werft icon indicating copy to clipboard operation
werft copied to clipboard
verified publisher icon csweichel

Adapt CLI to validate server config

Open ArthurSens opened this issue 3 years ago • 3 comments

Description

Unfortunately, I've lost count of how many times we had to roll back Werft upgrades because we failed to specify a valid werft configuration.

This PR is adding a new command to Werft CLI so we can validate a config file before updating a Werft server.

Alternative approaches

Dedicated config package used by both CLI and Server

I've noticed that we have a Config type under pkg/werft.go and also cmd/server/run.go. I wanted to merge those two into a single one into a dedicated package, so it becomes easier to make LoadConfig testable.

I gave up after 30m trying because go modules are too hard to understand 😅

ArthurSens avatar Apr 09 '22 18:04 ArthurSens

Would still love to see the configuration being split into a dedicated package though, just couldn't find time to understand everything and make the split myself :/

ArthurSens avatar Apr 10 '22 07:04 ArthurSens

Just tested with a real configuration that we run in io-dev and it fails :/

Converting to draft again

Config:

werft:
  baseURL: <omitted>
  gcOlderThan: "172800m" # 120 days
  workspaceNodePathPrefix: /mnt/disks/ssd0/builds
  cleanupJobSpec:
    serviceAccount: werft
    imagePullSecrets:
      - name: <omitted>
    nodeSelector:
      "dev/workload": workload
service:
  webReadOnly: false
  webPort: 8080
  grpcPort: 7777
  prometheusPort: 9500
  pprofPort: 6060
  jobSpecRepos:
    - github.com/gitpod-io/ops:main
    - github.com/gitpod-com/gitpod:prs/slow-swap
executor:
  namespace: werft
  preperationTimeout: 10m
  totalTimeout: 300m
storage:
  logsPath: /mnt/logs
  jobsConnectionString: host=werft-postgresql dbname=<omitted> user=<omitted> password=<omitted> connect_timeout=5 sslmode=disable
plugins:
  - name: "github-repo"
    type:
      - repository
    config:
      privateKeyPath: <omitted>
      appID: <omitted>
      installationID: <omitted>
  - name: "github-integration"
    type:
      - integration
    config:
      baseURL: <omitted>
      webhookSecret: <omitted>
      privateKeyPath: <omitted>
      appID: <omitted>
      installationID: <omitted>
      pullRequestComments:
        enabled: true
        requiresOrg: []
        requiresWriteAccess: true
        updateComment: true
  - name: cron
    type:
      - integration
    config:
      tasks: []

Error:

2022/04/11 10:56:28 yaml: unmarshal errors:
  line 6: field serviceAccount not found in type werft.configPodSpec
  line 7: field imagePullSecrets not found in type werft.configPodSpec
  line 9: field nodeSelector not found in type werft.configPodSpec
  line 32: field privateKeyPath not found in type yaml.Node
  line 33: field appID not found in type yaml.Node
  line 34: field installationID not found in type yaml.Node
  line 39: field baseURL not found in type yaml.Node
  line 40: field webhookSecret not found in type yaml.Node
  line 41: field privateKeyPath not found in type yaml.Node
  line 42: field appID not found in type yaml.Node
  line 43: field installationID not found in type yaml.Node
  line 44: field pullRequestComments not found in type yaml.Node
  line 53: field tasks not found in type yaml.Node
exit status 1

ArthurSens avatar Apr 11 '22 11:04 ArthurSens

I think we'll want to introduce a dry-run to server. Most of the validation happens at runtime by the plugins. Validating strict fit into structures won't result in what you'd expect.

csweichel avatar Apr 11 '22 15:04 csweichel