HAProxy marked swift as down for ~20 seconds after VIPs removal

Please elaborate what is the exact subject of the reported issue? Is it 20 seconds downtime of several swift backends? Looks like no issue at all, there was 2 active anyway

@Bogdan,

yes, the issue is swift backend downtime which causes OSTF health check failure. I agree that there is nothing criminal here, the priority of the bug is medium or even low. But we can't just invalidate it, because 99% of our automatic system tests use OSTF for checking cloud health. So if some of checks fails then the whole system test fail.
That's why QA and developers must get an agreement here - in case if sporadic small downtime of swift backend is expected behaviour, then we need to adjust our tests. Otherwise improvement for swift is needed. In any case we need a confirmation from swift experts here.

Agreed, let's please adjust the tests then

@Bogdan,

please provide us with details, what exactly should we expect while checking HAProxy stats for Swift backend? If some of backends are DOWN, but there are some UP, what is the status (pass/fail) of health check then?
Maybe Swift API goes down only during replication and normally it must be always up? If yes, in what cases (e.g. controller reset, VIP deletion) replication is usually triggered?

Guys,

in order to adjust tests QA team needs to get answers on questions from comment #5.

I suggest to accept the swift state as OK as far as you can issue create/list/delete commands with the SWIFT CLI

Sorry, I don't agree with you. The test 'Check state of haproxy backends on controllers' is designed to check cloud HA health status. And generally all services backends *must* be UP all the time except some of nodes are offline or in maintenance state. So in that test we are trying to avoid a situation when some of backends don't work for some reason (failed to start on non-primary controller, incorrect firewall rules, etc.), but actually a service API/CLI works fine. We can't catch such issue just by checking service functionality, but it could significantly affect high availability of our clouds. That's why verification of HAProxy backends was added to OSTF tests.

openstack/manifests/ha/swift.pp:
balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3'

Tests expectations doesn't match with check interval of haproxy swift backend therefore there are 2 way to go: adjust either haproxy interval or tests check delay.

Or it's network connectivity issue which looks like more plausible.

fuel-lib:files/fuel-ha-utils/tools/swiftcheck:

// "nc (netcat)" should be used instead of "ping" + retries
# Check for the management VIP avail.
ping -c3 $2 2>&1 >/dev/null

// use of HEAD would be enough/effective + (--retry <num>)
curl --connect-timeout ${3} -XGET ${url}/healthcheck

Fix proposed to branch: master
Review: https://review.openstack.org/255892

Reviewed: https://review.openstack.org/255892
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=69390d7d16403defee33caee10e3a990a7c3b795
Submitter: Jenkins
Branch: master

commit 69390d7d16403defee33caee10e3a990a7c3b795
Author: Michael Polenchuk <email address hidden>
Date: Thu Dec 10 16:55:21 2015 +0300

    Pull apart swift haproxy health checker

    Setup custom script checker with additional auth endpoint availability
    scan if swift proxy listens to the same ip address with storage daemons
    otherwise use default internal health check method.

    Also introduce the following haproxy options:
    * <spread-checks>
      add some randomness in the check interval to avoid sending
      health checks to servers at exact interspaces.
    * <dontlognull>
      disable logging of null connections as these can pollute the logs.
    * <tcp-smart-accept, tcp-smart-connect>
      performance tweak, saving one ACK packet during the
      accept/connect sequence.

    DocImpact
    Change-Id: I70ebdc595e85294559d33cc03d4221a738b0bbc5
    Closes-Bug: #1516978

verify 361 iso