-
Notifications
You must be signed in to change notification settings - Fork 296
Ansible Rewrite #2123
base: develop
Are you sure you want to change the base?
Ansible Rewrite #2123
Conversation
Signed-off-by: Willy Njundong <[email protected]>
Signed-off-by: Willy Njundong <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested to work on GKE, and probably also works with Amazon EKS. Certainly does not work with baremetal Kubernetes clusters.
Would be great if someone could help out in setting appropriate resource limits. I have no idea what iroha needs and lack expertise to measure/analyze. |
Signed-off-by: Willy Njundong <[email protected]>
Signed-off-by: Willy Njundong <[email protected]>
Inconsequential ansible task rename Signed-off-by: Willy Njundong <[email protected]>
@sudomann You were asking me about improving security handling. Deleting files with private keys from a deployment host after the process is finished sounds like a good idea, but be sure to backup them somewhere in a safe place. I don't understand why there are private and public keys embedded directly in configuration files, can you clarify a bit? |
@baydarich When Ansible generates keys for each peer, they are first recorded into a csv file.
As I understand, there is no further use in knowing/keeping the private keys beyond that once all the peers have them mounted. For potential debugging purposes however, I thought it made sense to have files showing that the role was working as intended. e.g verifying using the csv file that the peers were assigned the right combination of hostname and public key when added in the I've thought about changing the Ansible steps to instead add a peer to the |
Thanks for the contribution. I skimmed through the code and overall it looks good. But we need some time to actually test the new playbook. Based on the test results I'll be able to give a proper feedback. |
Description of the Change
Rewritten for peers to be able to discover each other within the cluster and communicate within a given namespace. A service is also defined to expose
torii-port
to another specified namespace (has been preset tonamespace: default
).Benefits
Ansible configuration for Kubernetes that works and is flexible to customize via variables without breaking functionality.
Configuration follows good semantics, and allow easy deployment with minimal effort.
Possible Drawbacks
None
Usage Examples or Tests [optional]
Alternate Designs [optional]