Thursday, 2026-05-21

« Wednesday, 2026-05-20 Index Friday, 2026-05-22 »
@priteau:matrix.orgHello. Do we know if some cloud providers filter ICMP ping to 8.8.8.8? In this case, vexxhost-ca-ymq-1-main.06:43
-@gerrit:opendev.org- Jan Gutter proposed: [zuul/zuul-jobs] 989502: Extend copy-build-ssh for custom algorithms https://review.opendev.org/c/zuul/zuul-jobs/+/98950210:19
@fungicide:matrix.orgPierre Riteau: i can check, but i doubt it13:17
@fungicide:matrix.orgPierre Riteau: i get 0% packet loss when pinging 8.8.8.8 from our mirror there... https://paste.opendev.org/show/bUW5BpuiaG0SgI7TqP4r/13:20
@fungicide:matrix.orgdo you have an example build failure or something i can look at?13:20
-@gerrit:opendev.org- Zuul merged on behalf of Mauricio Harley: [opendev/system-config] 988775: Add #openstack-pqc to channel logging and statusbot https://review.opendev.org/c/opendev/system-config/+/98877513:35
-@gerrit:opendev.org- Zuul merged on behalf of Jeremy Stanley https://matrix.to/#/@fungicide:matrix.org:13:38
- [openstack/project-config] 959893: Remove mirror.openeuler utilization graph https://review.opendev.org/c/openstack/project-config/+/959893
- [openstack/project-config] 980500: Run validate-pyproject during package checks https://review.opendev.org/c/openstack/project-config/+/980500
-@gerrit:opendev.org- Zuul merged on behalf of Clark Boylan: [opendev/system-config] 989465: Enable nodejs heap snapshots with SIGUSR2 against etherpad https://review.opendev.org/c/opendev/system-config/+/98946513:40
-@gerrit:opendev.org- Zuul merged on behalf of Jeremy Stanley https://matrix.to/#/@fungicide:matrix.org: [opendev/system-config] 958302: Correct Kerberos realm var documentation https://review.opendev.org/c/opendev/system-config/+/95830213:40
@clarkb:matrix.orgbit of a slow start today, but I want to followup with mnasiadka on backup servers if now is still good then I'll try to capture some heap snapshots from etherpad and see if that provides useful info15:11
@mnasiadka:matrix.orgClark: now is fine actually :)15:11
@clarkb:matrix.orgmnasiadka: for backup servers I think what we can likely do is boot a new server in vexxhost and have it fully deploy as a backup server. Then swap over the selection of which backup servers to backup to to use that one instead of the old one. Then after confirming successful backups from all of the backup sources we can clean up the old backup server and attach its volume to the new server for historical record keeping15:12
@clarkb:matrix.orgmnasiadka: the piece of that that I am not confident in is how the sources select the target backup server. So that is what I'll look at next15:12
@clarkb:matrix.orgmnasiadka: then the other thing to keep in mind is the cloud providers and regions of the backup servers are selected to give us some geographical and provider diversity so we should put replacement servers in the same locations as the current servers.15:13
@fungicide:matrix.orgrevisiting ze07, it now has two hung `docker-compose pull` processes, the second one from about an hour ago. i'll see if i can work out what's going on there15:13
@fungicide:matrix.orgoh, actually most (all?) of them have one or more hung pulls in their process lists now15:14
@fungicide:matrix.orgze04 is still clean15:14
@clarkb:matrix.orgmnasiadka: https://opendev.org/opendev/system-config/src/branch/master/playbooks/roles/borg-backup/tasks/main.yaml#L64-L82 we actually auto enroll the backup servers on the sources. I think that is fine. We'll end up with the new server being attempted for use along side the old servers. If there are failures we can followup from there while the existing backup servers will presumably continue to work as is15:14
@clarkb:matrix.orgfungi: we do run hourly jobs against zuul which may explain the more recent process15:15
@fungicide:matrix.orgze10 and ze12 are also okay still but the other executors have one or two pulls in their process lists from hours ago15:15
@mnasiadka:matrix.orgOk, so I need to spawn backup03.ca-ymq-1.vexxhost.opendev.org, add DNS entries and add it to the inventory as a starter15:16
-@gerrit:opendev.org- Zuul merged on behalf of Jan Gutter: [zuul/zuul-jobs] 989502: Extend copy-build-ssh for custom algorithms https://review.opendev.org/c/zuul/zuul-jobs/+/98950215:16
@clarkb:matrix.orgmnasiadka: yup and then theoretically when we add it to the inventory ansible will auto enroll all the sources and then we can work on ensuring backups look good before removing the old server15:17
@mnasiadka:matrix.orgSure, and then attach the old servers volume in the new server for history15:17
@clarkb:matrix.organd the backup servers rely on cinder volumes to store backup data so we should ensure we're creating a new server that looks like the old one with a new volume and all that15:17
@fungicide:matrix.orginterestingly, none of the other zuul servers (executors, launchers, mergers) have hung image pulls, only most of the executors15:17
@clarkb:matrix.orgexactly15:17
@mnasiadka:matrix.orgOk, I guess that's a plan then - so let me finish some other thing and get started on this.15:18
@clarkb:matrix.orgmnasiadka: great. And if there are any questions or something I can help with just let me know15:18
@clarkb:matrix.orglooks like etherpad was properly recreated with the new config after that change ran. So now I'm just going to wait for the next auto restart due to OOM to capture my first heap snapshot. Then I'll wait a minute or two and capture a second15:34
@clarkb:matrix.org(I'm waiting since memory utilization is high enough at the moment that I worry a heap snapshot will push it over the edge)15:34
@fungicide:matrix.orgmakes sense15:35
@fungicide:matrix.orghttps://status.redhat.com/ doesn't mention any known quay.io incidents since may 9, nor are there ay warning banners on the https://quay.io/ site either, so i'm not sure what to make of the hung image pulls on zuul executors15:38
@clarkb:matrix.orgfungi: strace may give you clues?15:39
@fungicide:matrix.orgthat's where i'm headed next, yes15:39
@fungicide:matrix.orgthough the child process is waiting on a futex15:40
@fungicide:matrix.orgnot very helpful15:40
@fungicide:matrix.orgchecked both hung children on ze07 (the one from yesterday and the one from today), and their strace output is identical15:41
@clarkb:matrix.orgif you use -f it will follow all the children15:41
@fungicide:matrix.org`futex(0x4383800, FUTEX_WAIT_PRIVATE, 0, NULL`15:41
@clarkb:matrix.orgwhich can sometimes show interactions between processes that are harder to see when tracing specific processes individually15:41
@fungicide:matrix.orgif i `strace -fp ...` the parent shell process ansible spawned, all i see is: `wait4(-1,` which is even less useful, sadly15:42
@fungicide:matrix.orgthe great-grandparent process, as it were15:43
@fungicide:matrix.orgthe grandparent does seem to be in a polling loop checking a futex, checking the clock, sleeping, checking the futex again...15:43
@fungicide:matrix.organd the parent process shows the same as well, though using an `epoll_pwait()`15:44
@fungicide:matrix.orgbasically seems like it's probably hung in the middle of downloading or waiting for a response15:44
@fungicide:matrix.orgbut there are no obvious strings that give away what's going on for sure15:45
@clarkb:matrix.orgmaybe lsof/open file descriptors will give clues to that if it still has a tcp connection open15:49
@clarkb:matrix.orgI now have two heap snapshots. The first was quick to write. The second took a while. I'm glad I double checked the file sizes on disk to notice the second was still increasing in size so I think I now have the complete snapshot15:49
@clarkb:matrix.orgnow to try and understand if they tell us anything interesting15:50
@fungicide:matrix.orginterestingly, lsof isn't indicating there are open network sockets for the child or its immediate parent (plenty of unix sockets though)15:55
@fungicide:matrix.orgi wonder if we can just ignore this. on ze07 manually running the same `docker-compose pull` completes normally for me, so i don't think the hung processes are blocking subsequent runs, and will disappear on their own when the executors get rebooted over the weekend16:00
@clarkb:matrix.orgok I think the leak is happening in string objects and likely tied to the database16:01
@clarkb:matrix.orgsnapshot one has ~747k strings directly consuming 93MB of memory. snapshot two has ~2.1million strings directly consuming ~179MB. Meanwhile the database goes from basically no retained memory (memory that would be freed if this object is freed) to ~256MB16:02
@clarkb:matrix.orgI think whatever data management with string data returned by the database is not releasing those objects and is leaking them16:03
@clarkb:matrix.orgfungi: makes sense to me if current runs are happy16:03
@clarkb:matrix.orgok this heap snapshot tooling is magic. I can start at the db connection drill down and see there is a query object with an array called _rows with tons of entries. Then I can even inspect those rows to see that they largely seem to map to sessionstorage values. Then I can go look at the etherpad commit history and find: https://github.com/ether/etherpad/commit/605ad280682d522fafa736d4f52f06c0c1973844 and https://github.com/ether/etherpad/commit/da9f5ac4eed750af2448c42d7973b9b0b243fd5416:18
@clarkb:matrix.orgmy hunch here is taht the session cleanup routine is not memory efficient (and maybe just striaght up leaks things?)16:18
@clarkb:matrix.orgbut those commits also indicate we can delete session cleanups. In theory this is safe since we weren't cleaning up sessions prior to the upgrade? I want to double check that, but I think the next step is to disable that config option and see if things are happier afterwards16:19
@clarkb:matrix.organd if so file a bug16:19
@clarkb:matrix.org(maybe file a bug either way with what we learn after disabling the cleanups)16:19
@clarkb:matrix.orgconfirmed that sessionCleanup: true comes from the 2.7.3 upgrade16:20
@clarkb:matrix.orgso let me get a change to toggle that to false and we can see if that helps if we feel comfortable with it16:21
-@gerrit:opendev.org- Clark Boylan proposed: [opendev/system-config] 989564: Disable etherpad session cleanups https://review.opendev.org/c/opendev/system-config/+/98956416:27
@clarkb:matrix.orginfra-root ^ while I'm not 100% certain that will fix things I think it is a likely enough thread to pull on to make that change16:27
-@gerrit:opendev.org- Michal Nasiadka proposed: [opendev/zone-opendev.org] 989566: Add backup03.vexxhost https://review.opendev.org/c/opendev/zone-opendev.org/+/98956616:34
-@gerrit:opendev.org- Michal Nasiadka proposed: [opendev/system-config] 989567: Add backup03 https://review.opendev.org/c/opendev/system-config/+/98956716:39
@clarkb:matrix.orgmnasiadka: looks like the new backup server may not have its volume attached and mounted yet? I think its fine to land the dns update before then. but we should hold off on the inventory update until that is done so the server configuration can work properly16:40
@mnasiadka:matrix.orgAh, second volume - right16:42
@mnasiadka:matrix.orgwanted to create the changes to not loose the output :)16:42
@clarkb:matrix.orgyup thats fine. I just want to avoid landing changes too quickly :)16:42
@mnasiadka:matrix.orgDid w -1 ;-)16:43
@mnasiadka:matrix.orgOk, attached - any special script to be run like in mirror server case?16:47
@clarkb:matrix.orgmnasiadka: I think its the normal script https://opendev.org/opendev/system-config/src/branch/master/launch/src/opendev_launch/mount_volume.sh which launch node can actuall run for you if given the correct set of options when executed. But it should be fine to run now16:48
@clarkb:matrix.orgyou should be able to compare the fslabel and mount path args to the existing backup server16:48
@mnasiadka:matrix.orgthe vg on backup02 is main-202010 compared to main in the script16:51
@clarkb:matrix.orgmnasiadka: oh we must custom set that to help keep track of the different volumes to make it easier to attach them to the next/new backup server?16:51
@clarkb:matrix.orgmnasiadka: I think we should keep that convention. But I don't think we have a special script for it so maybe need to edit the script I linked16:52
@mnasiadka:matrix.orglooking at history on backup02 - that was done manually16:52
@mnasiadka:matrix.orglet me retrace these steps16:53
@clarkb:matrix.orgok16:53
@clarkb:matrix.orgfungi: ^ you may be more help here than I am as my lvm knowledge is minimal16:53
@mnasiadka:matrix.organy guidance on the main- suffix?16:53
@mnasiadka:matrix.orgno worries, I'm an ex AIX admin, LVM is my life ;)16:54
@clarkb:matrix.orgperfect :) I would call it main-202605 ?16:54
@clarkb:matrix.orgthat way its clear this is the new one from ~now16:54
@fungicide:matrix.orgyeah, i'm happy to provide linux lvm2 management guidance, but we're not doing anything fancy there. just sticking with the naming conventions you see for other servers should be fine for the sake of consistency16:56
@fungicide:matrix.organd correct, the reason we dated the names of the volumes for backups was for when we rotated them out, so we'd have some idea of when we stopped using one and started using another, with the intent of deleting the old ones after a while16:57
@mordred:waterwanders.comsmit ftw16:59
@fungicide:matrix.orgfond memories of swearing at smit16:59
@fungicide:matrix.orggranted, aix was far less painful than hp/ux or *shudder* sco17:00
@mnasiadka:matrix.orgOk then, FS mounted, we're good17:01
@mnasiadka:matrix.org`/dev/mapper/main--202605-backups--202605 1007G   28K 1007G   1% /opt/backups-202605`17:01
@fungicide:matrix.orglgtm17:01
@clarkb:matrix.orgI wonder what makes the symlink is that automated somehow or manual?17:02
@clarkb:matrix.orghrm actually /opt/backups is defined as a directory in our ansible17:03
@fungicide:matrix.orgmnasiadka: also you've likely already seen it due to working on mirror replacements, but a lot of our lvm-oriented conventions and habits are reflected in https://docs.opendev.org/opendev/system-config/latest/sysadmin.html#cinder-volume-management17:03
@clarkb:matrix.orgso how does that work if /opt/backups is meant to be a symlink to the data volume mount?17:04
@mnasiadka:matrix.orgfungi: thanks, saw that17:04
@clarkb:matrix.orghttps://opendev.org/opendev/system-config/src/branch/master/playbooks/roles/borg-backup-server/tasks/main.yaml#L1-L4 this is what I'm referring to17:04
@mnasiadka:matrix.orgClark: I made a symlink and we'll just find it out if Ansible overwrites that? But I assume it shouldn't, because that runs on all other backup servers?17:04
@clarkb:matrix.orgdo we understand how that works with the existing servers?17:04
@clarkb:matrix.orgmnasiadka: ya that. My concern is that it will create a new directory overriding the symlink and then we'll get backups going to the root disk17:05
@clarkb:matrix.orgbut ya maybe just finding out is the easiest thing. Maybe state: directory follows the symlink to discover the target is a directory and its happy?17:05
@clarkb:matrix.orgpvs/lvs/vgs look ok to my untrained eye. Do we want to reboot to ensure the post boot mounting is happy?17:08
@clarkb:matrix.orgotherwise I guess we can proceed if we're happy to find out about the symlink behavior. And I agree it seems like it just works on the existing servers?17:08
@clarkb:matrix.orgmnasiadka: I also have a question on https://review.opendev.org/c/opendev/system-config/+/98956717:11
@fungicide:matrix.orgi do encourage a reboot just to make sure things (mainly fstab) are set up correctly to mount everything at the expected place during bootup17:11
@harbott.osism.tech:regio.chatnot sure if the stuck pulls may be related, but I'm still seeing DNS issues, and there seems to be an issue with IPv6 to ns04, even when testing from bridge, although only sometimes:17:11
```
frickler@bridge01:~$ ping ns04.opendev.org
PING ns04.opendev.org(ns04.opendev.org (2604:e100:1:0:f816:3eff:feff:bd1c)) 56 data bytes
From 2001:550:2:16::2d:2 (2001:550:2:16::2d:2) icmp_seq=1 Destination unreachable: Address unreachable
```
@fungicide:matrix.orgJens Harbott: the executors are in rackspace classic dfw, while ns04 is in vexxhost ca-ymq-117:14
@fungicide:matrix.orgfor ns04 being generally unreachable over ipv6 at times, i wonder if it's related to prior incidents we've seen of guests expiring their global v6 addresses for a while before relearning them17:19
@fungicide:matrix.orgat the moment `ip -6 ad sh ens3` and `ip -6 ro sh default` look correct to me on ns0417:20
@clarkb:matrix.orgThe service-review.yaml playbook still has the net plan static config for review02 in it iirc. We weren't sure if review03 would need that as well17:22
@mnasiadka:matrix.orgClark: I’ll respond tomorrow after understanding what it really does, it’s past 7pm and I have some daughter duties ;)17:23
@clarkb:matrix.orgmnasiadka: sounds good. Enjoy your evening 17:24
-@gerrit:opendev.org- Zuul merged on behalf of Clark Boylan: [opendev/system-config] 989564: Disable etherpad session cleanups https://review.opendev.org/c/opendev/system-config/+/98956417:36
@clarkb:matrix.orgthe settings file has updated. I'll probably just let it restart on its own to pick that up (worked well enough with the stats enablement)17:40
@clarkb:matrix.orgit has restarted. I'm monitoring it to see how memory growth happens (or not)17:52
@clarkb:matrix.orgIt has been running for 6 minutes and memory usage has actually fallen17:57
@clarkb:matrix.orgI want to see it go longer than 15 minutes but I'm feeling pretty confident this was the issue. I'll file a bug if we make it past 15 minutes with consistently good memory usage17:58
@fungicide:matrix.orgseems to support your theory18:01
@clarkb:matrix.orgwe are past 15 minutes and memory looks great. I'm filing a bug now18:08
@fungicide:matrix.orggreat detective work!18:10
@fungicide:matrix.org(about defective work!)18:10
@clarkb:matrix.orghttps://github.com/ether/etherpad/issues/783018:33
@clarkb:matrix.orgI'm going to pop out for lunch now, but etherpad has been running for almost 90 minutes without a restart.19:13
@fungicide:matrix.orgyay!19:15
@clarkb:matrix.orgfungi: following up on the ansible inventory rewrite change. https://zuul.opendev.org/t/openstack/build/7d3b61522bfd49528e2d8d241bf40ebf/log/job-output.txt this gate job failed and ran in rax ord. This check job succeeded and ran in rax ord as well: https://zuul.opendev.org/t/openstack/build/e420b859144c44a9955a6a1a050ba340/log/job-output.txt20:02
@clarkb:matrix.orgI don't think that job behaves different whether it is in check or gate. So I think we can rule out environmental issues or pipeline configs (or at least they seem far less likely now)20:02
@clarkb:matrix.orgsuccessful task: https://zuul.opendev.org/t/openstack/build/e420b859144c44a9955a6a1a050ba340/log/job-output.txt#29840-29853 failed task: https://zuul.opendev.org/t/openstack/build/7d3b61522bfd49528e2d8d241bf40ebf/log/job-output.txt#30945-3095720:05
@clarkb:matrix.orgI think these may talk to the acme test instance. Maybe we're hitting a problem with that external communication?20:05
@clarkb:matrix.orgfungi: yup that is exactly it https://zuul.opendev.org/t/openstack/build/7d3b61522bfd49528e2d8d241bf40ebf/log/letsencrypt02.opendev.org/acme.sh/acme.sh.log#47-4820:06
@clarkb:matrix.orghttps://letsencrypt.org/docs/staging-environment/ here are the limits for that staging env20:07
@fungicide:matrix.orgaha20:08
@fungicide:matrix.orgi was looking in the complete wrong place20:08
@fungicide:matrix.orgso if i recheck now, it'll probably pass20:08
@clarkb:matrix.orghttps://community.letsencrypt.org/t/new-service-busy-responses-beginning-during-high-load/184174 this indicates that the issue is on their end not ours20:08
@clarkb:matrix.orgso ya I think a recheck is appropriate20:08
@fungicide:matrix.orgwill do, thanks!20:08
« Wednesday, 2026-05-20 Index Friday, 2026-05-22 »

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!