Friday, 2020-06-19

« Thursday, 2020-06-18 Index Saturday, 2020-06-20 »
openstackgerritMerged openstack/swift master: replication: Allow databases_per_second to be a float  https://review.opendev.org/72857101:28
*** gyee has quit IRC01:58
*** rcernin has quit IRC02:12
*** mattia has quit IRC03:11
*** rcernin has joined #openstack-swift03:17
openstackgerritMerged openstack/swift master: py3: Fix expirer container generation  https://review.opendev.org/73526203:20
openstackgerritMerged openstack/swift master: py3: (Better) fix percentages in configs  https://review.opendev.org/73472103:20
*** psachin has joined #openstack-swift03:29
*** manuvakery has joined #openstack-swift04:14
*** djhankb9 has joined #openstack-swift04:32
*** evrardjp has quit IRC04:33
*** djhankb has quit IRC04:33
*** djhankb9 is now known as djhankb04:33
*** evrardjp has joined #openstack-swift04:33
*** zaitcev has quit IRC05:13
*** timss has quit IRC05:36
*** timss has joined #openstack-swift05:36
*** rpittau|afk is now known as rpittau06:44
*** rcernin has quit IRC07:59
openstackgerritMerged openstack/swift master: proxy: Stop killing memcache entries on 5xx responses  https://review.opendev.org/73535908:07
openstackgerritMerged openstack/swift stable/ussuri: Fix stable gate  https://review.opendev.org/73682908:11
openstackgerritMerged openstack/swift master: s3api: Add basic support for ?tagging requests  https://review.opendev.org/73517308:11
openstackgerritMerged openstack/swift feature/losf: Merge remote-tracking branch 'gerrit/master' into feature/losf  https://review.opendev.org/73538108:11
*** manuvakery has quit IRC08:45
*** mugsie has quit IRC08:48
*** mugsie has joined #openstack-swift08:48
*** rcernin has joined #openstack-swift08:54
*** rcernin has quit IRC09:01
*** tkajinam has quit IRC09:21
*** rcernin has joined #openstack-swift09:23
*** rcernin has quit IRC09:58
*** rpittau is now known as rpittau|bbl10:22
*** rcernin has joined #openstack-swift10:54
*** rcernin has quit IRC11:08
*** rcernin has joined #openstack-swift11:53
*** tkajinam has joined #openstack-swift12:04
*** rcernin has quit IRC12:06
*** cschwede has joined #openstack-swift12:06
*** ChanServ sets mode: +v cschwede12:06
*** rpittau|bbl is now known as rpittau12:19
*** manuvakery has joined #openstack-swift12:32
*** rpittau is now known as rpittau|brb13:54
*** rpittau|brb is now known as rpittau|afk14:00
*** psachin has quit IRC14:01
*** tkajinam has quit IRC14:13
*** ccamacho has quit IRC14:48
claygtimburke: k, the complete & abort are still working going on like idk 19 hours?14:58
*** cschwede has quit IRC15:32
*** timss has quit IRC15:32
*** djhankb has quit IRC15:32
*** jv has quit IRC15:32
*** godog has quit IRC15:32
*** cschwede has joined #openstack-swift15:32
*** timss has joined #openstack-swift15:32
*** djhankb has joined #openstack-swift15:32
*** jv has joined #openstack-swift15:32
*** godog has joined #openstack-swift15:32
*** tepper.freenode.net sets mode: +v cschwede15:32
timburkeclayg, nice! sounds like i oughta just take the time limit out, then. thanks for testing it!15:41
claygwell, it definitely stopped in one case at >24 hours - and started erroring with NoSuchUpload15:41
claygI think it might be near exactly 24 hours - but I haven't experimentally confirmed that yet15:42
claygwe'll know by the end of today - but I think leaving the code as is with a constraint that's at or around 24hours is going to be *pretty* close to what we've observed from aws15:42
claygand also extending the grade to abort - which is still maybe kinda weird - but I'm observing the 204 on completed uploads15:43
claygs/grade/grace period/15:43
timburkeyeah, abort-on-failed-complete deserves its own patch, i think15:47
*** zaitcev has joined #openstack-swift15:53
*** ChanServ sets mode: +v zaitcev15:53
*** manuvakery has quit IRC16:42
*** ChanServ has quit IRC16:59
*** gmann is now known as gmann_afk17:13
*** ChanServ has joined #openstack-swift17:37
*** tepper.freenode.net sets mode: +o ChanServ17:37
claygif i'm an operator configuring per-policy settings in my [proxy-server:policy:N] settings and for some reason I don't want to specify a particular option (say, concurrency_timeout)...17:51
claygAm I expecting that this policy will get the default value for when the option is not specified (i.e. don't configure this value AT ALL) - or that it falls through and uses the value I configured in the [app:proxy-server] section (i.e. don't override this policies configured value)17:53
claygI guess it kinda already uses proxy section configured value, so hopefully that's what everyone expects (that's what *I* expected) but I think we can do that a little more DRY18:05
openstackgerritTim Burke proposed openstack/swift master: swift-container-info: Don't show all shard ranges when there are many  https://review.opendev.org/73705618:12
claygor maybe not, maybe i just didn't understand how it worked already 😁18:15
timburkeyeah, i'd also expect it to fall through to the [app:proxy-server] setting, and only go to the default we have in code if it's not configured there18:15
timburkei feel like option overlays like that are fairly common and expected18:17
timburkethough there might be some unexpected edge cases if you put a value in [DEFAULT] then skip it in the per-policy section 🤔18:18
zaitcevtimburke: sorry to poke you about it but could you look at https://review.opendev.org/#/c/704435/18:24
patchbotpatch 704435 - swift - Mark a container reported if account was reclaimed - 1 patch set18:24
zaitcevtimburke: clayg is nose down in EC waterfall, mattoliverau is in sharder, and Romain and I disagree. So...18:25
claygtimburke: I think paste's loadapp will populate the base conf with DEFAULT values by the time we're building the settings18:26
*** cschwede has quit IRC18:41
zaitcevitertools.islice() why do I want to know if something is a lice19:12
openstackgerritTim Burke proposed openstack/swift master: staticweb: Work better with double slashes  https://review.opendev.org/73706919:38
openstackgerritTim Burke proposed openstack/swift stable/ussuri: py3: (Better) fix percentages in configs  https://review.opendev.org/73707019:55
openstackgerritTim Burke proposed openstack/swift stable/train: py3: (Better) fix percentages in configs  https://review.opendev.org/73707120:09
openstackgerritTim Burke proposed openstack/swift master: swift-container-info: Don't show all shard ranges when there are many  https://review.opendev.org/73705620:12
*** gmann_afk is now known as gmann20:15
timburkezaitcev, rledisez: i'm going to poke at a probe test for p 704435 -- idk that i can make heads or tails of it without seeing how things behave when we've reaped in a not-settled state20:21
patchbothttps://review.opendev.org/#/c/704435/ - swift - Mark a container reported if account was reclaimed - 1 patch set20:21
*** gyee has joined #openstack-swift20:46
openstackgerritMerged openstack/swift stable/train: Use ensure-pip role  https://review.opendev.org/73684521:00
*** ormandj has joined #openstack-swift21:17
ormandjhi... we just did an upgrade to train from stein, and have seen HEADs start failing with 403s21:17
ormandjhappened right after upgrading the proxy servers21:19
ormandji don't see anything in the notes indicating why that might have occurred21:21
*** patchbot has quit IRC21:26
*** patchbot has joined #openstack-swift21:26
ormandjah, should add, using s321:27
timburkeormandj, is s3_acl enabled or disabled? was this using keystone for auth?21:39
timburkefor a moment i thought it might befrom when we changed the default `location` config, but i see that happened in stein...21:41
ormandjtimburke: keystone is auth, yes21:41
ormandjs3_acl set false (well, default)21:41
ormandjwe are getting back 401s from keystone on s3token posts21:42
ormandjin the debug logs on swift proxy, tl;dr see calling s3api middleware, calling s3token middleware, connecting to keystone sending this json *stuff here*, keystone reply error status 40121:44
ormandjand looking at the keystone logs with insecure debug on for testing21:44
ormandjkeystone.exception.Unauthorized: The request you have made requires authentication.21:45
ormandj(and returns a 401)21:45
ormandjgets/puts/etc seem to be fine21:45
timburkein the 403, does it give the expected string to sign? does it match whatever debug output you can get from the client?21:47
timburkewere these tagged versions from stein and train? and train's still running py2, yeah?21:49
zaitcevoh21:50
zaitcevI don't know if this is relevant, but I had a bad time trying to figure out what options modern keystone takes. My old config would not work.21:51
ormandjwe hadn't upgraded keystone yet21:54
ormandjall was still on stein21:54
ormandjhad just upgraded the proxy servers and boom, HEADs failing21:54
ormandjtrain is py3 afaik.21:54
ormandjhi  swift-proxy                            2.23.1-0ubuntu0.19.10.1~cloud0                  all          distributed virtual object store - proxy server21:55
zaitcevLook if yours looks like this: http://www.zaitcev.us/things/swift/proxy-server-train.conf21:56
zaitcevThis is how I managed to make mine work and now I'm afraid to breath on it.21:57
ormandjwe have authtoken before s3api21:58
ormandjwe also have s3token after s3api21:58
ormandjyou don't have that in your pipeline21:58
zaitcevHmm. I may be wrong about that.21:58
zaitcevI only mean the ever-changing parameters for authtoken.21:59
zaitcevbrb21:59
ormandjwell, s3 auth is working for put/get/etc it appears21:59
ormandjonly HEADs are failing21:59
timburkeormandj, the pipeline order should be good, fwiw -- i merged something similar recently for devstack: https://review.opendev.org/#/c/731003/22:00
patchbotpatch 731003 - devstack - swift: Fix s3api/keystone interaction (MERGED) - 1 patch set22:00
ormandjfunny, i ran into that when trying to figure out this 'bug'22:01
ormandji think we were working off: https://docs.openstack.org/swift/train/middleware.html#deployment in 'note'22:02
timburkei should update that note -- somewhere around when we started working with keystone v3, authtoken *had* to be left of s3token22:05
timburkeit's weird -- there haven't been *that many* changes to s3api, and i can't think of how any of them would break *just HEADs*: http://paste.openstack.org/show/795015/22:12
ormandjyeah... it's baffling me too22:12
openstackgerritClay Gerrard proposed openstack/swift master: Start to decouple Object GET path  https://review.opendev.org/73391122:13
openstackgerritClay Gerrard proposed openstack/swift master: Add concurrent primary feeder to EC GET requests  https://review.opendev.org/71134222:13
openstackgerritClay Gerrard proposed openstack/swift master: Make concurrency timeout per policy and replica  https://review.opendev.org/73709622:13
timburkeand as long as everything's ascii, i can't imagine how py2/py3 would be any trouble22:13
claygalecuyer: i'm not sure if you can get a sense for p 737096 w/o docs - i'm curious if you were thinking of something like that22:14
patchbothttps://review.opendev.org/#/c/737096/ - swift - Make concurrency timeout per policy and replica - 1 patch set22:14
claygi still need to write something up about the non-durable frag thing in p 71134222:14
patchbothttps://review.opendev.org/#/c/711342/ - swift - Add concurrent primary feeder to EC GET requests - 10 patch sets22:14
claygbut i'm done for now22:15
clayghappy father's day weekend!22:15
openstackgerritMerged openstack/swift master: Clean up some proxy tests  https://review.opendev.org/73574122:16
openstackgerritMerged openstack/swift stable/ussuri: py3: Fix expirer container generation  https://review.opendev.org/73600722:16
ormandjtimburke: yeah, i wouldn't think it's a unicode weirdness thing, i just shot you something more interesting from keystone w/ insecure_debug on22:19
timburkeormandj, just to sanity check: s3api and s3token were coming from swift, both before and after the upgrade, right?22:19
timburke(just limiting my search space)22:19
ormandjcorrect, we had migrated from swift3 to s3api i think in the prior release, but these are from swift, yes22:20
ormandjpipeline didn't change between stein -> train either22:20
ormandjtimburke: https://github.com/openstack/keystone/blob/stable/stein/keystone/api/s3tokens.py#L78-L92 <-- we see this is where the error from keystone is coming from, back when we were on stein keystone (we upgraded to train there too)22:22
timburkewhich really seems to indicate that s3api did *something* different when it generated the string to sign... :-/22:24
timburkelooking through the diff...22:24
timburkewas this 2.21.1 -> 2.23.1?22:25
ormandjlet me look22:25
ormandj2.19.1-0ubuntu1~cloud0 to 2.23.1-0ubuntu0.19.10.1~cloud022:26
ormandjone sec, let me confirm i'm not missing something :)22:27
ormandjhah, i was, sorry, yes 2.21.1 to 2.23.122:28
timburkehttps://github.com/openstack/swift/blob/2.23.1/swift/common/middleware/s3api/s3request.py#L133 feels a little weird when size is None... not sure why i did that...22:29
ormandji'm seeing some changes in s3token that i don't quite grok not being familiar with the flow: https://github.com/openstack/swift/commit/4aa71aa25caed34f36fafe2de025425aa1d1e0b2#diff-97403e0c0b4d9e25851c3dd00b04cb5722:32
timburkewe used to get an actual token ID back from keystone and shove that in the env; that's what made a pipeline like `... swift3 s3token authtoken keystoneauth ...` work. but we stopped even looking for it once we realize that wasn't going to work in a v3-only world22:36
timburke(plus the doubled-up keystoen requests wasn't great)22:36
ormandjcopy22:37
*** gyee has quit IRC22:42
timburkethe hashing input thing only affects v4 signatures, btw -- it's something i should maybe investigate, but maybe not-so-relevant for this22:42
ormandjah, so probably not this then22:43
« Thursday, 2020-06-18 Index Saturday, 2020-06-20 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!