Add validation of worker memory/cpu request/limit

[jrafanie]

Kubernetes doesn't allow request > limit.

Follow up work seen in #20865

Here are some examples of what it looks like when you try to saving an invalid high request value:

1. In the workers tab:
   

2. In the advanced tab:
   

3. In CLI using configure_worker_settings.rb:

% ./tools/configure_server_settings.rb -t string -s 1 -p workers/worker_base/defaults/memory_request --value "1.2.gigabytes"
{:dry_run=>false, :serverid=>1, :path=>"workers/worker_base/defaults/memory_request", :value=>"1.2.gigabytes", :force=>false, :type=>"string", :all_servers=>false, :help=>false, :type_given=>true, :serverid_given=>true, :path_given=>true, :value_given=>true}
** ManageIQ master, codename: Morphy
Setting [workers/worker_base/defaults/memory_request], old value: [800.megabytes], new value: [1.2.gigabytes]
ERROR: Configuration is invalid:
	workers-memory_request: agent_coordinator_worker: memory_request: 1288490188 cannot exceed memory_threshold: 1073741824

[Fryguy]

Should this be data = {:config => {:workers => data.to_hash}} ? Only asking because I think data is an OpenStruct here.

[jrafanie]

😆 I'm glad you noticed this. I had data.to_hash before, then with testing, it worked as a Config::Options since it acts like a hash, so I removed it.

[Fryguy]

The key here should technically be the specific key that is invalid. We can probably pick one? Or pick the first one present in the incoming data?

[jrafanie]

Good 👁️ . I did this only because it looks awful when the UI presents it (see the screenshots for the current invalid_value).

[jrafanie]

Note, the code in validate does a similar thing as activerecord errors.add does for providing a section prefix + whatever message we put here. Unfortunately, the UI tries to humanize the cpu_threshold_percent value into Cpu Threshold Percent and it looks bad so I'd rather put the actual problem in the body of the message and not in the prefix.

[Fryguy]

Only problem there is i18n - I think all of the existing keys should be in the dictionary

[jrafanie]

Ok, I'll use the ugly format

[jrafanie]

Ok, this is fixed, see updated screenshots and tests.

[Fryguy]

If I recall, the validator is only presented with the keys that were changed, so we have deal with the data not having both keys. You might have to fetch the other key from the existing ::Settings section or do some other merge with the default settings before passing that off to worker_class.worker_settings(data).

You should be able to verify that with specs passing in only partial data here.

[jrafanie]

If I recall, the validator is only presented with the keys that were changed

?

manageiq/lib/vmdb/settings/validator.rb

Lines 17 to 22 in a94268f

	@config.each_key do |k|
	next unless respond_to?(k.to_s, true)
	_log.debug("Validating #{k}")
	ost = OpenStruct.new(@config[k].stringify_keys)
	section_valid, errors = send(k.to_s, ost)

It loops through all keys in the data.

[Fryguy]

Right but that incoming @config there might be sparse.

[jrafanie]

Looking at

manageiq/lib/vmdb/settings.rb

Lines 62 to 69 in a94268f

	new_settings = build_without_local(resource).load!.merge!(hash.deep_symbolize_keys).to_hash
	replace_magic_values!(new_settings, resource)
	valid, errors = validate(new_settings)
	raise ConfigurationInvalid.new(errors) unless valid # rubocop:disable Style/RaiseArgs
	parent_settings = parent_settings_without_local(resource).load!.to_hash
	diff = HashDiffer.diff(parent_settings, new_settings)

HashDiffer is given two settings on line 69 that must be full otherwise it can't easily diff them. I'm targeting line 65, where validate is called using the new settings. This is what I tested manually and it always had both values even if only 1 of them was changed.

I'm not sure where it would be partial. I'll keep looking.

[Fryguy]

Ok, maybe validate was designed to support sparse, but doesn't actually call it that way? I'll have to dig in with you, because there might be other callers than .save!

[jrafanie]

@Fryguy I couldn't find how @config could be a partial hash. Can you double check if you think that's a possibility? It would be tricky code to deal with only differences. Plus, the code referenced above calls validate before the HashDiffer is used to determine the diffs so I think it's really the complete settings at validate time but can't be sure.

[jrafanie]

Yeah, we can review it together. I'd rather not support something unless it makes sense.

[Fryguy]

I don't think these defaults are correct. The user could specify cpu_threshold_percent, but cpu_request_percent would be inherited and not passed to the data. The test below ensure there's a value, but it doesn't ensure there's an inherited value being checked against.

[jrafanie]

worker_class.worker_settings(data) handles inheritance. It doesn't matter where the value came from, right? We just default a value if not found for itself or inherited. This avoids ugly nil checks.

[jrafanie]

I have fixed up the tests to properly test inherited and overridden values and discarding of nils and usage of these sensible "valid" values just so the < > will be valid. Note, the code that takes these values and determines if they should patch the deployment also ignores any nil values so this code follows that expectation.

[Fryguy]

This is great @jrafanie ... this should make the experience for the user much better.

[Fryguy]

@jrafanie As discussed, the following 2 things are needed

• Verifying the keys exist before moving on (in case the user, for example, erases all settings in the advanced settings form, and submits it)
• extracting the method that flattens worker settings into a dedicated method so you don't have to call it through that weird server-based method passing true

[jrafanie]

Only the last two commits are new. The rest were rebased and left as is.. I'm testing this now in the UI to verify it works as desired.

[jrafanie]

Ok, I've tested with this change and ManageIQ/manageiq-ui-classic#7725 and have updated the screenshots.

The only thing left is to support <<reset>> in advanced settings as the keyword to "remove" values from child worker classes:

EDIT.

This is now fixed.

If you try to change this valid value:

To this, where the parent memory_request would make the remaining memory_threshold on the generic_worker invalid:

You'll now see this correct validation failure:

[Fryguy]

This test is kind of weird here because we don't actually ever store a RESET_VALUE in the settings itself.

[jrafanie]

Agreed. Let me see if there's a better way to test this. It was more to see if it would work.

[jrafanie]

I just dropped these tests. They were only really there to verify what I did in the UI and don't really make sense here.

[miq-bot]

Checked commits jrafanie/manageiq@e19b535~...cf0f04b with ruby 2.6.3, rubocop 1.13.0, haml-lint 0.35.0, and yamllint
4 files checked, 8 offenses detected

app/models/miq_worker.rb

• ⚠️ - Line 203, Col 32 - Lint/UnusedBlockArgument - Unused block argument - k. If it's necessary, use _ or _k as an argument name to indicate that it won't be used.
• ⚠️ - Line 208, Col 27 - Lint/UnusedBlockArgument - Unused block argument - k. If it's necessary, use _ or _k as an argument name to indicate that it won't be used.
• ❗ - Line 190, Col 66 - Style/OptionalBooleanParameter - Use keyword arguments when defining method with boolean argument.
• ❗ - Line 200, Col 9 - Layout/EmptyLineAfterGuardClause - Add empty line after guard clause.
• ❗ - Line 203, Col 30 - Layout/SpaceInsideBlockBraces - Space between { and | missing.
• ❗ - Line 208, Col 25 - Layout/SpaceInsideBlockBraces - Space between { and | missing.
• ❗ - Line 214, Col 18 - Style/HashEachMethods - Use each_key instead of keys.each.
• ❗ - Line 218, Col 19 - Performance/RegexpMatch - Use match? instead of =~ when MatchData is not used.

[Fryguy]

@jrafanie Does this have to be merged with ManageIQ/manageiq-ui-classic#7725 or is it independent? I think the bugs in ManageIQ/manageiq-ui-classic#7725 will cause problems if we merged this now, right?

[jrafanie]

@jrafanie Does this have to be merged with ManageIQ/manageiq-ui-classic#7725 or is it independent? I think the bugs in ManageIQ/manageiq-ui-classic#7725 will cause problems if we merged this now, right?

Good question. I didn't think they're dependent on each other at first thought. But on second thought, I feel like this needs to go in now as it protects the bug fixed in ManageIQ/manageiq-ui-classic#7725 from causing worse problems.

[Fryguy]

@jrafanie Is this lasker/yes?

[Fryguy]

Backported to lasker in commit 684d1f9.

commit 684d1f9e434a49ebf6b547785f42d23a3a292c6f
Author: Jason Frey <[email protected]>
Date:   Fri Apr 30 17:47:19 2021 -0400

    Merge pull request #20889 from jrafanie/validate_request_limit_settings
    
    Add validation of worker memory/cpu request/limit
    
    (cherry picked from commit 97bc5379adf0b921d63bb06a2ffa76f77b3b0c4d)