rh-che #557: Adding property and handler for stopping k8s / openshift workspace if unrecoverable event occurs during workspace startup

[ibuziuk]

What does this PR do?

Adding property and handler for stopping k8s / openshift workspace if unrecoverable event occurs during workspace startup

Demo - https://youtu.be/J_DfNZXidE0

What issues does this PR fix or reference?

redhat-developer/rh-che#557

Adding property che.infra.kubernetes.workspace_unrecoverable_events

if during workspace startup an unrecoverable event occurs (e.g. "Failed Mount" "Failed Scheduling") terminate workspace immediately instead of waiting util timeout

Release Notes

Adding property che.infra.kubernetes.workspace_unrecoverable_events

if during workspace startup an unrecoverable event occurs (e.g. "Failed Mount" "Failed Scheduling") terminate workspace immediately instead of waiting util timeout

Docs PR

eclipse-che/che-docs#395

[codenvy-ci]

Can one of the admins verify this patch?

[codenvy-ci]

Can one of the admins verify this patch?

[codenvy-ci]

Can one of the admins verify this patch?

[sleshchenko]

I think it could be useful add MachineLogsPublisher here. WDYT?

[garagatyi]

@sleshchenko can you elaborate on what exactly to do?

[sleshchenko]

I think it should be something like the following:

--> start
try {
  namespace.pods().watchContainers(new MachineLogsPublisher());
  if (failFastOnUnrecoverableEvents) {
    namespace.pods().watchContainers(new UnrecoverableEventHanler());
  }

  //doStart here
} catch ....
... 
} finally {
  namespace.pods().stopWatch();
}

In this case clients would receive K8s/OS events text as machine's output, and it would be easier to understand why workspace start fails.

[ibuziuk]

@sleshchenko Adding MachineLogsPublisher seems to be unrelated to this issue but rather to #7653 IMO. Could this be addressed in another PR ?

[sleshchenko]

@ibuziuk For me, it looks like it's easy to add it here (I guess described changes should be enough) and it will be useful (machine logs panel will have all events). It's why I write it here.
But I agree that it is not related to a solved issue and it can be added in another PR.

[ibuziuk]

@sleshchenko ok, sounds relevant - let me add it to this PR

[sleshchenko]

Maybe it makes sense to make these values configurable?

[garagatyi]

+1

[ibuziuk]

@sleshchenko do you mean property with comma separated reasons ?

[sleshchenko]

I think yes.

[ibuziuk]

done

[garagatyi]

A new field should be used in equals/hashcode methods too

[ibuziuk]

yeah, good point

[ibuziuk]

fixed

[garagatyi]

Have you considered moving canceling of watching to internalStart method? I think that there might be a situation in future when newly introduced bug prevents the execution of method waitMachines which would lead to a leak of the watch connections.

[akorneta]

+1

[ibuziuk]

sounds good, let me fix

[ibuziuk]

moved to internalStart

[garagatyi]

Do you think dev/ops team would be able to address logged problem somehow? Maybe it is worth to add more info to be able to debug the issue or remove logging at all?

[ibuziuk]

@garagatyi what info do you will be relevant here ? req_id / identity id would be added to the logs automatically I assume, no ?

[garagatyi]

Maybe workspace ID, maybe some pod/container info if any

[ibuziuk]

have added pod info

[garagatyi]

Can you add tests for this case?

[ibuziuk]

ok, sure

[garagatyi]

Can you also check for the cancellation of watching?

[garagatyi]

Can you add a case when the value is false?

[ibuziuk]

@garagatyi do you think it is ok to check one infra with false & other with true, or you think there should be both cases handled in both infras ?

[garagatyi]

Since they might have their own bugs we should have tests for both

[garagatyi]

Can you add a case when the value is false?

[garagatyi]

AFAIK we don't have runtime interruption in place for k8s runtime yet. Can you elaborate how this handler stops start of a runtime?

[ibuziuk]

s/runtime/workspace/

[sleshchenko]

Your changes will make life easier during an investigation of workspace start failing 👍

[sleshchenko]

Should util be until?

[ibuziuk]

good catch

[sleshchenko]

I think it doesn't work correctly until k8s runtime start interruption will be implemented.
I guess client will receive two workspace status events:

• one that workspace failed to start because of Unrecoverable;
• a second one that start timeout exceeded.

Let me check that. BTW I think we can merge these changes with the described issue and it will be fixed with implemented interruption of k8s runtime start.

[sleshchenko]

I've checked. So here is the Che Server logs

  | 2018-04-17 08:02:45,912[io-8080-exec-10]  [INFO ] [o.e.c.a.w.s.WorkspaceRuntimes 236]   - Starting workspace 'che/qwe' with id 'workspacea75oxtgryzdjq5iq' by user 'che'
  /////////////////// Here Client received that workspace failed to start but Che Server doesn't contain the corresponding message ///////////////////////////
  /////////////////// ~3 minutes later reached workspace start timeout ///////////////////////////
  | 2018-04-17 08:05:18,006[aceSharedPool-0]  [WARN ] [.i.k.KubernetesInternalRuntime 177]  - Failed to start Kubernetes runtime of workspace workspacelhu15ifhded6jrxf. Cause: Server 'terminal' in machine 'dev-machine' not available.
  | 2018-04-17 08:05:18,006[ServersChecker]   [ERROR] [.i.k.KubernetesInternalRuntime 335]  - Unable to update status of the machine '%s:%s'. Cause: %s
  | 2018-04-17 08:05:18,066[aceSharedPool-0]  [INFO ] [o.e.c.a.w.s.WorkspaceRuntimes 292]   - Workspace 'che:wksp-g9f7' with id 'workspacelhu15ifhded6jrxf' start failed
  | 2018-04-17 08:05:18,070[aceSharedPool-0]  [WARN ] [o.e.c.a.w.s.WorkspaceManager 423]    - Cannot set error status of the workspace workspacelhu15ifhded6jrxf. Error is: Workspace with id 'workspacelhu15ifhded6jrxf' doesn't exist

[sleshchenko]

Can you describe why it is necessary to have separate configuration property for disabling listening to unrecoverable events. Maybe it makes sense to configure empty che.infra.kubernetes.workspace_unrecoverable_events for disabling instead of having a separate one?

[ibuziuk]

good point, less config we have the better

[skabashnyuk]

I guess we don't have CQ for this dependency. Can you use some alternatives?

[ibuziuk]

@skabashnyuk seems to be defined in parent https://github.com/eclipse/che-parent/blob/master/pom.xml#L252

[skabashnyuk]

It's not an issue where it's defined. the problem is that it becomes compile level and we have no cq for it. https://dev.eclipse.org/ipzilla/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&component=ecd.che&long_desc_type=substring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&keywords_type=allwords&keywords=&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailtype2=substring&email2=&bugidtype=include&bug_id=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0=

AFAIK you can find the same helper method on other artifacts like guava

[ibuziuk]

@skabashnyuk ok, good to know - changed to com.google.common.base.Strings

[l0rd]

For users it may be interesting to have a list (or better a link) of valid kubernetes events.

[ibuziuk]

@l0rd could you please clarify a bit ? is it about changing the property format

[garagatyi]

I think Mario means a link to docs where all the event types are listed.
And 👍 to add it here.

[l0rd]

If I am a Che user and I am editing che.properties I don't know what are the valid values for this new property. You may want to say in the comment that this is a comma separated list of kubernetes events. And it would be great if we could add a link to a list of valid kubernetes events (but I am not sure we can easily find one so don't lose too much time on this)

[garagatyi]

It seems that without workspace ID it won't be possible to match the incident with a workspace/user. I think we need WSID her.

[ibuziuk]

ok, will also add workspace id

[garagatyi]

Can you also add the reason to the hashcode method? It is common to have them aligned.

[ibuziuk]

done, thanks for the pointer

[garagatyi]

TLDR please, add finally here as well
Since we set watchers here we should also ensure that all the watchers are properly deleted. We can not guarantee that there is no bug which prevents the execution of finally block from k8s infra.

[ibuziuk]

sorry, not following - startMachines is supposed to be called from internalStart where watchers closed / deleted in finally. Could you describe potential bug that could prevent closing watchers currently ?

[garagatyi]

Sorry, my bad. We don't need finally here.

[garagatyi]

@ibuziuk please, do not push to the branch with force. Each force push make reviewers review whole PR from scratch

[garagatyi]

BTW looks like you need to address @skabashnyuk 's comment before merging since we can't add new dependency without a CQ

[ibuziuk]

@garagatyi fixed dep CQ problem - changed to com.google.common.base.Strings

[ibuziuk]

@l0rd have added PR for docs eclipse-che/che-docs#395

[garagatyi]

@ibuziuk is there any other cases that you are going to cover in unit tests?

[ibuziuk]

@garagatyi yeah, working on adding more tests

[l0rd]

Failed to pull image has become Failed

[ibuziuk]

it was actually done deliberate, but I can rework

[l0rd]

Yes please revert that. Having Failed in a list of kubernetes events is confusing.

[ibuziuk]

@lord ok, just wanted to clarify that reason of the event for "Failed to pull image" is actually just Failed, so I assume that Failed is quite common reason for k8s / openshift events. Failed to pull image is part of the event message

[ibuziuk]

@l0rd @garagatyi changed property value, added tests. Please, review
PR for updating docs to make it consistent with property - eclipse-che/che-docs#397

[garagatyi]

Sorry, my bad. We don't need finally here.

[garagatyi]

You have added logs publishing in the runtime start process and this is very cool. Can you also add a unit test for this case?

[ibuziuk]

isn't it already handled by https://github.com/eclipse/che/pull/9426/files#diff-08f3ea6fea2790aa766edf8d57d37897R275 e.g. handler for publishing events is added during runtime start?

[garagatyi]

Well, it just checks that some subscribers are watching it. We have a separate test for logs publisher, so maybe we can also check that one of the watchers is logs publisher and another one is unrecoverable events listener? But it is not critical, so feel free to leave it as is if you want.

[garagatyi]

Please, test unrecoverable events matching/non-matching in the whole flow instead of with a separated component. We don't have any guarantees that handler is called as it is supposed in this test case.
Please cover cases:
non-matching event
matching by the reason field
matching by the message field

It would be nice to verify that stop of the runtime is really called after appearing of the matching event.

[ibuziuk]

@garagatyi was not able to figure out how exactly to test unrecoverable events in starting flow, but have added separate tests for matching by the reason / matching by the message. Also, not sure how exactly verifying that stop of the runtime e.g. internalStop should be tested - currently done by verifying that namespace cleanup was called

Are you ok to merge it in the current state, since I do not really want to face merge conflicts, and we could discuss more tests cases which I would add later in separate PR ?

[l0rd]

LGTM. Thanks @ibuziuk!

[garagatyi]

Looks good! I believe that tests that we were discussing are not mandatory for the PR.

[ibuziuk]

@garagatyi ok, thanks I will try to add more tests for those event handlers during the sprint