Page MenuHomePhabricator
Create Task
Maniphest T107285

Create a conftool "agent" that overcomes confd deficiencies
Closed, DeclinedPublic
Actions

Description

Confd is a general-purpose tool that has shown some issues at our scale or when coordination is needed in any form. Also, it has some inherent limitations I came to hate.

I want to build a simple, lightweight "conftool agent" that does what follows:

  • takes simple ini files as configuration; such files should be one per service, and can describe various files to create.
  • generates the final service file from a simple templating system - jinja2 should be ok
  • optionally verify syntax of all the generated files
  • optionally restarts the service
  • does nothing to the file on error
  • does not write if a conftool write lock is acquired by some tool, to allow "transactions"
  • responds reliably to changes in etcd within 5 seconds of the lock being released

in my plans, such a tool should replace confd and give us immediate benefits.

Related Objects
Search...

Event Timeline

Joe created this task.Jul 29 2015, 2:09 PM
Joe raised the priority of this task from to Needs Triage.
Joe updated the task description. (Show Details)
Joe added projects: acl*sre-team, discovery-system.
Joe subscribed.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptJul 29 2015, 2:09 PM
Joe closed subtask T107286: implement write locking in conftool as Resolved.Jul 31 2015, 7:56 AM
faidon subscribed.Jul 31 2015, 8:33 AM

I'd be very cautious about implementing a system that essentially... sounds like a configuration management system (including templating, post-hook actions, etc.).

Where do you expect us to be needing this?

Joe added a comment.Jul 31 2015, 8:38 AM

Pybal is the first suspect, but we need something that can change file state reliably upon etcd state change fleet-wide. Another example would be haproxy configurations for databases (for example)

Confd was supposed to be exactly this, but in my testing it has shown some inherent limitations that I wanted to try to overcome. We could limit scope of this and just make it act like the consul agent (just return values pertaining to the current node upon request), but as long as we use it just to configure /state/ (like we do with confd) it would not step on puppet's toes.

ori subscribed.Jul 31 2015, 8:39 AM

So should I not bother with https://gerrit.wikimedia.org/r/#/c/225649/ ?

Joe added a comment.Jul 31 2015, 8:44 AM

@ori not at all, if we do integrate pybal directly this is just a lower priority task.

akosiaris triaged this task as Low priority.Aug 25 2015, 12:41 PM
akosiaris subscribed.
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 8:14 PM
Joe closed this task as Declined.Mar 2 2022, 7:18 AM

7 years later no one is working on this and I doubt it will ever be. Declining the task as a consequence.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits