diff --git a/cli/deployment/config.go b/cli/deployment/config.go index a77f687873e0f..c35b9abd63c97 100644 --- a/cli/deployment/config.go +++ b/cli/deployment/config.go @@ -151,12 +151,6 @@ func newConfig() *codersdk.DeploymentConfig { Flag: "in-memory", Hidden: true, }, - ProvisionerDaemons: &codersdk.DeploymentConfigField[int]{ - Name: "Provisioner Daemons", - Usage: "Number of provisioner daemons to create on start. If builds are stuck in queued state for a long time, consider increasing this.", - Flag: "provisioner-daemons", - Default: 3, - }, PostgresURL: &codersdk.DeploymentConfigField[string]{ Name: "Postgres Connection URL", Usage: "URL of a PostgreSQL database. If empty, PostgreSQL binaries will be downloaded from Maven (https://repo1.maven.org/maven2) and store all data in the config root. Access the built-in database with \"coder server postgres-builtin-url\".", @@ -359,6 +353,20 @@ func newConfig() *codersdk.DeploymentConfig { Flag: "user-workspace-quota", Enterprise: true, }, + Provisioner: &codersdk.ProvisionerConfig{ + Daemons: &codersdk.DeploymentConfigField[int]{ + Name: "Provisioner Daemons", + Usage: "Number of provisioner daemons to create on start. If builds are stuck in queued state for a long time, consider increasing this.", + Flag: "provisioner-daemons", + Default: 3, + }, + ForceCancelInterval: &codersdk.DeploymentConfigField[time.Duration]{ + Name: "Force Cancel Interval", + Usage: "Time to force cancel provisioning tasks that are stuck.", + Flag: "provisioner-force-cancel-interval", + Default: 10 * time.Minute, + }, + }, } } diff --git a/cli/deployment/config_test.go b/cli/deployment/config_test.go index c57f59dc3fc0d..b14f890e9d561 100644 --- a/cli/deployment/config_test.go +++ b/cli/deployment/config_test.go @@ -47,7 +47,7 @@ func TestConfig(t *testing.T) { require.Equal(t, config.Pprof.Enable.Value, true) require.Equal(t, config.Prometheus.Address.Value, "hello-world") require.Equal(t, config.Prometheus.Enable.Value, true) - require.Equal(t, config.ProvisionerDaemons.Value, 5) + require.Equal(t, config.Provisioner.Daemons.Value, 5) require.Equal(t, config.SecureAuthCookie.Value, true) require.Equal(t, config.SSHKeygenAlgorithm.Value, "potato") require.Equal(t, config.Telemetry.Enable.Value, false) diff --git a/cli/server.go b/cli/server.go index 88f787b9589f3..ca2bddefe0769 100644 --- a/cli/server.go +++ b/cli/server.go @@ -562,8 +562,8 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co } }() provisionerdMetrics := provisionerd.NewMetrics(options.PrometheusRegistry) - for i := 0; i < cfg.ProvisionerDaemons.Value; i++ { - daemon, err := newProvisionerDaemon(ctx, coderAPI, provisionerdMetrics, logger, cfg.CacheDirectory.Value, errCh, false) + for i := 0; i < cfg.Provisioner.Daemons.Value; i++ { + daemon, err := newProvisionerDaemon(ctx, coderAPI, provisionerdMetrics, logger, cfg, errCh, false) if err != nil { return xerrors.Errorf("create provisioner daemon: %w", err) } @@ -832,7 +832,7 @@ func newProvisionerDaemon( coderAPI *coderd.API, metrics provisionerd.Metrics, logger slog.Logger, - cacheDir string, + cfg *codersdk.DeploymentConfig, errCh chan error, dev bool, ) (srv *provisionerd.Server, err error) { @@ -843,9 +843,9 @@ func newProvisionerDaemon( } }() - err = os.MkdirAll(cacheDir, 0o700) + err = os.MkdirAll(cfg.CacheDirectory.Value, 0o700) if err != nil { - return nil, xerrors.Errorf("mkdir %q: %w", cacheDir, err) + return nil, xerrors.Errorf("mkdir %q: %w", cfg.CacheDirectory.Value, err) } terraformClient, terraformServer := provisionersdk.TransportPipe() @@ -861,7 +861,7 @@ func newProvisionerDaemon( ServeOptions: &provisionersdk.ServeOptions{ Listener: terraformServer, }, - CachePath: cacheDir, + CachePath: cfg.CacheDirectory.Value, Logger: logger, }) if err != nil && !xerrors.Is(err, context.Canceled) { @@ -902,13 +902,14 @@ func newProvisionerDaemon( provisioners[string(database.ProvisionerTypeEcho)] = proto.NewDRPCProvisionerClient(provisionersdk.Conn(echoClient)) } return provisionerd.New(coderAPI.ListenProvisionerDaemon, &provisionerd.Options{ - Logger: logger, - PollInterval: 500 * time.Millisecond, - UpdateInterval: 500 * time.Millisecond, - Provisioners: provisioners, - WorkDirectory: tempDir, - TracerProvider: coderAPI.TracerProvider, - Metrics: &metrics, + Logger: logger, + PollInterval: 500 * time.Millisecond, + UpdateInterval: 500 * time.Millisecond, + ForceCancelInterval: cfg.Provisioner.ForceCancelInterval.Value, + Provisioners: provisioners, + WorkDirectory: tempDir, + TracerProvider: coderAPI.TracerProvider, + Metrics: &metrics, }), nil } diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index 6690a0b8499e0..ba82ae3681d4f 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -10,172 +10,184 @@ Commands: postgres-builtin-url Output the connection URL for the built-in PostgreSQL deployment. Flags: - --access-url string External URL to access your deployment. - This must be accessible by all provisioned - workspaces. - Consumes $CODER_ACCESS_URL - -a, --address string Bind address of the server. - Consumes $CODER_ADDRESS (default - "127.0.0.1:3000") - --cache-dir string The directory to cache temporary files. If - unspecified and $CACHE_DIRECTORY is set, it - will be used for compatibility with - systemd. - Consumes $CODER_CACHE_DIRECTORY (default - "/tmp/coder-cli-test-cache") - --derp-config-path string Path to read a DERP mapping from. See: - https://tailscale.com/kb/1118/custom-derp-servers/ - Consumes $CODER_DERP_CONFIG_PATH - --derp-config-url string URL to fetch a DERP mapping on startup. - See: - https://tailscale.com/kb/1118/custom-derp-servers/ - Consumes $CODER_DERP_CONFIG_URL - --derp-server-enable Whether to enable or disable the embedded - DERP relay server. - Consumes $CODER_DERP_SERVER_ENABLE (default - true) - --derp-server-region-code string Region code to use for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_CODE - (default "coder") - --derp-server-region-id int Region ID to use for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_ID - (default 999) - --derp-server-region-name string Region name that for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_NAME - (default "Coder Embedded Relay") - --derp-server-stun-addresses strings Addresses for STUN servers to establish P2P - connections. Set empty to disable P2P - connections. - Consumes $CODER_DERP_SERVER_STUN_ADDRESSES - (default [stun.l.google.com:19302]) - -h, --help help for server - --oauth2-github-allow-signups Whether new users can sign up with GitHub. - Consumes $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS - --oauth2-github-allowed-orgs strings Organizations the user must be a member of - to Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_ALLOWED_ORGS - --oauth2-github-allowed-teams strings Teams inside organizations the user must be - a member of to Login with GitHub. - Structured as: - /. - Consumes $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS - --oauth2-github-client-id string Client ID for Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_CLIENT_ID - --oauth2-github-client-secret string Client secret for Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_CLIENT_SECRET - --oauth2-github-enterprise-base-url string Base URL of a GitHub Enterprise deployment - to use for Login with GitHub. - Consumes - $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL - --oidc-allow-signups Whether new users can sign up with OIDC. - Consumes $CODER_OIDC_ALLOW_SIGNUPS (default - true) - --oidc-client-id string Client ID to use for Login with OIDC. - Consumes $CODER_OIDC_CLIENT_ID - --oidc-client-secret string Client secret to use for Login with OIDC. - Consumes $CODER_OIDC_CLIENT_SECRET - --oidc-email-domain string Email domain that clients logging in with - OIDC must match. - Consumes $CODER_OIDC_EMAIL_DOMAIN - --oidc-issuer-url string Issuer URL to use for Login with OIDC. - Consumes $CODER_OIDC_ISSUER_URL - --oidc-scopes strings Scopes to grant when authenticating with - OIDC. - Consumes $CODER_OIDC_SCOPES (default - [openid,profile,email]) - --postgres-url string URL of a PostgreSQL database. If empty, - PostgreSQL binaries will be downloaded from - Maven (https://repo1.maven.org/maven2) and - store all data in the config root. Access - the built-in database with "coder server - postgres-builtin-url". - Consumes $CODER_PG_CONNECTION_URL - --pprof-address string The bind address to serve pprof. - Consumes $CODER_PPROF_ADDRESS (default - "127.0.0.1:6060") - --pprof-enable Serve pprof metrics on the address defined - by pprof address. - Consumes $CODER_PPROF_ENABLE - --prometheus-address string The bind address to serve prometheus - metrics. - Consumes $CODER_PROMETHEUS_ADDRESS (default - "127.0.0.1:2112") - --prometheus-enable Serve prometheus metrics on the address - defined by prometheus address. - Consumes $CODER_PROMETHEUS_ENABLE - --provisioner-daemons int Number of provisioner daemons to create on - start. If builds are stuck in queued state - for a long time, consider increasing this. - Consumes $CODER_PROVISIONER_DAEMONS (default 3) - --proxy-trusted-headers strings Headers to trust for forwarding IP - addresses. e.g. Cf-Connecting-Ip, - True-Client-Ip, X-Forwarded-For - Consumes $CODER_PROXY_TRUSTED_HEADERS - --proxy-trusted-origins strings Origin addresses to respect - "proxy-trusted-headers". e.g. - 192.168.1.0/24 - Consumes $CODER_PROXY_TRUSTED_ORIGINS - --secure-auth-cookie Controls if the 'Secure' property is set on - browser session cookies. - Consumes $CODER_SECURE_AUTH_COOKIE - --ssh-keygen-algorithm string The algorithm to use for generating ssh - keys. Accepted values are "ed25519", - "ecdsa", or "rsa4096". - Consumes $CODER_SSH_KEYGEN_ALGORITHM - (default "ed25519") - --telemetry Whether telemetry is enabled or not. Coder - collects anonymized usage data to help - improve our product. - Consumes $CODER_TELEMETRY_ENABLE - --telemetry-trace Whether Opentelemetry traces are sent to - Coder. Coder collects anonymized - application tracing to help improve our - product. Disabling telemetry also disables - this option. - Consumes $CODER_TELEMETRY_TRACE - --tls-cert-file strings Path to each certificate for TLS. It - requires a PEM-encoded file. To configure - the listener to use a CA certificate, - concatenate the primary certificate and the - CA certificate together. The primary - certificate should appear first in the - combined file. - Consumes $CODER_TLS_CERT_FILE - --tls-client-auth string Policy the server will follow for TLS - Client Authentication. Accepted values are - "none", "request", "require-any", - "verify-if-given", or "require-and-verify". - Consumes $CODER_TLS_CLIENT_AUTH (default - "request") - --tls-client-ca-file string PEM-encoded Certificate Authority file used - for checking the authenticity of client - Consumes $CODER_TLS_CLIENT_CA_FILE - --tls-enable Whether TLS will be enabled. - Consumes $CODER_TLS_ENABLE - --tls-key-file strings Paths to the private keys for each of the - certificates. It requires a PEM-encoded - file. - Consumes $CODER_TLS_KEY_FILE - --tls-min-version string Minimum supported version of TLS. Accepted - values are "tls10", "tls11", "tls12" or - "tls13" - Consumes $CODER_TLS_MIN_VERSION (default - "tls12") - --trace Whether application tracing data is - collected. It exports to a backend - configured by environment variables. See: - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md - Consumes $CODER_TRACE_ENABLE - --trace-honeycomb-api-key string Enables trace exporting to Honeycomb.io - using the provided API Key. - Consumes $CODER_TRACE_HONEYCOMB_API_KEY - --wildcard-access-url string Specifies the wildcard hostname to use for - workspace applications in the form - "*.example.com". - Consumes $CODER_WILDCARD_ACCESS_URL + --access-url string External URL to access your deployment. + This must be accessible by all + provisioned workspaces. + Consumes $CODER_ACCESS_URL + -a, --address string Bind address of the server. + Consumes $CODER_ADDRESS (default + "127.0.0.1:3000") + --cache-dir string The directory to cache temporary files. + If unspecified and $CACHE_DIRECTORY is + set, it will be used for compatibility + with systemd. + Consumes $CODER_CACHE_DIRECTORY (default + "/tmp/coder-cli-test-cache") + --derp-config-path string Path to read a DERP mapping from. See: + https://tailscale.com/kb/1118/custom-derp-servers/ + Consumes $CODER_DERP_CONFIG_PATH + --derp-config-url string URL to fetch a DERP mapping on startup. + See: + https://tailscale.com/kb/1118/custom-derp-servers/ + Consumes $CODER_DERP_CONFIG_URL + --derp-server-enable Whether to enable or disable the embedded + DERP relay server. + Consumes $CODER_DERP_SERVER_ENABLE + (default true) + --derp-server-region-code string Region code to use for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_CODE + (default "coder") + --derp-server-region-id int Region ID to use for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_ID + (default 999) + --derp-server-region-name string Region name that for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_NAME + (default "Coder Embedded Relay") + --derp-server-stun-addresses strings Addresses for STUN servers to establish + P2P connections. Set empty to disable P2P + connections. + Consumes + $CODER_DERP_SERVER_STUN_ADDRESSES + (default [stun.l.google.com:19302]) + -h, --help help for server + --oauth2-github-allow-signups Whether new users can sign up with + GitHub. + Consumes $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS + --oauth2-github-allowed-orgs strings Organizations the user must be a member + of to Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_ALLOWED_ORGS + --oauth2-github-allowed-teams strings Teams inside organizations the user must + be a member of to Login with GitHub. + Structured as: + /. + Consumes $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS + --oauth2-github-client-id string Client ID for Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_CLIENT_ID + --oauth2-github-client-secret string Client secret for Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_CLIENT_SECRET + --oauth2-github-enterprise-base-url string Base URL of a GitHub Enterprise + deployment to use for Login with GitHub. + Consumes + $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL + --oidc-allow-signups Whether new users can sign up with OIDC. + Consumes $CODER_OIDC_ALLOW_SIGNUPS + (default true) + --oidc-client-id string Client ID to use for Login with OIDC. + Consumes $CODER_OIDC_CLIENT_ID + --oidc-client-secret string Client secret to use for Login with OIDC. + Consumes $CODER_OIDC_CLIENT_SECRET + --oidc-email-domain string Email domain that clients logging in with + OIDC must match. + Consumes $CODER_OIDC_EMAIL_DOMAIN + --oidc-issuer-url string Issuer URL to use for Login with OIDC. + Consumes $CODER_OIDC_ISSUER_URL + --oidc-scopes strings Scopes to grant when authenticating with + OIDC. + Consumes $CODER_OIDC_SCOPES (default + [openid,profile,email]) + --postgres-url string URL of a PostgreSQL database. If empty, + PostgreSQL binaries will be downloaded + from Maven + (https://repo1.maven.org/maven2) and + store all data in the config root. Access + the built-in database with "coder server + postgres-builtin-url". + Consumes $CODER_PG_CONNECTION_URL + --pprof-address string The bind address to serve pprof. + Consumes $CODER_PPROF_ADDRESS (default + "127.0.0.1:6060") + --pprof-enable Serve pprof metrics on the address + defined by pprof address. + Consumes $CODER_PPROF_ENABLE + --prometheus-address string The bind address to serve prometheus + metrics. + Consumes $CODER_PROMETHEUS_ADDRESS + (default "127.0.0.1:2112") + --prometheus-enable Serve prometheus metrics on the address + defined by prometheus address. + Consumes $CODER_PROMETHEUS_ENABLE + --provisioner-daemons int Number of provisioner daemons to create + on start. If builds are stuck in queued + state for a long time, consider + increasing this. + Consumes $CODER_PROVISIONER_DAEMONS + (default 3) + --provisioner-force-cancel-interval duration Time to force cancel provisioning tasks + that are stuck. + Consumes + $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL + (default 10m0s) + --proxy-trusted-headers strings Headers to trust for forwarding IP + addresses. e.g. Cf-Connecting-Ip, + True-Client-Ip, X-Forwarded-For + Consumes $CODER_PROXY_TRUSTED_HEADERS + --proxy-trusted-origins strings Origin addresses to respect + "proxy-trusted-headers". e.g. + 192.168.1.0/24 + Consumes $CODER_PROXY_TRUSTED_ORIGINS + --secure-auth-cookie Controls if the 'Secure' property is set + on browser session cookies. + Consumes $CODER_SECURE_AUTH_COOKIE + --ssh-keygen-algorithm string The algorithm to use for generating ssh + keys. Accepted values are "ed25519", + "ecdsa", or "rsa4096". + Consumes $CODER_SSH_KEYGEN_ALGORITHM + (default "ed25519") + --telemetry Whether telemetry is enabled or not. + Coder collects anonymized usage data to + help improve our product. + Consumes $CODER_TELEMETRY_ENABLE + --telemetry-trace Whether Opentelemetry traces are sent to + Coder. Coder collects anonymized + application tracing to help improve our + product. Disabling telemetry also + disables this option. + Consumes $CODER_TELEMETRY_TRACE + --tls-cert-file strings Path to each certificate for TLS. It + requires a PEM-encoded file. To configure + the listener to use a CA certificate, + concatenate the primary certificate and + the CA certificate together. The primary + certificate should appear first in the + combined file. + Consumes $CODER_TLS_CERT_FILE + --tls-client-auth string Policy the server will follow for TLS + Client Authentication. Accepted values + are "none", "request", "require-any", + "verify-if-given", or + "require-and-verify". + Consumes $CODER_TLS_CLIENT_AUTH (default + "request") + --tls-client-ca-file string PEM-encoded Certificate Authority file + used for checking the authenticity of + client + Consumes $CODER_TLS_CLIENT_CA_FILE + --tls-enable Whether TLS will be enabled. + Consumes $CODER_TLS_ENABLE + --tls-key-file strings Paths to the private keys for each of the + certificates. It requires a PEM-encoded + file. + Consumes $CODER_TLS_KEY_FILE + --tls-min-version string Minimum supported version of TLS. + Accepted values are "tls10", "tls11", + "tls12" or "tls13" + Consumes $CODER_TLS_MIN_VERSION (default + "tls12") + --trace Whether application tracing data is + collected. It exports to a backend + configured by environment variables. See: + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md + Consumes $CODER_TRACE_ENABLE + --trace-honeycomb-api-key string Enables trace exporting to Honeycomb.io + using the provided API Key. + Consumes $CODER_TRACE_HONEYCOMB_API_KEY + --wildcard-access-url string Specifies the wildcard hostname to use + for workspace applications in the form + "*.example.com". + Consumes $CODER_WILDCARD_ACCESS_URL Global Flags: --experimental Enable experimental features. Experimental features are not diff --git a/codersdk/deploymentconfig.go b/codersdk/deploymentconfig.go index a73385670575a..550890a03e56f 100644 --- a/codersdk/deploymentconfig.go +++ b/codersdk/deploymentconfig.go @@ -23,7 +23,6 @@ type DeploymentConfig struct { ProxyTrustedOrigins *DeploymentConfigField[[]string] `json:"proxy_trusted_origins" typescript:",notnull"` CacheDirectory *DeploymentConfigField[string] `json:"cache_directory" typescript:",notnull"` InMemoryDatabase *DeploymentConfigField[bool] `json:"in_memory_database" typescript:",notnull"` - ProvisionerDaemons *DeploymentConfigField[int] `json:"provisioner_daemons" typescript:",notnull"` PostgresURL *DeploymentConfigField[string] `json:"pg_connection_url" typescript:",notnull"` OAuth2 *OAuth2Config `json:"oauth2" typescript:",notnull"` OIDC *OIDCConfig `json:"oidc" typescript:",notnull"` @@ -39,6 +38,7 @@ type DeploymentConfig struct { BrowserOnly *DeploymentConfigField[bool] `json:"browser_only" typescript:",notnull"` SCIMAPIKey *DeploymentConfigField[string] `json:"scim_api_key" typescript:",notnull"` UserWorkspaceQuota *DeploymentConfigField[int] `json:"user_workspace_quota" typescript:",notnull"` + Provisioner *ProvisionerConfig `json:"provisioner" typescript:",notnull"` } type DERP struct { @@ -123,6 +123,11 @@ type GitAuthConfig struct { Scopes []string `json:"scopes"` } +type ProvisionerConfig struct { + Daemons *DeploymentConfigField[int] `json:"daemons" typescript:",notnull"` + ForceCancelInterval *DeploymentConfigField[time.Duration] `json:"force_cancel_interval" typescript:",notnull"` +} + type Flaggable interface { string | time.Duration | bool | int | []string | []GitAuthConfig } diff --git a/provisionerd/provisionerd.go b/provisionerd/provisionerd.go index f631f27208094..a86476535f91b 100644 --- a/provisionerd/provisionerd.go +++ b/provisionerd/provisionerd.go @@ -65,7 +65,7 @@ func New(clientDialer Dialer, opts *Options) *Server { opts.UpdateInterval = 5 * time.Second } if opts.ForceCancelInterval == 0 { - opts.ForceCancelInterval = time.Minute + opts.ForceCancelInterval = 10 * time.Minute } if opts.LogBufferInterval == 0 { opts.LogBufferInterval = 50 * time.Millisecond diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index 26a8e79115a2b..ad7566c4df90d 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -287,7 +287,6 @@ export interface DeploymentConfig { readonly proxy_trusted_origins: DeploymentConfigField readonly cache_directory: DeploymentConfigField readonly in_memory_database: DeploymentConfigField - readonly provisioner_daemons: DeploymentConfigField readonly pg_connection_url: DeploymentConfigField readonly oauth2: OAuth2Config readonly oidc: OIDCConfig @@ -303,6 +302,7 @@ export interface DeploymentConfig { readonly browser_only: DeploymentConfigField readonly scim_api_key: DeploymentConfigField readonly user_workspace_quota: DeploymentConfigField + readonly provisioner: ProvisionerConfig } // From codersdk/deploymentconfig.go @@ -514,6 +514,12 @@ export interface PrometheusConfig { readonly address: DeploymentConfigField } +// From codersdk/deploymentconfig.go +export interface ProvisionerConfig { + readonly daemons: DeploymentConfigField + readonly force_cancel_interval: DeploymentConfigField +} + // From codersdk/provisionerdaemons.go export interface ProvisionerDaemon { readonly id: string