Actions
Fix #58183
closedcephadm/ingress: s3cmd multi-part upload failing
% Done:
0%
Source:
Tags:
backport_processed
Backport:
quincy, pacific
Reviewed:
Affected Versions:
Description
When using the standard haproxy.cfg.j2 template, multi-part uploads with s3cmd fail.
# small-ish file, single upload [frank.ederveen ~]$ dd if=/dev/urandom of=foo bs=1M count=15 15+0 records in 15+0 records out 15728640 bytes (16 MB, 15 MiB) copied, 0.0913662 s, 172 MB/s [frank.ederveen ~]$ s3cmd put foo s3:///frank1/ upload: 'foo' -> 's3://frank1/foo' (15728640 bytes in 0.3 seconds, 49.07 MB/s) [1 of 1] # larger upload, multi-part [frank.ederveen ~]$ dd if=/dev/urandom of=foo bs=1M count=17 17+0 records in 17+0 records out 17825792 bytes (18 MB, 17 MiB) copied, 0.101309 s, 176 MB/s [frank.ederveen ~]$ s3cmd put foo s3:///frank1/ ERROR: Cannot retrieve any response status before encountering an EPIPE or ECONNRESET exception WARNING: Upload failed: /foo?partNumber=1&uploadId=2~__a4bpkYzJK7UKPRpUomoVXqUMmnWyd ([Errno 32] Broken pipe) WARNING: Waiting 3 sec... WARNING: Could not refresh role ERROR: Cannot retrieve any response status before encountering an EPIPE or ECONNRESET exception WARNING: Upload failed: /foo?partNumber=2&uploadId=2~__a4bpkYzJK7UKPRpUomoVXqUMmnWyd ([Errno 32] Broken pipe) WARNING: Waiting 3 sec... ^CSee ya!
This seems to be caused by very short `timeout client` and `timeout server` settings. When changed from `1s` to `5s` to problem goes away.
On a related note, why was 'http-server-close' chosen over the default 'http-keep-alive'? Will do some testing with that and maybe file another ticket for that.
# /src/pybind/mgr/cephadm/templates/services/ingress/haproxy.cfg.j2 defaults mode {{ mode }} log global {% if mode == 'http' %} option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout queue 20s timeout connect 5s timeout http-request 1s timeout http-keep-alive 5s timeout client 1s timeout server 1s timeout check 5s {% endif %}
https://www.haproxy.org/download/2.8/doc/configuration.txt:
timeout client <timeout> Set the maximum inactivity time on the client side. May be used in sections : defaults | frontend | listen | backend yes | yes | yes | no Arguments : <timeout> is the timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit, as explained at the top of this document. The inactivity timeout applies when the client is expected to acknowledge or send data. In HTTP mode, this timeout is particularly important to consider during the first phase, when the client sends the request, and during the response while it is reading data sent by the server. That said, for the first phase, it is preferable to set the "timeout http-request" to better protect HAProxy from Slowloris like attacks. The value is specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit, as specified at the top of this document. In TCP mode (and to a lesser extent, in HTTP mode), it is highly recommended that the client timeout remains equal to the server timeout in order to avoid complex situations to debug. It is a good practice to cover one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 seconds (e.g. 4 or 5 seconds). [zap!] timeout server <timeout> Set the maximum inactivity time on the server side. May be used in sections : defaults | frontend | listen | backend yes | no | yes | yes Arguments : <timeout> is the timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit, as explained at the top of this document. The inactivity timeout applies when the server is expected to acknowledge or send data. In HTTP mode, this timeout is particularly important to consider during the first phase of the server's response, when it has to send the headers, as it directly represents the server's processing time for the request. To find out what value to put there, it's often good to start with what would be considered as unacceptable response times, then check the logs to observe the response time distribution, and adjust the value accordingly. The value is specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit, as specified at the top of this document. In TCP mode (and to a lesser extent, in HTTP mode), it is highly recommended that the client timeout remains equal to the server timeout in order to avoid complex situations to debug. Whatever the expected server response times, it is a good practice to cover at least one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 seconds (e.g. 4 or 5 seconds minimum).
Updated by Adam King over 1 year ago
- Backport set to quincy, pacific
- Pull request ID set to 49556
Updated by Adam King over 1 year ago
- Status changed from New to Pending Backport
Updated by Backport Bot over 1 year ago
- Copied to Backport #58538: quincy: cephadm/ingress: s3cmd multi-part upload failing added
Updated by Backport Bot over 1 year ago
- Copied to Backport #58539: pacific: cephadm/ingress: s3cmd multi-part upload failing added
Updated by Adam King about 1 year ago
- Status changed from Pending Backport to Resolved
Actions