nonparallel will not be honored for explorers #18

New Issue

Open

opened 2021-11-20 11:24:50 +00:00 by ungleich-gitea · 2 comments

ungleich-gitea commented 2021-11-20 11:24:50 +00:00

Owner

Copy Link

By using the type __letsencypt_cert, I noticed that it generated code all times. I found this somehow suspicious because I have it different in memory. After a bit of research, I found that it generated code cause the explorer certificate-exists returned "no" all the time. While debugging, I found error messages that Certbot can't be executed if an other instance is still running.

After I checked this, I first ran it single-threaded and it doesn't generated code for the type. Then, I wanted to add the nonparallel file but saw it was already added. So executing it a second time with -j 4 led to the same problem again.

Testing:

1. No problem when running with only one thread
2. No problem when running with only one object instance of __letsencrypt_cert
3. Run with multiple instances of __letsencrypt_cert and multiple threads, which now generates code each execution

TL;DR: nonparallel doesn't apply to explorers from different instances of the same type because the explorer says that certificates don't exist cause of an "Another instance of Certbot is already running." error. This indicates that the explorers of different object instances are executed at the same time, which don't work for Certbot.

Btw. this might not be that good that the certificates will be refreshed at every execution. Maybe not in production, but by debugging the problem, I got into the rate-limiting of Let's Encrypt :-)

By using the type `__letsencypt_cert`, I noticed that it generated code all times. I found this somehow suspicious because I have it different in memory. After a bit of research, I found that it generated code cause the explorer `certificate-exists` returned "no" all the time. While debugging, I found error messages that Certbot can't be executed if an other instance is still running. After I checked this, I first ran it single-threaded and it doesn't generated code for the type. Then, I wanted to add the `nonparallel` file but saw it was already added. So executing it a second time with `-j 4` led to the same problem again. **Testing**: 1. No problem when running with only one thread 2. No problem when running with only one object instance of `__letsencrypt_cert` 3. Run with multiple instances of `__letsencrypt_cert` and multiple threads, which now generates code each execution **TL;DR**: `nonparallel` doesn't apply to explorers from different instances of the same type because the explorer says that certificates don't exist cause of an "Another instance of Certbot is already running." error. This indicates that the explorers of different object instances are executed at the same time, which don't work for Certbot. Btw. this might not be that good that the certificates will be refreshed at every execution. Maybe not in production, but by debugging the problem, I got into the rate-limiting of Let's Encrypt :-)

ungleich-gitea commented 2021-11-20 15:25:59 +00:00

Author

Owner

Copy Link

mentioned in issue #839

mentioned in issue #839

ungleich-gitea commented 2021-11-20 15:26:00 +00:00

Author

Owner

Copy Link

nonparallel only applies to code-*. Since explorers are read-only and manifests do not touch the target system directly, I think this makes sense (unless you have to configure broken software).
Ideally, each type should be able to specify which parts need which locking, but this is not currently possible.

I had the same problem in !896.
Since certbot is written in Python, the locking code could maybe be simplified by using the fcntl Python module.

`nonparallel` only applies to `code-*`. Since explorers are read-only and manifests do not touch the target system directly, I think this makes sense (unless you have to configure broken software). Ideally, each type should be able to specify which parts need which locking, but this is not currently possible. I had the same problem in !896. Since certbot is written in Python, the locking code could maybe be simplified by using the `fcntl` Python module.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

7.0

6.9

py3.10

ander/__package_apt_update_index

haproxy-dualstack

ander/__sed

beta

ander/os_version_debian_sid

evilham-compatibility-fixes

ander/__rsync

__snakeoil_cert

ander/update_readme

__download_improvements

feature/onchange

cleanup/string-formatting

feature/type-relationship-graph

cleanup/ssh-auth-keys-types

__letsencrypt_cert-fix-hooks

bugfix/preos-debug

bugfix/in-script-import

6.8

bugfix/sphinx-docs-build

6.7

cherry-pick-2f433a14

bugfix/make-code-consistent

6.6

regain-py3.2-support

6.5

bugfix/multiple-log-lines

matterbridge

coturn

alpinefix

matrix

new-type/network-interface

feature/process

6.4

feature/info-command

feature/libexec

6.3

preos-plugins-dir-opt

gitlab-ci

6.2

order-dep-fix

6.1

6.0

build/support-pip-from-git

feature/shell-lib

5.1

feature/support-type-deprecation

5.0

feature/python-types

4.11

4.10

shellcheck

4.9

4.8

freebsd-improvements

new-prometheus

key_value-onchange

feature/output_streams

AnotherKamila-patch-1

__letsencrypt_cert-fixes

letsencrypt-cron-fix

4.7

newtype-__letsencrypt_cert

os_explorer_devuan_fix

prometheus-exporter-fixes

daemontools-for-fbsd

type-prometheus-exporter-from-master

prometheus-more-fixes

4.6

4.5

fix-j

steven-backport

4.4

prometheus-fixes

grafana_dashboard

prometheus

daemontools

consul_improvements

feature/trigger

4.3

4.0-pre-not-stable

4.2

4.1

4.0

feature_install_and_preos

3.1

no-dot-cdist

random_dot_cdist

feature_yum_url

feature_files_export

3.0

2.3

2.2

2.1

ssh_callback

2.0

archive_shell_function_approach

1.7

1.6

1.5

1.4

1.3

1.2

1.1

1.0

7.0.0

6.9.8

6.9.7

6.9.6

6.9.5

6.9.4

6.9.3

6.9.2

6.9.1

6.9.0

6.8.0

6.7.0

6.6.0

6.5.6

6.5.5

6.5.4

6.5.3

6.5.2

6.5.1

6.5.0

6.4.0

6.3.0

6.2.0

6.1.1

6.1.0

6.0.4

6.0.3

6.0.2

6.0.1

6.0.0

5.1.3

5.1.2

5.1.1

5.1.0

5.0.2

5.0.1

5.0.0

4.11.1

4.11.0

4.10.11

4.10.10

4.10.9

4.10.8

4.10.7

4.10.6

4.10.5

4.10.4

4.10.3

4.10.2

4.10.1

4.10.0

4.9.1

4.9.0

4.8.4

4.8.3

4.8.2

4.8.1

4.8.0

4.7.3

4.7.2

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.4

4.4.3

4.4.2

4.4.1

4.4.0

4.3.2

4.3.1

4.3.0

4.2.2

4.2.1

4.2.0

4.1.0

4.0.0

3.1.13

tn1

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

4.0.0pre3

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

4.0.0pre2

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

4.0.0pre1

3.0.2

3.0.1

3.0.0

2.3.7

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.2.0

2.1.2

2.1.1

2.1.0

2.1.0pre8

2.1.0pre7

2.1.0pre6

2.0.15

2.1.0pre5

2.1.0pre4

2.1.0pre3

2.1.0pre2

2.1.0pre1

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.0

1.4.1

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.9.9

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8

0.7

0.6

0.5

0.4

0.3

0.2

0.1

Labels

Clear labels   

bugfix

  

cleanup

  

discussion

  

documentation

  

doing

  

done

  

feature

  

improvement

  

packaging

  

Stale

  

testing

  

TODO

No Label

bugfix

cleanup

discussion

documentation

doing

done

feature

improvement

packaging

Stale

testing

TODO

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist#18

No description provided.