From adfd782ab8d5225dd1678a48f742e1e0987d5eab Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Tue, 8 Nov 2022 10:17:41 +0100 Subject: [PATCH 1/4] feat: Add provisionerd force cancel flag --- cli/deployment/config.go | 8 + cli/server.go | 25 +- cli/testdata/coder_server_--help.golden | 345 ++++++++++++------------ codersdk/deploymentconfig.go | 5 + provisionerd/provisionerd.go | 2 +- 5 files changed, 206 insertions(+), 179 deletions(-) diff --git a/cli/deployment/config.go b/cli/deployment/config.go index a77f687873e0f..e733d67a14d81 100644 --- a/cli/deployment/config.go +++ b/cli/deployment/config.go @@ -359,6 +359,14 @@ func newConfig() *codersdk.DeploymentConfig { Flag: "user-workspace-quota", Enterprise: true, }, + Provisionerd: &codersdk.ProvisionerdConfig{ + ForceCancelInterval: &codersdk.DeploymentConfigField[time.Duration]{ + Name: "Force Cancel Interval", + Usage: "Time to force cancel provisioning tasks that are stuck.", + Flag: "provisionerd-force-cancel-interval", + Default: 10 * time.Minute, + }, + }, } } diff --git a/cli/server.go b/cli/server.go index 88f787b9589f3..16890d29de02f 100644 --- a/cli/server.go +++ b/cli/server.go @@ -563,7 +563,7 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co }() provisionerdMetrics := provisionerd.NewMetrics(options.PrometheusRegistry) for i := 0; i < cfg.ProvisionerDaemons.Value; i++ { - daemon, err := newProvisionerDaemon(ctx, coderAPI, provisionerdMetrics, logger, cfg.CacheDirectory.Value, errCh, false) + daemon, err := newProvisionerDaemon(ctx, coderAPI, provisionerdMetrics, logger, cfg, errCh, false) if err != nil { return xerrors.Errorf("create provisioner daemon: %w", err) } @@ -832,7 +832,7 @@ func newProvisionerDaemon( coderAPI *coderd.API, metrics provisionerd.Metrics, logger slog.Logger, - cacheDir string, + cfg *codersdk.DeploymentConfig, errCh chan error, dev bool, ) (srv *provisionerd.Server, err error) { @@ -843,9 +843,9 @@ func newProvisionerDaemon( } }() - err = os.MkdirAll(cacheDir, 0o700) + err = os.MkdirAll(cfg.CacheDirectory.Value, 0o700) if err != nil { - return nil, xerrors.Errorf("mkdir %q: %w", cacheDir, err) + return nil, xerrors.Errorf("mkdir %q: %w", cfg.CacheDirectory.Value, err) } terraformClient, terraformServer := provisionersdk.TransportPipe() @@ -861,7 +861,7 @@ func newProvisionerDaemon( ServeOptions: &provisionersdk.ServeOptions{ Listener: terraformServer, }, - CachePath: cacheDir, + CachePath: cfg.CacheDirectory.Value, Logger: logger, }) if err != nil && !xerrors.Is(err, context.Canceled) { @@ -902,13 +902,14 @@ func newProvisionerDaemon( provisioners[string(database.ProvisionerTypeEcho)] = proto.NewDRPCProvisionerClient(provisionersdk.Conn(echoClient)) } return provisionerd.New(coderAPI.ListenProvisionerDaemon, &provisionerd.Options{ - Logger: logger, - PollInterval: 500 * time.Millisecond, - UpdateInterval: 500 * time.Millisecond, - Provisioners: provisioners, - WorkDirectory: tempDir, - TracerProvider: coderAPI.TracerProvider, - Metrics: &metrics, + Logger: logger, + PollInterval: 500 * time.Millisecond, + UpdateInterval: 500 * time.Millisecond, + ForceCancelInterval: cfg.Provisionerd.ForceCancelInterval.Value, + Provisioners: provisioners, + WorkDirectory: tempDir, + TracerProvider: coderAPI.TracerProvider, + Metrics: &metrics, }), nil } diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index 6690a0b8499e0..ae1563dc6e4bd 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -10,172 +10,185 @@ Commands: postgres-builtin-url Output the connection URL for the built-in PostgreSQL deployment. Flags: - --access-url string External URL to access your deployment. - This must be accessible by all provisioned - workspaces. - Consumes $CODER_ACCESS_URL - -a, --address string Bind address of the server. - Consumes $CODER_ADDRESS (default - "127.0.0.1:3000") - --cache-dir string The directory to cache temporary files. If - unspecified and $CACHE_DIRECTORY is set, it - will be used for compatibility with - systemd. - Consumes $CODER_CACHE_DIRECTORY (default - "/tmp/coder-cli-test-cache") - --derp-config-path string Path to read a DERP mapping from. See: - https://tailscale.com/kb/1118/custom-derp-servers/ - Consumes $CODER_DERP_CONFIG_PATH - --derp-config-url string URL to fetch a DERP mapping on startup. - See: - https://tailscale.com/kb/1118/custom-derp-servers/ - Consumes $CODER_DERP_CONFIG_URL - --derp-server-enable Whether to enable or disable the embedded - DERP relay server. - Consumes $CODER_DERP_SERVER_ENABLE (default - true) - --derp-server-region-code string Region code to use for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_CODE - (default "coder") - --derp-server-region-id int Region ID to use for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_ID - (default 999) - --derp-server-region-name string Region name that for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_NAME - (default "Coder Embedded Relay") - --derp-server-stun-addresses strings Addresses for STUN servers to establish P2P - connections. Set empty to disable P2P - connections. - Consumes $CODER_DERP_SERVER_STUN_ADDRESSES - (default [stun.l.google.com:19302]) - -h, --help help for server - --oauth2-github-allow-signups Whether new users can sign up with GitHub. - Consumes $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS - --oauth2-github-allowed-orgs strings Organizations the user must be a member of - to Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_ALLOWED_ORGS - --oauth2-github-allowed-teams strings Teams inside organizations the user must be - a member of to Login with GitHub. - Structured as: - /. - Consumes $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS - --oauth2-github-client-id string Client ID for Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_CLIENT_ID - --oauth2-github-client-secret string Client secret for Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_CLIENT_SECRET - --oauth2-github-enterprise-base-url string Base URL of a GitHub Enterprise deployment - to use for Login with GitHub. - Consumes - $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL - --oidc-allow-signups Whether new users can sign up with OIDC. - Consumes $CODER_OIDC_ALLOW_SIGNUPS (default - true) - --oidc-client-id string Client ID to use for Login with OIDC. - Consumes $CODER_OIDC_CLIENT_ID - --oidc-client-secret string Client secret to use for Login with OIDC. - Consumes $CODER_OIDC_CLIENT_SECRET - --oidc-email-domain string Email domain that clients logging in with - OIDC must match. - Consumes $CODER_OIDC_EMAIL_DOMAIN - --oidc-issuer-url string Issuer URL to use for Login with OIDC. - Consumes $CODER_OIDC_ISSUER_URL - --oidc-scopes strings Scopes to grant when authenticating with - OIDC. - Consumes $CODER_OIDC_SCOPES (default - [openid,profile,email]) - --postgres-url string URL of a PostgreSQL database. If empty, - PostgreSQL binaries will be downloaded from - Maven (https://repo1.maven.org/maven2) and - store all data in the config root. Access - the built-in database with "coder server - postgres-builtin-url". - Consumes $CODER_PG_CONNECTION_URL - --pprof-address string The bind address to serve pprof. - Consumes $CODER_PPROF_ADDRESS (default - "127.0.0.1:6060") - --pprof-enable Serve pprof metrics on the address defined - by pprof address. - Consumes $CODER_PPROF_ENABLE - --prometheus-address string The bind address to serve prometheus - metrics. - Consumes $CODER_PROMETHEUS_ADDRESS (default - "127.0.0.1:2112") - --prometheus-enable Serve prometheus metrics on the address - defined by prometheus address. - Consumes $CODER_PROMETHEUS_ENABLE - --provisioner-daemons int Number of provisioner daemons to create on - start. If builds are stuck in queued state - for a long time, consider increasing this. - Consumes $CODER_PROVISIONER_DAEMONS (default 3) - --proxy-trusted-headers strings Headers to trust for forwarding IP - addresses. e.g. Cf-Connecting-Ip, - True-Client-Ip, X-Forwarded-For - Consumes $CODER_PROXY_TRUSTED_HEADERS - --proxy-trusted-origins strings Origin addresses to respect - "proxy-trusted-headers". e.g. - 192.168.1.0/24 - Consumes $CODER_PROXY_TRUSTED_ORIGINS - --secure-auth-cookie Controls if the 'Secure' property is set on - browser session cookies. - Consumes $CODER_SECURE_AUTH_COOKIE - --ssh-keygen-algorithm string The algorithm to use for generating ssh - keys. Accepted values are "ed25519", - "ecdsa", or "rsa4096". - Consumes $CODER_SSH_KEYGEN_ALGORITHM - (default "ed25519") - --telemetry Whether telemetry is enabled or not. Coder - collects anonymized usage data to help - improve our product. - Consumes $CODER_TELEMETRY_ENABLE - --telemetry-trace Whether Opentelemetry traces are sent to - Coder. Coder collects anonymized - application tracing to help improve our - product. Disabling telemetry also disables - this option. - Consumes $CODER_TELEMETRY_TRACE - --tls-cert-file strings Path to each certificate for TLS. It - requires a PEM-encoded file. To configure - the listener to use a CA certificate, - concatenate the primary certificate and the - CA certificate together. The primary - certificate should appear first in the - combined file. - Consumes $CODER_TLS_CERT_FILE - --tls-client-auth string Policy the server will follow for TLS - Client Authentication. Accepted values are - "none", "request", "require-any", - "verify-if-given", or "require-and-verify". - Consumes $CODER_TLS_CLIENT_AUTH (default - "request") - --tls-client-ca-file string PEM-encoded Certificate Authority file used - for checking the authenticity of client - Consumes $CODER_TLS_CLIENT_CA_FILE - --tls-enable Whether TLS will be enabled. - Consumes $CODER_TLS_ENABLE - --tls-key-file strings Paths to the private keys for each of the - certificates. It requires a PEM-encoded - file. - Consumes $CODER_TLS_KEY_FILE - --tls-min-version string Minimum supported version of TLS. Accepted - values are "tls10", "tls11", "tls12" or - "tls13" - Consumes $CODER_TLS_MIN_VERSION (default - "tls12") - --trace Whether application tracing data is - collected. It exports to a backend - configured by environment variables. See: - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md - Consumes $CODER_TRACE_ENABLE - --trace-honeycomb-api-key string Enables trace exporting to Honeycomb.io - using the provided API Key. - Consumes $CODER_TRACE_HONEYCOMB_API_KEY - --wildcard-access-url string Specifies the wildcard hostname to use for - workspace applications in the form - "*.example.com". - Consumes $CODER_WILDCARD_ACCESS_URL + --access-url string External URL to access your deployment. + This must be accessible by all + provisioned workspaces. + Consumes $CODER_ACCESS_URL + -a, --address string Bind address of the server. + Consumes $CODER_ADDRESS (default + "127.0.0.1:3000") + --cache-dir string The directory to cache temporary files. + If unspecified and $CACHE_DIRECTORY is + set, it will be used for compatibility + with systemd. + Consumes $CODER_CACHE_DIRECTORY (default + "/tmp/coder-cli-test-cache") + --derp-config-path string Path to read a DERP mapping from. See: + https://tailscale.com/kb/1118/custom-derp-servers/ + Consumes $CODER_DERP_CONFIG_PATH + --derp-config-url string URL to fetch a DERP mapping on startup. + See: + https://tailscale.com/kb/1118/custom-derp-servers/ + Consumes $CODER_DERP_CONFIG_URL + --derp-server-enable Whether to enable or disable the + embedded DERP relay server. + Consumes $CODER_DERP_SERVER_ENABLE + (default true) + --derp-server-region-code string Region code to use for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_CODE + (default "coder") + --derp-server-region-id int Region ID to use for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_ID + (default 999) + --derp-server-region-name string Region name that for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_NAME + (default "Coder Embedded Relay") + --derp-server-stun-addresses strings Addresses for STUN servers to establish + P2P connections. Set empty to disable + P2P connections. + Consumes + $CODER_DERP_SERVER_STUN_ADDRESSES + (default [stun.l.google.com:19302]) + -h, --help help for server + --oauth2-github-allow-signups Whether new users can sign up with + GitHub. + Consumes $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS + --oauth2-github-allowed-orgs strings Organizations the user must be a member + of to Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_ALLOWED_ORGS + --oauth2-github-allowed-teams strings Teams inside organizations the user must + be a member of to Login with GitHub. + Structured as: + /. + Consumes $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS + --oauth2-github-client-id string Client ID for Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_CLIENT_ID + --oauth2-github-client-secret string Client secret for Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_CLIENT_SECRET + --oauth2-github-enterprise-base-url string Base URL of a GitHub Enterprise + deployment to use for Login with GitHub. + Consumes + $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL + --oidc-allow-signups Whether new users can sign up with OIDC. + Consumes $CODER_OIDC_ALLOW_SIGNUPS + (default true) + --oidc-client-id string Client ID to use for Login with OIDC. + Consumes $CODER_OIDC_CLIENT_ID + --oidc-client-secret string Client secret to use for Login with + OIDC. + Consumes $CODER_OIDC_CLIENT_SECRET + --oidc-email-domain string Email domain that clients logging in + with OIDC must match. + Consumes $CODER_OIDC_EMAIL_DOMAIN + --oidc-issuer-url string Issuer URL to use for Login with OIDC. + Consumes $CODER_OIDC_ISSUER_URL + --oidc-scopes strings Scopes to grant when authenticating with + OIDC. + Consumes $CODER_OIDC_SCOPES (default + [openid,profile,email]) + --postgres-url string URL of a PostgreSQL database. If empty, + PostgreSQL binaries will be downloaded + from Maven + (https://repo1.maven.org/maven2) and + store all data in the config root. + Access the built-in database with "coder + server postgres-builtin-url". + Consumes $CODER_PG_CONNECTION_URL + --pprof-address string The bind address to serve pprof. + Consumes $CODER_PPROF_ADDRESS (default + "127.0.0.1:6060") + --pprof-enable Serve pprof metrics on the address + defined by pprof address. + Consumes $CODER_PPROF_ENABLE + --prometheus-address string The bind address to serve prometheus + metrics. + Consumes $CODER_PROMETHEUS_ADDRESS + (default "127.0.0.1:2112") + --prometheus-enable Serve prometheus metrics on the address + defined by prometheus address. + Consumes $CODER_PROMETHEUS_ENABLE + --provisioner-daemons int Number of provisioner daemons to create + on start. If builds are stuck in queued + state for a long time, consider + increasing this. + Consumes $CODER_PROVISIONER_DAEMONS + (default 3) + --provisionerd-force-cancel-interval duration Time to force cancel provisioning tasks + that are stuck. + Consumes + $CODER_PROVISIONERD_FORCE_CANCEL_INTERVAL + --proxy-trusted-headers strings Headers to trust for forwarding IP + addresses. e.g. Cf-Connecting-Ip, + True-Client-Ip, X-Forwarded-For + Consumes $CODER_PROXY_TRUSTED_HEADERS + --proxy-trusted-origins strings Origin addresses to respect + "proxy-trusted-headers". e.g. + 192.168.1.0/24 + Consumes $CODER_PROXY_TRUSTED_ORIGINS + --secure-auth-cookie Controls if the 'Secure' property is set + on browser session cookies. + Consumes $CODER_SECURE_AUTH_COOKIE + --ssh-keygen-algorithm string The algorithm to use for generating ssh + keys. Accepted values are "ed25519", + "ecdsa", or "rsa4096". + Consumes $CODER_SSH_KEYGEN_ALGORITHM + (default "ed25519") + --telemetry Whether telemetry is enabled or not. + Coder collects anonymized usage data to + help improve our product. + Consumes $CODER_TELEMETRY_ENABLE + --telemetry-trace Whether Opentelemetry traces are sent to + Coder. Coder collects anonymized + application tracing to help improve our + product. Disabling telemetry also + disables this option. + Consumes $CODER_TELEMETRY_TRACE + --tls-cert-file strings Path to each certificate for TLS. It + requires a PEM-encoded file. To + configure the listener to use a CA + certificate, concatenate the primary + certificate and the CA certificate + together. The primary certificate should + appear first in the combined file. + Consumes $CODER_TLS_CERT_FILE + --tls-client-auth string Policy the server will follow for TLS + Client Authentication. Accepted values + are "none", "request", "require-any", + "verify-if-given", or + "require-and-verify". + Consumes $CODER_TLS_CLIENT_AUTH (default + "request") + --tls-client-ca-file string PEM-encoded Certificate Authority file + used for checking the authenticity of + client + Consumes $CODER_TLS_CLIENT_CA_FILE + --tls-enable Whether TLS will be enabled. + Consumes $CODER_TLS_ENABLE + --tls-key-file strings Paths to the private keys for each of + the certificates. It requires a + PEM-encoded file. + Consumes $CODER_TLS_KEY_FILE + --tls-min-version string Minimum supported version of TLS. + Accepted values are "tls10", "tls11", + "tls12" or "tls13" + Consumes $CODER_TLS_MIN_VERSION (default + "tls12") + --trace Whether application tracing data is + collected. It exports to a backend + configured by environment variables. + See: + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md + Consumes $CODER_TRACE_ENABLE + --trace-honeycomb-api-key string Enables trace exporting to Honeycomb.io + using the provided API Key. + Consumes $CODER_TRACE_HONEYCOMB_API_KEY + --wildcard-access-url string Specifies the wildcard hostname to use + for workspace applications in the form + "*.example.com". + Consumes $CODER_WILDCARD_ACCESS_URL Global Flags: --experimental Enable experimental features. Experimental features are not diff --git a/codersdk/deploymentconfig.go b/codersdk/deploymentconfig.go index a73385670575a..4cb6d04eb8384 100644 --- a/codersdk/deploymentconfig.go +++ b/codersdk/deploymentconfig.go @@ -39,6 +39,7 @@ type DeploymentConfig struct { BrowserOnly *DeploymentConfigField[bool] `json:"browser_only" typescript:",notnull"` SCIMAPIKey *DeploymentConfigField[string] `json:"scim_api_key" typescript:",notnull"` UserWorkspaceQuota *DeploymentConfigField[int] `json:"user_workspace_quota" typescript:",notnull"` + Provisionerd *ProvisionerdConfig `json:"provisionerd" typescript:",notnull"` } type DERP struct { @@ -123,6 +124,10 @@ type GitAuthConfig struct { Scopes []string `json:"scopes"` } +type ProvisionerdConfig struct { + ForceCancelInterval *DeploymentConfigField[time.Duration] `json:"force_cancel_interval" typescript:",notnull"` +} + type Flaggable interface { string | time.Duration | bool | int | []string | []GitAuthConfig } diff --git a/provisionerd/provisionerd.go b/provisionerd/provisionerd.go index f631f27208094..a86476535f91b 100644 --- a/provisionerd/provisionerd.go +++ b/provisionerd/provisionerd.go @@ -65,7 +65,7 @@ func New(clientDialer Dialer, opts *Options) *Server { opts.UpdateInterval = 5 * time.Second } if opts.ForceCancelInterval == 0 { - opts.ForceCancelInterval = time.Minute + opts.ForceCancelInterval = 10 * time.Minute } if opts.LogBufferInterval == 0 { opts.LogBufferInterval = 50 * time.Millisecond From 31e7c9b79362479906652d3886da1bcecd80a90d Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Tue, 8 Nov 2022 10:26:20 +0100 Subject: [PATCH 2/4] Golden files --- cli/testdata/coder_server_--help.golden | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index ae1563dc6e4bd..6c444177c85fe 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -119,7 +119,7 @@ Flags: --provisionerd-force-cancel-interval duration Time to force cancel provisioning tasks that are stuck. Consumes - $CODER_PROVISIONERD_FORCE_CANCEL_INTERVAL + $CODER_PROVISIONERD_FORCE_CANCEL_INTERVAL (default 10m0s) --proxy-trusted-headers strings Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip, True-Client-Ip, X-Forwarded-For From 098d58124db6e2e63697fcc7a9570b1324b5d140 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Tue, 8 Nov 2022 11:14:47 +0100 Subject: [PATCH 3/4] Fix: typesGenerated.ts --- site/src/api/typesGenerated.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index 26a8e79115a2b..1d067213d8e21 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -303,6 +303,7 @@ export interface DeploymentConfig { readonly browser_only: DeploymentConfigField readonly scim_api_key: DeploymentConfigField readonly user_workspace_quota: DeploymentConfigField + readonly provisionerd: ProvisionerdConfig } // From codersdk/deploymentconfig.go @@ -546,6 +547,11 @@ export interface ProvisionerJobLog { readonly output: string } +// From codersdk/deploymentconfig.go +export interface ProvisionerdConfig { + readonly force_cancel_interval: DeploymentConfigField +} + // From codersdk/workspaces.go export interface PutExtendWorkspaceRequest { readonly deadline: string From 25dc1e0d7907d2662facbebfdc297f77028f8d60 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Tue, 8 Nov 2022 12:32:00 +0100 Subject: [PATCH 4/4] Use single struct for Provisioner config --- cli/deployment/config.go | 16 +- cli/deployment/config_test.go | 2 +- cli/server.go | 4 +- cli/testdata/coder_server_--help.golden | 357 ++++++++++++------------ codersdk/deploymentconfig.go | 6 +- site/src/api/typesGenerated.ts | 14 +- 6 files changed, 199 insertions(+), 200 deletions(-) diff --git a/cli/deployment/config.go b/cli/deployment/config.go index e733d67a14d81..c35b9abd63c97 100644 --- a/cli/deployment/config.go +++ b/cli/deployment/config.go @@ -151,12 +151,6 @@ func newConfig() *codersdk.DeploymentConfig { Flag: "in-memory", Hidden: true, }, - ProvisionerDaemons: &codersdk.DeploymentConfigField[int]{ - Name: "Provisioner Daemons", - Usage: "Number of provisioner daemons to create on start. If builds are stuck in queued state for a long time, consider increasing this.", - Flag: "provisioner-daemons", - Default: 3, - }, PostgresURL: &codersdk.DeploymentConfigField[string]{ Name: "Postgres Connection URL", Usage: "URL of a PostgreSQL database. If empty, PostgreSQL binaries will be downloaded from Maven (https://repo1.maven.org/maven2) and store all data in the config root. Access the built-in database with \"coder server postgres-builtin-url\".", @@ -359,11 +353,17 @@ func newConfig() *codersdk.DeploymentConfig { Flag: "user-workspace-quota", Enterprise: true, }, - Provisionerd: &codersdk.ProvisionerdConfig{ + Provisioner: &codersdk.ProvisionerConfig{ + Daemons: &codersdk.DeploymentConfigField[int]{ + Name: "Provisioner Daemons", + Usage: "Number of provisioner daemons to create on start. If builds are stuck in queued state for a long time, consider increasing this.", + Flag: "provisioner-daemons", + Default: 3, + }, ForceCancelInterval: &codersdk.DeploymentConfigField[time.Duration]{ Name: "Force Cancel Interval", Usage: "Time to force cancel provisioning tasks that are stuck.", - Flag: "provisionerd-force-cancel-interval", + Flag: "provisioner-force-cancel-interval", Default: 10 * time.Minute, }, }, diff --git a/cli/deployment/config_test.go b/cli/deployment/config_test.go index c57f59dc3fc0d..b14f890e9d561 100644 --- a/cli/deployment/config_test.go +++ b/cli/deployment/config_test.go @@ -47,7 +47,7 @@ func TestConfig(t *testing.T) { require.Equal(t, config.Pprof.Enable.Value, true) require.Equal(t, config.Prometheus.Address.Value, "hello-world") require.Equal(t, config.Prometheus.Enable.Value, true) - require.Equal(t, config.ProvisionerDaemons.Value, 5) + require.Equal(t, config.Provisioner.Daemons.Value, 5) require.Equal(t, config.SecureAuthCookie.Value, true) require.Equal(t, config.SSHKeygenAlgorithm.Value, "potato") require.Equal(t, config.Telemetry.Enable.Value, false) diff --git a/cli/server.go b/cli/server.go index 16890d29de02f..ca2bddefe0769 100644 --- a/cli/server.go +++ b/cli/server.go @@ -562,7 +562,7 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co } }() provisionerdMetrics := provisionerd.NewMetrics(options.PrometheusRegistry) - for i := 0; i < cfg.ProvisionerDaemons.Value; i++ { + for i := 0; i < cfg.Provisioner.Daemons.Value; i++ { daemon, err := newProvisionerDaemon(ctx, coderAPI, provisionerdMetrics, logger, cfg, errCh, false) if err != nil { return xerrors.Errorf("create provisioner daemon: %w", err) @@ -905,7 +905,7 @@ func newProvisionerDaemon( Logger: logger, PollInterval: 500 * time.Millisecond, UpdateInterval: 500 * time.Millisecond, - ForceCancelInterval: cfg.Provisionerd.ForceCancelInterval.Value, + ForceCancelInterval: cfg.Provisioner.ForceCancelInterval.Value, Provisioners: provisioners, WorkDirectory: tempDir, TracerProvider: coderAPI.TracerProvider, diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index 6c444177c85fe..ba82ae3681d4f 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -10,185 +10,184 @@ Commands: postgres-builtin-url Output the connection URL for the built-in PostgreSQL deployment. Flags: - --access-url string External URL to access your deployment. - This must be accessible by all - provisioned workspaces. - Consumes $CODER_ACCESS_URL - -a, --address string Bind address of the server. - Consumes $CODER_ADDRESS (default - "127.0.0.1:3000") - --cache-dir string The directory to cache temporary files. - If unspecified and $CACHE_DIRECTORY is - set, it will be used for compatibility - with systemd. - Consumes $CODER_CACHE_DIRECTORY (default - "/tmp/coder-cli-test-cache") - --derp-config-path string Path to read a DERP mapping from. See: - https://tailscale.com/kb/1118/custom-derp-servers/ - Consumes $CODER_DERP_CONFIG_PATH - --derp-config-url string URL to fetch a DERP mapping on startup. - See: - https://tailscale.com/kb/1118/custom-derp-servers/ - Consumes $CODER_DERP_CONFIG_URL - --derp-server-enable Whether to enable or disable the - embedded DERP relay server. - Consumes $CODER_DERP_SERVER_ENABLE - (default true) - --derp-server-region-code string Region code to use for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_CODE - (default "coder") - --derp-server-region-id int Region ID to use for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_ID - (default 999) - --derp-server-region-name string Region name that for the embedded DERP - server. - Consumes $CODER_DERP_SERVER_REGION_NAME - (default "Coder Embedded Relay") - --derp-server-stun-addresses strings Addresses for STUN servers to establish - P2P connections. Set empty to disable - P2P connections. - Consumes - $CODER_DERP_SERVER_STUN_ADDRESSES - (default [stun.l.google.com:19302]) - -h, --help help for server - --oauth2-github-allow-signups Whether new users can sign up with - GitHub. - Consumes $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS - --oauth2-github-allowed-orgs strings Organizations the user must be a member - of to Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_ALLOWED_ORGS - --oauth2-github-allowed-teams strings Teams inside organizations the user must - be a member of to Login with GitHub. - Structured as: - /. - Consumes $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS - --oauth2-github-client-id string Client ID for Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_CLIENT_ID - --oauth2-github-client-secret string Client secret for Login with GitHub. - Consumes $CODER_OAUTH2_GITHUB_CLIENT_SECRET - --oauth2-github-enterprise-base-url string Base URL of a GitHub Enterprise - deployment to use for Login with GitHub. - Consumes - $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL - --oidc-allow-signups Whether new users can sign up with OIDC. - Consumes $CODER_OIDC_ALLOW_SIGNUPS - (default true) - --oidc-client-id string Client ID to use for Login with OIDC. - Consumes $CODER_OIDC_CLIENT_ID - --oidc-client-secret string Client secret to use for Login with - OIDC. - Consumes $CODER_OIDC_CLIENT_SECRET - --oidc-email-domain string Email domain that clients logging in - with OIDC must match. - Consumes $CODER_OIDC_EMAIL_DOMAIN - --oidc-issuer-url string Issuer URL to use for Login with OIDC. - Consumes $CODER_OIDC_ISSUER_URL - --oidc-scopes strings Scopes to grant when authenticating with - OIDC. - Consumes $CODER_OIDC_SCOPES (default - [openid,profile,email]) - --postgres-url string URL of a PostgreSQL database. If empty, - PostgreSQL binaries will be downloaded - from Maven - (https://repo1.maven.org/maven2) and - store all data in the config root. - Access the built-in database with "coder - server postgres-builtin-url". - Consumes $CODER_PG_CONNECTION_URL - --pprof-address string The bind address to serve pprof. - Consumes $CODER_PPROF_ADDRESS (default - "127.0.0.1:6060") - --pprof-enable Serve pprof metrics on the address - defined by pprof address. - Consumes $CODER_PPROF_ENABLE - --prometheus-address string The bind address to serve prometheus - metrics. - Consumes $CODER_PROMETHEUS_ADDRESS - (default "127.0.0.1:2112") - --prometheus-enable Serve prometheus metrics on the address - defined by prometheus address. - Consumes $CODER_PROMETHEUS_ENABLE - --provisioner-daemons int Number of provisioner daemons to create - on start. If builds are stuck in queued - state for a long time, consider - increasing this. - Consumes $CODER_PROVISIONER_DAEMONS - (default 3) - --provisionerd-force-cancel-interval duration Time to force cancel provisioning tasks - that are stuck. - Consumes - $CODER_PROVISIONERD_FORCE_CANCEL_INTERVAL (default 10m0s) - --proxy-trusted-headers strings Headers to trust for forwarding IP - addresses. e.g. Cf-Connecting-Ip, - True-Client-Ip, X-Forwarded-For - Consumes $CODER_PROXY_TRUSTED_HEADERS - --proxy-trusted-origins strings Origin addresses to respect - "proxy-trusted-headers". e.g. - 192.168.1.0/24 - Consumes $CODER_PROXY_TRUSTED_ORIGINS - --secure-auth-cookie Controls if the 'Secure' property is set - on browser session cookies. - Consumes $CODER_SECURE_AUTH_COOKIE - --ssh-keygen-algorithm string The algorithm to use for generating ssh - keys. Accepted values are "ed25519", - "ecdsa", or "rsa4096". - Consumes $CODER_SSH_KEYGEN_ALGORITHM - (default "ed25519") - --telemetry Whether telemetry is enabled or not. - Coder collects anonymized usage data to - help improve our product. - Consumes $CODER_TELEMETRY_ENABLE - --telemetry-trace Whether Opentelemetry traces are sent to - Coder. Coder collects anonymized - application tracing to help improve our - product. Disabling telemetry also - disables this option. - Consumes $CODER_TELEMETRY_TRACE - --tls-cert-file strings Path to each certificate for TLS. It - requires a PEM-encoded file. To - configure the listener to use a CA - certificate, concatenate the primary - certificate and the CA certificate - together. The primary certificate should - appear first in the combined file. - Consumes $CODER_TLS_CERT_FILE - --tls-client-auth string Policy the server will follow for TLS - Client Authentication. Accepted values - are "none", "request", "require-any", - "verify-if-given", or - "require-and-verify". - Consumes $CODER_TLS_CLIENT_AUTH (default - "request") - --tls-client-ca-file string PEM-encoded Certificate Authority file - used for checking the authenticity of - client - Consumes $CODER_TLS_CLIENT_CA_FILE - --tls-enable Whether TLS will be enabled. - Consumes $CODER_TLS_ENABLE - --tls-key-file strings Paths to the private keys for each of - the certificates. It requires a - PEM-encoded file. - Consumes $CODER_TLS_KEY_FILE - --tls-min-version string Minimum supported version of TLS. - Accepted values are "tls10", "tls11", - "tls12" or "tls13" - Consumes $CODER_TLS_MIN_VERSION (default - "tls12") - --trace Whether application tracing data is - collected. It exports to a backend - configured by environment variables. - See: - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md - Consumes $CODER_TRACE_ENABLE - --trace-honeycomb-api-key string Enables trace exporting to Honeycomb.io - using the provided API Key. - Consumes $CODER_TRACE_HONEYCOMB_API_KEY - --wildcard-access-url string Specifies the wildcard hostname to use - for workspace applications in the form - "*.example.com". - Consumes $CODER_WILDCARD_ACCESS_URL + --access-url string External URL to access your deployment. + This must be accessible by all + provisioned workspaces. + Consumes $CODER_ACCESS_URL + -a, --address string Bind address of the server. + Consumes $CODER_ADDRESS (default + "127.0.0.1:3000") + --cache-dir string The directory to cache temporary files. + If unspecified and $CACHE_DIRECTORY is + set, it will be used for compatibility + with systemd. + Consumes $CODER_CACHE_DIRECTORY (default + "/tmp/coder-cli-test-cache") + --derp-config-path string Path to read a DERP mapping from. See: + https://tailscale.com/kb/1118/custom-derp-servers/ + Consumes $CODER_DERP_CONFIG_PATH + --derp-config-url string URL to fetch a DERP mapping on startup. + See: + https://tailscale.com/kb/1118/custom-derp-servers/ + Consumes $CODER_DERP_CONFIG_URL + --derp-server-enable Whether to enable or disable the embedded + DERP relay server. + Consumes $CODER_DERP_SERVER_ENABLE + (default true) + --derp-server-region-code string Region code to use for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_CODE + (default "coder") + --derp-server-region-id int Region ID to use for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_ID + (default 999) + --derp-server-region-name string Region name that for the embedded DERP + server. + Consumes $CODER_DERP_SERVER_REGION_NAME + (default "Coder Embedded Relay") + --derp-server-stun-addresses strings Addresses for STUN servers to establish + P2P connections. Set empty to disable P2P + connections. + Consumes + $CODER_DERP_SERVER_STUN_ADDRESSES + (default [stun.l.google.com:19302]) + -h, --help help for server + --oauth2-github-allow-signups Whether new users can sign up with + GitHub. + Consumes $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS + --oauth2-github-allowed-orgs strings Organizations the user must be a member + of to Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_ALLOWED_ORGS + --oauth2-github-allowed-teams strings Teams inside organizations the user must + be a member of to Login with GitHub. + Structured as: + /. + Consumes $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS + --oauth2-github-client-id string Client ID for Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_CLIENT_ID + --oauth2-github-client-secret string Client secret for Login with GitHub. + Consumes $CODER_OAUTH2_GITHUB_CLIENT_SECRET + --oauth2-github-enterprise-base-url string Base URL of a GitHub Enterprise + deployment to use for Login with GitHub. + Consumes + $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL + --oidc-allow-signups Whether new users can sign up with OIDC. + Consumes $CODER_OIDC_ALLOW_SIGNUPS + (default true) + --oidc-client-id string Client ID to use for Login with OIDC. + Consumes $CODER_OIDC_CLIENT_ID + --oidc-client-secret string Client secret to use for Login with OIDC. + Consumes $CODER_OIDC_CLIENT_SECRET + --oidc-email-domain string Email domain that clients logging in with + OIDC must match. + Consumes $CODER_OIDC_EMAIL_DOMAIN + --oidc-issuer-url string Issuer URL to use for Login with OIDC. + Consumes $CODER_OIDC_ISSUER_URL + --oidc-scopes strings Scopes to grant when authenticating with + OIDC. + Consumes $CODER_OIDC_SCOPES (default + [openid,profile,email]) + --postgres-url string URL of a PostgreSQL database. If empty, + PostgreSQL binaries will be downloaded + from Maven + (https://repo1.maven.org/maven2) and + store all data in the config root. Access + the built-in database with "coder server + postgres-builtin-url". + Consumes $CODER_PG_CONNECTION_URL + --pprof-address string The bind address to serve pprof. + Consumes $CODER_PPROF_ADDRESS (default + "127.0.0.1:6060") + --pprof-enable Serve pprof metrics on the address + defined by pprof address. + Consumes $CODER_PPROF_ENABLE + --prometheus-address string The bind address to serve prometheus + metrics. + Consumes $CODER_PROMETHEUS_ADDRESS + (default "127.0.0.1:2112") + --prometheus-enable Serve prometheus metrics on the address + defined by prometheus address. + Consumes $CODER_PROMETHEUS_ENABLE + --provisioner-daemons int Number of provisioner daemons to create + on start. If builds are stuck in queued + state for a long time, consider + increasing this. + Consumes $CODER_PROVISIONER_DAEMONS + (default 3) + --provisioner-force-cancel-interval duration Time to force cancel provisioning tasks + that are stuck. + Consumes + $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL + (default 10m0s) + --proxy-trusted-headers strings Headers to trust for forwarding IP + addresses. e.g. Cf-Connecting-Ip, + True-Client-Ip, X-Forwarded-For + Consumes $CODER_PROXY_TRUSTED_HEADERS + --proxy-trusted-origins strings Origin addresses to respect + "proxy-trusted-headers". e.g. + 192.168.1.0/24 + Consumes $CODER_PROXY_TRUSTED_ORIGINS + --secure-auth-cookie Controls if the 'Secure' property is set + on browser session cookies. + Consumes $CODER_SECURE_AUTH_COOKIE + --ssh-keygen-algorithm string The algorithm to use for generating ssh + keys. Accepted values are "ed25519", + "ecdsa", or "rsa4096". + Consumes $CODER_SSH_KEYGEN_ALGORITHM + (default "ed25519") + --telemetry Whether telemetry is enabled or not. + Coder collects anonymized usage data to + help improve our product. + Consumes $CODER_TELEMETRY_ENABLE + --telemetry-trace Whether Opentelemetry traces are sent to + Coder. Coder collects anonymized + application tracing to help improve our + product. Disabling telemetry also + disables this option. + Consumes $CODER_TELEMETRY_TRACE + --tls-cert-file strings Path to each certificate for TLS. It + requires a PEM-encoded file. To configure + the listener to use a CA certificate, + concatenate the primary certificate and + the CA certificate together. The primary + certificate should appear first in the + combined file. + Consumes $CODER_TLS_CERT_FILE + --tls-client-auth string Policy the server will follow for TLS + Client Authentication. Accepted values + are "none", "request", "require-any", + "verify-if-given", or + "require-and-verify". + Consumes $CODER_TLS_CLIENT_AUTH (default + "request") + --tls-client-ca-file string PEM-encoded Certificate Authority file + used for checking the authenticity of + client + Consumes $CODER_TLS_CLIENT_CA_FILE + --tls-enable Whether TLS will be enabled. + Consumes $CODER_TLS_ENABLE + --tls-key-file strings Paths to the private keys for each of the + certificates. It requires a PEM-encoded + file. + Consumes $CODER_TLS_KEY_FILE + --tls-min-version string Minimum supported version of TLS. + Accepted values are "tls10", "tls11", + "tls12" or "tls13" + Consumes $CODER_TLS_MIN_VERSION (default + "tls12") + --trace Whether application tracing data is + collected. It exports to a backend + configured by environment variables. See: + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md + Consumes $CODER_TRACE_ENABLE + --trace-honeycomb-api-key string Enables trace exporting to Honeycomb.io + using the provided API Key. + Consumes $CODER_TRACE_HONEYCOMB_API_KEY + --wildcard-access-url string Specifies the wildcard hostname to use + for workspace applications in the form + "*.example.com". + Consumes $CODER_WILDCARD_ACCESS_URL Global Flags: --experimental Enable experimental features. Experimental features are not diff --git a/codersdk/deploymentconfig.go b/codersdk/deploymentconfig.go index 4cb6d04eb8384..550890a03e56f 100644 --- a/codersdk/deploymentconfig.go +++ b/codersdk/deploymentconfig.go @@ -23,7 +23,6 @@ type DeploymentConfig struct { ProxyTrustedOrigins *DeploymentConfigField[[]string] `json:"proxy_trusted_origins" typescript:",notnull"` CacheDirectory *DeploymentConfigField[string] `json:"cache_directory" typescript:",notnull"` InMemoryDatabase *DeploymentConfigField[bool] `json:"in_memory_database" typescript:",notnull"` - ProvisionerDaemons *DeploymentConfigField[int] `json:"provisioner_daemons" typescript:",notnull"` PostgresURL *DeploymentConfigField[string] `json:"pg_connection_url" typescript:",notnull"` OAuth2 *OAuth2Config `json:"oauth2" typescript:",notnull"` OIDC *OIDCConfig `json:"oidc" typescript:",notnull"` @@ -39,7 +38,7 @@ type DeploymentConfig struct { BrowserOnly *DeploymentConfigField[bool] `json:"browser_only" typescript:",notnull"` SCIMAPIKey *DeploymentConfigField[string] `json:"scim_api_key" typescript:",notnull"` UserWorkspaceQuota *DeploymentConfigField[int] `json:"user_workspace_quota" typescript:",notnull"` - Provisionerd *ProvisionerdConfig `json:"provisionerd" typescript:",notnull"` + Provisioner *ProvisionerConfig `json:"provisioner" typescript:",notnull"` } type DERP struct { @@ -124,7 +123,8 @@ type GitAuthConfig struct { Scopes []string `json:"scopes"` } -type ProvisionerdConfig struct { +type ProvisionerConfig struct { + Daemons *DeploymentConfigField[int] `json:"daemons" typescript:",notnull"` ForceCancelInterval *DeploymentConfigField[time.Duration] `json:"force_cancel_interval" typescript:",notnull"` } diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index 1d067213d8e21..ad7566c4df90d 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -287,7 +287,6 @@ export interface DeploymentConfig { readonly proxy_trusted_origins: DeploymentConfigField readonly cache_directory: DeploymentConfigField readonly in_memory_database: DeploymentConfigField - readonly provisioner_daemons: DeploymentConfigField readonly pg_connection_url: DeploymentConfigField readonly oauth2: OAuth2Config readonly oidc: OIDCConfig @@ -303,7 +302,7 @@ export interface DeploymentConfig { readonly browser_only: DeploymentConfigField readonly scim_api_key: DeploymentConfigField readonly user_workspace_quota: DeploymentConfigField - readonly provisionerd: ProvisionerdConfig + readonly provisioner: ProvisionerConfig } // From codersdk/deploymentconfig.go @@ -515,6 +514,12 @@ export interface PrometheusConfig { readonly address: DeploymentConfigField } +// From codersdk/deploymentconfig.go +export interface ProvisionerConfig { + readonly daemons: DeploymentConfigField + readonly force_cancel_interval: DeploymentConfigField +} + // From codersdk/provisionerdaemons.go export interface ProvisionerDaemon { readonly id: string @@ -547,11 +552,6 @@ export interface ProvisionerJobLog { readonly output: string } -// From codersdk/deploymentconfig.go -export interface ProvisionerdConfig { - readonly force_cancel_interval: DeploymentConfigField -} - // From codersdk/workspaces.go export interface PutExtendWorkspaceRequest { readonly deadline: string