Skip to content

Bug 1857478: pkg/verify: Parallelize HTTP(S) signature retrieval #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 2 commits into from
Mar 26, 2021
Merged

Bug 1857478: pkg/verify: Parallelize HTTP(S) signature retrieval #487

openshift-merge-robot merged 2 commits into from
Mar 26, 2021

Conversation

@openshift-cherrypick-robot
Copy link

@openshift-cherrypick-robot openshift-cherrypick-robot commented Dec 10, 2020

This is an automated cherry-pick of #393

/assign wking

wking added 2 commits December 10, 2020 16:33
@wking
pkg/verify: Refactor signature fetching only use a Store interface
3b4ad0b 
This consolidates around abstract signature retrieval, removing the
split between stores and locations which we grew in 9bbf366
(verify: Refactor the verify package to have common code, 2019-12-09, openshift#279).
This will make it easier to make future changes like parallel HTTP(S)
signature retrieval retrieval [1].

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1840343
@wking
pkg/verify: Parallelize HTTP(S) signature retrieval
4d0ef55 
Fixing [1,2]:

  $ grep 'unable to load signature' cvo.log
  I0526 13:13:36.123153       1 verify.go:404] unable to load signature: Get https://storage.googleapis.com/openshift-release/official/signatures/openshift/release/sha256=baa687f29b0ac155d8f4c6914056d36d68f343feb9c1e82b46eef95819d00be5/signature-1: dial tcp 172.217.4.48:443: connect: connection timed out
  I0526 13:15:47.195128       1 verify.go:404] unable to load signature: Get https://storage.googleapis.com/openshift-release/official/signatures/openshift/release/sha256=baa687f29b0ac155d8f4c6914056d36d68f343feb9c1e82b46eef95819d00be5/signature-2: dial tcp 172.217.9.80:443: connect: connection timed out
  I0526 13:17:10.718027       1 verify.go:404] unable to load signature: Get https://storage.googleapis.com/openshift-release/official/signatures/openshift/release/sha256=baa687f29b0ac155d8f4c6914056d36d68f343feb9c1e82b46eef95819d00be5/signature-3: context deadline exceeded
  I0526 13:19:44.764143       1 verify.go:404] unable to load signature: Get https://storage.googleapis.com/openshift-release/official/signatures/openshift/release/sha256=baa687f29b0ac155d8f4c6914056d36d68f343feb9c1e82b46eef95819d00be5/signature-1: dial tcp 172.217.4.48:443: connect: connection timed out
  I0526 13:21:55.835063       1 verify.go:404] unable to load signature: Get https://storage.googleapis.com/openshift-release/official/signatures/openshift/release/sha256=baa687f29b0ac155d8f4c6914056d36d68f343feb9c1e82b46eef95819d00be5/signature-2: dial tcp 172.217.4.48:443: connect: connection timed out
  I0526 13:23:18.233801       1 verify.go:404] unable to load signature: Get https://storage.googleapis.com/openshift-release/official/signatures/openshift/release/sha256=baa687f29b0ac155d8f4c6914056d36d68f343feb9c1e82b46eef95819d00be5/signature-3: context deadline exceeded

In this case, that was because a restricted network blocked access to
storage.googleapis.com, but you'd get similar behavior if
storage.googleapis.com itself was slow.  We want to hit other
signature sources (like our mirrors [3]) before giving up on
signatures entirely, and with this commit one HTTP(S) store no longer
blocks another.

The local ConfigMap store still comes first with a serial store,
because we don't want to involve external stores before we've
exhausted that local-cluster store.

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1840343
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1838497#c10
[3]: https://github.com/openshift/cluster-update-keys/blob/cca4ce696383e70ae669e770bd63265a9540b721/manifests.rhel/0000_90_cluster-update-keys_configmap.yaml#L5
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Dec 10, 2020
Merged
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Dec 10, 2020

@openshift-cherrypick-robot: Bugzilla bug 1840343 has been cloned as Bugzilla bug 1906498. Retitling PR to link against new bug.
/retitle [release-4.5] Bug 1906498: pkg/verify: Parallelize HTTP(S) signature retrieval

Details

In response to this:

[release-4.5] Bug 1840343: pkg/verify: Parallelize HTTP(S) signature retrieval

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot changed the title [release-4.5] Bug 1840343: pkg/verify: Parallelize HTTP(S) signature retrieval [release-4.5] Bug 1906498: pkg/verify: Parallelize HTTP(S) signature retrieval Dec 10, 2020
@openshift-ci-robot openshift-ci-robot added the bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. label Dec 10, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Dec 10, 2020

@openshift-cherrypick-robot: This pull request references Bugzilla bug 1906498, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1840343 is in the state CLOSED (ERRATA), which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1840343 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents
Details

In response to this:

[release-4.5] Bug 1906498: pkg/verify: Parallelize HTTP(S) signature retrieval

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Dec 10, 2020
@wking wking changed the title [release-4.5] Bug 1906498: pkg/verify: Parallelize HTTP(S) signature retrieval Bug 1857478: pkg/verify: Parallelize HTTP(S) signature retrieval Dec 10, 2020
@openshift-ci-robot openshift-ci-robot added bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. and removed bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. labels Dec 10, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Dec 10, 2020

@openshift-cherrypick-robot: This pull request references Bugzilla bug 1857478, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1840343 is in the state CLOSED (ERRATA), which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1840343 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents
Details

In response to this:

Bug 1857478: pkg/verify: Parallelize HTTP(S) signature retrieval

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jiajliu
Copy link
Contributor

jiajliu commented Jan 26, 2021

/bugzilla cc-qa

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 26, 2021

@jiajliu: This pull request references Bugzilla bug 1857478, which is valid.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1840343 is in the state CLOSED (ERRATA), which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1840343 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents

Requesting review from QA contact:
/cc @jianlinliu

Details

In response to this:

/bugzilla cc-qa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jottofar
Copy link
Contributor

jottofar commented Mar 9, 2021

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 9, 2021
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Mar 9, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jottofar, openshift-cherrypick-robot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 9, 2021
@jwforres jwforres added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Mar 24, 2021
@openshift-bot
Copy link
Contributor

openshift-bot commented Mar 26, 2021

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit 8a5a03b into openshift:release-4.5 Mar 26, 2021
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Mar 26, 2021

@openshift-cherrypick-robot: All pull requests linked via external trackers have merged:

Bugzilla bug 1857478 has been moved to the MODIFIED state.

Details

In response to this:

Bug 1857478: pkg/verify: Parallelize HTTP(S) signature retrieval

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sdodson sdodson Awaiting requested review from sdodson

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

@jianlinliu jianlinliu Awaiting requested review from jianlinliu

Assignees

@wking wking

@jottofar jottofar

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@openshift-cherrypick-robot @openshift-ci-robot @jiajliu @jottofar @openshift-bot @wking @jwforres @openshift-merge-robot