[pbs-devel] [PATCH proxmox-backup 2/3] server/email_notifications: do not panic on template registration

[Thomas Lamprecht]

On 18.03.21 11:31, Dominik Csapak wrote:
> On 3/18/21 11:21, Thomas Lamprecht wrote:
>> On 18.03.21 10:57, Dominik Csapak wrote:
>>> On 3/17/21 20:38, Thomas Lamprecht wrote:
>>>> On 16.03.21 12:56, Dominik Csapak wrote:
>>>>> instead print an error and continue, the rendering functions will error
>>>>> out if one of the templates could not be registered
>>>>>
>>>>> if we `.unwrap()` here, it can lead to problems if the templates are
>>>>> not correct, i.e. we could panic while holding a lock, if something holds
>>>>> a mutex while this is called for the first time
>>>>
>>>> how can they error?
>>>> And any error (with or without this patch) would lead to emails notification not
>>>> working anymore, some may seem this as quite fatal error if they do not get notified
>>>> on erroneous jobs anymore? We may not be able to do much here, that's why above
>>>> question about what the error source can be.
>>>
>>> they can error if they do not compile, e.g. they have syntax errors
>>> while we should catch that during developement/reviewing,
>>> if it does happen, it generates some weird behaviour
>>> (for example panicing while holding a mutex)
>>
>> can't we just add a test for that instead, so that it is actually "compile checked"
>> when building a package?
>>
>> Then such errors would be actually fixed before getting released, relying on > review/test tends to fail and let slip something trhough sooner or later.
> 
> yes ofc, thats a good idea, nonetheless would i prefer to not panic in such a situation, especially if there are no real downsides

I mean if those situation cannot happen in practice anymore I see no
reason for band-aiding a theoretical problem...
But if you really want, OK, but I'd prefer to only take it in with the testing
in place; to avoid that such errors are now completely missed as overlooking
a log message is easy.

>>> also we may want to put the templates into files in the future
>>> so that users can adapt it and we can more easily change
>>> them (maybe localize them?)
>>>
>>
>> would need a sane reload mechanism then though, and in any way the one we ship
>> should be tested for basic validity on build.
>>
> 
> wouldn't it be enough to leave it like it is and document the
> necessary daemon reload for use customized templates?

reload isn't exactly cheap, and we want to avoid that whenever possible, that
includes things like template reloads or certificates update (in the future).

> 
> (i'd imagine a system like for pmg, where we have the
> shipped templates separate from the ones the user
> customizes)

I'd wait for file templates until some are actually requested for a sensible
use case..