bryopsida / eureka-operator Goto Github PK

The operator needs to be able to be able to manage system packages, to start with ubuntu/debian system packages.

TODO

• Can install/remove packages
• Should be idempotent
• Should not repeat itself on every message if the system is already in the desired state.

The operator needs to support command executions, these should executed once.

TODO

• Support running commands defined in multicast messages
• Only run the commands once per system/operator.

Create a buildroot img that can be used to create VMs and/or flash machines so they immediately join the group and can be managed.

In some cases the managers will need to be directly controlled on a specific box, for this a unicast control interface is needed. Access to this should be controlled via pub/priv key. The keypair should be generated on each startup. The public key is announced over the authenticated discovery channel, when a client sees other peers it should add their pub keys as accepted clients. gRPC may be used but alternatively a tcp stream may be used to keep the runtime deps at 0.

TODO

• add unicast control api

Operator should detect OS/Linux Distro and support the same management/functionality when running on alpine linux.

As a maintainer, I want to ensure beacon message handling is serialized, when many messages arrive at once, and the messages trigger change, it could cause conflicts on the OS operations if not serialized.

The operator needs to be able to inject configuration files to the system that other things are watching/waiting on. To start with, it should be able to seed values in a configuration file tree where the files are keys and the contents are the key values. It should also support regex replacements of existing configuration files. The operations should be idempotent but also tracked to avoid causing unneeded syscalls/io ops.

TODO

• Support seeding simple key value pairs to the fs
• Support regex replacement on existing files
• Track operations and do not repeat operations that would end up with the same state the system is already in

When introducing profile changes to an established network and unsealing a node, that node will need to filter out profile adverts from nodes that haven't had a new profile applied and only accept and seal upon receipt of a new profile.

The operator will need to be able to download, verify and put assets from remote locations into desired locations in the system.

TODO

• Can download assets over https from remote locations without authentication
• Can check with head requests for modifications to those assets to keep them fresh
• Does not repeat itself if the system is already in the desired state

As part of the release process, create a .deb file that packages the SEA to make this installable without npm.

As part of supporting alpine, a workflow for releasing an APK will be needed.

When a thing comes online it should be unsealed and accept broadcast profiles for desired state, once it has a profile applied it should switch to a sealed mode and no longer take profile changes. Their should be a way for an admin client node unseal and propagate a new profile change.

Release the executable as something that can be installed npm install -g and run as a system service

Once the API/Interface layers have stabilized implement in go

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

As part of the release process, generate a SEA following the LTS version of node for both amd64 and arm64 linux. https://nodejs.org/api/single-executable-applications.html

The UDP multicast comms work well for discovery of peers and exchanging public keys but something like tcp unicast stream would work better for more complex unicast comms. To support this we need to generate a pub/priv key on startup and include this in our announcements along with the port binding where the service is available.

To prep for creating a single executable application, generate a one file script build using ncc.

Release as a library to NPM so the operator can be extended, likely will need to split the code into workspaces.

The operator will need to be able to install/remove snap packages

TODO

• Can install snap packages
• Can remove snap packages
• Does not do operations when the system is already in the desired state.