Sysctl library

[zmraul]

PoC integration with Kafka: canonical/kafka-operator#118
Addresses DPE-2111

This draft will be updated with feedback from #98 and Kafka PR before setting it to ready to review.

[rgildein]

I think that we could improve some small thinks, but it's overall it looks good to me.
I will also suggest to add more logging, since we are not doing much of that.

[rgildein]

not-blocking:

Suggested change

	SYSCTL_FILENAME = Path(f"{SYSCTL_DIRECTORY}/95-juju-sysctl.conf")
	SYSCTL_FILENAME = SYSCTL_DIRECTORY / "95-juju-sysctl.conf"

[rgildein]

Are we providing paths to original files here? I could not found it in the code.

[zmraul]

I added this as part of file creation, see this commit: 0cd9816

[rgildein]

I think we need to provide better description in doc-string or change logic here, because this function is called update and it's not following real update pattern. I'll try to explain it with example.
Calling update twice as shown bellow, does not ensure that 95-juju-sysctl.conf will have vm.max_map_count configured. It will be applied, but there will be no information and after reboot it will be lost.

self.sysctl.update({"vm.max_map_count": 262144})
self.sysctl.update({"vm.swappiness": 50})

From this situation I would expect that 95-juju-sysctl.conf to have both vm.max_map_count=262144 and vm.swappiness=50.

[zmraul]

Yes, maybe update is not the correct term here. It's more a configure scenario, where we change everything, not adding.

[benhoyt]

Yes, if the behaviour here is to write an entire config, I agree with @rgildein -- this name is confusing. It's kind of like dict.update, but does something very different. What about renaming it configure, as you suggest?

[rgildein]

I would prefer to add note about not applying anything (since we are not doing any change in sysctl configuration, not reverting any value) with this remove, so charm developer will not expect that after calling sysctl.remove().

[zmraul]

Added as part of the description

[rgildein]

Like this we will call subprocess to many times and this can easily took 10+ seconds. Can we call it only once or load those values from 95-juju-sysctl.cong?

[zmraul]

Simplified call into a single one. Thanks!

[rgildein]

To me it would be much cleaner if this function returns Tuple[str, str] and not dictionary with single key and value.

[zmraul]

Yes, I updated the parsing

[rgildein]

this variable is never used, can we remove it

[rgildein]

I really think that we should mocked SYSCTL_DIRECTORY (probably also SYSCTL_FILENAME) to ensure that this tests will not create such file or change it. Right now I did not spotted any place where we are not mocking load or write config, but this can easily happen in future and we should avoid touching system configuration in unit tests.

[rgildein]

Suggested change

	raise SysctlError(msg)
	raise SysctlError(msg) from error

[rgildein]

not-blocking: Can we stay on same page here and use ApplyError as I did in grub lib? To me it's more obvious than some permission error.

[benhoyt]

I haven't looked at the test thoroughly yet, but I added a few initial comments on the code.

[benhoyt]

__repr__ is usually supposed to be in the format that could be turned back into the object if sent through eval(), in other words, the Python representation. Exception subclasses already have a nice __repr__ that does this:

>>> class FooError(Exception): pass
... 
>>> repr(FooError(1, 'foo'))
"FooError(1, 'foo')"

So I don't think we need __repr__ here.

[zmraul]

I'm guilty of copying the exception format from the other modules in here :) I'll change it to remove unused parts. Thanks for the explanation!

[benhoyt]

Why is this needed?

[benhoyt]

I don't think this subclass adds any value. This package is already called sysctl, so it seems like raising sysctl.Error is already enough? Or at least the name is confusing given the overlap with the package name (sysctl.SysctlError). If we need to distinguish sysctl command errors from other errors, maybe it can be sysctl.CommandError or similar?

[zmraul]

I think CommandError might be best here

[benhoyt]

If you're compiling the regex every time you can just use re.match("pattern", line). But it's usually better to compile the regex just once, and save it as a class-level "constant". I usually do (at the class level):

class Config:
    _apply_re = re.compile("...pattern...")

Also, re.match() only matches at the start of the string, so no need for the ^ in the re.

[zmraul]

Good to know, I'll move this to the top

[benhoyt]

Is there a way to make sysctl fail with a non-zero exit code in this case and just use stderr in that case, instead of parsing error output?

[benhoyt]

According to the man page, ; is a valid command line too, so maybe line.startswith(("#", ";")). Also, maybe or not line.strip() is better than the above, to ensure a blank line with spaces in it doesn't count either.

Also, we should probably check or '=' not in line.

[benhoyt]

This will cause a ValueError unpacking if the value contains a =, as it will be split into more than two parts. You want param, value = line.split("=", maxsplit=1) or perhaps param, _, value = line.partition("=").

[benhoyt]

It's odd and inefficient to return a one-value dictionary. A tuple (param, value) would be better. Though then you have to return None if there's no value.

Also, I don't think having this factored out into its own method, _parse_line, really helps with clarity. I think it'd be clearer just inline in load function. That would simplify the error/None/{} case too, because you'd just continue in the loop if the line was a comment or invalid.

[zmraul]

This was done initially on _load as you point out, but it looked something like:

{
    param.strip(): value.strip()
    for line in f.read().splitlines()
    if line and not line.startswith('#')
    for param, value in [line.split('=')]
}

which is quite a mouthful :/

[zmraul]

nvm, I merged _parse_line into load function now.

[benhoyt]

Yeah, this is a lot of mocking... I think we'd be better to just change the directory and use real file operations. We're testing a lot more that way. We can have one test with mocked file operations if you want, to ensure that we're actually writing to the right path if the path isn't overridden.

[zmraul]

It is a lot, but I was trying to avoid creating files here. This happens more on the update call which is the one that holds most of the logic. Would adding integration tests (and leaving unit tests like this) cover your concern here?

[benhoyt]

It's more that mocking is messy and fragile. Messy, because no one wants to see six @patch decorators :-), and fragile, because we're depending a lot on implementation details, so if our implementation changes slightly, the tests break. I normally don't mock local filesystem operations in unit tests, because local filesystem operations are fast and reliable.

That said, yes, some integration tests would be very valuable for this lib -- good idea!

[rgildein]

I'm not against so many @patch, but I still think that we should change SYSCTL_DIRECTORY to some tmp path to be sure that we will not change anything in system sysctl config and maybe also mocked all subprocess calls so unit tests will not call sysctl key=value. I meant in setUp function.

[benhoyt]

Thanks for the updates. The main thing I'd want to see changed is the signature of update to not use the inner {"value": x} one-key dict (and probably change the name).

I'd also much prefer the tests to avoid so much mocking of internals (and filesystem operations): if we could just mock the subprocess call and use real filesystem operations for the file handling, the tests would be more robust in the face of implementation changes, and we'd need fewer integration tests.

Let's also get some end-to-end / integration tests here. I think we only need a few, especially if we update the unit tests to use real filesystem operations.

[benhoyt]

Hmm, this is very strange. Why isn't the value just the value of the dictionary, so cfg.update({"vm.swappiness": 10})? It's very strange to use a one-value dict with a fixed key like this.

[zmraul]

It's a good point. This was initially done differently. The key (here vm.swappiness) could also have a rule associated with it, so we would have the subdict with value and rule keys. But that was not implemented in this version.

[benhoyt]

I would suggest making a good API for what we have now then (that is, avoid the "value" dict), and then later, if we extend it, we could use something like {"vm.swappiness": Rule(foo, bar)}.

[benhoyt]

Yes, if the behaviour here is to write an entire config, I agree with @rgildein -- this name is confusing. It's kind of like dict.update, but does something very different. What about renaming it configure, as you suggest?

[benhoyt]

It's a minor point for small config files like this, but it's usually better to write a single line at a time, avoiding the whole file being instantiated in memory at once. It's also a bit simpler. Something like this:

with open(self.charm_filepath, "w") as f:
    for key, value in self._desired_config.items():
        f.write(f"{key}={value}\n")

[benhoyt]

Nit: good use case for a dictionary comprehension:

self._desired_config = {k: str(v) for k, v in config.items()}

[benhoyt]

Nit: snaphot -> snapshot

[benhoyt]

It's more that mocking is messy and fragile. Messy, because no one wants to see six @patch decorators :-), and fragile, because we're depending a lot on implementation details, so if our implementation changes slightly, the tests break. I normally don't mock local filesystem operations in unit tests, because local filesystem operations are fast and reliable.

That said, yes, some integration tests would be very valuable for this lib -- good idea!

[rgildein]

Two not-blocking comment + one about unit tests.

[rgildein]

not-blocking: follow up from @benhoyt comment about creating charm file.

Suggested change

	for path in paths:
	with open(path, "r") as f:
	data += f.readlines()
	with open(SYSCTL_FILENAME, "w") as f:
	f.writelines(data)
	with open(SYSCTL_FILENAME, "w") as f:
	f.write(SYSCTL_HEADER)
	for path in paths:
	with open(path, "r") as charm_file:
	f.write(charm_file.readlines())

[rgildein]

not-blocking:

Suggested change

	key, _, value = line.partition("=")
	key, value = line.split("=", 1)

[rgildein]

I'm not against so many @patch, but I still think that we should change SYSCTL_DIRECTORY to some tmp path to be sure that we will not change anything in system sysctl config and maybe also mocked all subprocess calls so unit tests will not call sysctl key=value. I meant in setUp function.

[zmraul]

@benhoyt

• Reworked some unit tests that used excessive mocking to use actual file operations.
• Added a couple integration tests.
• Renamed principal function to configure and changed API data scheme to be more expected.

Thanks for the guidance here!

[benhoyt]

This looks a lot better to me now, thanks!

[rgildein]

LGTM

[benhoyt]

All good to merge, or does anyone else need to review this? If not, I can merge.

[zmraul]

All good to merge, or does anyone else need to review this? If not, I can merge.

@benhoyt I think we are good to merge. Thanks!