[openstack-dev] Need advice on https://review.openstack.org/#/c/521632/

Sandhya Dasu (sadasu) sadasu at cisco.com
Mon Dec 11 17:24:59 UTC 2017 

Thanks for your comments Emilien!
Yes, planning to keep the manifest, just removing the ping test and the code that is dependent on that succeeding.

Uploading a new PS to reflect this approach.

Thanks,
Sandhya

On 12/11/17, 12:22 PM, "Emilien Macchi" <emilien at redhat.com> wrote:

    Hi Sandhya,
    
    See inline:
    
    On Mon, Dec 11, 2017 at 8:49 AM, Sandhya Dasu (sadasu) <sadasu at cisco.com> wrote:
    > Hi Steven and Emilien,
    >
    >     I need your advice on how to proceed with the fix in
    > https://review.openstack.org/#/c/521632/.
    >
    >
    >
    > The issue in question is that code in puppet-neutron for the Nexus switch,
    > performs a ping test to see if all the Nexus switches specified in the
    > configuration are actually reachable.
    >
    > After that it performs a ssh-keyscan and adds the list of Nexus switches to
    > the list on known hosts on the Controllers.
    >
    > Code can be viewed here:
    > https://github.com/openstack/puppet-neutron/blob/master/manifests/plugins/ml2/cisco/nexus_creds.pp
    > (starting from line #104)
    >
    > I spoke to Emilien about this during the Sydney summit.
    >
    >
    >
    > Since then I have tried a bunch of different ways to solve this problem and
    > I am trying to figure out the best way to proceed:
    >
    >
    >
    > 1.       Adding retry login around the ping test:
    > https://review.openstack.org/#/c/521632/2
    >
    > 2.       Changing the order in which Neutron ML2 plugins/services were
    > initialized in https://review.openstack.org/#/c/521632/8 (Failed gate
    > checks)
    >
    > 3.       I also tried to remove a dependency between the ping test and the
    > ssh-keyscan steps. (code in https://review.openstack.org/#/c/521632/7)
    >
    > 4.       Finally, in the latest version of the fix I completely removed the
    > ping test and ssh-keyscan steps to make progress.
    > (https://review.openstack.org/#/c/521632/)
    >
    >
    >
    > Although, the ping test and ssh-keyscan are not essential for the
    > functioning of the Nexus driver, I would like to find a way to keep this
    > code.
    >
    >
    >
    > Please let me know what would be the best way to proceed.
    
    IMHO this code shouldn't exist. I've never seen any Puppet code
    testing "ping" during a deployment.
    You should rather make sure that Nexus switches are ready and
    available before performing any deployment with puppet-neutron (with
    Ansible for example).
    But doing it with Puppet is kind of the wrong way I think.
    Let me know if that makes sense but I would rather keep his manifest
    to manage config files and remove this code in the future.
    -- 
    Emilien Macchi

More information about the OpenStack-dev mailing list