search

theforeman / foreman-quadlet

0 stars 4 forks source link

add pulp services #34

Open archanaserver opened 1 week ago

archanaserver commented 1 week ago

implementation of pulp services(api, content and worker)

archanaserver commented 1 week ago

There are few things which I don't understand clearly yet, first how can we ensure dependencies here like we have depends_on in compose way to do it https://github.com/pulp/pulp-oci-images/blob/latest/images/compose/compose.yml#L93. I didn't find the much info. Another things is with multiple services that have dependencies on each other, how should secrets be managed? What is the recommended way to configure secrets to ensure secure communication between these services? Also how when testing the deployment manually like podman run way, it works as expected. However, when using my Ansible configuration, I encounter a timeout error while waiting for the pulp-api service to be accessible. @evgeni please need your help here? 🥺

ehelms commented 1 week ago

This could be handled via systemd Wants/Requires and the After option to provide some ordering. I do feel we should also make the container services smart enough to check for connections before performing initialization operations like migrating. You can see examples of this last part (https://github.com/pulp/pulp-oci-images/blob/latest/images/assets/pulp-api#L3-L4) (https://github.com/pulp/pulp-oci-images/blob/latest/images/assets/wait_on_postgres.py)

We are using podman secrets right now, and I recently added to the repository a naming scheme for how to define the secrets (https://github.com/ehelms/foreman-quadlet?tab=readme-ov-file#naming-convention). For services that need the same secret, we can define the secret once with podman secrets and then it can be declared within each quadlet file. See https://github.com/ehelms/foreman-quadlet/blob/master/roles/candlepin/tasks/main.yml#L59-L71

I am not sure about this. If you ssh into the VM and try to start it manually what happens?

evgeni commented 1 week ago