coreos / airlock Goto Github PK
View Code? Open in Web Editor NEWMinimal update/reboot orchestrator for Fedora CoreOS clusters
License: Apache License 2.0
Minimal update/reboot orchestrator for Fedora CoreOS clusters
License: Apache License 2.0
Airlock uses node UUID to identify HTTP clients and lock holders. However, when serialized to textual form, UUID may have several representations. In particular, there are two that are relevant here:
28c20a4a-64dd-488d-925c-1d591637ca8e
28c20a4a64dd488d925c1d591637ca8e
Dashes are just visual sugar for humans. Systemd uses the non-dashed form everywhere by default.
We should pick one of the two forms, document it, and use it everywhere in an uniform way.
Airlock should count the number of error responses, on both API endpoints separately. Those two counters should be then exposed as Prometheus metrics via the status service.
After #17, each API has an associated machine-friendly "kind" (with bounded and low cardinality). Error kind can be used as a metric label to enhance observability.
Overall, final metrics should look like the following:
airlock_v1_pre_reboot_response_errors_total{kind="<XYZ>"}
airlock_v1_steady_state_response_errors_total{kind="<XYZ>"}
Airlock needs to have additional knobs to configure a "maintenance window" for reboots. Those needs to added both for the default group, and for specific custom groups.
A reboot window works in conjunction (logical AND) with existing counting-semaphore logic.
Entries to be added to the lock
section:
default_reboot_window_days
: a set of short-day-names (like date %a, i.e. [ "Mon", "Wed" ])default_reboot_window_start
: start time, in 24h format (i.e. 23:45)default_reboot_window_duration
: length, in minutesEntries to be added for each lock.groups
section (these override defaults, if set):
reboot_window_days
reboot_window_start
reboot_window_duration
Note: this relies on the system clock of the environment where an airlock process is running.
For operational maintenance and introspection, airlock should grow some CLI subcommands.
Those are mostly meant for human consumption, in order to inspect state in etcd3 and act on it.
The idea is that the administrator can kubectl exec
into the container and run maintenance commands there. Those commands requires access to the configuration, which is already available inside the container.
Here below is an initial list of tasks I'd like to be able to perform via CLI.
The arm64 container currently builds in an emulated arm64 host via qemu-user. It would be much more efficient to cross-build from amd64 by having the Dockerfile specify FROM --platform=$BUILDPLATFORM
for the builder container and set GOARCH=$TARGETARCH
. However, Buildah < 1.24.1 doesn't support --platform
in FROM
. Once a new enough Buildah has landed in ubuntu-latest
, switch to cross-building, and re-enable arm64
container builds in PRs by dropping the pr-arches
override.
Followup to #31. See also coreos/butane#334.
Capturing the discussion at https://github.com/coreos/airlock/pull/5/files#r279369060.
Manager.UnlockIfHeld
can avoid a write-trip if the current id
is not holding any semaphore lock. We should first augment Semaphore.UnlockIfHeld
to signal back such situation.
This is a braindumping and tracking ticket for selecting and then exposing more configuration options via TOML. I'm still not settled on what's needed, so I'm collecting everything here. Feel free to chime in with more requests/suggestions.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.