Wednesday, 2023-10-25

« Tuesday, 2023-10-24 Index Thursday, 2023-10-26 »
noonedeadpunkmornings06:52
noonedeadpunkToday in the morning I realized that likely we made a mistake by using openstack namespace for our collections... I am really thinking if it's worth to change that06:53
noonedeadpunkand then, it will open doors for couple of things06:53
noonedeadpunk1. We can create osa.playbooks collection and move there all our playbooks, and maybe even dynamic inventory? And then users shouldn't care about where they've cloned osa to - they will just run `openstack-ansible osa.playbook.nova-setup` for example06:54
noonedeadpunkthen we will be able to re-name the playbooks to more reflect that it's not only installation, but also about day206:55
noonedeadpunkAnd in integrated repo we can actually leave current playbooks for compatability, but they will just contain import of osa.playbooks.nova06:56
noonedeadpunk2. We can create a collection where to pack all systemd things and make an independent release model for it, as they pretty much don't change. And have like osa.systemd.service role and osa.systemd.networkd, etc06:57
noonedeadpunkAnd current one will be just osa.plugins.*06:57
noonedeadpunkbut then it's open question where to draw line between independent roles and collections07:03
noonedeadpunkbut I have feeling that smth like osa.playbooks would be really beneficial07:05
noonedeadpunksince we're in PTG week we can gather quickly this week to potentially discuss that and raise opinions:)07:15
jrossermorning08:28
jrosseris the collection issue that we only get to have one currently (openstack.osa) ?08:28
noonedeadpunkWell. We probably can have more, as we don't publish (as of today), but I guess then it's a bit question of naming08:33
noonedeadpunklike openstack.osa-ops can be a thing08:33
noonedeadpunkand then openstack.osa_playbooks (sorry, there can't be `-` in collection names, only underscores)08:34
noonedeadpunkbut naming will pretty much suck08:43
noonedeadpunkor well. we can do ofc openstack.ansible for playbooks... 08:44
noonedeadpunklike `openstack-ansible openstack.ansible.nova`. That looks cool. A bit ambitious though, but well :)08:45
noonedeadpunkcatchy08:45
noonedeadpunkSo well. We might be fine with namespace if we kinda find a good way of naming things in it08:47
noonedeadpunkand we actually can even place playbooks in oopenstack-ansible-plugins08:47
noonedeadpunkthough I'd rather manage these things independently I guess08:48
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Refactor log collection from lxc containers  https://review.opendev.org/c/openstack/openstack-ansible/+/87738209:28
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not try to install packages on each log_instance_info run  https://review.opendev.org/c/openstack/openstack-ansible/+/86637209:35
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not try to install packages on each log_instance_info run  https://review.opendev.org/c/openstack/openstack-ansible/+/86637209:41
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_tacker master: Fix linters for example playbook  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/89924109:45
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_tacker master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/89893009:45
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_mistral master: Fix example playbook linters  https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/89924209:47
jrosserhuh https://git.afpy.org/mdk/ansible-parallel09:49
noonedeadpunkthat;s interesting:)09:54
noonedeadpunkexcept unreadable symbols in code....09:54
noonedeadpunkand with thinking about smth like that to be frank, though was also interested in trying out https://ansible.readthedocs.io/projects/runner/en/latest/ instead of exec ansible-playbook directly 10:01
noonedeadpunklike you have run_asycn already there: https://ansible.readthedocs.io/projects/runner/en/latest/python_interface/#run-async-helper-function10:01
noonedeadpunkas that should help you out with parsing exit codes a lot10:02
jrosserinteresting - looks like a quite few options here10:05
noonedeadpunkinteresting would be to get osa running in AWX actually....10:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Refactor log collection from lxc containers  https://review.opendev.org/c/openstack/openstack-ansible/+/87738210:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_mistral master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/89891310:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_sahara master: Fix linters for example playbook  https://review.opendev.org/c/openstack/openstack-ansible-os_sahara/+/89924610:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_sahara master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_sahara/+/89892910:25
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_sahara master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_sahara/+/89892910:25
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_murano master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_murano/+/89892210:26
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_murano master: Add example playbook and linters job to the role  https://review.opendev.org/c/openstack/openstack-ansible-os_murano/+/89924710:29
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_senlin master: Fix linters for example playbook  https://review.opendev.org/c/openstack/openstack-ansible-os_senlin/+/89924810:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_senlin master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_senlin/+/89892610:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_heat master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/89890810:31
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_heat master: Fix example playbook linters  https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/89924910:32
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_heat master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/89890810:32
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Fix example playbook linters  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/89881410:34
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Add quorum support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/89569610:34
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Enable Ceilometer resource cache  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/88803210:34
noonedeadpunkSo, mds setup in ceph-ansible is broken for ansible-core 2.15: https://github.com/ceph/ceph-ansible/pull/7466/files12:13
noonedeadpunkthus, manila is failing there12:13
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Bump ansible version to 2.15.5  https://review.opendev.org/c/openstack/openstack-ansible/+/89925712:14
jrosseri also saw that we have ceph failing elsewhere12:14
jrosserhttps://review.opendev.org/c/openstack/openstack-ansible/+/89396812:15
jrosserdue to the way we constantly overwrote the tempest test vars (fixed by that patch) it might be this is broken for a while12:16
jrosserthats getting 503 on rgw but i've not been able to look at that yet12:16
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Refactor log collection from lxc containers  https://review.opendev.org/c/openstack/openstack-ansible/+/87738212:20
noonedeadpunkI can spawn an aio and have a look12:27
opendevreviewMerged openstack/openstack-ansible-plugins master: Simplfy addition of keystone users to roles  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89601712:55
jamesdentonmaybe this is a dumb question, but is there anything preventing running multiple roles/playbooks in parallel? Especially if there's no dependencies between them?13:01
jrosserdid you read back up there ^^^^ ?13:01
jamesdentonno13:01
jrossersome discussion already today about that, and seems theres a bunch of approaches13:01
jamesdentonoh hah13:02
jamesdentoni will scrollback13:02
jrossertheres not really a reason we can't13:02
jrosserso long as we observe things like haproxy must go first, keystone must go first etc etc13:02
jamesdentonright, setup-infra + keystone, then spawn a few concurrent playbook runs13:03
jrossereven withing setup infra i think we can parallelise the roles13:03
jamesdentonyeah, potentially. i wouldn't know where to start but glad to know there's been some thought about that13:03
jrosserso long as haproxy is done before we try to do galera, for example13:03
noonedeadpunkI think we also discussed that yesterday in zoom13:03
jamesdentonmaybe this is my subconscious bubbling up13:04
jamesdentonor this is the manager in me acting as though your ideas are my own :D13:04
jrosserwe discussed performance also today here13:06
jrosserand went over again how there are conflicting requirements, like for CI its all about control plane13:06
jrosserbut for real deployments what you actually want better is nova+neutron13:06
jamesdentonspeaking of CI... if i wanted to test OSA builds against a new pool of servers (such as an internal cloud) what would be needed to do that?13:07
jrossernoonedeadpunk: check this out https://review.opendev.org/q/topic:bgp-exp (you too jamesdenton)13:08
jrosserrelevant to discussions from PTG of ampora BGP sessions13:09
jamesdentoninteresting. is there a spec?13:09
jrosseri think so, yes13:09
noonedeadpunkugh13:09
jamesdentonwas this it? https://docs.openstack.org/octavia/latest/contributor/specs/version1.1/active-active-l3-distributor.html13:09
noonedeadpunkmeans we're late with our patch that we were supposed to push like couple of weeks ago13:10
jamesdentoniirc you weren't thrilled with the implementation, right? because it required peering from tenant network?13:10
jamesdentonn/m it says peering from lb-mgmt-net13:11
jrosseryeah, i guess i prefer the approach like neutron bgp agent13:11
jrosserlooking at the ascii diagram the peering is "external"13:12
jamesdentonyeah, that's at least predictable. here it looks like you need to enable dynamic peering by subnet cidr13:12
jrosseroh actually, [P2] looks different to what i remember13:13
jrosseri would kind of expect to see some BFD thrown in there somewhere in order to get routes withdrawn real quick when an amphora goes away for whatever reason13:16
jrosserjamesdenton> speaking of CI... if i wanted to test OSA builds against a new pool of servers (such as an internal cloud) what would be needed to do that?13:17
jrosser^ you mean more than just running an AIO?13:18
jamesdentonwell, i guess replicating a zuul would be the first step?13:18
jamesdentonyeah, i'm not really sure what i'm asking TBH. 13:18
jrosserdepends if you want to precisely replicate the actual CI13:19
jrosseror just automatically run an AIO which is a bit different13:19
jrosserwe have people here who use github actions with on-prem runners in openstack VM, which is also a form of CI too13:20
jamesdentonreally i just need to load test some new regions i'm spinning up, thinking of the best way to do that. Might just be to use existing TF stuff i have13:20
jamesdentonmaybe thats the way to go, i've never done that13:20
jrosserbut yeah, load test might be more like TF as you say13:20
jrosseras you'd be able to parameterise that pretty easily13:21
NeilHanlonSo, I started trying to package incus yesterday because I was... well, not bored, but, procrastinating..13:40
NeilHanlonit didn't go well 😂13:40
noonedeadpunkI see :D13:43
noonedeadpunksounds not super promising13:43
mgariepyit's version 0.1 ;p13:43
mgariepyi guess the ubuntu/debian build works as expected.13:44
mgariepyhaven't had time to play with it tho. only tested some arch user pkg and some config were missing.13:45
noonedeadpunkthey have a repo for ubuntu already... So I guess it does13:45
mgariepyStéphane Grabber is building it. and it's running on the incus demo website.13:46
mgariepyhttps://linuxcontainers.org/incus/try-it/13:46
jrosserlooks like we might be able to save some tasks in the PKI role13:51
jrosserensuring that dirs exist way more times than really needed13:51
mgariepyi'm a bit too ctrl+w happy to use a linux shell inside web browser lol.13:51
noonedeadpunkoh yes13:52
noonedeadpunkthat's always a case for me with IPMI consoles :D13:52
noonedeadpunkcan't really resist from doing ctrl+w13:53
mgariepyglad i'm not alone :) haha if you find a cure please tell me.13:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not try to install packages on each log_instance_info run  https://review.opendev.org/c/openstack/openstack-ansible/+/86637213:57
opendevreviewJonathan Rosser proposed openstack/ansible-role-pki master: Simplify PKI host directory creation  https://review.opendev.org/c/openstack/ansible-role-pki/+/89926913:57
opendevreviewMerged openstack/openstack-ansible master: Add CI jobs for debian bookworm  https://review.opendev.org/c/openstack/openstack-ansible/+/89456114:02
NeilHanlonnoonedeadpunk: yeah, i think it will get better.. the build process right now is a bit "wtf" to me so, i am gonna hold off on trying to build a proper package for now... lol14:05
mgariepyNeilHanlon, you probably can poke de dev on libera-chat #lxc14:05
NeilHanlonmgariepy: good call, thanks14:06
mgariepypoke stgraber ;)14:06
noonedeadpunkthe last patch left for finishing debian 12:) https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89872414:48
noonedeadpunk(or about the last)14:49
noonedeadpunkand also some ready patches for quorum queues https://review.opendev.org/q/topic:osa/quorum_queues+status:open+label:Verified15:31
opendevreviewJonathan Rosser proposed openstack/ansible-role-pki master: Only create certificate destination directories once.  https://review.opendev.org/c/openstack/ansible-role-pki/+/89927915:32
noonedeadpunkthat patch doesn't looks like having any significant decrease of runtime: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/899166 :(15:58
noonedeadpunkas it was quite promising15:58
noonedeadpunkunless it's not properly tested....15:59
jrosserno sadly it does not seem to have much impact16:15
jrosserbut actually the connection plugin code size is really reduced with these patches16:15
jrosserwhich is understandability++16:15
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: Adopt for usage openstack_resources role  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/89928416:20
noonedeadpunkyeah. true, that is still good improvement, I just had some hopes, that doing if/else 1M times instead of 5M times will save at least some time16:22
jrosseri did also try removing the ssh roundtrip to get the container PID and instead mount /root from each container into /openstack/roots/<container_name>16:30
jrosserbut somehow that didnt really give a noticeable improvement ether16:30
noonedeadpunkoh, well, I think I have found smth16:32
noonedeadpunkhttps://paste.openstack.org/show/bEyZD3APh1X264o7zXSY/16:33
noonedeadpunkAnd I made literally 1 change16:33
noonedeadpunkand I bet you might easily guess what the change it was...16:33
noonedeadpunkwill try to come with smth relatively sustainable...16:38
noonedeadpunkso 400ms on each connection might have dramatical difference16:40
jamesdentonyou disable reverse dns lookup?16:46
jamesdentoncurious :)16:46
jrosserits always dns16:46
jrosseri wonder if whatever that is also makes a difference with controlpersist16:47
noonedeadpunkMOTD16:49
jamesdentonhah16:49
noonedeadpunkthe dynamic one which comes from pam.d16:49
noonedeadpunkstatic one we put there has no difference at all16:50
noonedeadpunkI'm not sure if upstream images do have that kind of thing though16:53
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-hardening master: DNM Check if disabling PAM speedup things  https://review.opendev.org/c/openstack/ansible-hardening/+/89928617:02
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: DNM  https://review.opendev.org/c/openstack/openstack-ansible/+/89928717:02
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM  https://review.opendev.org/c/openstack/openstack-ansible/+/89928817:03
noonedeadpunkI can imagine that motd is indeed not part of the CI images. Though looks like in real world it can speedup things a lot17:04
opendevreviewMerged openstack/openstack-ansible-openstack_hosts master: Use relevant osbpo repository for Debian 12  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89872417:20
NeilHanlonbtw rocky just built the centos-release-openstack-bobcat packages and it should be available on mirrors shortly (for any distro-type jobs we might have whenever)17:47
NeilHanlon(h/t mnasiadka for the request)17:48
noonedeadpunkNeilHanlon: yeah, I know, there was a ML regarding that yesterday. But we kinda need to have UCA as well before switching to that18:07
noonedeadpunkoh, they already have bobcat, sweet18:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Switch codename to Bobcat  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89929418:11
noonedeadpunkhere we go ^18:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not try to install packages on each log_instance_info run  https://review.opendev.org/c/openstack/openstack-ansible/+/86637218:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Add gate_log_requirements function  https://review.opendev.org/c/openstack/openstack-ansible/+/89915818:24
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible/+/899288/ gives actually interesting results - it's failing quite randomly on SSH connection18:26
noonedeadpunkbut then they go to retry somehow18:27
noonedeadpunkas I guess zuul uses pam? but super werd as rhel have it commented out... and only keypairs should be used18:31
noonedeadpunkbut things fail on image upload in tempest at worst18:32
noonedeadpunksad I won;t get any time which it took to fail even...18:32
jrosserwe have retry in the connection plugin18:42
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-hardening master: DNM Check if disabling PAM speedup things  https://review.opendev.org/c/openstack/ansible-hardening/+/89928618:48
noonedeadpunkwell. it shouldn't retry zuul jobs after task fails :)18:49
noonedeadpunkso it indeed looks like slow VMs in CI: https://paste.openstack.org/show/bMYzMdECdOeeZqGVjcOb/19:39
noonedeadpunkLike 1 minute wasted here literally nowhere19:39
noonedeadpunkunless these were wheels that built....19:39
nixbuilderHello... I am installing from the 27.1.0 scripts and am getting an haproxy deprecation error... the error is "'option httpchk' : hiding headers or body at the end of the version string is deprecated. Please, consider to use 'http-check send' directive instead."  So I get deprecation errors and the install fails because of errors found in configuration.  Has anyone else seen this?19:40
noonedeadpunknixbuilder: do you have any custom haproxy endpoints defined? Or that is clean installation which is pretty much default one?19:41
noonedeadpunkAlso what OS are you running?19:41
noonedeadpunkAs I don't see "option httpchk" anywhere in our code for 27.1.019:42
noonedeadpunkah, sorry I do see them19:42
nixbuilderOS is Rocky 9 and I do not have any custom haproxy endpoints defined.  This is a clean bare metal install.19:43
noonedeadpunkok, I see. So we have patched that on master: https://review.opendev.org/c/openstack/openstack-ansible/+/88728519:44
noonedeadpunkBut I don't think it would raise an error to be frank - it's a noise but it should not hurt I believe...19:44
noonedeadpunkSo can you kindly paste error?19:44
noonedeadpunkyou can use https://paste.openstack.org/ for that19:45
nixbuilderhttps://paste.openstack.org/show/bjIvLlf8vqEwdWF0LXN4/19:47
jrosserthat is just a deprecation warning from haproxy19:48
jrosserit's not a failure19:48
noonedeadpunk` 'bind 10.255.60.2:15671' : unable to stat SSL certificate from file '/etc/haproxy/ssl/haproxy_infra01-10.255.60.2.pem' : No such file or directory`19:48
noonedeadpunkthat is the failure19:48
noonedeadpunkI think, that could be some leftover from previous runs, if you happen to change IPs or some services?19:49
* noonedeadpunk writing some suggestion19:51
nixbuilderNo... fresh install. Hmmm... the '/etc/haproxy/ssl/' is empty :-(19:52
noonedeadpunktry smth like: 1. ansible -m file -a "path=/etc/haproxy/conf.d state=absent" haproxy_all19:53
noonedeadpunk2. openstack-ansible playbooks/haproxy-install.yml --tags haproxy_server-config,haproxy-config19:54
noonedeadpunk3. openstack-ansible playbooks/setup-infrastructure.yml --tags haproxy-service-config19:56
noonedeadpunknixbuilder: certificates should be stored in /etc/openstack_deploy/pki folder19:56
noonedeadpunkso they're generated there and then placed on destination hsots19:57
nixbuildernoonedeadpunk: I double-checked my user_variables.yml file and I have 'haproxy_ssl: false'. So I didn't think certificates would have been required.19:57
noonedeadpunkah.19:58
noonedeadpunkwell... it should not fail then....19:59
noonedeadpunkI think we have... imperfectess...20:00
nixbuildernoonedeadpunk: The only certs in '/etc/openstack_deploy/pki' are for galera20:00
noonedeadpunknixbuilder: can you try adding `rabbitmq_management_ssl: false`?20:00
nixbuilderSure.20:01
noonedeadpunksomehow we don't respect haproxy_ssl here for rabbitmq: https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/rabbitmq_all.yml#L41-L4220:03
noonedeadpunknixbuilder: and rpobably you can disregard my previous commands20:04
noonedeadpunkjust define rabbitmq_management_ssl and re-run rabbitmq-install.yml playbook20:04
noonedeadpunkjrosser: really weird things I see when I attach to zuul consoles. Like things being stuck between tasks20:08
noonedeadpunkand pretty much always like for 69 seconds or smth like that20:09
noonedeadpunkor it's renderring weirdly... or I am missing smth...20:10
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM check if having ARA or not affects job runtime  https://review.opendev.org/c/openstack/openstack-ansible/+/89930920:13
noonedeadpunkor there's really smth off with SSH20:14
nixbuildernoonedeadpunk: Thanks... that fixed it!20:36
noonedeadpunkok, awesome. I guess we need to patch that though...20:37
jrossernoonedeadpunk: on a metal job i guess we can also check without our connection plugin?20:38
noonedeadpunkI think we did that20:39
noonedeadpunk(I guess it was damiandabrowski tbh)20:39
noonedeadpunkand there was no difference iirc20:39
jrosserinteresting20:39
jrosseri made a "lots.yml" which did copy: N times20:40
jrosserand there was a difference between our plugin and not with that20:40
jrosserbut it was not huge, like 40s vs 35s or something20:40
jrosserthat was with zero vars as well20:41
noonedeadpunkyeah, I guess in CI there was no visible difference after all20:41
noonedeadpunkThough I'm looking at this DNM patch and it feels like being slightly faster on average...20:41
noonedeadpunkBut I do really see things just being stuck for 60sec...20:42
jrosserwhich one?20:42
damiandabrowskiI only removed openstack.osa.linear plugin: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/87442520:42
noonedeadpunkah, ok, righy20:42
noonedeadpunkjrosser: basically this https://review.opendev.org/c/openstack/openstack-ansible/+/899288 (but changes are in dependent one)20:43
jrosserah ok20:43
noonedeadpunkbut config like that looks like... smth that can cause such 1m hold on connection: https://zuul.opendev.org/t/openstack/build/4e911b59ed7340d9bb098b3904fd2a01/log/logs/etc/host/ssh/sshd_config.txt#156-15720:44
jrosseri wonder if sshd logs any of that20:45
noonedeadpunkbut like this job was indeed fast https://zuul.opendev.org/t/openstack/build/7990e26401c945499fae2f2f1c4c2cee20:45
noonedeadpunkbut we didn't have bookworm jobs to compare...20:46
noonedeadpunkBut I barely saw jobs that finish less then 1:20 or smth in a while...20:47
jrossergrafana will be insightful for that20:47
jrosserwe need to update that again too20:47
noonedeadpunkwell, there're some port scanning happening on the vm in CI20:53
noonedeadpunkhttps://zuul.opendev.org/t/openstack/build/f7fb69eeaa6e488d8f64a914eb0d82a7/log/logs/host/auth.log.txt#1512-151720:56
noonedeadpunkbut probably not too much....20:56
noonedeadpunkdisabled pam in zuul looked really fast btw. 21:03
noonedeadpunkthough it was failing as well...21:04
opendevreviewMerged openstack/openstack-ansible-os_octavia master: Fix example playbook linters  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/89735021:08
noonedeadpunkbut what I know for sure is that gssapi is enabled in CI images that for sure slow down things a lot21:09
noonedeadpunkAs i've seen on some failures today that auth failed with gssapi,publickey,password21:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM test metal CI speed without connection plugin  https://review.opendev.org/c/openstack/openstack-ansible/+/89931221:16
jrosserthose random ssh attempts could be using up auth slots in the sshd config21:38
noonedeadpunkYeah, I was kinda thinking the same... there was not lot of them though... but maybe just because of limiting, given that ansible kinda already consumes quite some21:39
jrosserlook also in the connection plugin, if we get failure to connect it has exponential back off retries21:41
noonedeadpunkdo we log these though?21:41
jrosserthat might both hide things and cause delay at the same time21:42
noonedeadpunkI'm looking now in https://zuul.opendev.org/t/openstack/stream/5780246de5c3496ca1345222d01bb047?logfile=console.log which jsut was stuck for 10 mins already21:42
jrosseronly with lots of -v21:42
noonedeadpunkhttps://paste.openstack.org/show/bzX1GB5o7BoRPmkbHmsi/21:42
noonedeadpunkah lol21:42
noonedeadpunkit was executing tempest21:42
noonedeadpunkI guess I'm jsut getting confused with that task name and result are show together21:43
noonedeadpunkwhile i nreal world you will see task header and then status will follow21:43
noonedeadpunkbut then, I've spotted that https://opendev.org/openstack/ansible-role-python_venv_build/src/branch/master/tasks/python_venv_wheel_build.yml#L110-L113 takes quite some time on each run21:44
jrossermaybe something is horribly inefficient to delete many files21:45
noonedeadpunkugh, no, forget about it, it's again output that confused me...21:47
noonedeadpunknext task is building wheels and that what takes time21:47
jrosserthose time stamps are confusing21:50
noonedeadpunkI'm not 100% sure, but that looks slightly better then last couple of results on avergae https://review.opendev.org/c/openstack/openstack-ansible/+/89928821:50
noonedeadpunkbut again - we could be lucky with the load in CI...21:50
noonedeadpunklike 1 upgrade is less then 2h..21:51
noonedeadpunkbut I don't think it has smth to do with the patch21:51
noonedeadpunkand then 1 llxc is almost 3h21:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM: Try to tune SSH in pre-step.  https://review.opendev.org/c/openstack/openstack-ansible/+/89931822:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM Disable wheels build  https://review.opendev.org/c/openstack/openstack-ansible/+/89931922:16
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM: Try to tune SSH in pre-step.  https://review.opendev.org/c/openstack/openstack-ansible/+/89931822:26
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM Disable wheels build  https://review.opendev.org/c/openstack/openstack-ansible/+/89931922:26
noonedeadpunkhuh, not using our connection plugin looks like a visable improvement....22:38
noonedeadpunkmaybe too earl to judge though...22:39
« Tuesday, 2023-10-24 Index Thursday, 2023-10-26 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!