-
Notifications
You must be signed in to change notification settings - Fork 619
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(build): upgraded openssl to latest in Cargo.toml after resolving … #5565
Conversation
…buildkite issues and package upgrades
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would raise a concern of migrating from openssl 1.1.x to openssl 3 would it be dynamically linked, but since we already statically link it, there should be no issue with the upgrade since it is self-contained
Aftefr openssl upgrade, test Seems like it panic on: |
better error message:
|
Spend five minutes looking into this, feels rather mysterious:
Probably won't look into this further today. |
@matklad Can you help with this one, as I'm at capacity so would appreciate some help :D |
On my plate for tomorrow! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Made some progress: Running just four tests in parallel with openssl 3 fails:
The reason the health_ok fails is that is is just slow under open ssl when running concurrently -- the test just takes more than 2 seconds, so, by the time we are actually sending a requenst, the chain thinks it is stalled. Now why openssl causes a massive slowdown on startup (40ms -> 1s) is something I am still investigating. |
Narrowed this down! This line (telemetry) nearcore/chain/telemetry/src/lib.rs Line 32 in 29799ae
goes from 40ms to 1s due to openssl upgrade |
I think this is what we are hitting here: |
Ok, so the test failure highlights a real problem: with the new openssl, our startup can become significantly (1.5 seconds) slower. The root culprit is that one of the openssl initialization routines got unreasonably slower in openssl 3.0.0 (sfackler/rust-openssl#1576). This is exacerbated by the fact that actix web client which we use for telemetry calls this initialization three times (actix/actix-web#2502). Our options:
I need some help with evaluation this, as I don't really know if sticking to older openssl is acceptable for us. |
@matklad Unless those are security related issues. It's better to keep the old version.
I think this makes more sense |
The important bit I was missing is that openssl 1.1.1 is still supported, and is going to be supported for some time:
https://www.openssl.org/policies/releasestrat.html It seems like rust-openssl might revert 3.0.0 as well: sfackler/rust-openssl#1576 So, the course of action here is essentially "do-nothing":
|
Hit this while debugging near#5565
Hit this while debugging #5565
…buildkite issues and package upgrades.
Ran:
Related issue: #5109
Blocker: buildkite/elastic-ci-stack-for-aws#970