New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openstack: use OS_AUTH_TYPE=token_endpoint when possible #949
Conversation
@dmick this should avoid 429 errors on OVH |
@@ -111,7 +116,7 @@ def create(self, num, os_type, os_version, arch, resources_hint): | |||
flavor = self.flavor(resources_hint['machine'], | |||
config['openstack'].get('flavor-select-regexp')) | |||
cmd = ("flock --close --timeout 28800 /tmp/teuthology-server-create.lock" + | |||
" openstack server create" + | |||
" openstack --quiet server create" + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems unconnected?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what does unconnected mean in this context ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change has nothing to do with the rest of the changes or the symptom
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, right
Test failures? |
@dmick test failures ? which test failures ;-) |
Thank you, rereviewing |
I've tried several times to find the actual reference for how Openstack auth works that would allow me to understand these changes, and failed. Do you have a pointer? also, can we separate the unconnected changes into a separate commit for clarity? |
I don't unfortunately. I browsed the code of https://pypi.python.org/pypi/python-openstackclient and https://github.com/openstack/keystone until I figured out how to do what we need which is reusing tokens. I think auth token throttling is unique to OVH, reason why documented strategies / implementations to cope with that do not exist. It also explains why some code paths have bugs when using an existing token instead of obtaining a new one. It's not a blocker since we can always fallback to the user/password authentication when it is the case. I will separate the unconnected changes into a separate commit. |
It requires setting the OS_URL depending on the command and avoids calling the auth endpoint entirely. Fixes: http://tracker.ceph.com/issues/16893 Signed-off-by: Loic Dachary <loic@dachary.org>
Do you still plan to do this? Our ovh runs are still failing every night |
I did it right away, did I miss anything ? |
I still only see one commit, so didn't look. Did you just remove that code altogether? |
Yes, the --quiet option that you mentionned as unconnected was unnecessary. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK. Well it can't get much worse, so let's give it a shot.
It requires setting the OS_URL depending on the command and avoids
calling the auth endpoint entirely.
Fixes: http://tracker.ceph.com/issues/16893
Signed-off-by: Loic Dachary loic@dachary.org