-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform CLI logs support #248
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Raghavendra Nayak <raghvnayak@gmail.com> Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Co-authored-by: Matthew Tanel <matthew.tanel@outlook.com> Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Suresh Ramasamy <suramasamy@guidewire.com> Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Suresh Ramasamy <suramasamy@guidewire.com> Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Suresh Ramasamy <suramasamy@guidewire.com> Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Suresh Ramasamy <suramasamy@guidewire.com> Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Suresh Ramasamy <suramasamy@guidewire.com> Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Signed-off-by: Katrina Ronquillo <kronquillo@guidewire.com>
Sorry for the delay, the kubecon took some energy :) I plan to take care of the review this week |
/test-examples="examples/workspace-inline-aws.yaml" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for the contribution, this is a very useful enhancement 👍
I've tested this change end-to-end, overall it works great with source: Inline
Workspace type. There are some suggestions and questions regarding behavior I left inline.
ls -la affe12f0-377a-47a4-a9fd-d73295bda1d9/
total 44
drwx------ 3 2000 2000 4096 Apr 2 21:40 .
drwxr-xr-x 1 2000 root 4096 Apr 2 21:44 ..
-rw------- 1 2000 2000 68 Apr 2 21:44 .git-credentials
drwxr-xr-x 3 2000 2000 4096 Apr 2 21:20 .terraform
-rw-r--r-- 1 2000 2000 1377 Apr 2 21:20 .terraform.lock.hcl
-rw------- 1 2000 2000 111 Apr 2 21:44 aws-creds.ini
-rw------- 1 2000 2000 276 Apr 2 21:44 crossplane-provider-config.tf
-rw------- 1 2000 2000 424 Apr 2 21:44 main.tf
-rw------- 1 2000 2000 2358 Apr 2 21:40 terraform.log
-rw------- 1 2000 2000 2378 Apr 2 21:39 terraform.log.20240402-214029
The above looks great.
The main blocker is that apparently the change does not work with source: Remote
Workspace type, I cannot see log files appearing in this case.
/tf $ ls -al d94ed4b6-61b1-4d28-b7be-b827020b31cf/
total 44
drwxr-xr-x 3 2000 2000 4096 Apr 2 21:37 .
drwxr-xr-x 1 2000 root 4096 Apr 2 21:37 ..
-rw------- 1 2000 2000 68 Apr 2 21:37 .git-credentials
drwxr-xr-x 3 2000 2000 4096 Apr 2 21:37 .terraform
-rw-r--r-- 1 2000 2000 1377 Apr 2 21:37 .terraform.lock.hcl
-rw------- 1 2000 2000 111 Apr 2 21:37 aws-creds.ini
-rw------- 1 2000 2000 276 Apr 2 21:37 crossplane-provider-config.tf
-rw-r--r-- 1 2000 2000 190 Apr 2 21:37 main.tf
-rw-r--r-- 1 2000 2000 98 Apr 2 21:37 outputs.tf
-rw-r--r-- 1 2000 2000 73 Apr 2 21:37 variables.tf
Most probably it relates to the fact that we are wiping out the workdir for Remote workspaces due to go-getter behavior here https://github.com/upbound/provider-terraform/blob/main/internal/controller/workspace/workspace.go#L230-L233 on each reconciliation loop.
Maybe we can put the logs to /tf/logs/$uuid
to persist independently from the workspace directory.
It's easy to reproduce the issue with https://github.com/upbound/provider-terraform/blob/main/examples/transition/00-mr-tf-workspace/workspace-remote.yaml
## Enable Terraform CLI logs | ||
|
||
Terraform CLI logs can be written to a log file to assist with debugging and to view detailed information about Terraform operations. | ||
To enable it, the `ProviderConfig` spec has an **optional** `LogConfig` field. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To enable it, the `ProviderConfig` spec has an **optional** `LogConfig` field. | |
To enable it, the `ProviderConfig` spec has an **optional** `logConfig` field. |
nit: LogConfig
-> logConfig
return true, nil | ||
} | ||
return false, Classify(err) | ||
} | ||
|
||
func writeTerraformCLILogs(out []byte, logConfig v1beta1.LogConfig, dir string, logRollOver bool) error { | ||
if *logConfig.EnableLogging { | ||
fileName := "terraform.log" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we move it to const
?
if file.IsDir() { | ||
continue | ||
} | ||
if strings.HasPrefix(file.Name(), "terraform.log.") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we move out terraform.log
to shared const
above, we could reference it from a single place and potentially avoid mismatch in case of the future changes.
@@ -532,13 +538,104 @@ func (h Harness) Diff(ctx context.Context, o ...Option) (bool, error) { | |||
// 0 - Succeeded, diff is empty (no changes) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So we are not running writeTerraformCLILogs
in case the terraform succeeded with no diff.
That makes sense in general but in this case, the logs will not appear in case of the ProviderConfig setting change
from enableLogging: false
to enableLogging: true
for already existing Workspaces.
It might confuse users as the terraform.log
file will never appear in this case until some diff event. If it is expected it worth documenting somewhere.
@katronquillo Could you provide an example of what this log output looks like? Is it essentially just typical I'm coming into this conversation late (sorry!) but I'm pretty wary of writing logs to file paths inside the container, and especially of implementing our own log rotation logic. Ideally we'd outsource log processing to the many existing tools that handle it already (systemd etc). I'm wondering if there's a more lightweight option here. For example, I'm wondering if it would be possible to emit Terraform logs to the provider's container stdout. I'm imagining something like this: {"ts": "...", "level": "info", "workspace": "some-ws", "source": "tf-cli", "msg": "<terraform log line goes here>"} If we took this approach Terraform CLI logs would be interspersed with the providers other logs, but given we already support structured logging it would be possible for any log parsing backend to reconstruct the Terraform logs for a particular workspace. |
If we take this approach we may also want to be able to control the log output at the |
Using an MR or ProviderConfig to control how a provider process logs to stdout does seem a little unusual to me. My inclination would be for it to be an all or nothing CLI flag. What would be the consequences of lots of Terraform logs being written to stdout? |
Meaning it gets set by a
Mostly the sheer volume of data to sift through and the tendency of the pod logs to roll over just when you need them. There are ways to work around this but typical development debugging scenarios will just be using |
One other note on this implementation - for |
This is no longer true after #276 |
Description of your changes
Added optional
spec.logConfig
to theProviderConfig
resource to enable writing of Terraform Plan and Apply output to log filespec.logConfig.enableLogging
: Specifies whether logging is enabled (true
) or disabled (false
). When enabled, Terraform CLI command logs will be written to a file. Default isfalse
.spec.logConfig.backupLogFilesCount
: Specifies the number of archived log files to retain. When a new log file is created due to a change detected byterraform diff
, the previous log file is archived and renamed with a timestamp. This parameter controls how many archived log files are kept before older ones are deleted. Default is0
By default, Terraform CLI stores log files in the workspace directory. The default log file name is
terraform.log
. When a backup is taken (e.g., due to a new change detected byterraform diff
), the current log file is renamed toterraform.log.<timestamp>
, where<timestamp>
is a placeholder for the actual timestamp of the backup.Fixes #163
I have:
make reviewable
to ensure this PR is ready for review.make e2e
withUPTEST_EXAMPLE_LIST="examples/workspace-random-generator.yaml"
How has this code been tested
make run
, applied the followingProviderConfig
:Workspace
:terraform.log
file was populated with the expected Terraform Plan and Apply logsWorkspace
YAML and re-appliedterraform.log
file was updated with the new Terraform Plan and Apply logsspec.logConfig.backupLogFilesCount
was set to1
terraform.log
file was created with the most recent Terraform Plan and Apply logsbackupLogFilesCount