Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/prometheus: add checkConfig #73534

Merged
merged 1 commit into from Mar 14, 2020
Merged

nixos/prometheus: add checkConfig #73534

merged 1 commit into from Mar 14, 2020

Conversation

thefloweringash
Copy link
Member

@thefloweringash thefloweringash commented Nov 17, 2019
edited

Workaround for prometheus/prometheus#5222

Motivation for this change

As is, it's not possible to use options like password_file that refer to locations outside of the sandbox.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

tomfitzhenry
tomfitzhenry reviewed Nov 18, 2019
View reviewed changes
Copy link
Contributor

@tomfitzhenry tomfitzhenry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see the rationale for this change. My concern is that adding an option is a maintenance burden. Is there precedent for having options to disable validation?

@thefloweringash
Copy link
Member Author

I didn't see much with a quick grep. I only really found nix.checkConfig, which is a nicer name for the same thing. The other alternative that comes to mind is to always ignore errors in the config, or skip checking completely. This would make the module slightly worse and less safe for current users, but one day can be improved again when (if?) upstream produces the appropriate tools

@tomfitzhenry
Copy link
Contributor

I only really found nix.checkConfig, which is a nicer name for the same thing.

I agree it's nicer. If we do choose to add a new option (which I'm still unsure of), perhaps it'd be better phrased as:

checkConfig = mkOption {
    type = types.bool;
    default = true;
    description = ...
}

I think this is easier to read, since it's shorter and phrased positively.

If we did that, I don't think we should call promtool if checkConfig = false, since:

  • it isn't reasonable to expect users to check the promtool output and manually filter the errors they know are okay.
  • this makes our Nix config unnecessarily complex, for little gain.

Users who want promtool checking, but have to disable it because it doesn't quite work for them should continue to work with upstream on resolving prometheus/prometheus#5222 .

@thefloweringash thefloweringash changed the title nixos/prometheus: add ignoreConfigCheckErrors nixos/prometheus: add checkConfig Nov 18, 2019
tomfitzhenry
tomfitzhenry approved these changes Nov 19, 2019
View reviewed changes
Copy link
Contributor

@tomfitzhenry tomfitzhenry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Pro: Disabling validation is a necessary evil at times. The "password file is not visible at CI time" is such an example. I get the impression there's a missing abstraction with NixOS for user-configurable validation, but for the moment an all-or-nothing approach is fine.

Con: It's another option, and thus a maintenance burden.

@alyssais
Copy link
Member

LGTM, but we should evaluate whether to remove the option is prometheus/prometheus#6488 is accepted.

@alyssais alyssais merged commit 01f03f3 into NixOS:master Mar 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomfitzhenry tomfitzhenry tomfitzhenry approved these changes

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@thefloweringash @tomfitzhenry @alyssais