Friday, 2021-11-12

« Thursday, 2021-11-11 Index Saturday, 2021-11-13 »
*** odyssey4me is now known as Guest565500:47
opendevreviewMerged openstack/openstack-ansible-os_nova master: Enable TLS for live migrations  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/81522400:49
*** gouthamr_ is now known as gouthamr06:19
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-os_zun master: kata: disable installation on debian bullseye  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/81771408:41
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-config_template master: Fix repository URL in galaxy.yml  https://review.opendev.org/c/openstack/ansible-config_template/+/81772009:15
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-systemd_service master: Add ability to create templated services  https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/81653109:24
MrClayPole_Hi, I'm running OSA 20.2.6. When performing maintenance on one of my three infrastructure nodes. I get very slow access and HTTP 504 errors in Horizon when one of the nodes is offline. I've traced this to when 1 of the 3 Memcache containers is offline. Is there a way to enable Horizon to better handle one of its Memcache servers being offline?09:56
noonedeadpunkMrClayPole_: actually it's more about interaction of keystone with memcached09:57
noonedeadpunkBut yes, you can check https://docs.openstack.org/openstack-ansible-memcached_server/latest/configure-ha.html#configuring-memcached-through-haproxy09:58
noonedeadpunkif you don't want to balance memcached through haproxy, you also can improve things dramatically by ensuring that keystone uses proper driver09:59
MrClayPole_Which method would you recommend?09:59
noonedeadpunkyou should check that [cache] backend in keystone.conf is `oslo_cache.memcache_pool` and not dogpile10:00
noonedeadpunkwell actually I believe that in train backend should be already set to memcache_pool10:01
MrClayPole_Looks like I'm still using dogpile10:02
MrClayPole_[cache]10:02
MrClayPole_backend = dogpile.cache.memcached10:02
noonedeadpunkso switching backend is low hanging fruit which will improve things dramatically10:03
MrClayPole_Ah sorry my bad. This enviroment is still on Rocky. I'm been work so much of our test enviroment which is Train.10:03
noonedeadpunkas you can jsut set override fast enough. And you should not see 504 anymore10:03
noonedeadpunkHowever you will still experience some latency when controller will went down10:04
MrClayPole_OK, I'll test both methods but I'm currently liking the haproxy fix. 10:04
noonedeadpunkhaproxy balancing will eliminate even this latency. but it requires more effort10:04
noonedeadpunkas eventually you'd better switch all services to be served through same endpoint10:05
*** chandankumar is now known as raukadah10:05
MrClayPole_Agreed, it feels a like a better solution and less visible to the customer when we are patching/rebooting our infrastructure nodes10:06
noonedeadpunkalso, haproxy does l3 balancing, which is not perfect. For instance, mcrouter can balance on L7, but we don't have role for it10:06
noonedeadpunkyou can also install it on haproxy nodes and it would be even better10:07
MrClayPole_.. but still I can put the backend in MAINT mode before I reboots it should be pretty seemless?10:07
noonedeadpunkthe problem is a bit different with haproxy10:07
noonedeadpunkso memcached does not support clustering at all - by design10:08
MrClayPole_So when we failover then services get an empty memcache?10:08
noonedeadpunkso haproxy uses source ip balancing, which means that it makes an assumption of destination where cache is placed10:08
noonedeadpunkyeah, some of them10:09
noonedeadpunkthat's why mcrouter is more proper solution10:09
noonedeadpunkbecause it's aware about where exacly cache is stored10:09
noonedeadpunkand can manage failovers more efficiently10:09
noonedeadpunkBut actually you will get empty cache in case of any failover10:10
MrClayPole_OK, but how does L7 load balancing help as based on my limited understanding the requested item is either in the memcache or its not and it gets requested from source?10:10
noonedeadpunkit more matter if you might have corner cases without failovers or not...10:10
noonedeadpunkin case of failover it doesn't matter much10:11
noonedeadpunkbut, during runtime, haproxy makes bunch of assumptions, that this ip should have stored on this backend. But in fact it has small idea where it is in reality10:11
MrClayPole_So if I'm following if you had an active/active service using the memcache then haproxy could route then to different memcache instances?10:14
noonedeadpunkyes and it will10:18
noonedeadpunklikely10:18
MrClayPole_Can we make haproxy route all requests to one memcache and other failover when that one is down?10:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Fix inconsistency in haproxy_frontend_raw naming  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/81772710:30
noonedeadpunkMrClayPole_: sure you can10:40
noonedeadpunkit's all about how you describe haproxy_extra_services10:40
noonedeadpunkso you can define one backend in haproxy_backend_nodes and others in haproxy_backup_nodes I believe10:42
noonedeadpunkbut well, I'm not sure this was available on rocky tbh10:43
opendevreviewJames Gibson proposed openstack/openstack-ansible-haproxy_server master: Remove httplog directive from backends as ignored  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/81773110:48
opendevreviewMerged openstack/openstack-ansible-os_nova stable/victoria: Add Virtual GPU Config to nova.conf template  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/81753710:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Allow to provide mdev addresses as list  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/81773811:02
mgariepyMrClayPole_, if it worth it with Rocky when i did upgrade the control plane i did remove the memcached that was down from the keystone.conf file which made the responses fast.13:09
mgariepywhat i did was: ```ansible keystone_all -m lineinfile -a "path=/etc/keystone/keystone.conf regexp='^memcache_servers' line='memcache_servers = 172.16.20.220:11211,172.16.20.240:11211'```13:11
mgariepyand restart the service.13:11
noonedeadpunkwell, I'd just set backend driver to oslo_cache.memcache_pool tbh - it partially solves issue and makes it at least not that bad 13:11
MrClayPole_Thanks mgariepy worth considering if I know one of them is going to be down for a while. Just testing noonedeadpunk's suggestions at the moment13:12
noonedeadpunkbecause oslo comparing to dogpile somehow "marks" memcached backend as down and do not retry failed backend each time13:12
noonedeadpunknot perfect but super easy to use13:13
MrClayPole_So are no 504 timeouts with the oslo_cache.memcache_pool but as you said there is still the lag13:13
noonedeadpunkand actually if you're loocking for upgrade - I'd plan to switch to haproxy/mcrouter during upgrade13:14
MrClayPole_The haproxy link you sent looks straight forward enough. Just deciding if we implement mcrouter.13:20
noonedeadpunkwell, mcrouter is a facebook child, so while it's great, it's also a bit opionated and has issues with operating systems support - they make it work for their specific usecase only afaik13:22
noonedeadpunklike it was with flashcache kernel module for instance...13:23
noonedeadpunkand thus can drop it was well. But we used it in some deployments pretty successfully13:23
MrClayPole_I'll see how far I get with testing just haproxy first as I'm reluctant to install mcrouter if there isn't an osa role.13:37
noonedeadpunkyeah and we don't plan to ad it just in case13:40
noonedeadpunk*add13:40
opendevreviewMerged openstack/openstack-ansible master: Bump ansible and collection versions  https://review.opendev.org/c/openstack/openstack-ansible/+/81737514:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Update mariadb to 10.6.5  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/81738414:35
spateljamesdenton_alt morning! 15:26
*** frenzy_friday is now known as frenzyfriday|PTO15:59
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Drop Nginx webserver support  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/81739017:25
prometheanfirelooking for multi-region deployment docs for OSA, any pointers?18:21
*** Guest5508 is now known as melwitt19:26
*** melwitt is now known as Guest571619:27
*** Guest5716 is now known as melwitt19:32
*** melwitt is now known as jgwentworth19:34
opendevreviewMerged openstack/openstack-ansible-os_keystone master: Fix apache ProxyPass arguments  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/81140221:06
opendevreviewMerged openstack/openstack-ansible-os_gnocchi stable/wallaby: Fix gnocchi multi-node when storage_driver is file  https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/81742822:34
opendevreviewMerged openstack/openstack-ansible-os_gnocchi stable/victoria: Fix gnocchi multi-node when storage_driver is file  https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/81742922:41
opendevreviewMerged openstack/openstack-ansible master: Add playbook to generate any user defined certificates  https://review.opendev.org/c/openstack/openstack-ansible/+/81652222:52
« Thursday, 2021-11-11 Index Saturday, 2021-11-13 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!