pothos
commented
2 months ago About migration to etcd3: We might keep etcd2 support around in locksmith for some time besides FleetLock, or we could directly delete it and make FleetLock the new default together with an inbuilt airlock layer (part of locksmith instead of a separate binary) where we point the inbuilt Airlock layer to the configured locksmith etcd server. This will then use the etcd3 protocol. Update behavior should be ok even though etcd keeps the v2 and v3 state separate: The old clients coordinate themselves in the v2 state and the new clients have just updated and don't need to coordinate themselves for the next hours in which all old clients of the same pool should have updated.
One more idea:
- [ ] Run a public Airlock server that users can rely on for simple coordination by using secret group names for their clusters.
Current situation
locksmithis highly bound toetcd: users who want to have a cluster reboot coordination needs to useetcd. The idea is to implement aFleetLockclient intolocksmith.Impact
Flatcar users will benefit from
FleetLockintegration:etcddependency fromlocksmithIdeal future situation
User will configure
locksmithvia a HTTPFleetLockendpoint URL.Implementation options
FleetLock:
[x] develop a Go FleetLock HTTP client (https://github.com/flatcar-linux/fleetlock)
Locksmith:
[ ] use the Go FleetLock HTTP client instead of the
etcdlock client (started in https://github.com/flatcar-linux/locksmith/pull/14)Flatcar:
[ ] ship
airlockin the OS +systemdconfiguration ready to run a localairlockinstance[ ] documentation: explain how users can use
locksmith+airlock+etcdto emulate the current behavior + other use cases like using an external FleetLock endpoint[ ] upgrade
locksmithinto the OSKola:
[ ] implement more tests to cover actual use cases (avoid regression)
[ ] implement a custom testing
FleetLockserver to create scenarios (network latency, etc.) used by the testedlocksmith[ ] implement test with new features offered by
FleetLockAdditional information