Re: Pattern for multiple subservices and dynamic discovery i.e. VPN

[Davor Ocelic <docelic-skarnet@spinlocksolutions.com>]

On Thu, Aug 18, 2022 at 11:32:30AM +0200, Oliver Schad wrote:

Hey,

How about an approach that would be more tightly integrated
with s6? For example:

> - we need an scanning component for the desired state of running
>   instances (something like 'find /etc/openvpn -name "*conf"')

Right, the scanning component would be the key part. Ideally it
would use inotify so that it doesn't have to poll and also it would
get the type of event automatically (file created or file deleted).

After it sees that a change in a directory has occurred (let's say a
file was added), then it does the following:

- It creates the appropriate service directory for this particular
  VPN config (possibly based on a template)
- It calls s6-svlink or the like to register the new service, which
  automatically also notifies s6-svscan that a new service has been
  added

> - we need an scanning component for the current state in process list
> - we need a diffing component
> - we need a state applier component

I hope these steps would not be necessary, since each .conf file would
be represented as a proper service, and would be managed by s6 natively.

Later, if/when a conf file is removed, the vpn-manager component would
do the opposite and call s6-svunlink.

As a final safeguard, in the `finish` script for such a service, the
script would check whether its original VPN config file is still present.
If it is not, it would trigger a permanent failure event for the service.

> A process tree would look like

/usr/bin/s6-svscan
 s6-supervise vpn-manager
 s6-supervise openvpn foo1.conf
 s6-supervise openvpn foo2.conf

(The individual openvpn services could also have a dependency on vpn-manager.)

Thanks,
Best regards,
Davor

> On Wed, 17 Aug 2022 11:04:50 +0000
> "Laurent Bercot" <ska-supervision@skarnet.org> wrote:
> 
> > >
> > >I'm looking for a pattern to solve a problem, where you have to
> > >discover dynamically the services you have to start.
> > >
> > >Examples could be VPN configurations, where you discover the
> > >configuration files and start for every file an instance of the VPN
> > >service.  
> > 
> >   Hi Oliver,
> > 
> >   Dynamic instantiation is a real pain point - it's an often requested
> > feature, but it's surprisingly hard to make it work correctly and
> > safely in a supervision scheme. Supervision works very well in static
> > environments, but dynamic discovery is at odds with the architecture.
> > 
> >   I have a few ideas to mitigate that and help people create instanced
> > services. Instantiation is a planned feature of the future s6-rc v1
> > but it's still a ways away; I am also thinking of adding tools to help
> > people handle instances with regular s6, amd they may come in the near
> > future, but there are currently no such helpers, sorry.
> > 
> > --
> >   Laurent
> > 
> 
> 
> 
> -- 
> Automatic-Server AG •••••
> Oliver Schad
> Geschäftsführer
> Hardstr. 46
> 9434 Au | Schweiz
> 
> www.automatic-server.com | oliver.schad@automatic-server.com
> Tel: +41 71 511 31 11 | Mobile: +41 76 330 03 47