Le blog de pingou

To content | To menu | To search

Tag - Fedora-planet

Entries feed

Thursday, February 17 2022

Using quay.io to host multi-architecture containers

Recently I have worked on a container that I wanted to be able to use on both x86_64 and aarch64 (in other words, on my regular laptop as well as on my raspberry pi). I could build the container on the laptop, push it to quay.io but then the container was failing to start on the raspberry pi, and obviously, the other way around as well.

The question was then: how to make it so that I could easily pull the container image from quay.io for both architectures?

The answer is basically:

  • Build the container for x86_64 and push it to quay.io with a dedicated tag
  • Build the container for aarch64 and push it to quay.io with another dedicated tag
  • Build a container manifest which points to the two tags set above
  • Push that container manifest to quay.io to the latest tag



Here are the corresponding commands:

Build the container (the same command can be used on both machines):
podman build -t <tag> -f <Dockerfile/Containerfile>

for example:

podman build -t remote_builder -f Containerfile
Log into quay.io:
podman login quay.io
Push the image built to the registry:
podman push <image_id> <registry>/<user>/<project>:<tag>

for example:

podman push 56aea0cde6d2 quay.io/pchibon/remote_builder:aarch64

Once these commands have been done on both architectures, you can check the project on quay.io and you should be able to see two tags there.

Create the manifest linking the two tags to the `latest` one:
podman manifest create <registry>/<user>/<project>:latest \
   <registry>/<user>/<project>:<tag-1> \
   <registry>/<user>/<project>:<tag-2>

for example:

podman manifest create quay.io/pchibon/remote_builder:latest \
    quay.io/pchibon/remote_builder:aarch64 \
    quay.io/pchibon/remote_builder:x86_64
Finally, push the manifest to quay:
podman manifest push <user>/<project>:<tag> <registry>/<user>/<project>:<tag>

for example:

podman manifest push pchibon/remote_builder:latest quay.io/pchibon/remote_builder:latest


Note, for some registry (such as the ones hosted on gitlab.com), you may need to specify the manifest version to use, you can do so by using:

podman manifest push --format v2s2



The one question I do not know yet, but will have to check is: does the manifest need to be re-generated/updated everytime the tags are updated or will the latest tag always point to the latest image of each tag.

Friday, April 13 2018

Fedora Infrastructure Hackathon 2018

This week, a good part of the Fedora Infrastructure team as well as some members from the CentOS Infrastructure team met up in Frederisksburg (Virginia, USA) for a few days of hacking together.

Continue reading...

Thursday, February 1 2018

Spec change statistics

Over the last couple of days I took a look at all the spec files in Fedora. I wanted to find out how many packages have not been updated by someone else than release engineering for mass-rebuilds.

Here is a graphical representation of the data: spec_updates.png

And some numbers:

  • 20994 spec files considered
  • 11 have unknown last date changed (could be that only Dennis changed those or something was wrong with their changelog)
  • 13926 have been updated since January 1st 2017 (~66%)
  • 17061 have been updated since January 1st 2016 (~81%)
  • 18843 have been updated since January 1st 2015 (~90%)

In other words, about 20% of our packages have not been updated by a human for 2 years and 10% for 3 years!

Here are the details used for these stats:

Friday, December 8 2017

Introducing simple-koji-ci

simple-koji-ci is a small fedmsg-based service that just got deployed in the Fedora Infrastructure.

It aims at doing something really simple: for each pull-request opened in pagure on dist-git, kick off a scratch-build in koji and report the outcome of this build to the pull-request.

This way, when someone opens a pull-request against a package that you are maintaining you can quickly see if that change would build (at least at the time the pull-request was opened).

This service is currently really simple and straight forward, dumb in many ways and still missing some desired features such as: - kick off a new scratch build in the PR is rebased/updated - allow package maintainer to retrigger the build manually but it is a start and we will work on improving it :)

simple_koji_ci_flag.png

Happy packaging!

PS: live example

Wednesday, August 30 2017

Flock 2017 - Day 1

Today was the first day of the Flock 2017 conference in Cape Code.

I arrived there on Sunday, giving me a little time to adjust to the jet lag so I was somewhat ready for this first day. It started with the traditional talk from the Fedora Project Leader about the State of Fedora, updating us on statistics and explaining some of the challenges we as a community are facing and are working on. Having followed or being involved in some of these changes, it was nice to see them brought forward as being important objectives for us to work on.

After that we got a pitch from all the speakers at the conference about what they are going to present or work on. There is quite a large diversity of topics as usual which gets into the traditional struggle of "what do I attend?" :-)

This afternoon, we had our pagure hackfest which has been quite productive considering how many people were present (there were some quite interesting talks at the same time, cf the question above). We fixed the milter integration which allows to comment on issue by just replying to the email/notification. Turned out to be a simple configuration change, but in the long run I do not know if we shouldn't adjust the code a little bit more. So I may open a pull-request to change a bit the behavior there. We also had a new contributor set up his environment and working on an easyfix (PR incoming soon) and together with Matt Prahl we worked on a couple of pull-requests to get the tests running and behave as expected.

After that I attended the presentation about fedora-hubs. Having been involved in the early stages of the project it was nice to see where it is now and to see that it is in good hands!

I then attended the presentation about the Fedora Magazine which was quite interesting and explained how the editorial board works and plan the articles or work with the authors writing them.

The last presentation I attended was from Will Woods and was really interesting. I will likely going to butcher the ideas he presented, but it was about a R&D project he has been working on trying to improve the situation around composing artifacts with RPMs. His findings were that RPM scriptlets are most often the limiting factor and that with some more structure we could improve the situation quite a bit. He showed us the compose of a qcow image being done in less than 30 seconds and, I quote, "before optimization". This sounds really quite interesting for the CI work that currently being done, though integrating both project is likely a long term idea.

The day ended with a game night with pizzas and drinks allowing us to spend time and chat about all sorts of things, work-related and not.

Tuesday, February 28 2017

Some stats about our dist-git and updates

I recently started looking at our dist-git usage but my data was a little limited.

Instead of querying datagrepper I managed to access directly the data in the database to get some stats:

Dist-git commits

Here is the output:

Over 1582 days (from 2012-10-08 to 2017-02-28)
   There was an average of 376.300884956 commits per day
   The median is of 327.0 commits per day
   The minimum number of commits was 1
   The maximum number of commits was 34716

For the average and median we removed all the days where there were more than 3,000 builds since they mostly concern mass-rebuilds (18 days were above 3000, and thus removed).

This is how it looks in a graph:

Commits in dist-git per day

dist_git_commit_per_day.png




Bodhi updates

Using the same data source, I went on to look at the number of bodhi updates flagged go to testing and the number of bodhi updates flagged to go to stable per day.

Here is the output:

Over 1541 days (from 2012-10-08 to 2017-02-28)
   there was an average of 76.9000648929 requests to testing per day
   The median is of 75 requests to testing per day
   the minimum number of requests to testing was 4
   the maximum number of requests to testing was 291
Over 1561 days (from 2012-10-08 to 2017-02-28)
   there was an average of 57.4477898783 requests to stable per day
   The median is of 54 requests to stable per day
   the minimum number of requests to stable was 1
   the maximum number of requests to stable was 217

(No data were removed there since there are no equivalent to mass-rebuild for these).

Graphically:

Updates requests for testing:

bodhi_requests_testing_per_day.png

Updates requests for stable:

bodhi_requests_stable_per_day.png

Thursday, February 23 2017

Some stats about our dist-git usage

You may have heard that there are some thoughts going on around integrating some continuous integration for our packaging work in Fedora.

Having in mind the question about how much resources we would need to offer CI in Fedora, I tried to gather some stats about our dist-git usage.

Querying datagrepper was as always the way to go, although the amount of data in datagrepper is such that it starts to be hard to query some topics (such as koji builds) or to go back very far in history.

Anyway, I went on and retrieved 87600 messages from datagrepper, covering 158 days.

Here is the output:

Over 158 days (from 2016-09-19 to 2017-02-23)
   There was an average of 554.430379747 commits per day
   The median is of 418.0 commits per day
   The minimum number of commits was 51
   The maximum number of commits was 10029
Over 158 days (from 2016-09-19 to 2017-02-23)
   There was an average of 254.151898734 packages updated per day
   The median is of 119.5 package updated per day
   The minimum number of package updated was 20
   The maximum number of package updated was 9612

To be honest I was expecting a little more, I'll try re-generating this data maybe in another way to see if that changes something, but that gives us a first clue

Thursday, August 11 2016

Back from Flock 2016

Flock is always a peculiar time of the year for me. For one it is one of the few time I get to meet with my colleagues but more than that, it's also one of the few time I get to spend a few days with fellows from this Fedora community that is so dear to me.

I have to say that this year was no exception. Flock 2016 has been really nice. I can, of course, only speak for myself, but from what I have seen we got a lot of work done and we are now ready to move forward on quite a few subjects.

One of the most important aspect of flock is the fact that an important part of the community gathers in one place, but we need to be careful as the conference only represent about 10% of all the Fedora contributors. So it is our duty as attendee to report to the broader community about the subjects that were discussed and the talks we have had.

It is of course practically impossible to mention everything here, for one because I took very little note during the conference, but I would like to point out the topics that appeared the most important to me during that conference.

Fedora at large and its community

During the opening keynote, mattdm gave an overview of how Fedora is appreciated outside of our community. It seems that Fedora 24 has been doing great, same for Fedora 23 before that. The IT world seems to appreciate the Fedora.next program we have started and what it is leading to.

Matt also gave a few numbers on the side of our community and our contributor base. These were numbers that had already been presented in his talk at DevConf 2016 (talk that I watched on youtube). So there were really new to me, but I still like the fact that there is about 66% of our community that is not working for our primary sponsor, Red Hat. This is healthy for our community, this diversity ensures that we are not just an echo chamber and that it is not just us liking what we do.

The Fedora Infrastructure

This is a part of the project that I am directly involved in and that I think made some really good progress during these few days. We had a few session. It started with a presentation from Kevin and I about the state of the Fedora Infrastructure. We went a little bit through the changes that happened in the last year and ones planned in the coming year, both from an infrastructure and an application point of view.

This has lead a few questions and discussions, all in a nice atmosphere. I had one comment on the presentation that we have not included as much numbers in it as we had last year making it a little harder for people not accustomed with our work to follow. Something to work on for next year.

We also had a workshop session. Over two hours we went through the changes we want to make to the infrastructure (opening our private cloud to our contributors, start investigate where and how to use docker, reflect the level of support provided to services by using different domain names for examples) and for each of these we came to some agreement and made a plan on how to move forward with it.

I will not go to much in the details of what we discussed and what agreement we reached in this blog post as it has already been summarized on the fedora infrastructure list.

Fedora Docker Layered Images

So this an project that has been worked on for a few months now by Adam Miller in coordination with the rel-eng team. The idea is to allow Fedora to start distributing more than just RPMs and in this case, Docker images.

This service is about to land. There are still a few aspect to be worked on, including how to distribute the images to the mirrors and how to ensure users are being redirected to a mirror that is up to date. Dennis, Randy and I had a very interesting discussion around the work that remains to be done for this. It will imply making changes to MirrorManager and likely all of its three components (MirrorManager, MirrorList and the backend services). It might also imply work on the docker side.

Being able to have these discussion while seating on comfortable harmchairs facing each other was really nice. We managed to have a list of applications that needs to be adjusted and a good idea of how the different pieces will work together.

Fedora atomic on a workstation

Patrick gave a very interesting presentation on how he builds and uses Fedora atomic to run it on its laptop. This was really most interesting but it gave a little bit of mixed feelings. On the one side, it looks really promising and exciting to work with, on the other side it seems not really user-friendly and a little hard/time-consuming. I do wonder if, some aspects could not be simplified for me (for example retrieving the list of RPMs currently installed on my machine to insert in the kickstart file instead of more or less starting from scratch).

Maybe I will try to make a little time available this year to try to play with this, it is really tempting.

Automation

Ralph has lead a very nice workshop on automation whose idea was to brainstorm around what we do and that we could automate and what we all have built script to do for us and which thus may need to be generalized.

The discussion has been lively and quite a few ideas were exchanged.

Two of them sticked with me a little more

  • Generate a cron job gathering information from pkgdb, koji, bodhi, fedocal to

give access at a single location about releases. What are they koji tags? What are their bodhi name? What are their current status (released? beta-freeze? beta released? alpha?...)? There are a few applications relying on this information and while a good part of it is present in pkgdb, not all is and it does not necessarily make sense to add it there.

  • Create some sort of service that triggers builds upon git push and even the

creation of bodhi update if we want. There are quite a few use-case that people would like to see supported and some people do not want this at all, so this should be entirely opt-in. Currently is idea is to ask packager to place a ChangeLog file in their git repo, next to the spec and the sources files and place in this file the information needed to create the bodhi update. If in a push, this ChangeLog file is updated, automatically trigger the build in koji and if it finished successfully, create the update in bodhi. That means that: without this ChangeLog file, nothing changes from the current situation, if the ChangeLog is not touched, nothing changes from the current situation, if the ChangeLog file is touched but the build fails in koji, the only change from the current situation is that this service will have saved the user from triggering the build manually.

These were the two ideas that stick with me the most. There has been more discussed and there are more possibilities (like making the service something that is ran locally by the user, as opposed to something ran in the infrastructure).

Pagure

Pagure has been a really nice surprise to me. Many people talked to me about it most often in good terms and sometime with some interesting ideas. I am not sure all the ideas provided will be implemented but there is food for thoughts and enough to keep me busy a little while!

Modularity

I had been following the modularity working group from a little far and I have been quite happy to discuss directly with the people working on this about the work they are trying to achieve.

Ralph and I have had a few lengthy discussion around the life-cycle of packages in this new model and, among others, the impact this would have on tools such as pkgdb. It seems clear to me that while the data model might not necessarily change that much, we will need to adjust pkgdb for this new distribution model. All the details are still not entirely clear, some features will need to be added, the UI will need to be adjusted, overall probably not enough to worth a rewrite of pkgdb but still enough that I will need to spend some cycles on it.

The work done by the modularity group is quite fascinating, I have been involved or the spectator of some the discussion they had and there is really quite a lot of work still to be done and this is sounding really interesting.

If you have not had a chance to see what they are doing, I encourage you to check out their wiki page and check Langdon's presentation at flock as soon as it is available on youtube.

Hubs

Fedora-hubs is a cool project aiming at simplifying the steps new contributors need to take to reach the old contributors. IRC, mailing lists, tickets are all places where activities happen but that might be obscure to new contributors. fedora-hubs tries to fill this gap by aggregating all the activity around a group of people and provide it to new contributors so they know where to look to get aboard.

We ran a workshop with a nice demo at flock. We received some good positive feedbacks and people seem to like how things are looking. Personally flock has also been the occasion to pass the torch on this project. I have been leading it since Ralph changed team but I am really not the expert in the technologies needed for hubs' frontend. So I passed on the torch to Sayan who is much more experienced than I am and who I'm sure will do a great job leading hubs. I will still be around, I am very much interested in helping with backend bits and pieces. FMN still needs some work and a few other applications that I maintain might require adjustments to integrate with hubs the way we want it. So, do expect me around :)

Zanata

Finally, flock has also been the occasion for me to meet up with the folks from zanata (the platform used by fedora's translators). We exchanged a few emails before the conference as we asked them to expand on their web-hooks so we could gather some more stats and include them on fedora-hubs. It was really nice to be able to discuss with them regarding their plans and ours and how we may be able to help each other.

Final words

Well, this has been quite a lengthy blog post, if you made it so far : congratulations!

As a final note, I would like to thank all the organizers of the conference, having tried to place a bid for this year, I have a small idea of the amount of work involved but they managed wonderfully and it was an excellent flock!

Wednesday, June 29 2016

Profiling in python

When working on FMN's new architecture I been wanted to profile a little bit the application, to see where it spends most of its time.

I knew about the classic cProfile builtin in python but it didn't quite fit my needs since I wanted to profile a very specific part of my code, preferrably without refactoring it in such a way that I could use cProfile.

Searching for a solution using cProfile (or something else), I ran into the pycon presentation of A. Jesse Jiryu Davis entitled 'Python performance profiling: The guts and the glory'. It is really quite an interesting talk and if you have not seen it, I would encourage you to watch it (on youtube)

In this talk is presented yappi, standing for Yet Another Python Profiling Implementation and writen by Sümer Cip, together with some code allowing to easy use it and write the output in a format compatible with callgrind (allowing us to use KCacheGrind to visualize the results).

To give you an example, this is how it looked before (without profiling):

t = time.time()
results = fmn.lib.recipients(PREFS, msg, valid_paths, CONFIG)
log.debug("results retrieved in: %0.2fs", time.time() - t)

And this is the same code, integrated with yappi

import yappi
yappi.set_clock_type('cpu')
t = time.time()
yappi.start(builtins=True)
results = fmn.lib.recipients(PREFS, msg, valid_paths, CONFIG)
stats = yappi.get_func_stats()
stats.save('output_callgrind.out', type='callgrind')
log.debug("results retrieved in: %0.2fs", time.time() - t)

As you can see, all it takes is 5 lines of code to profile the function fmn.lib.recipients and dump the stats in a callgrind format.

And this is how the output looks like in KCacheGrind :) kcachegrind_fmn.png

Saturday, June 25 2016

New FMN architecture and tests

New FMN architecture and tests

Introduction

FMN is the FedMsg Notification service. It allows any contributors (or actually, anyone with a FAS account) to tune what notification they want to receive and how.

For example it allows saying things like:

  • Send me a notification on IRC for every package I maintain that has successfully built on koji
  • Send me a notification by email for every request made in pkgdb to a package I maintain
  • Send me a notification by IRC when a new version of a package I maintain is found

How it works

The principile is that anyone can log in on the web UI of FMN there, they can create filters on a specific backend (email or IRC mainly) and add rules to that filter. These rules must either be validated or invalited for the notification to be sent.

Then the FMN backend listens to all the messages sent on Fedora's fedmsg and for each message received, goes through all the rules in all the filters to figure out who wants to be notified about this action and how.

The challenge

Today, computing who wants to be notified and how takes about 6 seconds to 12 seconds per message and is really CPU intensive. This means that when we have an operation sending a few thousands messages on the bus (for example, mass-branching or a packager maintaining a lot of packages orphaning them), the queue of messages goes up and it can take hours to days for a notification to be delivered which could be problematic in some cases.

The architecture

This is the current architecture of FMN:

|                        +--------\
|                   read |  prefs | write
|                  +---->|  DB    |<--------+
|                  |     \--------+         |
|        +-----+---+---+            +---+---+---+---+   +----+
|        |     |fmn.lib|            |   |fmn.lib|   |   |user|
v        |     +-------+            |   +-------+   |   +--+-+
fedmsg+->|consumer     |            |central webapp |<-----+
+        +-----+  +---+|            +---------------+
|        |email|  |irc||
|        +-+---+--+-+-++
|          |        |
|          |        |
v          v        v

As you can see it is not clear where the CPU intensive part is and that's because it is in fact integrated in the fedmsg consumer. This design, while making things easier brings the downside of making it pratically impossible to scale it easily when we have an event producing lots of messages. We multi-threaded the application as much as we could, but we were quickly reaching the limit of the GIL.

To try improving on this situation, we reworked the architecture of the backend as follow:

                                                     +-------------+
                                              Read   |             |   Write
                                              +------+  prefs DB   +<------+
                                              |      |             |       |
   +                                          |      +-------------+       |
   |                                          |                            |   +------------------+   +--------+
   |                                          |                            |   |    |fmn.lib|     |   |        |
   |                                          v                            |   |    +-------+     |<--+  User  |
   |                                    +----------+                       +---+                  |   |        |
   |                                    |   fmn.lib|                           |  Central WebApp  |   +--------+
   |                                    |          |                           +------------------+
   |                             +----->|  Worker  +--------+
   |                             |      |          |        |
fedmsg                           |      +----------+        |
   |                             |                          |
   |                             |      +----------+        |
   |   +------------------+      |      |   fmn.lib|        |       +--------------------+
   |   | fedmsg consumer  |      |      |          |        |       | Backend            |
   +-->|                  +------------>|  Worker  +--------------->|                    |
   |   |                  |      |      |          |        |       +-----+   +---+  +---+
   |   +------------------+      |      +----------+        |       |email|   |IRC|  |SSE|
   |                             |                          |       +--+--+---+-+-+--+-+-+
   |                             |      +----------+        |          |        |      |
   |                             |      |   fmn.lib|        |          |        |      |
   |                             |      |          |        |          |        |      |
   |                             +----->|  Worker  +--------+          |        |      |
   |                         RabbitMQ   |          |    RabbitMQ       |        |      |
   |                                    +----------+                   |        |      |
   |                                                                   v        v      v
   |
   |
   |
   v

The idea is that the fedmsg consumer listens to Fedora's fedmsg, put the messages in a queue. These messages are then picked from the queue by multiple workers who will do the CPU intensive task and put their results in another queue. The results are then picked from this second queue by a backend process that will do the actually notification (sending the email, the IRC message).

We also included an SSE component to the backend, which is something we want to do for fedora-hubs but this still needs to be written.

Testing the new architecture

The new architecture looks fine on paper, but one would wonder how it performs in real-life and with real data.

In order to test it, we wrote two scripts (one for the current architecture and one for the new) sending messages via fedmsg or putting in messages in the queue that the workers listens to, therefore mimiking there the behavior of the fedmsg consumer. Then we ran different tests.

The machine

The machine on which the tests were run is:

  • CPU: Intel i5 760 @ 2.8GHz (quad-core)
  • RAM: 16G DDR2 (1333 Mhz)
  • Disk: ScanDisk SDSSDA12 (120G)
  • OS: RHEL 7.2, up to date
  • Dataset: 15,000 (15K) messages

The results

The current architecture

The current architecture only allows to run one test, send 15K fedmsg messages and let the fedmsg consumer process them and monitor how long it takes to digest them.

Test #0 - fedmsg based
  Lasted for 9:05:23.313368
  Maxed at:  14995
  Avg processing: 0.458672376874 msg/s

The new architecture

The new architecture being able to scale we performed a different tests with it, using 2 workers, then 4 workers, then 6 workers and finally 8 workers. This gives us an idea if the scaling is linear or not and how much improvement we get by adding more workers.

Test #1 - 2 workers - 1 backend
  Lasted for 4:32:48.870010
  Maxed at:  13470
  Avg processing: 0.824487297215 msg/s
Test #2 - 4 workers - 1 backend
  Lasted for 3:18:10.030542
  Maxed at:  13447
  Avg processing: 1.1342276217 msg/s
Test #3 - 6 workers - 1 backend
  Lasted for 3:06:02.881912
  Maxed at:  13392
  Avg processing: 1.20500359971 msg/s
Test #4 - 8 workers - 1 backend
  Lasted for 3:14:11.669631
  Maxed at:  13351
  Avg processing: 1.15160928467 msg/s

Conclusions

Looking at the results of the tests, the new architecture is clearly handling its load better and faster. However, the progress aren't as linear as we like. My feeling is that retrieve information from the cache (here redis) is at one point getting slower, eventually also because of the central lock we tell redis to use.

As time permits, I will try to investigate this further to see if we can still gain some speed.

Monday, May 9 2016

Playing with FMN

On Friday, I have been started to play with FMN

Currently, there is a fedmsg consumer that listens to the messages coming from all over the Fedora infrastructure, then based on the preferences set in FMN's web UI it decides whether to send a notification and how.

There has been thoughts on reworking the process to allow splitting it over multiple nodes.

The idea is to do something like this:


                                +-> worker -+          these senders
                                |           |          just do simple I/O
                                |           |
                                +-> worker -+          +-> email sender
                                |           |          |
                                |           |          |
fedmsg -> fmn consumer -> redis +-> worker -+-> redis -+-> IRC sender
                                |           |          |
                                |           |          |
                                +-> worker -+          +-> GCM sender
                                |           |
                                |           |
                                +-> worker -+

My question was how to divide the message coming among the different worker. So I adjusted the consumer a little to forward each message received to a different redis channel.

The code looks something like:

            i = random.randint(0, self.workers-1)
            log.debug('Sending to worker %s' % i)
            print(self.redis[i])
            self.redis[i].publish('%s' % i, json.dumps(raw_msg))

We're randomly picking one of the worker from the N workers we know are available (for my tests: 4).

Sounds simple enough right? But will it spread the load between the workers evenly?

So over the week-end I left my test program running.

This is the output collected:

  • worker 0: 126468 messages received
  • worker 1: 126908 messages received
  • worker 2: 126993 messages received
  • worker 3: 126372 messages received

This makes a total of 506741 messages received over the week-end and the load is spread among the workers as such:

  • worker 0: 24.95713% of the messages
  • worker 1: 25.04396% of the messages
  • worker 2: 25.06073% of the messages
  • worker 3: 24.93818% of the messages

Looks good enough :)

Next step, splitting the code between fmn.consumer, fmn.worker and fmn.backend (the one doing the IO) and figuring out how to deal with the cache.

Wednesday, March 2 2016

Monitor performances of WSGI apps

Accessing pagure's performances via mod_wsgi-express

Continue reading...

Tuesday, January 5 2016

Setting up pagure on a banana pi

This is a small blog post about setting up pagure on a banana pi.

Continue reading...

Friday, December 11 2015

Testing distgit in staging with fedpkgstg

Every once in a while we make changes to dist-git in the Fedora infrastructure. This means, we need to test our changes to make sure they do not break (ideally, at all).

These days, we are working on adding namespacing to our git repos so that we can support delivering something else than rpms (the first use-case being, docker). So with the current set-up we have, we added namespacing to pkgdb which remains our main endpoint to manage who has access to which git repo (pkgdb being in a way a glorified interface to manage our gitolite). The next step there is to teach gitolite about this namespacing.

The idea is to move from:

 /srv/git/repositories/<pkg1>.git
 /srv/git/repositories/<pkg2>.git
 /srv/git/repositories/<pkg3>.git
 /srv/git/repositories/<pkg4>.git

To something like:

 /srv/git/repositories/rpms/<pkg1>.git
 /srv/git/repositories/rpms/<pkg2>.git
 /srv/git/repositories/rpms/<pkg3>.git
 /srv/git/repositories/rpms/<pkg4>.git
 /srv/git/repositories/docker/<pkg2>.git
 /srv/git/repositories/docker/<pkg5>.git

But, in order to keep things working with the current clone out there, we'll symlink the rpms namespace to one level higher in the hierarchy which should basically keep things running as they are currently.

So the question at hand is, now that we have adjusted our staging pkgdb and dist-git, how do we test that fedpkg still works.

This is a recipe from bochecha to make it easy to test fedpkg in staging while not breaking it for regular use.

It goes in three steps:

1. Edit the file /etc/rpkg/fedpkg.conf and add to it:

[fedpkgstg]
lookaside = http://pkgs.stg.fedoraproject.org/repo/pkgs
lookasidehash = md5
lookaside_cgi = https://pkgs.stg.fedoraproject.org/repo/pkgs/upload.cgi
gitbaseurl = ssh://%(user)s@pkgs.stg.fedoraproject.org/%(module)s
anongiturl = git://pkgs.stg.fedoraproject.org/%(module)s
tracbaseurl = https://%(user)s:%(password)s@fedorahosted.org/rel-eng/login/xmlrpc
branchre = f\d$|f\d\d$|el\d$|olpc\d$|master$
kojiconfig = /etc/koji.conf
build_client = koji

2. Create a fedpkgstg (the name of the cli must be the same as the title of the section entered in the config file above)

sudo ln -s /usr/bin/fedpkg /usr/bin/fedpkgstg

3. call fedpkgstg to test staging and fedpkg to do your regular operation against the production instances



Thanks bochecha!

Wednesday, August 5 2015

Faitout changes home

Faitout is an application giving you full access to a postgresql database for 30 minutes.

This is really handy to run tests against.

For example, for some of my applications, I run the tests locally against a in-memory sqlite database (very fast) and when I push, the tests are ran on jenkins but this time using faitout (a little slower, but much closer to the production environment). This setup allows me to find early potential error in the code that sqlite does not trigger.

Faitout is running the cloud of the Fedora infrastructure and since this cloud has just been rebuilt, we had to move it. While doing so, faitout got a nice new address:

http://faitout.fedorainfracloud.org/

So if you are using it, don't forget to update your URL ;-)



See also: Previous blog posts about faitout

Thursday, July 23 2015

Introducing flask-multistatic

flask is a micro-web-framework in python. I have been using it for different projects for a couple of years now and I am quite happy with it.

I have been using it for some of the applications ran by the Fedora Infrastructure. Some of these applications could be re-used outside Fedora and this is of course something I would like to encourage.

One of the problem currently is that all those apps are branded for Fedora, so re-using them elsewhere can become complicated, this can be solved by theming. Theming means adjusting two components: templates and static files (images, css...).

Adjusting templates

jinja2 the template engine in flask already supports loading templates from two different directories. This allows to ask the application to load your own template first and if it does not find them, then it looks for it in the directory of the default theme.

Code wise it could look like this:

    # Use the templates
    # First we test the core templates directory
    # (contains stuff that users won't see)
    # Then we use the configured template directory
    import jinja2
    templ_loaders = []
    templ_loaders.append(APP.jinja_loader)
    # First load the templates from the THEME_FOLDER defined in the configuration
    templ_loaders.append(jinja2.FileSystemLoader(os.path.join(
        APP.root_path, APP.template_folder, APP.config['THEME_FOLDER'])))
    # Then load the other templates from the `default` theme folder
    templ_loaders.append(jinja2.FileSystemLoader(os.path.join(
        APP.root_path, APP.template_folder, 'default')))
    APP.jinja_loader = jinja2.ChoiceLoader(templ_loaders)
Adjusting static files

This is a little more tricky as static files are not templates and there is no logic in flask to allow overriding one or another depending on where it is located.

To solve this challenge, I wrote a small flask extension: flask-multistatic that basically allows flask to have the same behavior for static files as it does for templates.

Getting it to work is easy, at the top of your flask application do the imports:

    import flask
    from flask_multistatic import MultiStaticFlask

And make your flask flask application multistatic

    APP = flask.Flask(__name__)
    APP = MultiStaticFlask(APP)

You can then specify multiple folders where static files are located, for example:

    APP.static_folder = [
        os.path.join(APP.root_path, 'static', APP.config['THEME_FOLDER']),
        os.path.join(APP.root_path, 'static', 'default')
    ]

Note: The order the the folder matters, the last one should be the folder with all the usual files (ie: the default theme), the other ones are the folders for your specific theme(s).


Patrick Uiterwijk pointed to me that this method, although working is not ideal for production as it means that all the static files are served by the application instead of being served by the web-server. He therefore contributed an example apache configuration allowing to obtain the same behavior (override static files) but this time directly in apache!



So using flask-multistatic I will finally be able to make my apps entirely theme-able, allowing other projects to re-use them under their own brand.

Monday, June 29 2015

FESCo vote history

A while back I gathered some numbers about the number of participants to some election held in Fedora.

With the results of the new FESCo election being announced I wanted to go back and see the new trend:

            FESCo (voters)
   2008-07    150
   2008-12    169
   2009-06    308
   2009-12    216
   2010-05    180
   2010-11    240
   2011-06    200
   2011-12    225
   2012-06    236
   2012-12    206
   2013-06    166
   2014-02    265
   2014-07    195
   2015-01    283
   2015-06     90

Graphically: 20150629_fesco_voters.png

As you can see, this last election was the one with the lowest number of participants since at least July 2008.

Friday, June 26 2015

Packagers AFK in pkgdb

I just wanted to point out a small feature added to pkgdb recently.

Basically, it integrates with the vacation calendar of fedocal to show on the packager's info page if the person is on vacations or not.

If you are dealing with someone who is slow to answer on bugs, irc or emails, it may give you an insight as to why that is.

pkgdb_vacations2.png



Note: I am in no way saying that Paul is slow to answer bugs, irc or email, and have merely used him to illustrate my thoughts following up on his post about the Red Hat summit and I shall not be held responsible for any variations in Paul's response time :-)

Thursday, June 25 2015

EventSource/Server-Sent events: lesson learned

Recently I have been looking into Server-sent events, also known as SSE or eventsource.

The idea of server-sent events is to push notification to the browser, in a way it could be seen as a read-only web-socket (from the browser's view).

Implementing SSE is fairly easy code-wise, this article from html5rocks pretty much covers all the basics, but the principle is:

  • Add a little javascript to make your page connect to a specific URL on your server
  • Add a little more javascript to your page to react upon messages sent by the server



Server-side, things are also fairly easy but also need a little consideration:

  • You need to create basically a streaming server, broadcasting messages as they occurs or whenever you want.
  • The format is fairly simple: data: <your data> \n\n
  • You cannot run this server behind apache. The reason is simple, the browser keeps the connection open which means apache will keep the worker process running. So after opening a few pages, apache will reach its maximum number of worker processes running, thus ending up in a situation where it is waiting forever for an available worker process (ie: your apache server is not responding anymore).

So after running into the third point listed above, I moved the SSE server out of my flask application and into its own application, based on trollius (which is a backport of asyncio to python2), but any other async libraries would do (such as twisted or gevent).

After splitting the code out and testing it some more, I found that there is a limitation on the number of permanent connection a browser can make to the same domain. I found a couple of pages mentioning this issue, but the most useful resource for me was this old blog post from 2008: Roundup on Parallel Connections, which also provides the solution on how to go around this limitation: the limit is per domain, so if you set-up a bunch of CNAME sub-domain redirecting to the main domain, it will work for as many connection as you like :-) (note: this is also what github and facebook are using to implement web-socket support on as many tabs as you want).

The final step in this work is to not forget to set the HTTP Cross-Origin access control (CORS) policy in the response sent by your SSE server to control cross-site HTTP requests (which are known security risks).



So in the end, I went for the following architecture:

SSE_layout3.png

Two users are viewing the same page. One of them edits it (ie: sends a POST requests to the flask application), the web-application (here flask) processes the request as usual (changes something, updates the database...) and also queue a message in Redis information about the changes (and depending on what you want to do, specifying what has changed).

The SSE server is listening to redis, picks up the message and sends it to the browser of the two users. The javascript in the page displayed picks up the message, processes it and updates the page with the change.

This way, the first user updated the page and the second user had the changes displayed automatically and without having to reload the page.



Note: asyncio has a redis connector via asyncio-redis and trollius via trollius-redis.

Wednesday, June 17 2015

Contribute to pkgdb2

How to get started with contributing to pkgdb2.

Continue reading...

- page 1 of 6