Hi Arthur, Could you please reply to me specifically on the points I raised? Even if we don't do the HA thingy (which I really think we *must* do), then I still need to be able to configure the database access. The current hard-coded password is really not what we want in production.
How can we also get the app fetch data? As for initializing the db, my understand is that I need to package the manage.py file. Could you instead put the db_sync operation something else, so that we don't need to package that, which really, is for debug purpose only? (ie: in real life, it's going to be running under Apache or nginx, rather than using the integrated python web server...) Cheers, Thomas Goirand (zigo) On 1/10/20 12:29 PM, Arthur Diniz wrote: > Hi zigo, > > I appreciate the effort to make the HA environment, but for now, > think it's better to keep simple and see the people's feedback about it. > > I think that one simple NGINX container with Certbot can fix the SSL > issue so we can focus > on the integration with Salsa CI to receives information about new images. > > I already started working on this and by the end of January we should > have something. > > The issues mapped for this month can be seen > on https://salsa.debian.org/cloud-team/image-finder/-/milestones/9 > > Cheers, > Arthur Diniz > > Em qua., 25 de dez. de 2019 às 22:22, Thomas Goirand <[email protected] > <mailto:[email protected]>> escreveu: > > Hi, > > I've done some work on the initial packaging of our image finder. This > was trivial work, but more is needed. > > Currently, the site at http://image-finder.debian.net/ runs on a single > OpenStack instance. Inside the instance, there 2 docker containers > running, one for postgress, one for the Flask application. What I would > like to do, is transform this into: > - One Octavia load-balancer using a VRRP floating IP [1] > - One postgress cluster, maybe with one master and one slave > - On the same postgress machines, setup the Flask application that > connects to this postgress cluster > > With an anti-affinity on the instances, they would run on different > physical compute nodes, so this achieve full HA. Octavia can do the SSL > endpoint. (I'm not sure how we could reproduce this with DSA machines, > but that's at least my current plan...) > > I would setup all of this either using Ansible or Puppet. My choice will > depend on what the team prefers, I don't really have a preference. As > the DSA team prefers puppet, this probably should be our choice, so we > prepare for migrating to some DSA machines later. Please voice your > opinion here. If we're to use MariaDB/Galera + puppet, then I can > package absolutely all, including the puppet modules for deploying the > image-finder. > > With my first try, I could see that the application looks like working > under libapache-mod-wsgi-py3. I have some errors connecting to the DB, > and then it fails, but this was to be expected. > > Now my current problem is: > 1/ I never did postgressql clustering (I'm more a MariaDB/Galera guy). > How does one do it? Is it possible to do master-master connection? Since > the app is using SQLAlchemy, would it be possible to use MariaDB/Galera > instead of postgress? > > 2/ The Flask application is looking at its environment to get the DSN > connection URL, we need a configuration file instead. > > 3/ I have no idea how to feed this application with real data from our > generated Salsa images. How do I do that? > > Could someone bring me some light on how to address the 3 points above? > > Cheers, > > Thomas Goirand (zigo) > > [1] This is HA by itself, with 2 instances, each using HAProxy, and > sharing a single public IP address using the VRRP protocol, so this > provides full high availability. >
