-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move "FQDNs" grains calculation to "network" module and allow disabled them #52527
Move "FQDNs" grains calculation to "network" module and allow disabled them #52527
Conversation
e2f22c4
to
2ed509c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
People from gevent claim that this is indeed thread safe, even though the underlying C code isn't: https://github.com/gevent/gevent/blob/b01bcf66c9229d78100e93fe2bf57c3b6afcfedd/src/gevent/resolver/thread.py#L55-L59
lgtm 👍
Do we have any feedback here? |
6324aa6
to
6e549dd
Compare
6e549dd
to
805efa4
Compare
* Duplicate fqdns logic in module.network * Move _get_interfaces to utils.network * Reuse network.fqdns in grains.core.fqdns * Return empty list when fqdns grains is disabled Co-authored-by: Eric Siebigteroth <eric.siebigteroth@suse.de>
We've pushed some extra changes to this PR that move the "fqdns" calculation away from the "core" grains to the |
@meaksh Maybe it makes sense to use Then we can avoid introducing yet another config option. |
@max-arnold i can see the same approach was taken here Line 194 in 331eda0
It looks like blacklist_grains is just filtering the grains, not preventing from rendering. In this PR we want to prevent computing the grains because it is expensive and not reliable when there's a wrongly configured dns. I see that disable_grains is not documented. Would that prevent computing the fqdns grains by not calling the fqdns function? |
Then maybe it makes sense to improve on that PR (or contact the author) and actually skip rendering blacklisted grains.
It should, but it works on module-level (i.e. will disable the whole |
fqdns is a core grain (not in a separate module) this means we can't use it here, right? |
Yes, unless it is moved to a separate module. |
If we move it to a separate module we would change the way salt works at the moment. |
Everything you said makes complete sense :) Still, there is an apparent need for a generic way to disable grains, and introducing another one-off option seems suboptimal. |
You are right about the generic way of disabling grains. I think it deserves a good and consistent implementation in its own PR. We will keep the disabling of this grain as a patch in our own salt package until the generic way to disabling grains will be available. Is there anything else we can do to get this one merged? |
Closing in favor of #55581 |
What does this PR do?
This PR fixes an issue that is currently blocking the "core" grains execution for several seconds when the some "FQDNs" cannot be calculated.
Currently, in order to calculate the
fqdns
grain, all the IP addresses from the minion are processed sequentially. The problem here comes from the underlying calls tosocket.gethostbyaddr
which can takes 5 seconds until it's released (after reaching thesocket.timeout
) when there is no defined "fqdn" for that IP.In some scenarios, depending on the minion network configuration, this situation makes the
fqdn
grain calculation to take even more than 15 seconds. This completely breaks minion execution not only at startup time but any time the minion refreshes its grains.This PR makes the
fqdn_lookup
to be executed in parallel (using threads) so, in those cases we would only wait until "socket.timeout" is reached once and prevent from blocking the minion execution for such a long time.Besides of that, the whole "fqdn" calculation logic has been moved to the
network
execution module. Since the process of calculating the "fqdns" can take too much in case of networking issues, it makes more sense to move if away from the "core" grains and also introduce a new configuration parameters calledenable_fqdns_grains
(default True) to allow not to calculate "fqdns" as part of the "core" grains rendering.Tests written?
Yes
Commits signed with GPG?
Yes