-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better feedback during applies #185
Comments
I think we should also add that we need better feedback on Recently i had done changes to 20+ projects in a monolith TF repo in one PR - primarily upgrading the minimum version of Terraform. Atlantis then autoplan that PR but it had to go through all 20+ projects which took a while. The only way I could verify that Atlantis was still running the plan
For |
A link to the streaming log sounds useful; we use BitBucket Server which doesn't refresh on PR changes automatically anyways. |
While that does sound useful to link to a log stream altantis does not really have any concept authentication/authorization so I would be hesitant to expose something like that. At my work we use: https://github.com/bitly/oauth2_proxy but I know some people are not even protecting the UI at all. One idea we could take from terraform when you create resources it keeps track and prints how long it takes and for resources such as RDS creation deletion. We could have atlantis comment something say every 60 seconds with either this information or at least some kind of summary. If we wanted a quick win we could have it be something as simple as |
Atlantis already has a secret token. would it be possible to expose an API endpoint so that some external dashboard (maybe the UI later-on) can request portions of the log? |
A link to a streaming log would be amazing |
Is there an actual log file that we can use until this feature is implemented ? |
No, Atlantis collects the output from the process in memory and then comments it back to the pull request. |
Okay, thank you :) |
@lkysow An option to be able to direct the logs to a file would be helpful as we could roll our own solutions and should be less work as it doesn't involve building a secure web UI around it. |
True. You could do that now with a custom workflow and |
Oh that's a great solution I hadn't thought of. Thanks! |
Hey smiller171, could you explain how this can be implemented ? How would I use |
With a custom workflow you can redirect the output however you like. Here's an example: workflows:
default:
plan:
steps:
- init:
- run: >
terraform plan -input=false -no-color
-out ${PLANFILE} | tee -a /var/log/tfplan.log Unfortunately you can't use this to direct the logs to stdio, which makes retrieving the logs slightly more annoying if you're running in a container, especially with the Fargate deployment method. |
We are running https://github.com/LeKovr/webtail watching log folder in a sidecar. Works pretty great for our needs. |
I don't think Fargate supports sidecar containers. If it does I'd still need to fork the official Terraform module. |
@gordonbondon Where is the atlantis log folder? Looking to use webtail as you have but can't find where Atlantis streams the apply logs to. |
@cyrus-mc there is none, we use custom workflow and replace plan and apply steps with our own scripts to |
@gordonbondon can you share the scripts, are you would be generating different log files for different plan iterations even on same pull request?. |
Hi, can we somehow also print the logs to stdout? |
Maybe you could do something funky with |
Came up with a hacky shell script that sends the output to the Atlantis docker container stdout (assumed to be process 1) while still keeping the Github output the same:
The above will use the proper specified terraform version, append the logs to the container logs in the same format as the rest of the logs, and then cut out the timestamp at the end so the github logs don't contain it. I hardcoded the timezone to +0000 but it could probably be fixed for other timezones. |
@bjaworski3 Is there a way to run the above, but taking into account the target args given in the PR comment? |
@dimisjim I think if you added https://www.runatlantis.io/docs/custom-workflows.html#reference |
@bjaworski3 |
I was thinking that a way to do streaming output would be to expose an API endpoint for Atlantis (default disabled for backwards compatibility & security reasons) that had pageable output, then query that from a Github Action (explained below). atlantis would "flush" the output to a "page" at a given interval (say every 5 seconds). These would be in-memory, or in-db page results, that would expire after a few minutes. an example of such API result would be: {
"id": "1234",
"links": {
"prev": "/example-data?page[before]=yyy&page[size]=2",
"next": "/example-data?page[after]=zzz&page[size]=2"
},
"data": {
"lines": [
"doing something...",
"more stuff..."
]
}
} Some situations and results:
https://www.restapitutorial.com/httpstatuscodes.html You could then write a Github Action, that would query the API, at a given interval, and print the On a if |
Although the Github Action part of this solution is specific to github, the actual client code needed to page through results and prints is simple enough to write, even in a bash script, such that it could be implemented in a variety of other ways and for other setups. I can't speak for what's possible with BitBucket or GitLab, but I'm sure someone else with more experience there could probably think of something. I think the following server options could be added with defaults listed
|
some other alternatives or additional implementations: a long-lived an Atlantis CLI could be written, which does the above, or uses something like GRPC in order to stream the output. |
How can I help make this a reality? The user experience right now of Atlantis is a bit "black box" ish... you have to wait (and hope) that Atlantis will post back a comment with the results. But that can sometimes take 20 minutes. Is this something that should a PR be created would be a welcome change? Are there other initiatives currently in the works? |
Having this feature would make life much more pleasant for the teams I'm working with that are relying on Atlantis. Especially when the plans are large, it can help speed troubleshooting of problem areas. |
Yes, I agree. This would provide much better insights into what is actually going on while the apply is in progress. 🙏 Especially with applies that takes longer such as an EKS control plane upgrade. ~45-60 minutes |
Not to pile on here, but the absence of feedback for a process that can take a very long time is leaving us hoping things work. Or, more likely, running |
I think atlantis has matured a bit and I think it's time to tackle features such as this. I do still think we need to create some sort of authentication and authorization mechanism as a prerequisite. It's very possible for secrets to show up in log output of terraform even with newer features. In the context of Github the risk is lower because you are already relying on Github's auth mechanism to limit who can see it. |
@majormoses - completely agree. |
Does #1937 resolve this completely? That got merged in for the v0.18.x series of releases. |
Yeah this should be done now. |
* timestamps * tests * test nit * respond to comments * gh times * follow up * undo nil check removal
Some
apply
's can take a long time. Would be nice to have either a link to view the streaming log or Atlantis to edit the pull request with the latest log.Or even just a comment that says the apply is still ongoing.
The text was updated successfully, but these errors were encountered: