.3.2  https://review.opendev.org/c/opendev/system-config/+/95332822:40
opendevreviewClark Boylan proposed opendev/system-config master: DNM force etherpad failure to hold node  https://review.opendev.org/c/opendev/system-config/+/84097222:40
clarkbetherpad 2.3.1 failed in our testing but then a 2.3.2 showed up. Here's hoping that fixes the problem22:40
« Tuesday, 2025-06-24 Index Thursday, 2025-06-26 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!