Thursday, 2019-02-07

« Wednesday, 2019-02-06 Index Friday, 2019-02-08 »
*** premsankar has quit IRC00:13
*** EricAdamsZNC has quit IRC01:29
*** EricAdamsZNC has joined #openstack-kuryr01:31
*** EricAdamsZNC has quit IRC02:13
*** EricAdamsZNC has joined #openstack-kuryr02:18
*** gkadam has joined #openstack-kuryr04:06
*** gcheresh_ has joined #openstack-kuryr05:22
*** gcheresh_ has quit IRC05:30
*** janonymous has joined #openstack-kuryr05:48
*** janki has joined #openstack-kuryr05:51
*** gcheresh_ has joined #openstack-kuryr06:26
*** pcaruana has joined #openstack-kuryr07:02
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Pools support with Network Policies  https://review.openstack.org/63467407:27
*** janki is now known as janki-07:27
*** janki- is now known as janki07:27
*** janki is now known as janki|lunch07:44
*** yboaron has quit IRC07:56
openstackgerritAshish Billore proposed openstack/kuryr-kubernetes master: Update HA doc with corections and minor fixes  https://review.openstack.org/63544607:58
*** ccamposr has joined #openstack-kuryr08:22
*** celebdor has joined #openstack-kuryr08:47
*** yboaron has joined #openstack-kuryr09:00
*** oanson has joined #openstack-kuryr09:51
openstackgerritMaysa de Macedo Souza proposed openstack/kuryr-kubernetes master: Fix SG rules on targetPort update  https://review.openstack.org/63503910:54
*** ccamposr has quit IRC11:49
*** maysams has joined #openstack-kuryr12:03
maysamshey dulek12:03
dulekmaysams, ltomasbo: Okay, so https://review.openstack.org/#/c/635039 is about fetching service or endpoint again in case LBaaSState was updated by another handler?12:05
ltomasbodulek, checking...12:05
dulekltomasbo: _get_lbaas_state and _set_lbaas_state are only used in on_present() IIUC.12:05
dulekSo this is fundamentally broken IMO and still prone to race conditions.12:06
ltomasbodulek, why?12:06
ltomasboon_present() is called on creation/modification, right?12:07
dulekBut maybe I've led my conclusion too far. :P maysams, so it's trying to protect from such case? When second handler updated state?12:07
dulekltomasbo: Yup!12:07
ltomasbodulek, problem (I suppose) is that svc code depends on the annotations both on services and endpoints12:07
maysamsdulek: this patch is about updating the endpoint when the Spec has changes12:07
dulekmaysams: Can you describe the problematic situation on the handlers level?12:09
dulekMaybe I'm misunderstanding something here.12:09
maysamsdulek: okay12:10
ltomasbodulek, I I get the svc code right, LBaaSSpecHandler is watching on the services status and it is annotating both svc spec and endpoint specs12:10
ltomasbodulek, then, the LoadBalancerHandler checks if the endpoint annotated spec matches with the endpoint annotated status12:10
ltomasboand does the required action to move the status to what is reflected on the spec12:10
ltomasbomaysams, am I right?12:11
ltomasboso, it seems that targetPort information was not included, therefore, we could not react to it12:11
maysamsltomasbo: exactly! You're right12:12
dulekltomasbo, maysams: I'm worried about this: https://review.openstack.org/#/c/635039/5/kuryr_kubernetes/controller/handlers/lbaas.py@65212:13
dulekWe retrieve that, but we still don't have a guarantee that LBaaSSpecHandler had finished.12:14
ltomasbodulek, ohh, yes... I just actually commented on that12:14
ltomasboif there is an update of the endpoint object, the on_present method should be re-executed, right?12:15
ltomasboso, we should not need that there, right?12:15
dulekltomasbo: Yup, exactly.12:15
ltomasbosame for line 670-67412:15
maysamsbut there is a problem12:15
dulekmaysams mentioned that there's no way to tell if that's the on_present we should process or not.12:16
dulekAnd that's the issue I wanted to solve now. :)12:16
ltomasbodulek, maysams: that is why it should not be updated, right?12:18
dulekmaysams: You're aware of the compare&swap mechanism in K8s API?12:18
dulekmaysams: And resourceVersion.12:19
ltomasbothe endpoints annotation spec is only written by the other class12:19
dulekMaybe that helps?12:19
ltomasboand the LoadBalancer one is only updating the lbaas state annotation12:19
ltomasbomy assumption is, if the endpoint annotation was modified, then the on_present will be triggered, right?12:20
ltomasboand that will do the corrective actions, and annotate the state12:20
ltomasboif, by any chance, it was not using the last spec, another on_present() will be triggered12:21
ltomasboand that one will again see the mismatch between spec and status annotation12:21
ltomasboor am I missing something?12:21
maysamsanother on present will be triggered, but no members will be created anymore12:21
maysamsbecause they were already created with the wrong SG12:21
maysamsstated in the endpoints annotation12:22
ltomasbomaysams, ok, I think I'm starting to get it12:22
ltomasbothere is an initial on_present() when the new endpoints are created/modified12:23
ltomasboand that is running with the older spec12:23
maysamsyes12:24
ltomasboas the other svc handler has not already update the spec12:24
maysamsyes12:24
ltomasbook, anyway, the current code will not solve the issue, right? it is just expecting that by the time the add_new_members method is executed, the other handler has completed the annotations12:24
maysamsltomasbo, right12:25
maysamsltomasbo, dulek, and I don't see any condition that could be checked in other to raise a resourcenoready exception12:26
maysamss/other/order12:26
dulekmaysams: There is one way to make it a bit better.12:27
dulekmaysams: Instead of fetching new version you can raise ResourceNotReady if update with resourceVersion will not succeed.12:27
*** janonymous has quit IRC12:28
dulekThat's way better than fetching it immediately. But doesn't solve everything.12:28
dulekmaysams: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - this seems to explain the concept.12:30
dulekBasically you'll be able to state that you want to update the annotation only if it haven't changed from the object you currently process in on_present.12:30
dulekBut in general I think the culprit here is that we update a resource from a handler that isn't watching it, right?12:30
maysamsdulek, yes12:31
maysamsdulek, so by using resourceversion I will be implementing a nicer version of my patch, but it still do not fix the problem12:33
maysamsright?12:33
dulekmaysams: Aww, I don't see a solution here immediately.12:33
dulekmaysams: I think so, yes.12:34
maysamsdulek, thank you for your suggestion12:34
maysamsI will try to think on ways to fix this12:35
ltomasbomaysams, now when the svc handler updates the spec, with your patch it will have a different targetPort, right?12:41
ltomasboperhaps we can use that to re-check what members needs to be added/removed12:41
ltomasbomaysams, maybe here: https://github.com/openstack/kuryr-kubernetes/blob/master/kuryr_kubernetes/controller/handlers/lbaas.py#L36112:43
ltomasboand then check at line 390 if we need to continue or add it if the target port has changed12:44
maysamsltomasbo: but how do we know on the LoadBalancerHandler side that the spec was updated?12:48
ltomasbomaysams, you mean when the LBaaSSpecHandler annotates the endpoints, a new on_present() is not triggered on the LoadBalancerHander?12:49
maysamsltomasbo: yes, yes.. you're right12:51
maysamssry12:51
maysamsyup, I think that might work12:51
ltomasbofingers crossed! :)12:51
maysams;-)12:52
maysamsthank you!12:52
ltomasboyour welcome! thank you for taking care of it!12:52
*** gkadam has quit IRC13:02
*** rh-jelabarre has joined #openstack-kuryr13:03
*** yboaron_ has joined #openstack-kuryr13:32
*** yboaron has quit IRC13:35
*** janki|lunch has quit IRC13:57
*** yboaron_ has quit IRC14:08
*** yboaron_ has joined #openstack-kuryr14:13
maysams:q14:21
*** irclogbot_1 has joined #openstack-kuryr14:30
*** gcheresh_ has quit IRC15:23
*** maysams has quit IRC15:33
*** yboaron_ has quit IRC15:35
*** yboaron_ has joined #openstack-kuryr15:36
*** yboaron_ has quit IRC16:04
*** yboaron_ has joined #openstack-kuryr16:05
*** yboaron_ has quit IRC16:05
*** pcaruana has quit IRC16:21
*** maysams has joined #openstack-kuryr16:52
*** premsankar has joined #openstack-kuryr17:03
dulekltomasbo: This patch from yboaron seems promising: https://review.openstack.org/#/c/63268417:17
dulekltomasbo: I think we can merge it.17:18
ltomasbodulek, checking...17:18
dulekltomasbo: Thanks, hopefully this will solve issues with test_service_pod.17:20
ltomasbofingers crossed17:20
dulekNow that I think of it… Had anyone even checked if Python's kubernetes client is thread safe on exec? xD17:20
openstackgerritMichał Dulko proposed openstack/kuryr-kubernetes master: Remove dragonflow job from experimental jobs  https://review.openstack.org/63558117:30
*** aojea has joined #openstack-kuryr18:03
openstackgerritMerged openstack/kuryr-tempest-plugin master: Rerun test in a single thread if multi-thread failed  https://review.openstack.org/63268418:55
*** aojea has quit IRC20:26
*** celebdor has quit IRC20:37
openstackgerritMaysa de Macedo Souza proposed openstack/kuryr-kubernetes master: Fix SG rules on targetPort update  https://review.openstack.org/63503921:17
openstackgerritMaysa de Macedo Souza proposed openstack/kuryr-kubernetes master: Fix SG rules on targetPort update  https://review.openstack.org/63503921:21
*** maysams has quit IRC21:39
*** EricAdamsZNC has quit IRC22:03
*** EricAdamsZNC has joined #openstack-kuryr22:04
*** takamatsu has quit IRC23:19
*** celebdor has joined #openstack-kuryr23:27
« Wednesday, 2019-02-06 Index Friday, 2019-02-08 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!