Tuesday, 2023-05-02

« Monday, 2023-05-01 Index Wednesday, 2023-05-03 »
opendevreviewIan Wienand proposed openstack/openstack-zuul-jobs master: flake8 : ignore .cache subdirectory  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/88193802:06
opendevreviewIan Wienand proposed openstack/openstack-zuul-jobs master: flake8 : ignore .cache subdirectory, avoid broken ansible-compat  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/88193802:50
opendevreviewMerged openstack/openstack-zuul-jobs master: flake8 : ignore .cache subdirectory, avoid broken ansible-compat  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/88193803:03
opendevreviewMerged openstack/openstack-zuul-jobs master: Fix installation of py27 on CentOS 7/8  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/88189004:50
*** elvira1 is now known as elvira07:03
*** dviroel__ is now known as dviroel11:36
opendevreviewAshutosh Sarode proposed openstack/project-config master: Add Harbor app to starlingx  https://review.opendev.org/c/openstack/project-config/+/88196011:37
opendevreviewAshutosh Sarode proposed openstack/project-config master: Add Harbor app to StarlingX  https://review.opendev.org/c/openstack/project-config/+/88196212:01
opendevreviewAshutosh Sarode proposed openstack/project-config master: Add Harbor app to StarlingX  https://review.opendev.org/c/openstack/project-config/+/88196212:06
opendevreviewAshutosh Sarode proposed openstack/project-config master: Add Harbor app to StarlingX  https://review.opendev.org/c/openstack/project-config/+/88196212:37
opendevreviewJeremy Stanley proposed openstack/project-config master: linters: avoid broken ansible-compat  https://review.opendev.org/c/openstack/project-config/+/88196312:43
*** sfinucan is now known as stephenfin13:04
opendevreviewAshutosh Sarode proposed openstack/project-config master: Add Harbor app to StarlingX  https://review.opendev.org/c/openstack/project-config/+/88196213:14
opendevreviewMerged openstack/project-config master: linters: avoid broken ansible-compat  https://review.opendev.org/c/openstack/project-config/+/88196313:26
opendevreviewMerged openstack/project-config master: Retire puppet-tacker - Step 5: Remove Project  https://review.opendev.org/c/openstack/project-config/+/87529113:57
opendevreviewMerged openstack/project-config master: Retire puppet-rally - Step 1: End project Gating  https://review.opendev.org/c/openstack/project-config/+/87941914:00
noonedeadpunkfolks, are you aware of any issues with gitea backends?14:12
noonedeadpunkAs we see in CI periodical issues with interacting to it, ie `Request failed: <urlopen error _ssl.c:1114: The handshake operation timed out>", "url": "https://releases.openstack.org/constraints/upper/2949b08eeb90ff664bd2312d994367f8f8b491ae"`14:12
noonedeadpunkAlso I see random failures when accessing opendev.org from browser14:13
noonedeadpunksometimes it takes like 6-20 sec to load the page14:15
funginoonedeadpunk: that's not anything to do with gitea14:20
noonedeadpunkaha, ok14:20
fungithe gitea urls all start with https://opendev.org/14:20
noonedeadpunkwell, it redirects to gitea14:20
fungireleases.opendev.org is a staticly published website served from data in afs (like docs.openstack.org et al)14:20
fungiany idea if the handshake is failing while fetching from releases.o.o or after redirection?14:21
noonedeadpunkand I also saw in browser some tls-related issues periodically when using opendev.org14:21
noonedeadpunkunfortunatelly, not :(14:21
noonedeadpunkwe catch that in CI like https://zuul.opendev.org/t/openstack/build/2ea75356a2294738b260ba85f2a424e5/log/job-output.txt#1074014:22
noonedeadpunkso no more data available there. And ofc it's highly intermittent14:22
fungithe releases.o.o site is served from rackspace's dfw region, while opendev.org is in vexxhost's sjc1 region14:23
noonedeadpunkLike 1 out of 20 job is failing14:23
noonedeadpunkiirc I should check for headers to see the gitea backend?14:24
fungialso note that the releases.openstack.org constraints redirector isn't intended for use by ci jobs, it's there to ease local testing by devs since the tox configs can refer them to retrieve the constraints files consistently. ci jobs would ideally set openstack/requirements as a required-project and then use the supplied copy of constraints on the test node14:24
fungiwhat's making the urlopen call, and could it be more verbose about response codes and redirects it's following?14:26
noonedeadpunkI think we have a bug due to which we use not zuul-provided repo despite all set to use it...14:27
fungiideally we'd work out whether it's getting the handshake timeout from releases.o.o pre-redirection vs from opendev.org haproxy/gitea post-redirect14:27
noonedeadpunkWe were thinking that we're using local copy but seems we're not somehow...14:28
noonedeadpunkI've already pushed huge refactoring patch that covers bug https://review.opendev.org/c/openstack/openstack-ansible/+/88182414:29
noonedeadpunkso yeah, I know we should not used that at the first place :(14:30
noonedeadpunkI will try to reproduce that in browser now to track down the backend14:30
noonedeadpunkAs I bet I saw issues today/tomorrow with just opendev.org14:30
fungithe response headers probably mention the backend name, but the cn on the ssl cert will too14:39
opendevreviewAshutosh Sarode proposed openstack/project-config master: Add Harbor app to StarlingX  https://review.opendev.org/c/openstack/project-config/+/88196215:02
*** Guest74 is now known as atmark15:22
noonedeadpunkso I just get 20s response time while jsut connecting to gitea14.opendev.org15:23
noonedeadpunkbut no timeouts yet....15:24
opendevreviewJeremy Stanley proposed openstack/project-config master: Fix the "all" transformation so it actually works  https://review.opendev.org/c/openstack/project-config/+/88207515:25
clarkb09-13 seem to be quick but I agree 14 seems to be slow to respond. We can take 14 out of the rotation (at the risk that the load balancer will shift whatever is creating this problem to anothe backend) or restart it under the assumption it is something a restart would correct. Probably need to look more closely at logs before decided (maybe we have a bad we crawler at work15:27
clarkbagain)15:27
funginoonedeadpunk: interesting, its resource graphs don't look too wild at least: http://cacti.openstack.org/cacti/graph_view.php?action=tree&tree_id=1&leaf_id=1161&nodeid=node1_1161&host_group_data=15:27
clarkbfungi: ya I agree all of the giteas look fine in cacti but the slowness is observable. Good chance its just doing its best to respond to a bad crawler we need to block15:27
noonedeadpunkwell, it sounds a bit like connection-persistance or smth like that15:31
noonedeadpunkAs once connection is established - all following reuests are kinda fast15:31
noonedeadpunkuntil you idle for 5 mins and try to reload page again15:31
clarkbI realoaded and got slightly faster but not expected speed so not sure I'm observing that15:31
opendevreviewAshutosh Sarode proposed openstack/project-config master: Add Harbor app to StarlingX  https://review.opendev.org/c/openstack/project-config/+/88196215:31
clarkbbut ya it could be the apache in front is simply failing to rotate out connections. That could be due to a web crawler15:32
clarkbI need to load keys and can take a look15:32
clarkbyes I think we have a crawler15:39
clarkbThis is really getting old. Looks like a number of newer user agents too. I'll work on a change15:40
clarkbthey can see all this info much more quickly if they just git clone15:41
clarkbbut these bots don't seem to be designed to be friendly15:41
clarkbfungi: re ^ there are some UAs that are clearly filterable. Others appear to potentially belong to modern clients on older (but still supported?) iphones as well as apps like wechat on iphone15:52
clarkbshould we block them anyway? or start with a subset and see where that gets us?15:53
clarkbhrm some of these are for older iphones that are not updated even though the major version has newer releases. I think we should block those15:53
opendevreviewJeremy Stanley proposed openstack/project-config master: Add an "apply" transformation which applies all  https://review.opendev.org/c/openstack/project-config/+/88207515:54
opendevreviewJeremy Stanley proposed openstack/project-config master: Make option indenting a selectable transformation  https://review.opendev.org/c/openstack/project-config/+/88208015:54
fungiclarkb: yeah, i'd just add the obvious ones to the ua filter15:55
noonedeadpunkclarkb: regarding UAs - could it be some OSA DOS we've observed previously?15:55
noonedeadpunkLike just pulling tons of repos from the same subnet?15:55
fungiwe normally see a different resource usage pattern when that happens15:56
noonedeadpunkAs I might know who that could be...15:56
fungiit ends up eating a ton of resident memory to hold all the in flight copies of the nova repo and such15:56
fungithough maybe that has changed with recent gitea updates15:56
clarkbnoonedeadpunk: no this isn't OSA15:56
fungii wouldn't expect it to15:56
clarkbunless OSA is doing silly things with user agents and gitea15:57
fungiosa added a clear user agent a while back, specifically so that we can spot it if we run into that situation again15:57
noonedeadpunkWell, I can't say we're not doing silly things :D15:57
fungisometimes i've done as many as six silly things before breakfast15:58
noonedeadpunkIn case these requests are from 31.131.16.0/20 - I know who that is and can reach them, just in case15:58
fungiit sounds like this is one of the distributed crawler botnets we keep seeing that tries to evade detection by using randomized user agents16:01
noonedeadpunkok, yes, then it;s unlikely the folks I know 16:02
clarkbI've got a change with like 15 or 20 new UAs to filter. Now trying to be better with grep and sort and uniq to capture any I missed16:05
clarkbprobably should've started there but I didn't realize it would be so many (in the past it hasn't been)16:05
clarkbok I'm glad I did that as now I have a pretty definitive list16:15
« Monday, 2023-05-01 Index Wednesday, 2023-05-03 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!