-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Self sufficient/managed bundle image #638
Comments
This does not necessarily have to be a bash script, this could also be something written in golang/C/rust/... if that's deemed more convenient than bash, or python/... if the interpreters are already installed on the image (but I don't think they are). |
Bash script would be much simpler to do and can be part of same repo, if we want to do same with golang/C/rust then it should be a different repo and create binary which need to be included during bundle creation. I would prefer to do it in bash so there is no dependency and done soonish. |
This is my point, this is a choice which is being made, not a hard requirement we cannot change. I'm not arguing against bash, I'm only pointing out we have alternatives if (hypothetically) we realized at some point bash is not a great fit for what we want to do. |
Consider how input can be given, as cloud-init will be used by some cloud providers |
Just after talk to @praveenkumar add a note on one key benefit from adding the logic to the bundle is to ...manage it externally could be tedious so the script should check the version and apply one logic or the other.... In other words adding it helps long term maintenance |
@praveenkumar hey, what about moving the dnsmasq as dedicated service to the network manager dnsmasq plugin? |
We are now using the dnsmasq service directly instead of running it in the container. if we can have following config as part of dnsmasq plugin then sure it would be better to have it with NM. here
|
One way could be to make the crc provisioner bash script/program support a config file, and run it after the cloud-init runs once cloud-init finishes, it creates the config file crc provisioner tool expects and gets the needed inputs |
From the list in #638 (comment) we can categorize the various post bundle start tasks into two categories: tasks that depend on some kind of external data and those that don't depend on any external data Tasks that don't depend on any external data/input:
Tasks that need external data/input:
Tasks that need external data/input but not critical:
|
So some of the tasks which need external data might be not so critical (like blocker)
This is for debugging purpose in case ssh connection is lost.
This is also to test cert rotation
I think this is also for test cert rotation? or is it something else?
This is something user can do after cluster is running |
Being able to directly inject the generated ssh key would be useful for cfergeau/macadam#17 |
if we get if we have ignition support (i.e re-running ignition again when bundle is started by crc/crc-cloud) then this race condition would also be fixed as ignition runs very early and we'll also have a way to inject the SSH key (we could also work around the units starting issue by having some loops on the scripts that the unit starts or systemd timers to re-trigger the units again later, if we go this route then we can add another systemd unit that adds the SSH pub key the same way) |
Does https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#ConditionPathExists= help with the race you are seeing? |
No, the unit still gets skipped, i tried to use from [Unit]
Description=CRC Unit for adding pull secret to cluster
After=kubelet.service
Requires=kubelet.service
ConditionPathExists=/opt/crc/pull-secret
[Service]
Type=oneshot
ExecStart=/usr/local/bin/ocp-pullsecret.sh
StandardOutput=journal
[Install]
WantedBy=multi-user.target |
Maybe https://www.freedesktop.org/software/systemd/man/latest/systemd.path.html is needed instead. |
As of now, once we start the VM using bundle image, crc perform following operation
777
crc-dnsmasq
serviceFor local there is some more steps like check the certs validation and let user know about it and then wait until it is recovered. But for a cloud image it might be better to have a single bash script which can perform all those action and we can create a unit file to running that script. It will help in case of a cloud image once deployed and that unit is enabled then at the end user will get the running cluster directly.
The text was updated successfully, but these errors were encountered: