Bug 1798441

Summary: Hit error API rate limit exceeded when running WSU
Product: OpenShift Container Platform Reporter: gaoshang <sgao>
Component: Windows ContainersAssignee: Pratik Mahajan <pmahajan>
Status: CLOSED ERRATA QA Contact: gaoshang <sgao>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.3.0CC: aos-bugs, gmarkley, rgudimet
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-13 17:14:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description gaoshang 2020-02-05 11:21:32 UTC 
Description of problem:
Running WSU failed in TASK [Get release], manually run curl command get error:API rate limit exceeded, according to doc https://developer.github.com/v3/#rate-limiting, there's a limitation of 5000 requests per hour.

# ansible-playbook -i hosts ~/go/src/windows-machine-config-operator/tools/ansible/tasks/wsu/main.yaml -v
...
TASK [Get release] *******************************************************************************
fatal: [3.15.207.69 -> localhost]: FAILED! => {"changed": true, "cmd": "RELEASES=\"$(curl -s https://api.github.com/repos/openshift/windows-machine-config-operator/releases)\"\nTAGNAME=\"$(echo $RELEASES | jq '.[]' | jq '.tag_name' | grep -i 4.3 | sort -r | awk 'NR==1')\"\necho $RELEASES | jq '.[] | select (.tag_name == '$TAGNAME')'\n", "delta": "0:00:00.225610", "end": "2020-02-05 05:13:04.413042", "msg": "non-zero return code", "rc": 3, "start": "2020-02-05 05:13:04.187432", "stderr": "jq: error (at <stdin>:1): Cannot index string with string \"tag_name\"\njq: error (at <stdin>:2): Cannot index string with string \"tag_name\"\njq: error: syntax error, unexpected ')' (Unix shell quoting issues?) at <top-level>, line 1:\n.[] | select (.tag_name == )                           \njq: 1 compile error", "stderr_lines": ["jq: error (at <stdin>:1): Cannot index string with string \"tag_name\"", "jq: error (at <stdin>:2): Cannot index string with string \"tag_name\"", "jq: error: syntax error, unexpected ')' (Unix shell quoting issues?) at <top-level>, line 1:", ".[] | select (.tag_name == )                           ", "jq: 1 compile error"], "stdout": "", "stdout_lines": []}

PLAY RECAP *******************************************************************************
3.15.207.69                : ok=6    changed=5    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   
localhost                  : ok=10   changed=9    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  


# curl -s https://api.github.com/repos/openshift/windows-machine-config-operator/releases
{
  "message": "API rate limit exceeded for 66.187.233.202. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)",
  "documentation_url": "https://developer.github.com/v3/#rate-limiting"
}

Version-Release number of selected component (if applicable):
# oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.3.0-0.nightly-2020-02-04-131018   True        False         9h      Cluster version is 4.3.0-0.nightly-2020-02-04-131018
windows-machine-config-operator # git show
commit d0f8ddb70946f7707d65564fb87245f309d7ada2

How reproducible:
Over 5000 requests to github per hour

Steps to Reproduce:
1. Install OCP cluster with ovn-kubernetes
2. Create windows instance with wni
3. Run WSU

Actual results:
WSU run failed

Expected results:
WSU run succeed

Additional info:
Comment 1 gaoshang 2020-02-05 11:27:09 UTC 
Wait for a while(at most 1 hour), re-run wsu passed.
Comment 2 Aravindh Puthiyaparambil 2020-02-05 16:06:35 UTC 
@gaoshang this is not caused by running the playbook but it so happens you ran the playbook when github started rate limiting the account due to high activity in general. We do not want to add authentication to the request as we would be adding a requirement for the user to have a github account. So there is no fix for the issue from a playbook perspective.
Comment 3 gaoshang 2020-02-06 04:36:35 UTC 
(In reply to aravindh from comment #2)
> @gaoshang this is not caused by running the playbook but it so happens you
> ran the playbook when github started rate limiting the account due to high
> activity in general. We do not want to add authentication to the request as
> we would be adding a requirement for the user to have a github account. So
> there is no fix for the issue from a playbook perspective.

For API requests using Basic Authentication or OAuth, you can make up to 5000 requests per hour. For unauthenticated requests, the rate limit allows for up to 60 requests per hour. Adding a requirement for the user to have a github account may avoid this issue, maybe we should also illustrate how to run wsu with a github account, thanks.

# curl -i https://api.github.com/repos/openshift/windows-machine-config-operator/releases
HTTP/1.1 200 OK
Server: GitHub.com
Date: Thu, 06 Feb 2020 04:34:40 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 64761
Status: 200 OK
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 32
X-RateLimit-Reset: 1580965440
Comment 4 Aravindh Puthiyaparambil 2020-02-06 15:16:41 UTC 
(In reply to gaoshang from comment #3)
> For API requests using Basic Authentication or OAuth, you can make up to
> 5000 requests per hour. For unauthenticated requests, the rate limit allows
> for up to 60 requests per hour. Adding a requirement for the user to have a
> github account may avoid this issue, maybe we should also illustrate how to
> run wsu with a github account, thanks.

I would agree with you if we were going GA with WSU. However this is going to be only released as a preview for customers. So the fix for this would be to document the scenario. In the operator model this will not be an issue as we won't be reaching out to GitHub for the binaries.
Comment 5 gaoshang 2020-02-07 02:29:07 UTC 
Sure, document the scenario as a fix would be OK.
Comment 8 gaoshang 2020-03-05 05:04:51 UTC 
QE testing passed by checking doc https://github.com/openshift/windows-machine-config-bootstrapper/tree/master/tools/ansible#api-rate-limit-exceeded-error-when-running-wsu, thanks.
Comment 10 errata-xmlrpc 2020-07-13 17:14:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409