nixos/prometheus: enable checking syntax only
This allows config checking with external files to not fail inside the sandbox.
This commit is contained in:
parent
1ce1506255
commit
c0723eef37
1 changed files with 15 additions and 8 deletions
|
@ -5,6 +5,9 @@ with lib;
|
||||||
let
|
let
|
||||||
json = pkgs.formats.json { };
|
json = pkgs.formats.json { };
|
||||||
cfg = config.services.prometheus;
|
cfg = config.services.prometheus;
|
||||||
|
checkConfigEnabled =
|
||||||
|
(lib.isBool cfg.checkConfig && cfg.checkConfig)
|
||||||
|
|| cfg.checkConfig == "syntax-only";
|
||||||
|
|
||||||
workingDir = "/var/lib/" + cfg.stateDir;
|
workingDir = "/var/lib/" + cfg.stateDir;
|
||||||
|
|
||||||
|
@ -27,7 +30,7 @@ let
|
||||||
|
|
||||||
# a wrapper that verifies that the configuration is valid
|
# a wrapper that verifies that the configuration is valid
|
||||||
promtoolCheck = what: name: file:
|
promtoolCheck = what: name: file:
|
||||||
if cfg.checkConfig then
|
if checkConfigEnabled then
|
||||||
pkgs.runCommandLocal
|
pkgs.runCommandLocal
|
||||||
"${name}-${replaceStrings [" "] [""] what}-checked"
|
"${name}-${replaceStrings [" "] [""] what}-checked"
|
||||||
{ buildInputs = [ cfg.package ]; } ''
|
{ buildInputs = [ cfg.package ]; } ''
|
||||||
|
@ -58,7 +61,7 @@ let
|
||||||
pkgs.writeText "prometheus.yml" cfg.configText
|
pkgs.writeText "prometheus.yml" cfg.configText
|
||||||
else generatedPrometheusYml;
|
else generatedPrometheusYml;
|
||||||
in
|
in
|
||||||
promtoolCheck "check config" "prometheus.yml" yml;
|
promtoolCheck "check config ${lib.optionalString (cfg.checkConfig == "syntax-only") "--syntax-only"}" "prometheus.yml" yml;
|
||||||
|
|
||||||
cmdlineArgs = cfg.extraFlags ++ [
|
cmdlineArgs = cfg.extraFlags ++ [
|
||||||
"--storage.tsdb.path=${workingDir}/data/"
|
"--storage.tsdb.path=${workingDir}/data/"
|
||||||
|
@ -1726,16 +1729,20 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
checkConfig = mkOption {
|
checkConfig = mkOption {
|
||||||
type = types.bool;
|
type = with types; either bool (enum [ "syntax-only" ]);
|
||||||
default = true;
|
default = true;
|
||||||
|
example = "syntax-only";
|
||||||
description = ''
|
description = ''
|
||||||
Check configuration with <literal>promtool
|
Check configuration with <literal>promtool
|
||||||
check</literal>. The call to <literal>promtool</literal> is
|
check</literal>. The call to <literal>promtool</literal> is
|
||||||
subject to sandboxing by Nix. When credentials are stored in
|
subject to sandboxing by Nix.
|
||||||
external files (<literal>password_file</literal>,
|
|
||||||
<literal>bearer_token_file</literal>, etc), they will not be
|
If you use credentials stored in external files
|
||||||
visible to <literal>promtool</literal> and it will report
|
(<literal>password_file</literal>, <literal>bearer_token_file</literal>, etc),
|
||||||
errors, despite a correct configuration.
|
they will not be visible to <literal>promtool</literal>
|
||||||
|
and it will report errors, despite a correct configuration.
|
||||||
|
To resolve this, you may set this option to <literal>"syntax-only"</literal>
|
||||||
|
in order to only syntax check the Prometheus configuration.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue