RHINENG-21216: add new evaluator - user-evaluation

Author: TenSt

conf/evaluator_upload.env

@@ -1 +1,3 @@
 EVAL_TOPIC=patchman.evaluator.upload
+
+POD_CONFIG=label=upload

conf/evaluator_user_evaluation.env

@@ -0,0 +1,3 @@
+EVAL_TOPIC=patchman.evaluator.user-evaluation
+
+POD_CONFIG=label=user-evaluation

deploy/clowdapp.yaml

@@ -258,6 +258,52 @@ objects:
         resources:
           limits: {cpu: '${CPU_LIMIT_EVALUATOR_RECALC}', memory: '${MEM_LIMIT_EVALUATOR_RECALC}'}
           requests: {cpu: '${CPU_REQUEST_EVALUATOR_RECALC}', memory: '${MEM_REQUEST_EVALUATOR_RECALC}'}
+    
+    - name: evaluator-user-evaluation
+      replicas: ${{REPLICAS_EVALUATOR_USER_EVALUATION}}
+      webServices:
+        public:
+          enabled: true
+        private:
+          enabled: true
+        metrics:
+          enabled: true
+      podSpec:
+        image: ${IMAGE}:${IMAGE_TAG}
+        initContainers:
+          - name: check-for-db
+            image: ${IMAGE}:${IMAGE_TAG}
+            command:
+              - ./database_admin/check-upgraded.sh
+            env:
+            - {name: POD_CONFIG, value: '${DATABASE_ADMIN_CONFIG}'}
+        command:
+          - ./scripts/entrypoint.sh
+          - evaluator
+        env:
+        - {name: LOG_LEVEL, value: '${LOG_LEVEL_EVALUATOR_USER_EVALUATION}'}
+        - {name: GIN_MODE, value: '${GIN_MODE}'}
+        - {name: SHOW_CLOWDER_VARS, value: ''}
+        - {name: DB_DEBUG, value: '${DB_DEBUG_EVALUATOR_USER_EVALUATION}'}
+        - {name: DB_USER, value: evaluator}
+        - {name: DB_PASSWD, valueFrom: {secretKeyRef: {name: patchman-engine-database-passwords,
+                                                       key: evaluator-database-password}}}
+        - {name: KAFKA_GROUP, value: patchman}
+        - {name: KAFKA_READER_MAX_ATTEMPTS, value: '${KAFKA_READER_MAX_ATTEMPTS}'}
+        - {name: KAFKA_WRITER_MAX_ATTEMPTS, value: '${KAFKA_WRITER_MAX_ATTEMPTS}'}
+        - {name: EVAL_TOPIC, value: patchman.evaluator.user-evaluation}
+        - {name: PAYLOAD_TRACKER_TOPIC, value: platform.payload-status}
+        - {name: REMEDIATIONS_UPDATE_TOPIC, value: 'platform.remediation-updates.patch'}
+        - {name: NOTIFICATIONS_TOPIC, value: 'platform.notifications.ingress'}
+        - {name: SSL_CERT_DIR, value: '${SSL_CERT_DIR}'}
+        - {name: GOGC, value: '${GOGC}'}  # set garbage collection limit for go 1.18
+        - {name: ENABLE_PROFILER, value: '${ENABLE_PROFILER_EVALUATOR_USER_EVALUATION}'}
+        - {name: GOMEMLIMIT, value: '${GOMEMLIMIT_EVALUATOR}'}
+        - {name: POD_CONFIG, value: 'label=user-evaluation;${EVALUATOR_USER_EVALUATION_CONFIG}'}
+        - {name: CONSOLEDOT_HOSTNAME, value: '${CONSOLEDOT_HOSTNAME}'}
+        resources:
+          limits: {cpu: '${CPU_LIMIT_EVALUATOR_USER_EVALUATION}', memory: '${MEM_LIMIT_EVALUATOR_USER_EVALUATION}'}
+          requests: {cpu: '${CPU_REQUEST_EVALUATOR_USER_EVALUATION}', memory: '${MEM_REQUEST_EVALUATOR_USER_EVALUATION}'}
 
     jobs:
     - name: vmaas-sync
@@ -675,6 +721,17 @@ parameters:
 - {name: ENABLE_PROFILER_EVALUATOR_RECALC, value: 'false'}
 - {name: EVALUATOR_RECALC_CONFIG, value: ''}
 
+# Evaluator - user evaluation
+- {name: REPLICAS_EVALUATOR_USER_EVALUATION, value: '1'}
+- {name: LOG_LEVEL_EVALUATOR_USER_EVALUATION, value: debug}
+- {name: DB_DEBUG_EVALUATOR_USER_EVALUATION, value: 'false'}
+- {name: CPU_LIMIT_EVALUATOR_USER_EVALUATION, value: '2'}
+- {name: MEM_LIMIT_EVALUATOR_USER_EVALUATION, value: 3000Mi}
+- {name: CPU_REQUEST_EVALUATOR_USER_EVALUATION, value: '1'}
+- {name: MEM_REQUEST_EVALUATOR_USER_EVALUATION, value: 1500Mi}
+- {name: ENABLE_PROFILER_EVALUATOR_USER_EVALUATION, value: 'false'}
+- {name: EVALUATOR_USER_EVALUATION_CONFIG, value: ''}
+
 # JOBS
 - {name: LOG_LEVEL_JOBS, value: debug}
 - {name: DB_DEBUG_JOBS, value: 'false'}

docker-compose.prod.yml

@@ -1,4 +1,4 @@
-version: '3.4'
+version: "3.4"
 
 services:
   db:
@@ -175,6 +175,27 @@ services:
     security_opt:
       - label=disable
 
+  evaluator_user_evaluation:
+    container_name: evaluator_user_evaluation
+    image: patchman-engine-app
+    env_file:
+      - ./conf/common.env
+      - ./conf/evaluator_common.env
+      - ./conf/evaluator_user_evaluation.env
+    command: ./dev/scripts/docker-compose-entrypoint.sh evaluator
+    ports:
+      - 8086:8080
+      - 9006:9000 # private port - pprof
+    depends_on:
+      - db
+      - platform
+    volumes:
+      - ./dev:/go/src/app/dev
+      - ./dev/database/secrets:/opt/postgresql
+      - ./dev/kafka/secrets:/opt/kafka
+    security_opt:
+      - label=disable
+
   vmaas_sync:
     container_name: vmaas_sync
     image: patchman-engine-app

docker-compose.yml

@@ -1,4 +1,4 @@
-version: '3.4'
+version: "3.4"
 
 services:
   db:
@@ -170,6 +170,26 @@ services:
     security_opt:
       - label=disable
 
+  evaluator_user_evaluation:
+    container_name: evaluator_user_evaluation
+    image: patchman-engine-app
+    env_file:
+      - ./conf/common.env
+      - ./conf/evaluator_common.env
+      - ./conf/evaluator_user_evaluation.env
+      - ./conf/gorun.env
+    command: ./dev/scripts/docker-compose-entrypoint.sh evaluator
+    ports:
+      - 8086:8080
+      - 9006:9000 # private port - pprof
+    depends_on:
+      - db
+      - platform
+    volumes:
+      - ./:/go/src/app
+    security_opt:
+      - label=disable
+
   vmaas_sync:
     container_name: vmaas_sync
     image: patchman-engine-app

docs/md/architecture.md

@@ -35,6 +35,11 @@ See [component environment variables](../../conf/evaluator_upload.env)
 table). After this event all registered systems have to be re-evaluated because the input data for the system evaluation
 has changed. See [component environment variables](../../conf/evaluator_recalc.env)
 
+- **evaluator-user-evaluation** - same as the `-upload` instance, but listens for re-evaluation requests from the `manager` 
+component when user adds system to the template (`patchman.evaluator.user-evaluation` topic). The requests are separated 
+as when there is a heavy load from inventory at the time it may take very long for systems to be recalculated/updated.
+See [component environment variables](../../conf/evaluator_user_evaluation.env)
+
 - **vmaas-sync** - connects to [VMaaS](https://github.com/RedHatInsights/vmaas), and upon receiving notification about
 updated data, syncs new advisories into the database, and requests re-evaluation for systems which could be affected by
 new advisories. It's done via messaging to the `patchman.evaluator.recalc` Kafka topic and receiving by the

scripts/check-dockercomposes.sh

@@ -9,7 +9,7 @@ sed \
     -e "s|INSTALL_TOOLS=yes|INSTALL_TOOLS=no|" \
     -e "s|target: buildimg|target: runtimeimg|" \
     -e "/ - \.\/conf\/gorun.env/ d" \
-    -e "/  \(db_admin\|db_feed\|manager\|listener\|evaluator_recalc\|evaluator_upload\|vmaas_sync\|admin\|migrate_system_package2\):/,/^$/ {
+    -e "/  \(db_admin\|db_feed\|manager\|listener\|evaluator_recalc\|evaluator_upload\|evaluator_user_evaluation\|vmaas_sync\|admin\|migrate_system_package2\):/,/^$/ {
       s/- \.\/:\/go\/src\/app/- \.\/dev:\/go\/src\/app\/dev\n\
       - .\/dev\/database\/secrets:\/opt\/postgresql\n\
       - \.\/dev\/kafka\/secrets:\/opt\/kafka/