BitcoinMechanic
commented
2 years ago 
Closed BitcoinMechanic closed 2 years ago
BitcoinMechanic
commented
2 years ago
dr-bonez
commented
2 years ago Almost certainly an ordering issue with the certs being generated for the mountpoint
ProofOfKeags
commented
2 years ago Is this an issue with the OS then? I thought I had fixed this?
dr-bonez
commented
2 years ago You're generating the certs in the netcontroller mount function. This is invoked after the container is launched. That's why it only crashes the first time.
ProofOfKeags
commented
2 years ago Is there a way to change the behavior such that the container is launched with all the mountpoints already properly set up?
chrisguida
commented
2 years ago Seems like I could work around this in synapse by waiting until the cert is available. But ideally it's already there when the container launches
ProofOfKeags
commented
2 years ago I believe the new starting status is going to be active until all of these things are set up. Is the container able to query its status? Alternatively you can have the docker entrypoint of synapse wait until the cert is available before passing control to the main synapse entrypoint.
chrisguida
commented
2 years ago @dr-bonez please advise
chrisguida
commented
2 years ago I don't believe the container can query its own status?
chrisguida
commented
2 years ago Also, adding a wait for the cert to exist seems suboptimal, but we do similar things in other services.
dr-bonez
commented
2 years ago Huh? No this is not a waiting game issue, we just need to generate the cert directory before the container is launched, which means we shouldn't rely on the net controller to do it. We should invoke that function directly, before the container is launched.
dr-bonez
commented
2 years ago This should be moved to the embassy-os board. This is an os issue.
ProofOfKeags
commented
2 years ago This should be moved to the embassy-os board. This is an os issue.
I have added it to the 0.3.0 project board.
Huh? No this is not a waiting game issue, we just need to generate the cert directory before the container is launched, which means we shouldn't rely on the net controller to do it. We should invoke that function directly, before the container is launched.
I am not excited about the idea of moving cert management outside the net controller solely for the purposes of ordering of events. Certificate management, after all, is a network concern (layer 4.5). I'm assuming that the net controller work can't precede launch due to needing named resources created by the container launch. Should the net controller have a pre-launch and post-launch set of actions?
dr-bonez
commented
2 years ago The bottom line is the net controller needs the ip of the container, which only exists after launch, but it also needs to create the cert before the container is launched, otherwise the container can't mount it. However, one other option is just to create the folder where the certs belong before launching the container. The certs themselves can be added later safely.
ProofOfKeags
commented
2 years ago can the thing that does the volume mounts ensure that the directory exists? seems appropriate.