replace bash for loop when checking API server SANs #8050
Conversation
k8s-ci-robot
added
kind/flake
|
Hi @rptaylor. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
While I am testing it |
k8s-ci-robot
added
the
do-not-merge/hold
|
NACK, I've introduced bash for loop because it's way faster |
rptaylor
force-pushed
the
20211005-fix-bash-loops
branch
from
6d8beaf
to
73c50b7
Compare
k8s-ci-robot
added
size/M
rptaylor
changed the title
rptaylor
force-pushed
the
20211005-fix-bash-loops
branch
2 times, most recently
from
79dcbff
to
87baf07
Compare
|
@champtar Thanks for the info. Maybe there was a performance regression in Ansible (I tested with 2.9.24 and it was okay) or some other problem that caused it to be slow? In my testing I found no evidence of a performance problem with this PR. |
|
Aside from leveraging Ansible design patterns, the benefit of changing this is making it easier to read, maintain, and debug, using Ansible features instead of bash features, and the output will provide better visibility for users so they will be able to see and understand what is happening if something fails (i.e. reducing support requests). |
|
/unhold |
k8s-ci-robot
removed
the
do-not-merge/hold
|
Besides, as can be inferred from the timers (which only shows the top contributors), aside from a few slow tasks that stand out, the bulk of the time is made up of a very long tail of tasks; pretty much all tasks take ~ 2-4s and there are quite a lot of them, so it shouldn't make much difference whether one single task (which only runs on master nodes) takes 2s or 4s. |
|
@champtar thanks for your consideration. I agree speed is a weakness of Kubespray, there are surely areas that can be streamlined; anything in the downloads role particularly would have a big impact. I also have another cluster with ~ 200 nodes that can be very slow to operate on, I wonder if mitogen or SSH pipelining would help. I think the execution for all items in a loop are transmitted in one go that way. |
|
Pipelining is already enabled most of the time, mitogen seems not to be maintained anymore sadly. |
|
Not sure what to think about this, on one hand I agree that it's best to follow guidelines and best practices, no argument there; but on the other hands, it this allow some performance improvement I don't see the harm in keeping it that way. When there is a choice between deprecated things, security concerns etc.. and performance the choice is more of a no brainer, but here if I get this right it's only "cosmetic" changes, so if we are doing a vote, I'm more in keeping it the way it is. /cc @oomichi @EppO @holmsten if you want to share your thoughts. |
|
@floryut Does a difference of ~ 0.1% (about 2s out of 30m for a typical small cluster in a normal latency deployment scenario) qualify as a performance issue? It is imperceptible. |
|
Running Kubespray 2.16 on a somewhat large cluster (~100 nodes) took 2.5 hours for the upgrade cluster play to complete. The download role was among the biggest offenders, even with download caching, and when all files had already been previously downloaded, it took about 1 hour to do effectively nothing (just checking the downloads were there). Checking the SANs was still about ~2-4 seconds. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
k8s-ci-robot
added
the
needs-rebase
|
@rptaylor: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
rptaylor
force-pushed
the
20211005-fix-bash-loops
branch
from
87baf07
to
7896bc7
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: rptaylor The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
size/XS
What type of PR is this?
What this PR does / why we need it:
Following best practices, use appropriate design patterns built in to Ansible instead of doing logic and scripting in bash.
This also avoids using the ansible shell module (Ansible documentation:
If you want to execute a command securely and predictably, it may be better to use the ansible.builtin.command module instead. Best practices when writing playbooks will follow the trend of using ansible.builtin.command unless the ansible.builtin.shell module is explicitly required.)https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html
Special notes for your reviewer:
Bash for loop was introduced by #7463
Does this PR introduce a user-facing change?:
No