Replace ipaddr() with ips_in_ranges() #4339
Conversation
hjensas
force-pushed
the
issue#4333
branch
4 times, most recently
from
3129a78
to
0503b29
Compare
|
I'm not sure what to do with this CI error: It's failing because netaddr is'nt on the master. How can that be when netaddr is in both requirement.txt and tests/requirements.txt? |
|
setting |
I'm investigating the possibility to set this at the inventory host-level in TripleO. I am checking with peers who have more experience with ansible services in TripleO. AFICT TripleO use host-level vars very sparsely. They are all set (in tripleo_common/inventory.py) outside of tripleo-heat-templates where service configuration is maintained. All host-level vars used are vary node specific, such as the hostnames on each network of a node, ips, uniqe server id's etc. See [1] for the nitty gritty details. There is no per-service vars defined at all. |
|
@guits said:
The ansible inventory is generated by TripleO with a script. We don't insert parameters there and host_vars would be more appropriate. However, we can't use host_vars for the ceph-ansible run because they are only [1] populated by the node-specific overrides [2]; i.e. we don't want to risk two tasks modifying the same host_vars file. Requiring someone to always use node-specific overrides for multiple monitor address blocks seems a regression however. Because ceph-ansible used to support passing the list like the one that produced the bug report [3], it seems a problem to now ask customers to use the complicated node-specific overrrides procedure [2]. Mapping the appropriate mon_address_block to each host is complicated. The ceph.conf already support a comma separated list of CIDRs for the public and cluster network options. As ceph-ansible used to support this and we have working code here (though yes it has a new filter) it still seems a better solution to me. Do we know what broke this from working earlier? Bug 1740283 might be a blocker for downstream Stein. @gfidente any ideas? [2] http://tripleo.org/install/advanced_deployment/node_specific_hieradata.html |
|
I have been testing a WIP patch to fix this in tripleo[1], however now the deployment fails in a different place. With the above patch the deployment now fail with: This happens since this change[2] started to use the ansible ipaddr module to get the first ip address in 'public_network'. I.e we can no longer pass a comma separated list of IP's as the public_network. This is a regression! We have documented using a comma separated list for the public_network and cluster_network in Red Hat's OSP documentation starting with OSP13. See the CephAnsibleExtraConfig in example[3], step 3 in the procedure. We used to be able to do: Doing so, now fails with the Update: Change [4] also uses [1] https://review.opendev.org/#/c/679060/ |
hjensas
changed the title
|
Talked to @dsavineau and we would probably need to update the following to deal with multiple IPs: https://github.com/ceph/ceph-ansible/blob/master/roles/ceph-infra/tasks/configure_firewall.yml#L25 Also, we should add a test for this in the CI. |
There was a problem hiding this comment.
As discussed with some TripleO guys, we will need some changes in that PR.
Out of the box multiple values in public_network doesn't work.
There's at least two cases where we need update the code
- firewall configuration as John mentioned. Because the
sourceparameter of the firewalld module doesn't support multiple values. TripleO doesn't use this part of the code, that's why you don't see the faillure [1]. - the
public_networkis also used by the mon container and I need to take a look at that part of the code [2][3]
On the ansible filter side, I would prefer to have the filter directory located under the plugins/filter directory and reference it in the ansible.cfg file via the filter_plugins key. This will avoid to modify the spec file.
Also it would be great to have tests for this filter.
[1] https://github.com/ceph/ceph-ansible/blob/master/roles/ceph-infra/tasks/configure_firewall.yml
[2] https://github.com/ceph/ceph-ansible/blob/master/roles/ceph-mon/templates/ceph-mon.service.j2#L39
[3] https://github.com/ceph/ceph-container/blob/master/src/daemon/start_mon.sh#L83-L119
tests/requirements.txt
Outdated
| @@ -5,8 +5,8 @@ pytest-xdist==1.28.0 | |||
| pytest>=4.4,<4.5 | |||
| notario>=0.0.13 | |||
| ansible>=2.8,<2.9 | |||
| netaddr | |||
| netaddr # For the ansible filter: ips_in_ranges | |||
There was a problem hiding this comment.
I don't think you need to update this file.
There was a problem hiding this comment.
Without this the CI won't install netaddr. Because a grep is used here:
https://github.com/ceph/ceph-build/blob/08b569d032e8d67643fdbbb33fb6006b3f8d635e/ceph-ansible-pr-syntax-check/build/build#L11
Adding a comment containing the "ansible" string is more like a workaround to ensure that CI job passes. (Adding the "ansible" string include that line in the grep result and thus the netaddr requirement is installed.)
There was a problem hiding this comment.
No, we install the deps via tox https://github.com/ceph/ceph-ansible/blob/master/tox.ini#L418 otherwise the ipaddr filter would have never work.
There was a problem hiding this comment.
Not for the ceph-ansible-pr-syntax-check job, it installs deps via tox like this:
"$VENV"/pip install -r <(grep ansible "$WORKSPACE"/ceph-ansible/tests/requirements.txt)
Effectively passing only tests/requirements.txt#L7 containing ansible>=2.8,<2.9.
The ceph-ansible-pr-syntax-check never exercice any code that use the ipaddr filter, and since ansible does conditional loading it will work until the filter is actually used.
I do however agree that me adding that comment in requirements.txt is a workaround. I will remove it and then we can solve the problem in ceph/ceph-build instead.
There was a problem hiding this comment.
Here is the CI log showing that dependencies are not properly installed:
https://2.jenkins.ceph.com/job/ceph-ansible-pr-syntax-check/1204/console
There was a problem hiding this comment.
I pushed this PR ceph/ceph-build#1391 which I belive should fix the problem with netaddr not being pulled in as a dependency in the ceph-ansible-pr-syntax-check job.
There was a problem hiding this comment.
OK, I can move the plugin and update the config instead. I will try to figure out a test as well.
I was'nt aware of the firewall issue. I would suggest addressing that in a separate commit?
Regarding the mon container, it looks like the code[1] already expect a comma separated list as it replaces whitespace? (-e CEPH_PUBLIC_NETWORK={{ public_network | regex_replace(' ', '') }}) The other pice of code[2] would be good to investigate, but looking at history most of it is 2 years old. If TripleO is using that code then it did'nt fail during OSP13/OSP14 testing.
[1] https://github.com/ceph/ceph-ansible/blob/master/roles/ceph-mon/templates/ceph-mon.service.j2#L39
[2] https://github.com/ceph/ceph-container/blob/master/src/daemon/start_mon.sh#L83-L119
tests/requirements.txt
Outdated
| @@ -5,8 +5,8 @@ pytest-xdist==1.28.0 | |||
| pytest>=4.4,<4.5 | |||
| notario>=0.0.13 | |||
| ansible>=2.8,<2.9 | |||
| netaddr | |||
| netaddr # For the ansible filter: ips_in_ranges | |||
There was a problem hiding this comment.
Without this the CI won't install netaddr. Because a grep is used here:
https://github.com/ceph/ceph-build/blob/08b569d032e8d67643fdbbb33fb6006b3f8d635e/ceph-ansible-pr-syntax-check/build/build#L11
Adding a comment containing the "ansible" string is more like a workaround to ensure that CI job passes. (Adding the "ansible" string include that line in the grep result and thus the netaddr requirement is installed.)
Yes we can.
Yes this seems only to be useful for network auto detect which isn't used in ceph-ansible. |
hjensas
force-pushed
the
issue#4333
branch
2 times, most recently
from
dc639fa
to
e9c5689
Compare
This change removes the grep for 'ansible' when isntalling requirements in ceph-ansible-pr-syntax-check. The grep cause onlye the ansible requirement to be installed, ignoring the other packages. This causes an issue in PR[1] which introduce a filter plugin that depend on the netaddr package. [1] ceph/ceph-ansible#4339 Closes: ceph#1390 Signed-off-by: Harald Jensås <hjensas@redhat.com>
This change removes the grep for 'ansible' when installing requirements in ceph-ansible-pr-syntax-check. The grep cause onlye the ansible requirement to be installed, ignoring the other packages. This causes an issue in PR[1] which introduce a filter plugin that depend on the netaddr package. [1] ceph/ceph-ansible#4339 Closes: ceph#1390 Signed-off-by: Harald Jensås <hjensas@redhat.com>
|
jenkins test pipeline |
|
Could you modify the $ pytest -vvvv plugins/
============================================================================================================ test session starts =============================================================================================================
platform linux -- Python 3.7.3, pytest-5.1.2, py-1.8.0, pluggy-0.12.0 -- /home/ds/Workspace/.venv/pytest/bin/python3
cachedir: .pytest_cache
rootdir: /home/ds/Documents/repo/ceph/ceph-ansible
collected 0 items / 1 errors
=================================================================================================================== ERRORS ===================================================================================================================
_________________________________________________________________________________________ ERROR collecting plugins/filter/test_ipaddrs_in_ranges.py __________________________________________________________________________________________
ImportError while importing test module '/home/ds/Documents/repo/ceph/ceph-ansible/plugins/filter/test_ipaddrs_in_ranges.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/home/ds/Workspace/.venv/pytest/lib/python3.7/site-packages/_pytest/python.py:501: in _importtestmodule
mod = self.fspath.pyimport(ensuresyspath=importmode)
/home/ds/Workspace/.venv/pytest/lib/python3.7/site-packages/py/_path/local.py:701: in pyimport
__import__(modname)
/home/ds/Workspace/.venv/pytest/lib/python3.7/site-packages/_pytest/assertion/rewrite.py:140: in exec_module
exec(co, module.__dict__)
plugins/filter/test_ipaddrs_in_ranges.py:1: in <module>
from . import ipaddrs_in_ranges
E ImportError: attempted relative import with no known parent package
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Interrupted: 1 errors during collection !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
============================================================================================================== 1 error in 0.10s ==============================================================================================================Also looking at the CI failure I think we need to modify all tox files and add the |
Sorry I didn't see that was already handled in the PR. |
I think this happens because we set ANSIBLE_FILTER_PLUGINS = {toxinidir}/plugins/filter in tox-update.ini. This makes the plugin in master available for the update step. I think we need to set these: I will test this locally and update the patch. |
|
Looking quickly on this, I think we can just remove |
This makes sense, trying that now ... |
|
jenkins test dev-centos-container-update |
|
Also I noticed that the filter tests aren't working with py27 even if the travis job reports a success =============================== warnings summary ===============================
plugins/filter/test_ipaddrs_in_ranges.py:4
/home/travis/build/ceph/ceph-ansible/plugins/filter/test_ipaddrs_in_ranges.py:4: PytestWarning: cannot collect test class 'TestIpaddrsInRanges' because it has a __init__ constructor
class TestIpaddrsInRanges(object): |
|
jenkins test dev-centos-container-update |
|
jenkins test pipeline |
|
@guits Why is the DNM label back on this? Are you working on an alternative solution? I have worked with @dsavineau and some related fixes have already been merged. (#4433 and ceph/ceph-build#1391). We attempted a fix in TripleO, see [1], [2] and [3]. It would be possible for the See #4339 (comment) which have more details. [1] https://review.opendev.org/679410 |
|
jenkins test pipeline |
|
jenkins test dev-centos-container-update |
|
jenkins test dev-centos-container-update |
|
jenkins test pipeline |
2 similar comments
|
jenkins test pipeline |
|
jenkins test pipeline |
|
My understanding is that @guits wants to review this further with @dsavineau and then he'll probably request other changes or remove the DNM. He just doesn't want it to merge without his review. |
|
jenkins test pipeline |
This change implements a filter_plugin that is used in the ceph-facts, ceph-validate roles and infrastucture-playbooks. The new filter plugin will return a list of all IP address that reside in any one of the given IP ranges. The new filter replaces the use of the ipaddr filter. ceph.conf already support a comma separated list of CIDRs for the public_network and cluster_network options. Changes: [1] and [2] introduced a regression in ceph-ansible where public_network can no longer be a comma separated list of cidrs. With this change a comma separated list of subnet CIDRs can also be used for monitor_address_block and radosgw_address_block. [1] commit: d67230b [2] commit: 20e4852 Related-To: https://bugs.launchpad.net/tripleo/+bug/1840030 Related-To: https://bugzilla.redhat.com/show_bug.cgi?id=1740283 Closes: ceph#4333 Please backport to stable-4.0 Signed-off-by: Harald Jensås <hjensas@redhat.com>
yup, that's correct |
Replace ipaddr() with ips_in_ranges()
This change implements a filter_plugin that is used in the
ceph-facts, ceph-validate roles and infrastucture-playbooks.
The new filter plugin will return a list of all IP address
that reside in any one of the given IP ranges. The new filter
replaces the use of the ipaddr filter.
ceph.conf already support a comma separated list of CIDRs
for the public_network and cluster_network options.
Changes: [1] and [2] introduced a regression in ceph-ansible
where public_network can no longer be a comma separated list
of cidrs.
With this change a comma separated list of subnet CIDRs can
also be used for monitor_address_block and radosgw_address_block.
NOTE:
the filter_plugins are copied to the buildroot.
so that netaddr is installed as requiement for the
ceph-ansible-pr-syntax-check.
[1] commit: d67230b
[2] commit: 20e4852
Related-To: https://bugs.launchpad.net/tripleo/+bug/1840030
Related-To: https://bugzilla.redhat.com/show_bug.cgi?id=1740283
Closes: #4333
Please backport to stable-4.0
Signed-off-by: Harald Jensås hjensas@redhat.com