New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decouple log syncing from AWS and OpenStack roles #4398
Conversation
Thanks for the pull request, @xitij2000! I've created OSPR-2311 to keep track of it in JIRA. JIRA is a place for product owners to prioritize feature reviews by the engineering development teams. Feel free to add as much of the following information to the ticket:
All technical communication about the code itself will still be done via the GitHub pull request interface. As a reminder, our process documentation is here. If you like, you can add yourself to the AUTHORS file for this repo, though that isn't required. Please see the CONTRIBUTING file for more information. |
@edx/devops More deploy-agnosticism to review! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This works great @xitij2000 ! I'm ready to approve once my comments below have been addressed and re-tested.
Would like to see this run on an AWS deployment though.. @feanil is this covered by the automated tests, or do we need to set up an AWS sandbox?
- I tested this on OpenStack deployments using the various configuration options, by deploying a new OpenStack Open edX appserver using each of the following configurations, and force-rotating the tracking logs to ensure that they were synced to the intended storage locations.
Permutations tested:- No log syncing enabled: Log rotation works without error.
Default behaviour; requires no special configuration. - S3 only. Backwards compatibility with the
COMMON_OBJECT_STORE_LOG_SYNC*
variables is also preserved.COMMON_S3_LOG_SYNC: true COMMON_S3_LOG_SYNC_BUCKET: bucket-name AWS_S3_LOGS_ACCESS_KEY_ID: *** AWS_S3_LOGS_SECRET_KEY: ***
- SWIFT only. Backwards compatibility with the
COMMON_OBJECT_STORE_LOG_SYNC_*
variables is also preserved.COMMON_SWIFT_LOG_SYNC: true COMMON_SWIFT_LOG_SYNC_BUCKET: container-name SWIFT_LOG_SYNC_AUTH_URL: *** SWIFT_LOG_SYNC_PASSWORD: *** SWIFT_LOG_SYNC_REGION_NAME: *** SWIFT_LOG_SYNC_TENANT_NAME: *** SWIFT_LOG_SYNC_USERNAME: ***
- SWIFT + S3. Achieved by combining the two stanzas above.
- No log syncing enabled: Log rotation works without error.
- I read through the code
-
I checked for accessibility issuesN/A - Includes documentation.
{% else %} | ||
sec_grp="" | ||
{% endif %} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand that this change was introduced to avoid having unavailable/
show up in the S3 log path. But since it doesn't cause any issues, and this adds some unneeded complexity, I'd rather e419f58 and the associated b17204a were reverted.
The most important thing is that the log file paths are unique so existing log files are not overridden with different data. This behaviour is guaranteed from an OpenStack perspective by the ${instance_id}
, and from an AWS perspective by the ${sec_grp}/${instance_id}
.
- boto=="{{ common_boto_version }}" | ||
- s3cmd==1.6.1 | ||
|
||
aws_redhat_pkgs: [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm.. AWS instances need these aws_debian_pkgs
, aws_pip_pkgs
, and aws_pip_pkgs
installed regardless of whether they're doing log syncing.
Please reinstate these lines and the aws/task/main.yml lines below which use them, and instead, make the aws
role a meta
dependency of log_sync_s3
, instead of the other way around.
We can ask edX for help deploying an AWS sandbox using this configuration, to make double sure it works, if the automated tests aren't already covering this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pomegranited I made log_sync_s3
a dependency of aws
for backwards compatibility because currently people running that role might expect it to also set up log syncing.
Additionally, I don't know the side-effect of running the AWS role on a non-AWS instance, so I wasn't sure about making log syncing to S3 depend on that role.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made
log_sync_s3
a dependency ofaws
for backwards compatibility because currently people running that role might expect it to also set up log syncing.
Ok that makes sense, since we don't know what playbook people might be running the aws
role from.
Thanks for the explanation!
AWS_S3_LOGS_SECRET_KEY: "" | ||
|
||
aws_s3_sync_script: "{{ vhost_dirs.home.path }}/send-logs-to-s3" | ||
aws_s3_logfile: "{{ vhost_dirs.logs.path }}/s3-log-sync.log" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These lines (and these, in the log_sync_swift
role), are why these files get created in /edx/app/openstack
when installed on Openstack VMs.
Since the file names are different, and symlinks are created, I don't think this is a problem to leave as-is.
|
||
aws_s3_sync_script: "{{ vhost_dirs.home.path }}/send-logs-to-s3" | ||
aws_s3_logfile: "{{ vhost_dirs.logs.path }}/s3-log-sync.log" | ||
aws_region: "us-east-1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Irrelevant to this change, but I'd really like to see this variable be made configurable, to better support other AWS regions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pomegranited I've added a setting to override this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oo thank you! 😄
@@ -15,10 +15,9 @@ fi | |||
# Ensure the log processors can read without | |||
# running as root | |||
if [ ! -f "{{ aws_s3_logfile }}" ]; then | |||
sudo -u syslog touch "{{ aws_s3_logfile }}" | |||
else | |||
chown syslog.syslog "{{ aws_s3_logfile }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for fixing this! It's always bugged me 😄
b17204a
to
aceb544
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Thanks for addressing my comments @xitij2000 !
- I re-tested this as described in Decouple log syncing from AWS and OpenStack roles #4398 (review)
- I read through the code
-
I checked for accessibility issuesN/A - Includes documentation
@xitij2000 Thanks. Could you please squash the commits? |
9634254
to
da6dfe7
Compare
@nedbat Sure! Just rebased and squashed. |
da6dfe7
to
d7c96e7
Compare
…ck roles Allow enabling either/both/neither log syncing roles irrespective of deployment platform
d7c96e7
to
892568e
Compare
@edx/devops I believe this is now ready for review |
@mduboseedx I've updated the ticket status and prioritized it in our backlog. For all concerned, I think we'll be able to start this review next week or so. |
Awesome, thank you @feanil and @mduboseedx ! |
Thanks! |
@feanil Were you able to review this then? I'd love to get some feedback in case we need to make changes. Thanks! |
@edx/devops this is a request we'd like in Hawthorn. |
@edx/devops Can we get a response about when this might be reviewed? It's mentioned on the Hawthorn wiki page |
@edx/devops @fredsmith @jibsheet @coryleeio @jdmulloy @feanil Is there some other process we should be using to communicate about pull requests? |
The communication channel is correct. Unfortunately, we haven't had time to review due to internal deadlines. I am bumping the review ticket and we will check it's priority in standup in the morning. |
We're closing this PR since we've decided to phase out our use of SWIFT in our Open edX deployments. While it would be nice to see support for alternative storage backends in the Open edX platform, a combination of factors such as issues with our SWIFT provider, issues with the SWIFT integration in Open edX and the general lack of reactivity in getting fixes like this merged, make this work untenable for us. We would be happy to help anyone willing to take over that work though. We could also work on removing support for SWIFT if preferred. |
@xitij2000 Even though your pull request wasn’t merged, please take a moment to answer a two question survey so we can improve your experience in the future. |
This PR splits out the log syncing bits of the openstack and AWS roles to their own roles such that either or both can be enabled.
The aim is to decouple the log syncing destination from AWS/OpenStack so a server deployed on OpenStack can sync to S3 and a server deployed to AWS can sync to SWIFT, or a server can sync to both.
This replaces #3522
Sandbox URL:
Merge deadline: We would love to get this into Hawthorn
Testing instructions:
COMMON_OBJECT_STORE_LOG_SYNC
set, and AWS log sync settings configuredCOMMON_S3_LOG_SYNC
set, and the AWS log sync settings configuredCOMMON_SWIFT_LOG_SYNC
set, and OpenStack settings configured., and
COMMON_SWIFT_LOG_SYNC`` set, and with both AWS and OpenStack settings configured.Reviewers
Settings
Make sure that the following steps are done before merging: