Packaging of ziti binaries

[sabedevops]

Ziti binaries could be packages for Linux distribution packaging formats. The ziti-edge-tunnel is currently packaged for the deb and rpm formats.

Packaging should include:

• Binaries compiled for the major distribution version so that any issues with GlibC are covered.
• systemd units
• All dependencies expressed
• Any additional defalt system configuration (e.g. runtime user)
• Setup of relevant user configuration directories per FSH

[qrkourier]

The first step is to package ziti binary with CGO enabled, hence a dynamic link to libc. This first package does not entail a systemd service unit, but further packages depending upon this first package will define units like ziti-controller.service.

The ziti-cli package will have not depend on other packages.

@sabedevops Does "FSH" mean filesystem hierarchy standard? I'll avoid configuring a POSIX homedir, default shell, and FHS/XDG dirs if possible. I believe the only requirement for further packages like ziti-controller will be to run as user "ziti," and to use process-level configuration, e.g., the config.yaml, not to have system-level or user-level configuration for particular config dirs. In other words, I'll try to express all of the controller's configuration in config.yaml if possible.

---

Do POSIX user/group in ziti-cli package?

Q. Does it make more sense to manage the POSIX user and group with this first package named like ziti-cli or to separately manage those resources within the packages that use them, if only for the sake of DRY code?

A. I'm leaning toward managing the POSIX user and group in the (base) package named like ziti-cli so that the packages that depend on it can safely assume a user and group each named "ziti" with ID 2171 exists. This is a simple way to DRY the code that manages the user and group.

Expounding on the question: In other words, the base package named like ziti-cli that installs ziti CLI is a dependency of packages like ziti-controller, but ziti-cli does not run as user "ziti" or have any service units defined. Packages like ziti-controller do run as user "ziti", but if we manage those POSIX resources in ziti-controller and ziti-router packages then we risk duplication.

[sabedevops]

Yes, that was meant to be FHS*.

[qrkourier]

Here's some information about generating Linux install packages for Go projects collated by ChatGPT: https://chat.openai.com/share/5b553595-0ed0-4696-b759-65dfa139322f

TL;DR Use fpm or nfpm

Takeaway: I'm leaning toward nfpm (ref link) because it appears to be more evolved and simpler. If our needs become more complex and outgrow it then we can switch to fpm.

[sabedevops]

Expanded chat history, prompting for user management, install scripts, and systemd unit file inclusion: https://chat.openai.com/share/803e492a-4f22-448b-bd03-1489fe86eb3d

[qrkourier]

There are a couple of similar GH Actions that we could use. I'll record the reasoning for my choice here. Both Actions have equivalent inputs.

I didn't choose https://github.com/marketplace/actions/nfpm-packager-action-v2 because it relies on a container image maintained externally by the author which was last updated 2 years past.

https://github.com/marketplace/actions/nfpm-deb-rpm-apk-and-archlinux-packager is my choice because it fetches the configured nfpm release directly from upstream and is otherwise self-contained.

[qrkourier]

It was pointed out that these packages will could also solve the problem of defining systemd service units that the quickstart shell functions are currently writing.

[qrkourier]

We'll adopt this Linux package naming convention.

openziti

provides a symlink to /opt/openziti/bin/ziti in /usr/bin/ziti and a user manual without any other configuration, scripts, or dependencies

openziti-controller

depends on package openziti, provides a daemon that executes /usr/bin/ziti controller run /opt/openziti/etc/controller.yaml and a sysadmin manual

openziti-router

depends on package openziti, provides a daemon that executes /usr/bin/ziti router run /opt/openziti/etc/router.yaml and a sysadmin manual

---

Link to related issue for authoring the user and sysadmin manuals: https://github.com/openziti/ziti/issues/1240

[qrkourier]

We're currently planning to rename openziti, but for the record I don't see any collisions in fedora38 with dnf search ziti or Ubuntu Jammy with apt search ziti.