Activation fails when network connectivity is down

[dnaq]

When doing a rebuild that causes network connectivity to go down (temporarily), then the activationScript used by opnix will fail, causing the activation to fail.

This can be worked around by deploying the new generation and rebooting, but unfortunately makes opnix use a bit painful.

[mrjones2014]

This is expected and no way around it since the op CLI has no offline support.

It's called out in the README.md: https://github.com/mrjones2014/opnix#tradeoffs-vs-agenix

This was a hackathon project, but I probably wouldn't recommend actually using it 😅

[dnaq]

Sorry, I might have been unclear. I don't mean that activation fails for a host without network support, I mean that activation fails if network connectivity temporarily goes down as part of a rebuild.

An example of this happening is when you run a dns server on the same host and that dns server is updated, this will cause the host to not being able to resolve dns for a short while which will cause the activation to fail.

[mrjones2014]

Ah okay, sounds like the systemd deps may not be quite right. It should wait till you come back online before trying to redeploy secrets.

[mrjones2014]

I'm not super great with systemd, I've spent a long time wrangling it, so if you have any input that would be great

[dnaq]

I don't think the issue is systemd, it is that you use a system.activationScript on rebuilds. If it would be possible to not use an activationscript at all, but instead a systemd service for each secret, that would likely work. Somewhat like how secrix does it.