Implement rolling updates of config/secrets directly on services #9

New issue

Closed

opened 2023-08-13 20:43:22 +02:00 by so-rose · 1 comment

so-rose commented 2023-08-13 20:43:22 +02:00

Owner

Copy link

Currently we stop/start stacks to perform updates of configs/secrets. This is bad :)

With a little information-gathering, I'm certain we can prevent actually stopping stacks on deploy and instead only do the secret rotation as described in the Docker documentation: https://docs.docker.com/engine/swarm/secrets/#example-rotate-a-secret

• Note rolling_updates in the docker_config ansible module.

That would also allow us to make use of built-in rolling config/secret update strategies in the deploy: section of the Compose specification.

NOTE: The rclone volume stuff is always gonna need manual stop/start. Is jank. Such is life. Best we can do is make working with this more ergonomic in our playbooks.

Currently we stop/start stacks to perform updates of configs/secrets. This is bad :) With a little information-gathering, I'm certain we can prevent actually stopping stacks on deploy and instead only do the secret rotation as described in the Docker documentation: https://docs.docker.com/engine/swarm/secrets/#example-rotate-a-secret - Note `rolling_updates` in the `docker_config` ansible module. That would also allow us to make use of built-in rolling config/secret update strategies in the `deploy:` section of the Compose specification. **NOTE**: The rclone volume stuff is always gonna need manual stop/start. Is jank. Such is life. Best we can do is make working with this more ergonomic in our playbooks.

so-rose added the

enhancement

availability

labels 2023-08-13 20:43:22 +02:00

so-rose added this to the Refactor and Cleanup project 2023-08-13 20:57:56 +02:00

so-rose referenced this issue 2023-08-13 22:09:06 +02:00

Dedicated .password-store w/minimal-attack-surface Secrets Collaboration #18

so-rose added the

duplicate

label 2023-08-21 12:40:48 +02:00

so-rose commented 2023-08-21 12:41:04 +02:00

Author

Owner

Copy link

Closing as duplicate of #23.

Closing as duplicate of #23.

so-rose closed this issue 2023-08-21 12:41:06 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

v0.1.0

Labels

Clear labels   

availability

Something that can increase the uptime of services in a particular situation.

  

bug

Something is not working, or not working right.

  

deployment-usability

Related to the usability of the deployment method itself.

  

duplicate

This issue or pull request already exists

  

enhancement

Proposed enhancement or feature.

  

help-wanted

Issue that needs help in order to be understood or tackled.

  

question

More information is needed

  

security

Related to the security or privacy of the system.

  

stack-auth

Related to the auth stack.

  

stack-chat

Related to the chat stack.

  

stack-cleanup

Related to the cleanup stack.

  

stack-git

Related to the git stack.

  

stack-mesh

Related to the mesh stack.

  

stack-site-support

Related to the site-support stack.

  

wontfix

This won't be fixed, either by design, or due to other issues.

No labels

availability

bug

deployment-usability

duplicate

enhancement

help-wanted

question

security

stack-auth

stack-chat

stack-cleanup

stack-git

stack-mesh

stack-site-support

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Refactor and Cleanup

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: python-support/python-support-infra#9

No description provided.