Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] locksmith: integration with FleetLock #510

Open
1 of 8 tasks
tormath1 opened this issue Sep 17, 2021 · 1 comment
Open
1 of 8 tasks

[RFE] locksmith: integration with FleetLock #510

tormath1 opened this issue Sep 17, 2021 · 1 comment
Labels
area/updates Issues related to the updates, update_engine_client, etc kind/feature A feature request

Comments

@tormath1
Copy link
Contributor

tormath1 commented Sep 17, 2021
edited
Loading

Current situation

locksmith is highly bound to etcd: users who want to have a cluster reboot coordination needs to use etcd. The idea is to implement a FleetLock client into locksmith.

Impact

Flatcar users will benefit from FleetLock integration:

  • more backend flexibility to orchestrate rebooting of instances inside a cluster
  • remove etcd dependency from locksmith

Ideal future situation

User will configure locksmith via a HTTP FleetLock endpoint URL.

Implementation options

  • FleetLock:
  • Locksmith:
  • Flatcar:
  • ship airlock in the OS + systemd configuration ready to run a local airlock instance
  • documentation: explain how users can use locksmith + airlock + etcd to emulate the current behavior + other use cases like using an external FleetLock endpoint
  • upgrade locksmith into the OS
  • Kola:
  • implement more tests to cover actual use cases (avoid regression)
  • implement a custom testing FleetLock server to create scenarios (network latency, etc.) used by the tested locksmith
  • implement test with new features offered by FleetLock

Additional information
@tormath1 tormath1 added kind/feature A feature request area/updates Issues related to the updates, update_engine_client, etc labels Sep 17, 2021
@tormath1 tormath1 mentioned this issue May 31, 2022
Draft
1 task
@pothos
Copy link
Member

pothos commented Apr 22, 2024

About migration to etcd3: We might keep etcd2 support around in locksmith for some time besides FleetLock, or we could directly delete it and make FleetLock the new default together with an inbuilt airlock layer (part of locksmith instead of a separate binary) where we point the inbuilt Airlock layer to the configured locksmith etcd server. This will then use the etcd3 protocol. Update behavior should be ok even though etcd keeps the v2 and v3 state separate: The old clients coordinate themselves in the v2 state and the new clients have just updated and don't need to coordinate themselves for the next hours in which all old clients of the same pool should have updated.

One more idea:

  • Run a public Airlock server that users can rely on for simple coordination by using secret group names for their clusters.

@pothos pothos mentioned this issue Apr 22, 2024
Open
4 tasks
@pothos pothos mentioned this issue May 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/updates Issues related to the updates, update_engine_client, etc kind/feature A feature request
Projects
Flatcar tactical, release planning, and roadmap
Status: 🪵Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pothos @tormath1