Open tormath1 opened 2 years ago
About migration to etcd3: We might keep etcd2 support around in locksmith for some time besides FleetLock, or we could directly delete it and make FleetLock the new default together with an inbuilt airlock layer (part of locksmith instead of a separate binary) where we point the inbuilt Airlock layer to the configured locksmith etcd server. This will then use the etcd3 protocol. Update behavior should be ok even though etcd keeps the v2 and v3 state separate: The old clients coordinate themselves in the v2 state and the new clients have just updated and don't need to coordinate themselves for the next hours in which all old clients of the same pool should have updated.
One more idea:
Current situation
locksmith
is highly bound toetcd
: users who want to have a cluster reboot coordination needs to useetcd
. The idea is to implement aFleetLock
client intolocksmith
.Impact
Flatcar users will benefit from
FleetLock
integration:etcd
dependency fromlocksmith
Ideal future situation
User will configure
locksmith
via a HTTPFleetLock
endpoint URL.Implementation options
FleetLock:
[x] develop a Go FleetLock HTTP client (https://github.com/flatcar-linux/fleetlock)
Locksmith:
[ ] use the Go FleetLock HTTP client instead of the
etcd
lock client (started in https://github.com/flatcar-linux/locksmith/pull/14)Flatcar:
[ ] ship
airlock
in the OS +systemd
configuration ready to run a localairlock
instance[ ] documentation: explain how users can use
locksmith
+airlock
+etcd
to emulate the current behavior + other use cases like using an external FleetLock endpoint[ ] upgrade
locksmith
into the OSKola:
[ ] implement more tests to cover actual use cases (avoid regression)
[ ] implement a custom testing
FleetLock
server to create scenarios (network latency, etc.) used by the testedlocksmith
[ ] implement test with new features offered by
FleetLock
Additional information