Open Stack

On 08/17/2013 12:26 AM, Clint Byrum wrote:
> Excerpts from Maru Newby's message of 2013-08-16 16:42:23 -0700:
>>
>> On Aug 16, 2013, at 11:44 AM, Clint Byrum <clint at fewbar.com> wrote:
>>
>>> Excerpts from Maru Newby's message of 2013-08-16 11:25:07 -0700:
>>>> Neutron has been in and out of the gate for the better part of the past month, and it didn't slow the pace of development one bit.  Most Neutron developers kept on working as if nothing was wrong, blithely merging changes with no guarantees that they weren't introducing new breakage.  New bugs were indeed merged, greatly increasing the time and effort required to get Neutron back in the gate.  I don't think this is sustainable, and I'd like to make a suggestion for how to minimize the impact of gate breakage.
>>>>
>>>> For the record, I don't think consistent gate breakage in one project should be allowed to hold up the development of other projects.  The current approach of skipping tests or otherwise making a given job non-voting for innocent projects should continue.  It is arguably worth taking the risk of relaxing gating for those innocent projects rather than halting development unnecessarily.
>>>>
>>>> However, I don't think it is a good idea to relax a broken gate for the offending project.  So if a broken job/test is clearly Neutron related, it should continue to gate Neutron, effectively preventing merges until the problem is fixed.  This would both raise the visibility of breakage beyond the person responsible for fixing it, and prevent additional breakage from slipping past were the gating to be relaxed.
>>>>
>>>> Thoughts?
>>>>
>>>
>>> I think this is a cultural problem related to the code review discussing
>>> from earlier in the week.
>>>
>>> We are not looking at finding a defect and reverting as a good thing where
>>> high fives should be shared all around. Instead, "you broke the gate"
>>> seems to mean "you are a bad developer". I have been a bad actor here too,
>>> getting frustrated with the gate-breaker and saying the wrong thing.
>>>
>>> The problem really is "you _broke_ the gate". It should be "the gate has
>>> found a defect, hooray!". It doesn't matter what causes the gate to stop,
>>> it is _always_ a defect. Now, it is possible the defect is in tempest,
>>> or jenkins, or HP/Rackspace's clouds where the tests run. But it is
>>> always a defect that what worked before, does not work now.
>>>
>>> Defects are to be expected. None of us can write perfect code. We should
>>> be happy to revert commits and go forward with an enabled gate while
>>> the team responsible for the commit gathers information and works to
>>> correct the issue.
>>
>> You're preaching to the choir, and I suspect that anyone with an interest in software quality is likely to prefer problem solving to finger pointing.  However, my intent with this thread was not to promote more constructive thinking about defect detection.  Rather, I was hoping to communicate a flaw in the existing process and seek consensus on how that process could best be modified to minimize the cost of resolving gate breakage.
>>
>
> I believe that the process is a symptom of the culture. If we were
> more eager to revert/discover/fix/re-submit on failure, we wouldn't
> be turning off the gate for things. Instead we cling to whatever has
> had the requisite "+2/approval" as if passing the stringent review has
> imparted our code with magical powers which will eventually morph into
> a passing gate.
>
> In a perfect world we could make our CI infrastructure bisect the failures
> to try and isolate the commits that did them so at least anybody can see
> the commit that did the damage and revert it quickly. Realistically, most
> of the time we remove from the gate because the failures are intermittent
> and take _forever_ to discover, so that may not even be possible.
>
> I am suggesting that we all change our perspective and embrace "revert
> this immediately" as "thank you for finding that defect" not "you jerk
> why did you revert my code". It may still be hard to find which commit
> to revert, but at least one can spend that time with the idea that they
> will be rewarded, rather than punished, for their efforts.

Late on the thread (was out), but an important clarification here is to 
realize that most gate breaks aren't 100% fails, they are 5% or 2% or 1% 
(or less) fails.

For a patch to land in Nova it's got to run through pass tempest 3 times 
in a gate run (and it probably won't have been pushed there until it 
passed in the check run). Which means it's got to work at least 90% of 
the time.

Neutron, because it only runs 1 configuration of tempest, and only in 
smoke mode, means that a patch that only works 50% of the time can 
easily land.

Bisection of patches to the failure point only works if you have a 
binary test for success and failure. In the Tempest gate, with a real 
devstack environment, running 20 services asynchronously on variability 
performance guests in a cloud, if we had a consistent binary test we'd 
never have landed the code in the first place.

So there isn't an automatic bisection solution.

	-Sean

-- 
Sean Dague
http://dague.net