tripleo

Bug #1786065
Comment #9

Comment 9 for bug 1786065

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-09-04: Fix merged to tripleo-heat-templates (stable/queens)

Reviewed: https://review.openstack.org/599292
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=be05b9bc375aabd1936d238733b7dad09f042e21
Submitter: Zuul
Branch: stable/queens

commit be05b9bc375aabd1936d238733b7dad09f042e21
Author: Michele Baldessari <email address hidden>
Date: Wed Aug 8 21:04:53 2018 +0200

Make redeploy idempotent

    Rerunning the overcloud deploy command with no changes restarts a
    truckload of containers (first seen this via
    https://bugzilla.redhat.com/show_bug.cgi?id=1612960). So we really have
    three separate issues here. Below is the list of all the containers that
    may restart needlessly (at least what I have observed in my tests):
    A) cron category:
    ceilometer_agent_notification cinder_api cinder_api_cron cinder_scheduler
    heat_api heat_api_cfn heat_api_cron heat_engine keystone keystone_cron
    logrotate_crond nova_api nova_api_cron nova_conductor nova_consoleauth
    nova_metadata nova_scheduler nova_vnc_proxy openstack-cinder-volume-docker-0
    panko_api

    These end up being restarted because in the config volume for the container there is
    a cron file and cron files are generated with a timestamp inside:
    $ cat /var/lib/config-data/puppet-generated/keystone/var/spool/cron/keystone
    ...
     # HEADER: This file was autogenerated at 2018-08-07 11:44:57 +0000 by puppet.
    ...

    The timestamp is unfortunately hard coded into puppet in both the cron provider and the parsedfile
    provider:
    https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/cron/crontab.rb#L127
    https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/parsedfile.rb#L104

We fix this by repiping tar into 'tar xO' and grepping away any line
that starts with # HEADER.

    B) swift category:
    swift_account_auditor swift_account_reaper swift_account_replicator
    swift_account_server swift_container_auditor swift_container_replicator
    swift_container_server swift_container_updater swift_object_auditor
    swift_object_expirer swift_object_replicator swift_object_server
    swift_object_updater swift_proxy swift_rsync

    So the swift containers restart because when recalculating the md5 over the
    /var/lib/config-data/puppet-generated/swift folder we also include:
    B.1) /etc/swift/backups/... which is a folder which over time collects backup of the ringfiles
    B.2) /etc/swift/*.gz it seems that the *.gz files seem to change over time

    We just add a parameter to the tar command to exclude those files as
    we do not need to trigger a restart if those files change.
    --exclude='*/etc/swift/backups/*' --exclude='*/etc/swift/*.gz'

C) libvirt category:
nova_compute nova_libvirt nova_migration_target nova_virtlogd

    This one seems to be due to the fact that the /etc/libvirt/passwd.db file contains a timestamp and
    even when we disable a user and passwd.db does not exist, it gets
    created:
    [root@compute-1 nova_libvirt]# git diff cb2441bb1caf7572ccfd870561dcc29d7819ba04..0c7441f30926b111603ce4d4b60c6000fe49d290 .

passwd.db changes do not need to trigger a restart of the container se
we can safely exclude this file from any md5 calculation.

Part C) was: Co-Authored-By: Martin Schupper <email address hidden>

    We only partial-bug this one because we want a cleaner fix where
    exceptions to the files being checksummed will be specified in the tht
    service files.

Partial-Bug: #1786065

    Tested as follows:
    ./overcloud_deploy.sh
    tripleo-ansible-inventory --static-yaml-inventory inv.yaml
    ansible -f1 -i inv.yaml -m shell --become -a "docker ps --format=\"{{ '{{' }}.Names{{ '}}' }}: {{ '{{' }}.CreatedAt{{ '}}' }}\" | sort" overcloud > before
    ./overcloud_deploy.sh
    ansible -f1 -i inv.yaml -m shell --become -a "docker ps --format=\"{{ '{{' }}.Names{{ '}}' }}: {{ '{{' }}.CreatedAt{{ '}}' }}\" | sort" overcloud > after
    diff -u before after | wc -l
    0

    Change-Id: I10f5cacd9fee94d804ebcdffd0125676f5a209c4
    (cherry picked from commit 42c3f180514da6aed5410a26f17db32d6ac1a62f)
    (cherry picked from commit 2aa664e45878bba930b4c9eecb48532fb19ec7b7)

Reviewed:  https://review.openstack.org/599292
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=be05b9bc375aabd1936d238733b7dad09f042e21
Submitter: Zuul
Branch:    stable/queens

commit be05b9bc375aabd1936d238733b7dad09f042e21
Author: Michele Baldessari <michele@acksyn.org>
Date:   Wed Aug 8 21:04:53 2018 +0200

Make redeploy idempotent
    
    Rerunning the overcloud deploy command with no changes restarts a
    truckload of containers (first seen this via
    https://bugzilla.redhat.com/show_bug.cgi?id=1612960).  So we really have
    three separate issues here. Below is the list of all the containers that
    may restart needlessly (at least what I have observed in my tests):
    A) cron category:
    ceilometer_agent_notification cinder_api cinder_api_cron cinder_scheduler
    heat_api heat_api_cfn heat_api_cron heat_engine keystone keystone_cron
    logrotate_crond nova_api nova_api_cron nova_conductor nova_consoleauth
    nova_metadata nova_scheduler nova_vnc_proxy openstack-cinder-volume-docker-0
    panko_api
    
    These end up being restarted because in the config volume for the container there is
    a cron file and cron files are generated with a timestamp inside:
    $ cat /var/lib/config-data/puppet-generated/keystone/var/spool/cron/keystone
    ...
     # HEADER: This file was autogenerated at 2018-08-07 11:44:57 +0000 by puppet.
    ...
    
    The timestamp is unfortunately hard coded into puppet in both the cron provider and the parsedfile
    provider:
    https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/cron/crontab.rb#L127
    https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/parsedfile.rb#L104
    
    We fix this by repiping tar into 'tar xO' and grepping away any line
    that starts with # HEADER.
    
    B) swift category:
    swift_account_auditor swift_account_reaper swift_account_replicator
    swift_account_server swift_container_auditor swift_container_replicator
    swift_container_server swift_container_updater swift_object_auditor
    swift_object_expirer swift_object_replicator swift_object_server
    swift_object_updater swift_proxy swift_rsync
    
    So the swift containers restart because when recalculating the md5 over the
    /var/lib/config-data/puppet-generated/swift folder we also include:
    B.1) /etc/swift/backups/... which is a folder which over time collects backup of the ringfiles
    B.2) /etc/swift/*.gz it seems that the *.gz files seem to change over time
    
    We just add a parameter to the tar command to exclude those files as
    we do not need to trigger a restart if those files change.
    --exclude='*/etc/swift/backups/*' --exclude='*/etc/swift/*.gz'
    
    C) libvirt category:
    nova_compute nova_libvirt nova_migration_target nova_virtlogd
    
    This one seems to be due to the fact that the /etc/libvirt/passwd.db file contains a timestamp and
    even when we disable a user and passwd.db does not exist, it gets
    created:
    [root@compute-1 nova_libvirt]# git diff cb2441bb1caf7572ccfd870561dcc29d7819ba04..0c7441f30926b111603ce4d4b60c6000fe49d290 .
    
    passwd.db changes do not need to trigger a restart of the container se
    we can safely exclude this file from any md5 calculation.
    
    Part C) was: Co-Authored-By: Martin Schupper <mschuppe@redhat.com>
    
    We only partial-bug this one because we want a cleaner fix where
    exceptions to the files being checksummed will be specified in the tht
    service files.
    
    Partial-Bug: #1786065
    
    Tested as follows:
    ./overcloud_deploy.sh
    tripleo-ansible-inventory --static-yaml-inventory inv.yaml
    ansible -f1 -i inv.yaml  -m shell --become -a "docker ps --format=\"{{ '{{' }}.Names{{ '}}' }}: {{ '{{' }}.CreatedAt{{ '}}' }}\" | sort" overcloud > before
    ./overcloud_deploy.sh
    ansible -f1 -i inv.yaml  -m shell --become -a "docker ps --format=\"{{ '{{' }}.Names{{ '}}' }}: {{ '{{' }}.CreatedAt{{ '}}' }}\" | sort" overcloud > after
    diff -u before after | wc -l
    0
    
    Change-Id: I10f5cacd9fee94d804ebcdffd0125676f5a209c4
    (cherry picked from commit 42c3f180514da6aed5410a26f17db32d6ac1a62f)
    (cherry picked from commit 2aa664e45878bba930b4c9eecb48532fb19ec7b7)