openstack: use OS_AUTH_TYPE=token_endpoint when possible #949
Conversation
|
@dmick this should avoid 429 errors on OVH |
| @@ -111,7 +116,7 @@ def create(self, num, os_type, os_version, arch, resources_hint): | |||
| flavor = self.flavor(resources_hint['machine'], | |||
| config['openstack'].get('flavor-select-regexp')) | |||
| cmd = ("flock --close --timeout 28800 /tmp/teuthology-server-create.lock" + | |||
| " openstack server create" + | |||
| " openstack --quiet server create" + | |||
There was a problem hiding this comment.
what does unconnected mean in this context ?
There was a problem hiding this comment.
The change has nothing to do with the rest of the changes or the symptom
|
Test failures? |
|
@dmick test failures ? which test failures ;-) |
|
Thank you, rereviewing |
|
I've tried several times to find the actual reference for how Openstack auth works that would allow me to understand these changes, and failed. Do you have a pointer? also, can we separate the unconnected changes into a separate commit for clarity? |
I don't unfortunately. I browsed the code of https://pypi.python.org/pypi/python-openstackclient and https://github.com/openstack/keystone until I figured out how to do what we need which is reusing tokens. I think auth token throttling is unique to OVH, reason why documented strategies / implementations to cope with that do not exist. It also explains why some code paths have bugs when using an existing token instead of obtaining a new one. It's not a blocker since we can always fallback to the user/password authentication when it is the case. I will separate the unconnected changes into a separate commit. |
It requires setting the OS_URL depending on the command and avoids calling the auth endpoint entirely. Fixes: http://tracker.ceph.com/issues/16893 Signed-off-by: Loic Dachary <loic@dachary.org>
Do you still plan to do this? Our ovh runs are still failing every night |
|
I did it right away, did I miss anything ? |
|
I still only see one commit, so didn't look. Did you just remove that code altogether? |
|
Yes, the --quiet option that you mentionned as unconnected was unnecessary. |
It requires setting the OS_URL depending on the command and avoids
calling the auth endpoint entirely.
Fixes: http://tracker.ceph.com/issues/16893
Signed-off-by: Loic Dachary loic@dachary.org