On Tue, May 2, 2017 at 1:06 AM, Giuseppe Scrivano <gscri...@redhat.com> wrote: > Hi, > > Great work Jason! We should definitely get these images into > atomic-system-containers. > > Daniel Walsh <dwa...@redhat.com> writes: > >> If these config changes should be in the standard etcd/flanneld >> containers please open pull requests to fix this on >> github.com:projectatomic/atomic-system-containers >> >> On 04/28/2017 03:08 PM, Jason Brooks wrote: >>> On Fri, Apr 28, 2017 at 1:05 AM, Spyros Trigazis <strig...@gmail.com> wrote: >>>> Hi, >>>> >>>> So far, I have only tried etcd, works well but the only piece missing is >>>> a way to pass TLS credentials which is quite important for certain >>>> deployments like ours. My next goal is flannel. Flannel will require >>>> TLS creds as well. To do it, I rebuilt the image to bindmount them. >>> The ansible scripts handle this, and they put the certs in >>> /etc/etcd/certs -- I'm bind mounting /etc/etcd to accommodate this. >>> Where do you put your certs? > > I have done something similar for the openshift-ansible. I got some > changes in that let us use the existing bind mounts: > > https://github.com/openshift/openshift-ansible/commit/73d91dbcbcd3f2188977ac36e06adf57803b4842 > > What I did here is to read the configuration from > /var/lib/etcd/etcd.etcd/etc instead of /etc/etcd when using a system > container since that path is already bind mounted in the container. > With this change in openshift-ansible we don't need any modification in > the etcd image.
I've experimented w/ making more changes to the ansible like these -- adapting the scripts to the system containers rather than the reverse, but I started thinking it'd be easier to adapt the system containers to be more of a drop-in replacement, leaving them to be configured as much like the regular packages as possible. So, things like making etcd configurable by editing a conf file vs. limiting configuration to --set commands. Do you think it's worthwhile to try and make system containers work this way, or would we be losing out on some system containers goodness through this? Jason > >>> It's a similar situation w/ flannel, w/ certs in /etc/flanneld/certs. > > in this case we will probably need to modify the image, the existing > bind mounts don't seem enough to do something similar as for etcd. > > Regards, > Giuseppe
