python-support
/
python-support-infra
1
0
Fork 0
Code Issues 25 Pull Requests Projects 2 Releases Wiki Activity

Implement rolling updates of config/secrets directly on services #9

New Issue
Closed
opened 2023-08-13 20:43:22 +02:00 by so-rose · 1 comment
so-rose commented 2023-08-13 20:43:22 +02:00
Owner

Currently we stop/start stacks to perform updates of configs/secrets. This is bad :)

With a little information-gathering, I'm certain we can prevent actually stopping stacks on deploy and instead only do the secret rotation as described in the Docker documentation: https://docs.docker.com/engine/swarm/secrets/#example-rotate-a-secret

  • Note rolling_updates in the docker_config ansible module.

That would also allow us to make use of built-in rolling config/secret update strategies in the deploy: section of the Compose specification.

NOTE: The rclone volume stuff is always gonna need manual stop/start. Is jank. Such is life. Best we can do is make working with this more ergonomic in our playbooks.

Currently we stop/start stacks to perform updates of configs/secrets. This is bad :) With a little information-gathering, I'm certain we can prevent actually stopping stacks on deploy and instead only do the secret rotation as described in the Docker documentation: https://docs.docker.com/engine/swarm/secrets/#example-rotate-a-secret - Note `rolling_updates` in the `docker_config` ansible module. That would also allow us to make use of built-in rolling config/secret update strategies in the `deploy:` section of the Compose specification. **NOTE**: The rclone volume stuff is always gonna need manual stop/start. Is jank. Such is life. Best we can do is make working with this more ergonomic in our playbooks.
so-rose added the
enhancement
availability
 labels 2023-08-13 20:44:12 +02:00
so-rose added this to the Refactor and Cleanup project 2023-08-13 20:57:56 +02:00
so-rose added the
duplicate
 label 2023-08-21 12:40:48 +02:00
so-rose commented 2023-08-21 12:41:04 +02:00
Poster
Owner

Closing as duplicate of #23.

Closing as duplicate of #23.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
v0.1.0
Labels
Clear labels   
availability

Something that can increase the uptime of services in a particular situation.   
bug

Something is not working, or not working right.   
deployment-usability

Related to the usability of the deployment method itself.   
duplicate

This issue or pull request already exists   
enhancement

Proposed enhancement or feature.   
help-wanted

Issue that needs help in order to be understood or tackled.   
question

More information is needed   
security

Related to the security or privacy of the system.   
stack-auth

Related to the auth stack.   
stack-chat

Related to the chat stack.   
stack-cleanup

Related to the cleanup stack.   
stack-git

Related to the git stack.   
stack-mesh

Related to the mesh stack.   
stack-site-support

Related to the site-support stack.   
wontfix

This won't be fixed, either by design, or due to other issues.
No Label
availability
bug
deployment-usability
duplicate
enhancement
help-wanted
question
security
stack-auth
stack-chat
stack-cleanup
stack-git
stack-mesh
stack-site-support
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Refactor and Cleanup
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: python-support/python-support-infra#9
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?