Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CHE_LIMITS_USER_WORKSPACES_COUNT Does not work (Che 7.32.2) #20187

Closed
4 tasks done
Tracked by #20326
donenocode opened this issue Jul 23, 2021 · 6 comments
Closed
4 tasks done
Tracked by #20326

CHE_LIMITS_USER_WORKSPACES_COUNT Does not work (Che 7.32.2) #20187

donenocode opened this issue Jul 23, 2021 · 6 comments
Labels
area/che-server kind/bug Outline of a bug - must adhere to the bug report template. severity/P2 Has a minor but important impact to the usage or development of the system.

Comments

@donenocode
Copy link

Describe the bug

When Che is deploy via helm method 'CHE_LIMITS_USER_WORKSPACES_COUNT' does not have any effect. Users can continue to create workspaces beyond any limit.

I also note a similar issued logged by a different user that did not appear to be resolved: issue number #16675

I have executed a shell in the Che container to confirm the ENV variables is getting set and can see the ENV variable is getting set as expected, however it doesn't have an effect.

Che version

  • other: 7.32.2

Steps to reproduce

  1. Deploy Che using chectl via the helm installer
  2. Configure the 'che' CM to have the 'CHE_LIMITS_USER_WORKSPACES_COUNT=2' value (for instance)
  3. Scale 'che' down to 0 and back to 1
  4. Login and attempt to create more workspaces than the set value

Expected behavior

User should be denied the ability to create more workspaces.

Runtime

  • kubernetes (include output of kubectl version)
    > kubectl version
    Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
    Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T20:55:23Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}

Installation method

  • chectl
    • provide a full command that was used to deploy Eclipse Che (including the output):
      • chectl server:deploy -m --domain=<MY DOMAIN HERE> -n che --platform=k8s --installer=helm
    • provide an output of chectl version command:
      • chectl/7.32.2 linux-x64 node-v12.22.1

Environment

  • other: Rancher RKE on Ubuntu VMware vSphere.
@donenocode donenocode added the kind/bug Outline of a bug - must adhere to the bug report template. label Jul 23, 2021
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jul 23, 2021
@skabashnyuk
Copy link
Contributor

can you provide command execution results from che-server container

 ps faux | grep 'java process of che server '
 cat cat /proc/`id from previus commnad`/environ  | grep CHE

@donenocode
Copy link
Author

As requested:

1724 24 1.6 2.0 4353376 498992 ? Sl 09:31 1:47 \_ /opt/java/openjdk/bin/java -Djava.util.logging.config.file=/home/user/eclipse-che//tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:MaxRAMPercentage=85.0 -Dche.docker.network=bridge -Djavax.net.ssl.trustStore=/home/user/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Dport.http=8080 -Dche.home=/home/user/eclipse-che/ -Dche.logs.dir=/data/logs -Dche.logs.level=INFO -Djuli-logback.configurationFile=file:/home/user/eclipse-che//tomcat/conf/tomcat-logger.xml -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0022 -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n -Dche.local.conf.dir=/etc/conf -Dignore.endorsed.dirs= -classpath /home/user/eclipse-che//tomcat/conf/:/opt/java/openjdk/lib/tools.jar:/home/user/eclipse-che//tomcat/bin/bootstrap.jar:/home/user/eclipse-che//tomcat/bin/tomcat-juli.jar -Dcatalina.base=/home/user/eclipse-che//tomcat -Dcatalina.home=/home/user/eclipse-che//tomcat -Djava.io.tmpdir=/home/user/eclipse-che//tomcat/temp org.apache.catalina.startup.Bootstrap start


CHE_API=https://che-dev.MY DOMAIN HERE/api
CHE_API_INTERNAL=http://che-host.dev.svc:8080/api
CHE_CORS_ALLOWED__ORIGINS='*'
CHE_CORS_ALLOW__CREDENTIALS=false
CHE_CORS_ENABLED=false
CHE_DASHBOARD_PORT=tcp://10.43.28.43:8080
CHE_DASHBOARD_PORT_8080_TCP=tcp://10.43.28.43:8080
CHE_DASHBOARD_PORT_8080_TCP_ADDR=10.43.28.43
CHE_DASHBOARD_PORT_8080_TCP_PORT=8080
CHE_DASHBOARD_PORT_8080_TCP_PROTO=tcp
CHE_DASHBOARD_SERVICE_HOST=10.43.28.43
CHE_DASHBOARD_SERVICE_PORT=8080
CHE_DASHBOARD_SERVICE_PORT_HTTP=8080
CHE_DEBUG_SERVER=true
CHE_HOST=che-dev.MY DOMAIN HERE
CHE_HOST_PORT=tcp://10.43.24.47:8080
CHE_HOST_PORT_8080_TCP=tcp://10.43.24.47:8080
CHE_HOST_PORT_8080_TCP_ADDR=10.43.24.47
CHE_HOST_PORT_8080_TCP_PORT=8080
CHE_HOST_PORT_8080_TCP_PROTO=tcp
CHE_HOST_PORT_8087_TCP=tcp://10.43.24.47:8087
CHE_HOST_PORT_8087_TCP_ADDR=10.43.24.47
CHE_HOST_PORT_8087_TCP_PORT=8087
CHE_HOST_PORT_8087_TCP_PROTO=tcp
CHE_HOST_SERVICE_HOST=10.43.24.47
CHE_HOST_SERVICE_PORT=8080
CHE_HOST_SERVICE_PORT_HTTP=8080
CHE_HOST_SERVICE_PORT_METRICS=8087
CHE_INFRASTRUCTURE_ACTIVE=kubernetes
CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL=https://che-dev.MY DOMAIN HERE/agent-binaries/linux_amd64/bootstrapper/bootstrapper
CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON='{"kubernetes.io/ingress.class": "nginx", "kubernetes.io/tls-acme": "true", "nginx.ingress.kubernetes.io/rewrite-target": "/$1","nginx.ingress.kubernetes.io/ssl-redirect": "true","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}'
CHE_INFRA_KUBERNETES_INGRESS_DOMAIN=<MY DOMAIN HERE>
CHE_INFRA_KUBERNETES_INGRESS_PATH__TRANSFORM='%s(.*)'
CHE_INFRA_KUBERNETES_MASTER__URL=
CHE_INFRA_KUBERNETES_NAMESPACE='<username>-che'
CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT='<username>-che'
CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP=1724
CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER=1724
CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS=true
CHE_INFRA_KUBERNETES_PVC_QUANTITY=1Gi
CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME=
CHE_INFRA_KUBERNETES_PVC_STRATEGY=common
CHE_INFRA_KUBERNETES_SERVER__STRATEGY=multi-host
CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME=che-workspace
CHE_INFRA_KUBERNETES_SINGLEHOST_GATEWAY_CONFIGMAP__LABELS=app=che,component=che-gateway-config
CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_EXPOSURE=native
CHE_INFRA_KUBERNETES_TLS__CERT=REMOVED
CHE_INFRA_KUBERNETES_TLS__ENABLED=true
CHE_INFRA_KUBERNETES_TLS__KEY=REMOVED
CHE_INFRA_KUBERNETES_TLS__SECRET=che-tls
CHE_INFRA_KUBERNETES_TRUST__CERTS=false
CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN=15
CHE_KEYCLOAK_AUTH__INTERNAL__SERVER__URL=http://keycloak.dev.svc:5050/auth
CHE_KEYCLOAK_AUTH__SERVER__URL=https://keycloak-dev.MY DOMAIN HERE/auth
CHE_KEYCLOAK_CLIENT__ID=che-public
CHE_KEYCLOAK_REALM=che
CHE_LIMITS_USER_WORKSPACES_COUNT=1
CHE_LIMITS_USER_WORKSPACES_RUN_COUNT=1
CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT=1800000
CHE_LOCAL_CONF_DIR=/etc/conf
CHE_LOGGER_CONFIG=
CHE_LOGS_APPENDERS_IMPL=plaintext
CHE_LOGS_DIR=/data/logs
CHE_LOG_LEVEL=INFO
CHE_METRICS_ENABLED=false
CHE_MULTIUSER=true
CHE_OAUTH_GITHUB_CLIENTID=
CHE_OAUTH_GITHUB_CLIENTSECRET=
CHE_OAUTH_OPENSHIFT_CLIENTID=
CHE_OAUTH_OPENSHIFT_CLIENTSECRET=
CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT=
CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL=
CHE_PORT=8080
CHE_TRACING_ENABLED=false
CHE_WEBSOCKET_ENDPOINT=wss://che-dev.MY DOMAIN HERE/api/websocket
CHE_WORKSPACE_AUTO_START=false
CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL=http://devfile-registry.dev.svc:8080
CHE_WORKSPACE_DEVFILE__REGISTRY__URL=https://devfile-registry-dev.MY DOMAIN HERE
CHE_WORKSPACE_HTTPS__PROXY=
CHE_WORKSPACE_HTTP__PROXY=
CHE_WORKSPACE_JAVA__OPTIONS=-Xmx2000m
CHE_WORKSPACE_MAVEN__OPTIONS=-Xmx20000m
CHE_WORKSPACE_NO__PROXY=
CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL=http://plugin-registry.dev.svc:8080/v3
CHE_WORKSPACE_PLUGIN__REGISTRY__URL=https://plugin-registry-dev.MY DOMAIN HERE/v3
MAILCHECK=60

@skabashnyuk
Copy link
Contributor

Please not that both limits are 1.

CHE_KEYCLOAK_REALM=che
CHE_LIMITS_USER_WORKSPACES_COUNT=1  <-----
CHE_LIMITS_USER_WORKSPACES_RUN_COUNT=1 <-----

are you sure you want to change CHE_LIMITS_USER_WORKSPACES_COUNT not CHE_LIMITS_USER_WORKSPACES_RUN_COUNT ?

@donenocode
Copy link
Author

Yes, in this example (this is a dev setup) I wanted to limit the user to only 1 workspace. In this case 'RUN_COUNT' is obviously redundant, but I have tried this out as a temporary workaround to the workspace limit not working.

In the production setup these numbers will be different (for instance 3 workspaces but run only 1).

@skabashnyuk
Copy link
Contributor

skabashnyuk commented Jul 23, 2021

@donenocode I'm confused. Is this #20187 (comment) result from the environment where 'CHE_LIMITS_USER_WORKSPACES_COUNT' is not working?

@donenocode
Copy link
Author

Yes, initially the setup did not have 'CHE_LIMITS_USER_WORKSPACES_RUN_COUNT' set at all. I have only added this to work around the issue of 'CHE_LIMITS_USER_WORKSPACES_COUNT' not working.

I wish to limit the number of workspaces that a user can create.
With or with out the run count settings the limit on number of workspaces does not function.

I only added the run count setting to test it applied and to see if it had any effect on the number of workspaces that can be created.

@sleshchenko sleshchenko added status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering. area/che-server labels Jul 26, 2021
@skabashnyuk skabashnyuk added severity/P2 Has a minor but important impact to the usage or development of the system. sprint/next team/platform and removed status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering. status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jul 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/che-server kind/bug Outline of a bug - must adhere to the bug report template. severity/P2 Has a minor but important impact to the usage or development of the system.
Projects
None yet
Development

No branches or pull requests

5 participants