deploy-rs icon indicating copy to clipboard operation
deploy-rs copied to clipboard
verified publisher icon serokell

deployd-rs

Open blaggacao opened this issue 4 years ago • 2 comments

I imagine a deployd daemon that acts in principal similar to https://fluxcd.io in that it regularily polls a cache for uptades to a profile that is mapped through some sort of machine id, and if a new version is available automagically 1) pulls it, 2) updates its current generation and 3) does basic safety rollback stuff.

blaggacao avatar Mar 18 '21 00:03 blaggacao

One thing I think is worth noting first is, the methodology and purpose of the current magic-rollback implementation is confirming that the deployer can continue to access the deployee after activation has completed, and the reason for this is so you can be sure that even in the worst case scenario, you can connect again to fix things. If the deployment is performed by a local daemon, the safety rollback will need to be implemented in a new way, perhaps by confirming it can still access the cache it pulls updates from.

notgne2 avatar Mar 18 '21 01:03 notgne2

some sort of machine id

From the top of my head:

  • MAC Address of the main interface
  • SystemD machine id
  • EUI-64 ipv6 link-local of the main interface
  • SPIFFE ID / SVID Certificate or other cryptografic identities (nice double up for mTLS instead of VPN and AuthC)
  • ...

/cc @zimbatm

blaggacao avatar Mar 18 '21 01:03 blaggacao