Page MenuHomePhabricator
Create Task
Maniphest T306642

Improve git integration with the cloud-vps puppet/hiera enc
Closed, ResolvedPublic
Actions

Description

We've been hitting rate limits when the enc tries to update its archival git repo. There are also likely some race conditions in there.

Hashar's thoughts are:

you might need to add a global lock shared between the process and wait for it to avoid the race condition
if that scripts always run on the same machine, that is probably easy to add (a file based lock would do)
else push over https instead of ssh
it is not subject to a per user limit as far as I am aware, or if there is a limit it is way higher
a one off password can be generated for the user from https://gerrit.wikimedia.org/r/settings/#HTTPCredentials (there is surely a REST API entry point to generate the token)
which could then be hold in the puppet secret and passed to the script somehow
then you git push https://xxx
there is still the fetch/rebase/push short lived race condition, but it apparently hasn't been much of an issue until now
so push over https might be the easiest :]
while a global lock would be more correct,but I have no idea what kind of issue that could lead to :]

Details

SubjectRepoBranchLines +/-
openstack: encapi: perform git updates server-sideoperations/puppetproduction+341 -4
Customize query in gerrit

Related Objects
Search...

Event Timeline

Andrew created this task.Apr 21 2022, 4:06 PM
Restricted Application added a project: cloud-services-team (Kanban). · View Herald TranscriptApr 21 2022, 4:06 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
hashar subscribed.Apr 21 2022, 4:14 PM
gerritbot added a comment.Dec 25 2022, 6:32 PM

Change 871298 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] openstack: encapi: perform git updates server-side

https://gerrit.wikimedia.org/r/871298

gerritbot added a project: Patch-For-Review.Dec 25 2022, 6:32 PM
gerritbot added a comment.Jan 3 2023, 3:55 PM

Change 871298 merged by Andrew Bogott:

[operations/puppet@production] openstack: encapi: perform git updates server-side

https://gerrit.wikimedia.org/r/871298

Maintenance_bot removed a project: Patch-For-Review.Jan 3 2023, 4:31 PM
taavi claimed this task.Jan 4 2023, 11:14 AM
taavi added a subtask: T318504: ENC API should update cloud/instance-puppet.git instead of requiring the caller to do so.Jan 4 2023, 11:19 AM
taavi closed this task as Resolved.Jan 4 2023, 6:19 PM

The current single worker based system should fix the concurrency issues.

taavi closed subtask T318504: ENC API should update cloud/instance-puppet.git instead of requiring the caller to do so as Resolved.Jan 4 2023, 6:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL