Bug #1996612 “ansible-2.14: content-provider are broken” : Bugs : tripleo

Revision history for this message

Marios Andreou (marios-b) wrote on 2022-11-15:

#1

Noting that for now we are pinning to ansible 2.13 with https://review.opendev.org/c/openstack/tripleo-quickstart/+/864498 to prevent this bug from blocking gates

Once this is fixed we can unpin with revert for tripleo-quickstart/+/864498

Revision history for this message

Cédric Jeanneret (cjeanner) wrote on 2022-11-15:

#2

Download full text (4.4 KiB)

While testing locally:
running the command to build things[1] launches apparently 99 processes such as:

/usr/bin/python3.9 /usr/bin/ansible-playbook -i /tmp/tripleos0h7wdgf/hosts.yaml -vvv /tmp/tripleos0h7wdgf/tripleo-multi-playbook.yaml

Now, the content of the files involved here isn't THAT weird imho - the playbook looks like:
- connection: local
  gather_facts: true
  hosts: localhost
  name: Generate localhost facts
- connection: local
  gather_facts: false
  hosts: all
  name: Generate container file(s)
  roles:
  - role: tripleo_container_image_build
  vars:
    tcib_args:
      TRIPLEO_ANSIBLE_REQ: /usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleo-ansible-ee/requirements.yaml

which makes sense.

The inventory, on the other hand.... it explains why ansible tries to get the python_interpreter so many times[2]. I'm wondering if we couldn't pass the python interpreter as a host var via the inventory - especially since we're passing, right now, the tcib_python_version to the CLI... Maybe something to consider?

In any cases: the build is stuck here. Nothing is showing up in the log. The last line therein is:
2022-11-15 13:50:32,019 p=68068 u=stack n=ansible | <designate-backend-bind9> EXEC /bin/sh -c '/usr/bin/python3.9 && sleep 0'

and it's been like that for the time it took to make this comment here - over 7 minutes (with data gathering and so on).

The ansible.log is in the same state, so it's not doing things in the background I'd say... And the process listing doesn't show anything like that.

I see the following possibilities:
- either ensure we're not running too many things in parallel with the second "playbook" (using "serial: X" option)
- see what happens if we pass the ansible_python_interpreter to the inventory
- ... any other ideas?

[1] openstack tripleo container image build \
        --base registry.access.redhat.com/ubi9:latest \
        --debug --distro centos \
        --exclude neutron-mlnx-agent \
        --extra-config /home/stack/extra_config.yaml \
        --namespace tripleomastercentos9 \
        --prefix openstack \
        --push --registry 127.0.0.1:5000 \
        --tag adaac75f69ae93d6ae76ee320b90dc0a \
        --volume /etc/yum.repos.d:/etc/distro.repos.d:z \
        --volume /etc/pki/rpm-gpg:/etc/pki/rpm-gpg:z \
        --volume /etc/dnf/vars:/etc/dnf/vars:z \
        --work-dir /home/stack/container-builds \
        --tcib-extras tcib_release=9 \
        --tcib-extras tcib_python_version=3.9 >/home/stack/container_image_build.log 2>&1

all:
  hosts:
    aodh-api:
      ansible_connection: local
      tcib_actions:
      - run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all
          && rm -rf /var/cache/dnf
      - run: mkdir -p /var/www/cgi-bin/aodh && chmod 755 /var/www/cgi-bin/aodh &&
          cp -a /usr/bin/aodh-api /var/www/cgi-bin/aodh/ && sed -i -r 's,^(Listen
          80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,'
          /etc/httpd/conf.d/ssl.conf
      - run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-api /openstack/healthcheck
          && chmod a+rx /openstack/healthcheck
      tcib_distro: ...

While testing locally:
running the command to build things[1] launches apparently 99 processes such as:

/usr/bin/python3.9 /usr/bin/ansible-playbook -i /tmp/tripleos0h7wdgf/hosts.yaml -vvv /tmp/tripleos0h7wdgf/tripleo-multi-playbook.yaml

Now, the content of the files involved here isn't THAT weird imho - the playbook looks like:
- connection: local
  gather_facts: true
  hosts: localhost
  name: Generate localhost facts
- connection: local
  gather_facts: false
  hosts: all
  name: Generate container file(s)
  roles:
  - role: tripleo_container_image_build
  vars:
    tcib_args:
      TRIPLEO_ANSIBLE_REQ: /usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleo-ansible-ee/requirements.yaml

which makes sense.

The inventory, on the other hand.... it explains why ansible tries to get the python_interpreter so many times[2]. I'm wondering if we couldn't pass the python interpreter as a host var via the inventory - especially since we're passing, right now, the tcib_python_version to the CLI... Maybe something to consider?

In any cases: the build is stuck here. Nothing is showing up in the log. The last line therein is:
2022-11-15 13:50:32,019 p=68068 u=stack n=ansible | <designate-backend-bind9> EXEC /bin/sh -c '/usr/bin/python3.9 && sleep 0'

and it's been like that for the time it took to make this comment here - over 7 minutes (with data gathering and so on).

The ansible.log is in the same state, so it's not doing things in the background I'd say... And the process listing doesn't show anything like that.

I see the following possibilities:
- either ensure we're not running too many things in parallel with the second "playbook" (using "serial: X" option)
- see what happens if we pass the ansible_python_interpreter to the inventory
- ... any other ideas?

[1] openstack tripleo container image build  \
        --base registry.access.redhat.com/ubi9:latest  \
        --debug --distro centos \
        --exclude neutron-mlnx-agent \
        --extra-config /home/stack/extra_config.yaml \
        --namespace tripleomastercentos9 \
        --prefix openstack \
        --push --registry 127.0.0.1:5000 \
        --tag adaac75f69ae93d6ae76ee320b90dc0a \
        --volume /etc/yum.repos.d:/etc/distro.repos.d:z \
        --volume /etc/pki/rpm-gpg:/etc/pki/rpm-gpg:z \
        --volume /etc/dnf/vars:/etc/dnf/vars:z \
        --work-dir /home/stack/container-builds \
        --tcib-extras tcib_release=9 \
        --tcib-extras tcib_python_version=3.9 >/home/stack/container_image_build.log 2>&1

all:
  hosts:
    aodh-api:
      ansible_connection: local
      tcib_actions:
      - run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all
          && rm -rf /var/cache/dnf
      - run: mkdir -p /var/www/cgi-bin/aodh && chmod 755 /var/www/cgi-bin/aodh &&
          cp -a /usr/bin/aodh-api /var/www/cgi-bin/aodh/ && sed -i -r 's,^(Listen
          80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,'
          /etc/httpd/conf.d/ssl.conf
      - run: ln -s /usr/share/openstack-tripleo-common/healthcheck/aodh-api /openstack/healthcheck
          && chmod a+rx /openstack/healthcheck
      tcib_distro: centos
      tcib_from: 127.0.0.1:5000/tripleomastercentos9/openstack-aodh-base:adaac75f69ae93d6ae76ee320b90dc0a
      tcib_meta:
        name: aodh-api
      tcib_packages:
        common:
        - httpd
        - mod_ssl
        - openstack-aodh-api
        - python3-ldappool
        - python3-mod_wsgi
      tcib_path: /home/stack/container-builds/b53ac1db-40c7-40b1-bf9d-7fb3d1b10afc/base/os/aodh-base/aodh-api
      tcib_python_version: '3.9'
      tcib_release: '9'
      workdir: /home/stack/container-builds/b53ac1db-40c7-40b1-bf9d-7fb3d1b10afc/base/os/aodh-base/aodh-api
    aodh-base:
      ansible_connection: local
      tcib_actions:
      - run: bash /usr/local/bin/uid_gid_manage aodh
      - run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all
          && rm -rf /var/cache/dnf
      tcib_distro: centos
      tcib_from: 127.0.0.1:5000/tripleomastercentos9/openstack-os:adaac75f69ae93d6ae76ee320b90dc0a
      tcib_meta:
        name: aodh-base
      tcib_packages:
        common:
        - openstack-aodh-common
      tcib_path: /home/stack/container-builds/b53ac1db-40c7-40b1-bf9d-7fb3d1b10afc/base/os/aodh-base
      tcib_python_version: '3.9'
      tcib_release: '9'
      workdir: /home/stack/container-builds/b53ac1db-40c7-40b1-bf9d-7fb3d1b10afc/base/os/aodh-base

[.....]

Revision history for this message

Cédric Jeanneret (cjeanner) wrote on 2022-11-15:

#3

After some more testing with Takashi++, we found the following:
- 2.14 seems to explode the "serial" limit, and runs everything up to a point it can't do anything
- 2.13 is far more conservative with the amount of running things - especially hosts.

A proposal is to link the "serial" option for the playbook to the amount of CPU, with a way to override it via an option to the container build CLI. At least, this is working fine locally, we'll do some more tests within the CI.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-16: Related fix proposed to python-tripleoclient (master)

#4

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/python-tripleoclient/+/864717

Cédric Jeanneret (cjeanner) on 2022-11-16

Changed in tripleo:
assignee:	nobody → Cédric Jeanneret (cjeanner)
assignee:	Cédric Jeanneret (cjeanner) → nobody

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-17: Related fix proposed to tripleo-ci (master)

#5

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-ci/+/864803

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-17: Related fix proposed to tripleo-quickstart-extras (master)

#6

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/864838

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-17: Change abandoned on tripleo-ci (master)

#7

Change abandoned by "Takashi Kajinami <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/tripleo-ci/+/864803
Reason: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/864838 is the right one it seems.

Revision history for this message

Rabi Mishra (rabi) wrote on 2022-11-17:

#8

ansible-runner PR https://github.com/ansible/ansible-runner/pull/1165

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-18: Change abandoned on python-tripleoclient (master)

#9

Change abandoned by "Takashi Kajinami <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/python-tripleoclient/+/864717

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-18: Related fix merged to tripleo-quickstart-extras (master)

#10

Reviewed: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/864838
Committed: https://opendev.org/openstack/tripleo-quickstart-extras/commit/c625becad164a5ad8f719c738520cb7e0e115694
Submitter: "Zuul (22348)"
Branch: master

commit c625becad164a5ad8f719c738520cb7e0e115694
Author: Takashi Kajinami <email address hidden>
Date: Thu Nov 17 13:22:15 2022 +0900

Do not use --debug for image build

    Since Ansible was bumped to 2.14, we've observed the container image
    build process gets stuck in the middle of ansible tasks to generate
    Docker/Buildah files, because of a bug[1] with ansible-runner.

This removes --debug option from the build command to avoid -vvv option
in the ansible command, to workaround the above bug.

[1] https://github.com/ansible/ansible-runner/issues/1164

Related-Bug: #1996612
Change-Id: I53c688077c65da03d8c3cf104862e02cefc2c615

Alan Pevec (apevec) on 2022-11-23

Changed in tripleo:
status:	Triaged → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-24: Related fix proposed to tripleo-ci (master)

#11

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-ci/+/865540

Revision history for this message

Sandeep Yadav (sandeepyadav93) wrote on 2022-11-24 (last edit on 2022-11-24):

#12

We are hitting same issue in master/zed container build now:

Proposed same workaround for container build job in build-container role

[0] https://logserver.rdoproject.org/57/42657/20/check/periodic-tripleo-ci-build-containers-ubi-9-quay-push-master/c964a70/logs/build.log
[1] https://review.opendev.org/c/openstack/tripleo-ci/+/865540

Sandeep Yadav (sandeepyadav93) on 2022-11-24

Changed in tripleo:
status:	Fix Released → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-11-24: Related fix merged to tripleo-ci (master)

#13

Reviewed: https://review.opendev.org/c/openstack/tripleo-ci/+/865540
Committed: https://opendev.org/openstack/tripleo-ci/commit/909c83bc625fac1479b281d325e29bb7b2388c3f
Submitter: "Zuul (22348)"
Branch: master

commit 909c83bc625fac1479b281d325e29bb7b2388c3f
Author: Sandeep Yadav <email address hidden>
Date: Thu Nov 24 18:20:24 2022 +0530

Do not use --debug for image build

    Since Ansible was bumped to 2.14, we've observed the container image
    build process gets stuck in the middle of ansible tasks to generate
    Docker/Buildah files, because of a bug[1] with ansible-runner.

This removes --debug option from the build command to avoid -vvv option
in the ansible command, to workaround the above bug.

Same workaround is added for content-provider already[2], adding same
workaround for build-containers role.

[1] https://github.com/ansible/ansible-runner/issues/1164
[2] https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/864838

Related-Bug: #1996612
Change-Id: I498c9cac7815d3d0682835d2bf943594dad2203c

Sandeep Yadav (sandeepyadav93) on 2022-11-25

Changed in tripleo:
status:	In Progress → Fix Released

tripleo

ansible-2.14: content-provider are broken

Bug Description

Other bug subscribers

Remote bug watches