begin phasing in config of vpn via cdist
This commit is contained in:
Nico Schottelius
parent
e2b36c8bca
commit
054886fd9c
5 changed files with 119 additions and 39 deletions
|
|
@ -170,7 +170,7 @@ VPNNetworks can be managed by all authenticated users.
|
|||
* Developer Handbook
|
||||
The following section describe decisions / architecture of
|
||||
uncloud. These chapters are intended to be read by developers.
|
||||
** Documentation
|
||||
** This Documentation
|
||||
This documentation is written in org-mode. To compile it to
|
||||
html/pdf, just open emacs and press *C-c C-e l p*.
|
||||
** Models
|
||||
|
|
@ -234,6 +234,53 @@ VPNNetworks can be managed by all authenticated users.
|
|||
*** Decision
|
||||
We use integers, because they are easy.
|
||||
|
||||
** Distributing/Dispatching/Orchestrating
|
||||
*** Variant 1: using cdist
|
||||
- The uncloud server can git commit things
|
||||
- The uncloud server loads cdist and configures the server
|
||||
- Advantages
|
||||
- Fully integrated into normal flow
|
||||
- Disadvantage
|
||||
- web frontend has access to more data than it needs
|
||||
- On compromise of the machine, more data leaks
|
||||
- Some cdist usual delay
|
||||
*** Variant 2: via celery
|
||||
- The uncloud server dispatches via celery
|
||||
- Every decentral node also runs celery/connects to the broker
|
||||
- Summary brokers:
|
||||
- If local only celery -> good to use redis - Broker
|
||||
- If remote: probably better to use rabbitmq
|
||||
- redis
|
||||
- simpler
|
||||
- rabbitmq
|
||||
- more versatile
|
||||
- made for remote connections
|
||||
- quorom queues would be nice, but not clear if supported
|
||||
- https://github.com/celery/py-amqp/issues/302
|
||||
- https://github.com/celery/celery/issues/6067
|
||||
- Cannot be installed on alpine Linux at the moment
|
||||
- Advantage
|
||||
- Very python / django integrated
|
||||
- Rather instant
|
||||
- Disadvantages
|
||||
- Every decentral node needs to have the uncloud code available
|
||||
- Decentral nodes *might* need to access the database
|
||||
- Tasks can probably be written to work without that
|
||||
(i.e. only strings/bytes)
|
||||
|
||||
**** log/tests
|
||||
(venv) [19:54] vpn-2a0ae5c1200:~/uncloud$ celery -A uncloud -b redis://bridge.place7.ungleich.ch worker -n worker1@%h --logfile ~/celery.log -
|
||||
Q vpn-2a0ae5c1200.ungleich.ch
|
||||
|
||||
|
||||
*** Variant 3: dedicated cdist instance via message broker
|
||||
- A separate VM/machine
|
||||
- Has Checkout of ~/.cdist
|
||||
- Has cdist checkout
|
||||
- Tiny API for management
|
||||
- Not directly web accessible
|
||||
- "cdist" queue
|
||||
|
||||
** Milestones :uncloud:
|
||||
*** 1.1 (cleanup 1)
|
||||
**** TODO [#C] Unify ValidationError, FieldError - define proper Exception
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue