Re: Setting-up the Debian Cloud Image Finder (DCIF ?) in production
Hi Arthur,
Could you please reply to me specifically on the points I raised? Even
if we don't do the HA thingy (which I really think we *must* do), then I
still need to be able to configure the database access. The current
hard-coded password is really not what we want in production.
How can we also get the app fetch data?
As for initializing the db, my understand is that I need to package the
manage.py file. Could you instead put the db_sync operation something
else, so that we don't need to package that, which really, is for debug
purpose only? (ie: in real life, it's going to be running under Apache
or nginx, rather than using the integrated python web server...)
Cheers,
Thomas Goirand (zigo)
On 1/10/20 12:29 PM, Arthur Diniz wrote:
> Hi zigo,
>
> I appreciate the effort to make the HA environment, but for now,
> think it's better to keep simple and see the people's feedback about it.
>
> I think that one simple NGINX container with Certbot can fix the SSL
> issue so we can focus
> on the integration with Salsa CI to receives information about new images.
>
> I already started working on this and by the end of January we should
> have something.
>
> The issues mapped for this month can be seen
> on https://salsa.debian.org/cloud-team/image-finder/-/milestones/9 ;
>
> Cheers,
> Arthur Diniz
>
> Em qua., 25 de dez. de 2019 às 22:22, Thomas Goirand <zigo@debian.org
> <mailto:zigo@debian.org>> escreveu:
>
> Hi,
>
> I've done some work on the initial packaging of our image finder. This
> was trivial work, but more is needed.
>
> Currently, the site at http://image-finder.debian.net/ runs on a single
> OpenStack instance. Inside the instance, there 2 docker containers
> running, one for postgress, one for the Flask application. What I would
> like to do, is transform this into:
> - One Octavia load-balancer using a VRRP floating IP [1]
> - One postgress cluster, maybe with one master and one slave
> - On the same postgress machines, setup the Flask application that
> connects to this postgress cluster
>
> With an anti-affinity on the instances, they would run on different
> physical compute nodes, so this achieve full HA. Octavia can do the SSL
> endpoint. (I'm not sure how we could reproduce this with DSA machines,
> but that's at least my current plan...)
>
> I would setup all of this either using Ansible or Puppet. My choice will
> depend on what the team prefers, I don't really have a preference. As
> the DSA team prefers puppet, this probably should be our choice, so we
> prepare for migrating to some DSA machines later. Please voice your
> opinion here. If we're to use MariaDB/Galera + puppet, then I can
> package absolutely all, including the puppet modules for deploying the
> image-finder.
>
> With my first try, I could see that the application looks like working
> under libapache-mod-wsgi-py3. I have some errors connecting to the DB,
> and then it fails, but this was to be expected.
>
> Now my current problem is:
> 1/ I never did postgressql clustering (I'm more a MariaDB/Galera guy).
> How does one do it? Is it possible to do master-master connection? Since
> the app is using SQLAlchemy, would it be possible to use MariaDB/Galera
> instead of postgress?
>
> 2/ The Flask application is looking at its environment to get the DSN
> connection URL, we need a configuration file instead.
>
> 3/ I have no idea how to feed this application with real data from our
> generated Salsa images. How do I do that?
>
> Could someone bring me some light on how to address the 3 points above?
>
> Cheers,
>
> Thomas Goirand (zigo)
>
> [1] This is HA by itself, with 2 instances, each using HAProxy, and
> sharing a single public IP address using the VRRP protocol, so this
> provides full high availability.
>
Reply to: