Solve chicken egg problem for zr container deployment
Closed, WontfixPublic
Actions

Assigned To

Authored By

	dereckson
	Sep 19 2018, 10:22

Description

Some containers require Zemke-Rhyne to provision credentials.

In the current state of the unit, the first pass applying the roles/paas-docker will have some failures for Etherpad and Cachet containers, as all isn't ready to query zr.

To zr work we need:

a zr command
a Phabricator container (and so a MySQL container)
a front-end nginx to pass the request to the container

Plan is to ensure a sane order for Docker role:

We need nginx to be first, so HTTP access to containers work
Wrappers must be there before containers too, so we can use the zr command
Now it's time for containers in the following orders:
MySQL (required by Phabricator)
Phabricator (required by zr containers)
Other ones

Event Timeline

dereckson triaged this task as Low priority.Sep 19 2018, 10:22

dereckson created this task.

dereckson added a project: Salt.

dereckson moved this task from Backlog to Servers config on the Salt board.

That's not enough: Salt will first execute zr to compile yaml and jinja into an ordered Python dictionary, BEFORE zr is ready.

So a two-passes approach is needed, with something (a grain? something like a grain at infra level?) to indicate if zr can be used.

In such a solution, we'd bypass at first pass the states requiring zr, and at second pass we could execute them.

dereckson added a project: Technical debt.Oct 27 2018, 21:17

dereckson moved this task from Backlog to Not for this sprint on the Operations sprints (The Dreadnought will produce new officers) board.

dereckson moved this task from Backlog to Ops on the Technical debt board.Dec 5 2019, 13:12

We migrated from Zemke-Rhyne to Vault for credentials management.

Solve chicken egg problem for zr container deploymentClosed, WontfixPublicActions

Description

Event Timeline

Solve chicken egg problem for zr container deployment
Closed, WontfixPublic
Actions