Open archanaserver opened 1 week ago
There are few things which I don't understand clearly yet, first how can we ensure dependencies here like we have depends_on
in compose way to do it https://github.com/pulp/pulp-oci-images/blob/latest/images/compose/compose.yml#L93. I didn't find the much info. Another things is with multiple services that have dependencies on each other, how should secrets be managed? What is the recommended way to configure secrets to ensure secure communication between these services?
Also how when testing the deployment manually like podman run way, it works as expected. However, when using my Ansible configuration, I encounter a timeout error while waiting for the pulp-api service to be accessible. @evgeni please need your help here? 🥺
This could be handled via systemd Wants/Requires
and the After
option to provide some ordering. I do feel we should also make the container services smart enough to check for connections before performing initialization operations like migrating. You can see examples of this last part (https://github.com/pulp/pulp-oci-images/blob/latest/images/assets/pulp-api#L3-L4) (https://github.com/pulp/pulp-oci-images/blob/latest/images/assets/wait_on_postgres.py)
We are using podman secrets right now, and I recently added to the repository a naming scheme for how to define the secrets (https://github.com/ehelms/foreman-quadlet?tab=readme-ov-file#naming-convention). For services that need the same secret, we can define the secret once with podman secrets and then it can be declared within each quadlet file. See https://github.com/ehelms/foreman-quadlet/blob/master/roles/candlepin/tasks/main.yml#L59-L71
I am not sure about this. If you ssh into the VM and try to start it manually what happens?
migration_service
with runs pulpcore-manager migrate --noinput
and the other services depend on.
implementation of pulp services(api, content and worker)