[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setting-up the Debian Cloud Image Finder (DCIF ?) in production

Hi Arthur,

Could you please reply to me specifically on the points I raised? Even
if we don't do the HA thingy (which I really think we *must* do), then I
still need to be able to configure the database access. The current
hard-coded password is really not what we want in production.

How can we also get the app fetch data?

As for initializing the db, my understand is that I need to package the
manage.py file. Could you instead put the db_sync operation something
else, so that we don't need to package that, which really, is for debug
purpose only? (ie: in real life, it's going to be running under Apache
or nginx, rather than using the integrated python web server...)


Thomas Goirand (zigo)

On 1/10/20 12:29 PM, Arthur Diniz wrote:
> Hi zigo,
> I appreciate the effort to make the HA environment, but for now,
> think it's better to keep simple and see the people's feedback about it.
> I think that one simple NGINX container with Certbot can fix the SSL
> issue so we can focus
> on the integration with Salsa CI to receives information about new images.
> I already started working on this and by the end of January we should
> have something.
> The issues mapped for this month can be seen
> on https://salsa.debian.org/cloud-team/image-finder/-/milestones/9 ;
> Cheers,
> Arthur Diniz
> Em qua., 25 de dez. de 2019 às 22:22, Thomas Goirand <zigo@debian.org
> <mailto:zigo@debian.org>> escreveu:
>     Hi,
>     I've done some work on the initial packaging of our image finder. This
>     was trivial work, but more is needed.
>     Currently, the site at http://image-finder.debian.net/ runs on a single
>     OpenStack instance. Inside the instance, there 2 docker containers
>     running, one for postgress, one for the Flask application. What I would
>     like to do, is transform this into:
>     - One Octavia load-balancer using a VRRP floating IP [1]
>     - One postgress cluster, maybe with one master and one slave
>     - On the same postgress machines, setup the Flask application that
>     connects to this postgress cluster
>     With an anti-affinity on the instances, they would run on different
>     physical compute nodes, so this achieve full HA. Octavia can do the SSL
>     endpoint. (I'm not sure how we could reproduce this with DSA machines,
>     but that's at least my current plan...)
>     I would setup all of this either using Ansible or Puppet. My choice will
>     depend on what the team prefers, I don't really have a preference. As
>     the DSA team prefers puppet, this probably should be our choice, so we
>     prepare for migrating to some DSA machines later. Please voice your
>     opinion here. If we're to use MariaDB/Galera + puppet, then I can
>     package absolutely all, including the puppet modules for deploying the
>     image-finder.
>     With my first try, I could see that the application looks like working
>     under libapache-mod-wsgi-py3. I have some errors connecting to the DB,
>     and then it fails, but this was to be expected.
>     Now my current problem is:
>     1/ I never did postgressql clustering (I'm more a MariaDB/Galera guy).
>     How does one do it? Is it possible to do master-master connection? Since
>     the app is using SQLAlchemy, would it be possible to use MariaDB/Galera
>     instead of postgress?
>     2/ The Flask application is looking at its environment to get the DSN
>     connection URL, we need a configuration file instead.
>     3/ I have no idea how to feed this application with real data from our
>     generated Salsa images. How do I do that?
>     Could someone bring me some light on how to address the 3 points above?
>     Cheers,
>     Thomas Goirand (zigo)
>     [1] This is HA by itself, with 2 instances, each using HAProxy, and
>     sharing a single public IP address using the VRRP protocol, so this
>     provides full high availability.

Reply to: