Fix timeout caused by nginx #4336
Conversation
Docker is having trouble parsing complex env var substitution, so we move that logic to a full fledged script.
| #!/bin/sh | ||
| export SIGIL_VERSION=0.10.1 | ||
| export OS=`sh -c "uname -s | tr '[:upper:]' '[:lower:]'"` | ||
| export ARCH=`sh -c "uname -m | tr '[:upper:]' '[:lower:]' | sed 's/aarch64/arm64/'"` | ||
|
|
||
|
|
||
| curl -L "https://github.com/gliderlabs/sigil/releases/download/v${SIGIL_VERSION}/gliderlabs-sigil_${SIGIL_VERSION}_${OS}_${ARCH}.tgz" | tar -zxC /tmp | ||
| mv /tmp/gliderlabs-sigil-${ARCH} /tmp/sigil |
There was a problem hiding this comment.
I see a refactor in our future lol
There was a problem hiding this comment.
I actually didn't carry out the refactor we talked about, where we can simply dispense with Sigil. Should I do that in this PR @DXCanas ?
There was a problem hiding this comment.
Nah. Too big a load, and this should be fixed ASAP. We should also think about the various paths forward. Hence my asking @bjester for his thoughts on moving some of this to infra:
#4336 (comment)
| COPY /k8s/images/nginx/download_sigil.sh /tmp/download_sigil.sh | ||
| RUN chmod +x /tmp/download_sigil.sh | ||
| RUN /tmp/download_sigil.sh |
There was a problem hiding this comment.
I moved it to a script, since complex env vas substitution doesn't work in a Dockerfile.
deploy/nginx.conf.jinja2
Outdated
| @@ -82,6 +82,7 @@ http { | |||
| proxy_pass http://studio; | |||
| proxy_redirect off; | |||
| proxy_set_header Host $host; | |||
| proxy_read_timeout 300s; | |||
There was a problem hiding this comment.
what was the reasoning in choosing 300s?
There was a problem hiding this comment.
tbh, I'd be surprised if the reasoning was anything deeper than "add a 0 at the end"/"it's longer than 30s" and it made for easy testing.
Are you thinking we should have it match the Cloudflare at 100s? Or does the Studio API have its own value we want to match?
There was a problem hiding this comment.
Yeah I mean if Cloudflare is less than this at 100s, I'm not sure there's any use in having it longer? Just means more resources are tied up longer?
There was a problem hiding this comment.
Ok I've pushed a commit limiting it at 100s. let me know if it looks good and I'll squash the fixup commit.
|
@bjester this looks alright to me, but I think it'd be a good idea for you to be the one to review. Would you have any objections to us bringing more of this stuff into the infra repo rather than studio? |
k8s/images/nginx/Dockerfile
Outdated
| RUN curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.4.0/sigil_0.4.0_$(uname -sm|tr \ _).tgz" \ | tar -zxC /usr/bin | ||
| COPY /k8s/images/nginx/download_sigil.sh /tmp/download_sigil.sh | ||
| RUN chmod +x /tmp/download_sigil.sh | ||
| RUN /tmp/download_sigil.sh | ||
|
|
||
| FROM nginx:1.11 |
There was a problem hiding this comment.
Any reason to not update nginx while we're at it? I think 1.11 was EOL in 2017...
There was a problem hiding this comment.
Don't want to speak for Aron, but just to hold you over till he's out: I think he mentioned that he was running into some build issues after an upgrade? But I could be conflating nginx and the sigil work during our verbal updates.
There was a problem hiding this comment.
I can upgrade the version number, but I think it's best to do that in another PR. Keep the PRs small!
There was a problem hiding this comment.
That's the Sigil issue @DXCanas
If our plan is to remove nginx at some point, then I don't think it matters. If we don't remove it, I think it is helpful in this repo for replicating production, if we actually had the dev setup to do so (something which I moved us towards in an unmerged PR IIRC). For example, when BCK bugs come up, there's some tension regarding whether the bug is BCK or Kolibri related, which we don't have a good developer setup to help us navigate that through. I hope and envision that for Studio though. |
For Kolibri specifically, this was intentional — at the time of design, everything lived in Kolibri. But this was getting increasingly bloated and difficult to manage. Any little infra-ish fix would necessitate an entirely new tagged Kolibri release, and going through the Kolibri testing just to get an image to deploy. With a Kolibri PR that required a Kolibri dev to review code they didn't understand. Only for the fix not to work and for us to start the process over again. Having things in the infra repo allows for rapid iteration. And, because there's such a deep integration with values from Kubernetes, postgres, etc, a lot of the code is templated and populated using infra tooling, like Terraform. This is actually the reason Aron had to add Sigil here — he had no templating library to work with. Processes have changed, and I see your point. But having that permeable membrane between the 2 teams has its benefits. KDP having its production docker image in the KDP repo can get cumbersome as well — @anguyen1234 is starting to see this for herself as she iterates on the Frontend/Worker division. Some things about the KDP image don't match up with industry best practices. But we don't want to go in and break the dev workflow by iterating on it there. I have a hard time even adding a requirement to I think do think there's a middle ground here. But that we should be careful not to optimize too much for the workflow of either an app dev or an infra dev. Might be a good talking point for a dev meeting one of these days? |
|
@DXCanas I think the point is that there is pain on both sides. You bring up the infra pain, but don't forget there's pain on our end too trying to debug production issues. It isn't one-sided |
|
@bjester totally agree. I just think it's important we get input from both sides as we come up with a solution.
|
That's the latest stable version as of this writing
aronasorman
force-pushed
the
fix-timeout
branch
from
0f13b45 to
6ccb9a9
Compare
|
@aronasorman Looks like the Cloud Build failed: |
|
Can you revert that PR for now to unblock everyone? I’ll fix it later
On November 20, 2023, "José L. Redrejo Rodríguez" ***@***.***> wrote:
@aronasorman <https://github.com/aronasorman> Looks like the Cloud
Build failed:
mv: can't rename '/tmp/gliderlabs-sigil-x86_64': No such file or
directory The command '/bin/sh -c /tmp/download_sigil.sh' returned a
non-zero code: 1
—
Reply to this email directly, view it on GitHub
<#4336 (comment)-
1819449133>, or unsubscribe
<https://github.com/notifications/unsubscribe-
auth/AABO3UZFAS2PKGFEUR5AWNTYFODELAVCNFSM6AAAAAA7GZKOVCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJZGQ2DSMJTGM>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
As I mentioned in https://github.com/learningequality/kolibri-data-portal/pull/335#issuecomment-1828500394 I don't see the point in maintaining a Dockerfile in the KDP repo with a cloud deployment target. Dockerfile in KDP repo, if needed, only makes sense for local developers installation, from my particular point of view. Infra must do production deployments based on their own needs/limitations/architecture decissions. |
Summary
Description of the change(s) you made
Fixes https://github.com/learningequality/infrastructure/issues/452. Nginx is the source of the timeout. Extends this to 300 seconds (5 minutes).
First commit is to update and cleanup Sigil, the templating engine we use for nginx.