infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 66 Pull requests Projects Releases Packages Wiki Activity Actions

aarch64 osbs cluster production #7411

New issue
Closed
opened 2018-11-29 11:03:37 +00:00 by cverna · 15 comments
cverna commented 2018-11-29 11:03:37 +00:00
Copy link
  • Describe what you need us to do:

I have finally the OSBS building aarch64 images in stg, so we can move forward an get some machine to deploy a cluster in production.

Link to the original RFR https://pagure.io/fedora-infrastructure/issue/7184

Port 8443 needs to be open with the following hosts:

osbs-node01.phx2.fedoraproject.org
osbs-node02.phx2.fedoraproject.org
osbs-master01.phx2.fedoraproject.org

  • When do you need this? (YYYY/MM/DD)
    When time allows

  • When is this no longer needed or useful? (YYYY/MM/DD)

  • If we cannot complete your request, what is the impact?

* Describe what you need us to do: I have finally the OSBS building aarch64 images in stg, so we can move forward an get some machine to deploy a cluster in production. Link to the original RFR https://pagure.io/fedora-infrastructure/issue/7184 Port 8443 needs to be open with the following hosts: ``` osbs-node01.phx2.fedoraproject.org osbs-node02.phx2.fedoraproject.org osbs-master01.phx2.fedoraproject.org ``` * When do you need this? (YYYY/MM/DD) When time allows * When is this no longer needed or useful? (YYYY/MM/DD) * If we cannot complete your request, what is the impact?
smooge commented 2018-12-03 15:41:40 +00:00
Copy link

Metadata Update from @smooge:

  • Issue assigned to smooge
**Metadata Update from @smooge**: - Issue assigned to smooge
kevin commented 2018-12-04 00:50:09 +00:00
Copy link

Can you clarify how many nodes we need here? Can we just do one like we did for staging?

Can you clarify how many nodes we need here? Can we just do one like we did for staging?
cverna commented 2018-12-04 07:38:40 +00:00
Author
Copy link

Can you clarify how many nodes we need here? Can we just do one like we did for staging?

it does work with one VM being master and node at the same time (this is what we have in stg). But I am not sure how this will scale, If possible I think it would be better with 2 VMs in prod, 1 master and 1 node ? if we can't get that lets go with only 1 VM and see how that performs.

> Can you clarify how many nodes we need here? Can we just do one like we did for staging? it does work with one VM being master and node at the same time (this is what we have in stg). But I am not sure how this will scale, If possible I think it would be better with 2 VMs in prod, 1 master and 1 node ? if we can't get that lets go with only 1 VM and see how that performs.
smooge commented 2018-12-04 16:00:24 +00:00
Copy link

Just for everyone at home to understand the problem. Every OSBS server we bring up drops down the number of aarch64 regular builders we can have on the 23 systems we can use in the moonshot. Those are the second 'slowest' part of the build system so we like to have a lot of them to spread around the load. So we can either have 3 OSBS-nodes or we can have 3 builders.

Just for everyone at home to understand the problem. Every OSBS server we bring up drops down the number of aarch64 regular builders we can have on the 23 systems we can use in the moonshot. Those are the second 'slowest' part of the build system so we like to have a lot of them to spread around the load. So we can either have 3 OSBS-nodes or we can have 3 builders.
smooge commented 2018-12-07 22:38:56 +00:00
Copy link

osbs-aarch64-master has been built. Please see how this works

osbs-aarch64-master has been built. Please see how this works
smooge commented 2018-12-07 22:48:07 +00:00
Copy link

And it won't because of something in the plays:

TASK [osbs-namespace : query osbs namespace] ********************************************************************************************************************************
Friday 07 December 2018  22:34:17 +0000 (0:00:00.093)       0:25:02.744 *******
fatal: [osbs-aarch64-master01.arm.fedoraproject.org]: FAILED! => {"msg": "The conditional check 'namespace_result.rc != 0 and ('not found' not in namespace_result.stderr)' failed. The error was: error while evaluating conditional (namespace_result.rc != 0 and ('not found' not in namespace_result.stderr)): Unable to look up a name or access an attribute in template string ({% if namespace_result.rc != 0 and ('not found' not in namespace_result.stderr) %} True {% else %} False {% endif %}).\nMake sure your variable name does not contain invalid characters like '-': argument of type 'StrictUndefined' is not iterable"}

PLAY RECAP ******************************************************************************************************************************************************************
osbs-aarch64-master01.arm.fedoraproject.org : ok=163  changed=121  unreachable=0    failed=1
And it won't because of something in the plays: ``` TASK [osbs-namespace : query osbs namespace] ******************************************************************************************************************************** Friday 07 December 2018 22:34:17 +0000 (0:00:00.093) 0:25:02.744 ******* fatal: [osbs-aarch64-master01.arm.fedoraproject.org]: FAILED! => {"msg": "The conditional check 'namespace_result.rc != 0 and ('not found' not in namespace_result.stderr)' failed. The error was: error while evaluating conditional (namespace_result.rc != 0 and ('not found' not in namespace_result.stderr)): Unable to look up a name or access an attribute in template string ({% if namespace_result.rc != 0 and ('not found' not in namespace_result.stderr) %} True {% else %} False {% endif %}).\nMake sure your variable name does not contain invalid characters like '-': argument of type 'StrictUndefined' is not iterable"} PLAY RECAP ****************************************************************************************************************************************************************** osbs-aarch64-master01.arm.fedoraproject.org : ok=163 changed=121 unreachable=0 failed=1 ```
cverna commented 2018-12-12 07:54:55 +00:00
Author
Copy link

Thanks @smooge, I am taking it from here.

The Origin container image are not yet available in our registry for aarch64 so they need to be manually pulled on the box for the first deployment

Thanks @smooge, I am taking it from here. The Origin container image are not yet available in our registry for aarch64 so they need to be manually pulled on the box for the first deployment
cverna commented 2018-12-12 07:54:56 +00:00
Author
Copy link

Metadata Update from @cverna:

  • Issue close_status updated to: Fixed
  • Issue status updated to: Closed (was: Open)
**Metadata Update from @cverna**: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
cverna commented 2018-12-12 14:15:32 +00:00
Author
Copy link

So it seems that osbs-control01.phx2.fedoraproject.org cannot ssh to osbs-aarch64-master01.arm.fedoraproject.org. I checked that osbs-aarch64-master01.arm.fedoraproject.org add the correct ssh key in .ssh/authorized_keys. Is this something related to the firewall ?

Full error from the playbook

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
Wednesday 12 December 2018  14:10:02 +0000 (0:00:00.081)       0:00:01.139 **** 
fatal: [osbs-aarch64-master01.arm.fedoraproject.org]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"osbs-aarch64-master01.arm.fedoraproject.org\". Make sure this host can be reached over ssh", "unreachable": true}
So it seems that `osbs-control01.phx2.fedoraproject.org` cannot ssh to `osbs-aarch64-master01.arm.fedoraproject.org`. I checked that `osbs-aarch64-master01.arm.fedoraproject.org` add the correct ssh key in `.ssh/authorized_keys`. Is this something related to the firewall ? Full error from the playbook ``` TASK [Gathering Facts] ******************************************************************************************************************************************************************************************** Wednesday 12 December 2018 14:10:02 +0000 (0:00:00.081) 0:00:01.139 **** fatal: [osbs-aarch64-master01.arm.fedoraproject.org]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"osbs-aarch64-master01.arm.fedoraproject.org\". Make sure this host can be reached over ssh", "unreachable": true} ```
cverna commented 2018-12-12 14:15:39 +00:00
Author
Copy link

Metadata Update from @cverna:

  • Issue status updated to: Open (was: Closed)
**Metadata Update from @cverna**: - Issue status updated to: Open (was: Closed)
bowlofeggs commented 2018-12-13 21:13:25 +00:00
Copy link

Metadata Update from @bowlofeggs:

  • Issue priority set to: Waiting on Assignee (was: Needs Review)
  • Issue tagged with: request-for-resources
**Metadata Update from @bowlofeggs**: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: request-for-resources
cverna commented 2019-01-03 09:59:54 +00:00
Author
Copy link

So I tried to manually ssh from osbs-control01.phx2.fp.o to the aarch64 master and I get a Connection refused.

ssh -vv osbs-aarch64-master01.arm.fedoraproject.org
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "osbs-aarch64-master01.arm.fedoraproject.org" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to osbs-aarch64-master01.arm.fedoraproject.org [10.5.129.33] port 22.
debug1: connect to address 10.5.129.33 port 22: Connection refused
ssh: connect to host osbs-aarch64-master01.arm.fedoraproject.org port 22: Connection refused

That makes me thinks that the firewall does not allow ssh between this 2 boxes, since I can successfully ssh to osbs-aarch64-master01.arm.fedoraproject.org through bastion

So I tried to manually ssh from `osbs-control01.phx2.fp.o` to the aarch64 master and I get a Connection refused. ``` ssh -vv osbs-aarch64-master01.arm.fedoraproject.org OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "osbs-aarch64-master01.arm.fedoraproject.org" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to osbs-aarch64-master01.arm.fedoraproject.org [10.5.129.33] port 22. debug1: connect to address 10.5.129.33 port 22: Connection refused ssh: connect to host osbs-aarch64-master01.arm.fedoraproject.org port 22: Connection refused ``` That makes me thinks that the firewall does not allow ssh between this 2 boxes, since I can successfully ssh to `osbs-aarch64-master01.arm.fedoraproject.org` through bastion
smooge commented 2019-01-07 14:01:03 +00:00
Copy link

The network firewall is indeed putting a block here. I will put in a ticket to have this opened.

The network firewall is indeed putting a block here. I will put in a ticket to have this opened.
kevin commented 2019-02-20 17:48:53 +00:00
Copy link

This should be all done now. @cverna can you please test

Reopen if you hit some issue.

📔

This should be all done now. @cverna can you please test Reopen if you hit some issue. :notebook_with_decorative_cover:
kevin commented 2019-02-20 17:48:54 +00:00
Copy link

Metadata Update from @kevin:

  • Issue close_status updated to: Fixed
  • Issue status updated to: Closed (was: Open)
**Metadata Update from @kevin**: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
announcement

   
authentication

Authentication related issues

  
automate

   
aws

Issues related to Amazon Web Services

  
backlog

Tasks that will take longer then ~4 hours to do

  
blocked

Issue is blocked

  
bodhi

Issues with Bodhi

  
ci

Continuous Integration

  
Closed As
Duplicate
Closed with the reason of Duplicate

  
Closed As
Fixed
Closed with the reason of Fixed

  
Closed As
Fixed with Explanation
Closed with the reason of Fixed with Explanation

  
Closed As
Initiative Worthy
Closed with the reason of Initiative Worthy

  
Closed As
Insufficient data
Closed with the reason of Insufficient data

  
Closed As
Invalid
Closed with the reason of Invalid

  
Closed As
Spam
Closed with the reason of Spam

  
Closed As
Upstream
Closed with the reason of Upstream

  
Closed As/Will Not
Can Not fix
Closed with the reason of Will Not/Can Not fix

  
cloud

Items in FedoraInfraCloud or COmmunishift

  
communishift

issues/questions about os.edorainfracloud.org ( Community OpenShift)

  
copr

COPR system (run by other team)

  
database

Issues related to databases

  
deprecated

Tools which Infrastructure may not be able to fix

  
dev

Tasks requiring some dev work

  
discourse

outsourced tool

  
dns

Changes or problems with DNS

  
downloads

rsync,dl.fp.o,AWS,torrents

  
easyfix

   
epel

Issues relating to epel

  
factory2

Generic issues for the factory2 team

  
firmitas

   
gitlab

   
greenwave

Issues with greenwave

  
hardware

Problem is with Fedora Infrastructure Owned/Leased Hardware

  
help wanted

   
high-gain

task that gets us a lot / is important / makes many people happy

  
high-trouble

task that is complex/long/difficult

  
iad2

Something to do with the iad2 datacenter

  
koji

Issues with the build system

  
koschei

Items needing Koschei team

  
lists

issues with lists

  
low-gain

tasks that gets us little / isn't very important / makes only 1 person or few happy

  
low-trouble

task that is easy/short

  
mbs

Issues with mbs.fedoraproject.org

  
medium-gain

task that gets us some / is somewhat important / makes some people happy

  
medium-trouble

task that is medium complex / difficult

  
mini-initiative

Something that is bigger than one person but not a full initiative

  
mirrorlists

Way to tell systems where downloads are

  
monitoring

   
Needs investigation

   
notifier

   
odcs

On Demand Compose Service issues

  
OpenShift

Issues with OpenShift

  
ops

ops problem now...

  
OSBS

OpenShift Build System issues in Fedora

  
outage

   
packager_workflow_blocker

Blocks the packager workflow

  
pagure

Issues with pagure.io

  
permissions

Items which need permissions set in outside tools

  
Priority
Needs Review
Priority of Needs Review

  
Priority
Next Meeting
Priority of Next Meeting

  
Priority
🔥 URGENT 🔥
Priority of 🔥 URGENT 🔥

  
Priority
Waiting on Assignee
Priority of Waiting on Assignee

  
Priority
Waiting on External
Priority of Waiting on External

  
Priority
Waiting on Reporter
Priority of Waiting on Reporter

  
rabbitmq

issues with the message broker

  
rdu-cc

Items doing with RDU Community Cage

  
release-monitoring

release-monitoring.org (Anitya)

  
releng

For problems which should be in the releng ticket system

  
repoSpanner

Issues with repoSpanner

  
request-for-resources

   
s390x

The secondary architecture hardware and problems related with it

  
security

   
SMTP

Email issues outside of lists (DMARC, SPF, aliases)

  
src.fp.o

Issues related to src.fedoraproject.org

  
staging

Issues in staging

  
taiga

outsourced tool

  
unfreeze

Patches to be applied after freeze is lifted

  
waiverdb

Issues with waiverdb

  
websites-general

General items with a website focus

  
wiki

Issues with the Wiki

No labels
announcement
authentication
automate
aws
backlog
blocked
bodhi
ci
Closed As
Duplicate
Closed As
Fixed
Closed As
Fixed with Explanation
Closed As
Initiative Worthy
Closed As
Insufficient data
Closed As
Invalid
Closed As
Spam
Closed As
Upstream
Closed As/Will Not
Can Not fix
cloud
communishift
copr
database
deprecated
dev
discourse
dns
downloads
easyfix
epel
factory2
firmitas
gitlab
greenwave
hardware
help wanted
high-gain
high-trouble
iad2
koji
koschei
lists
low-gain
low-trouble
mbs
medium-gain
medium-trouble
mini-initiative
mirrorlists
monitoring
Needs investigation
notifier
odcs
OpenShift
ops
OSBS
outage
packager_workflow_blocker
pagure
permissions
Priority
Needs Review
Priority
Next Meeting
Priority
🔥 URGENT 🔥
Priority
Waiting on Assignee
Priority
Waiting on External
Priority
Waiting on Reporter
rabbitmq
rdu-cc
release-monitoring
releng
repoSpanner
request-for-resources
s390x
security
SMTP
src.fp.o
staging
taiga
unfreeze
waiverdb
websites-general
wiki
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/fedora-infrastructure#7411
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?