This is a security issue - the generated files with credentials are kept in the .rkd/deployment directory

It should be easy and possible to implement a task to ssh into remote host(s), and very practical. There could be also a switch --print-sudo-pass to print sudo password before entering the shell.

Simply allow to assign priority numbers to containers (no complex dependency management - tool for listing all of services ordered by priority should be enough to handle this easily)

Logging to host's rsyslog on docker daemon side is a good idea, it could be used to centralize logging and possibly passing it to external server that has kibana for logs browsing.

Idea:
To allow hiding administrative services behind a login page.

Technically:
The proxy could be optionally installable via Harbor Snippet Cooperative. But the support must be anyway in the NGINX template.

https://github.com/vouch/vouch-proxy
https://developer.okta.com/blog/2018/08/28/nginx-auth-request

https://github.com/riotkit-org/riotkit-harbor-snippet-cooperative

This is currently unclear what is the order of loading of YAML files for compose. There must be a mechanism to apply overrides to existing services.

Need to specify order, example (later - better, to work as an override):

• apps/conf
• apps/conf/override
• apps/conf.dev
• apps/conf.prod

Cases:

• Remote host -> container
• Remote host -> host
• Local host -> container

Idea:
"delayed-request" strategy can be implemented if possible (delay current requests on gateway - extend timeout until the service is not replaced)

Notice: This is an investigation + implementation task. If the investigation would result in - "cannot do" then this feature should be cancelled.

Effect:
Users would not get 500 error or other weird errors, they would need to wait a few seconds more for page to load

• exec
• logs
• inspect (given service instance - container)
• report (service and it's all instances)

Issue: Not all keys begins with -----BEGIN OPENSSH PRIVATE KEY, some begins with -----BEGIN RSA PRIVATE KEY which makes Harbor not to recognize value as a properly formatted private key. The result is that key is pasted into ansible.cfg making a syntax issue.

Resolution: check only first -----BEGIN at the at least beginning of the private key string

Like in Kubernetes

Like in Harbor 1.0

Create a task that will encrypt current .env into .env-prod using Ansible Vault, and a task that will allow to directly edit the .env-prod

Correctly handle case, when docker-compose says it cannot create containers because the name is already used - at least what we can do is retry the operation which usually works.

   ===> Starting "gateway_letsencrypt" (1 instances)...
[2020-07-11 08:27:34.483][info]: Doing a "rolling" deployment for "gateway_letsencrypt"
[2020-07-11 08:27:34.484][info]: Processing instance #1/1
[2020-07-11 08:27:34.484][info]: Suspending service discovery
[2020-07-11 08:27:34.971][info]: Scaling up to 2
Creating anarchist_project_gateway_letsencrypt_1 ... 
Creating anarchist_project_gateway_letsencrypt_2 ... 
Creating anarchist_project_gateway_proxy_gen_1
Creating anarchist_project_gateway_letsencrypt_1 ... done
Creating anarchist_project_gateway_letsencrypt_1

ERROR: for anarchist_project_gateway_letsencrypt_2  Cannot create container for service gateway_proxy_gen: Conflict. The container name "/anarchist_project_gateway_proxy_gen_1" is already in use by container "c6b73cdcb025091d31db78df79010819388bacf220bb42f9502da1393fc953fa". You have to remove (or rename) that container to be able to reuse that name.

ERROR: for gateway_letsencrypt  Cannot create container for service gateway_proxy_gen: Conflict. The container name "/anarchist_project_gateway_proxy_gen_1" is already in use by container "c6b73cdcb025091d31db78df79010819388bacf220bb42f9502da1393fc953fa". You have to remove (or rename) that container to be able to reuse that name.
Encountered errors while bringing up the project.
[2020-07-11 08:27:37.405][error]: Scaling back to declared state as error happened: Command 'bash' returned non-zero exit status 1.
anarchist_project_gateway_letsencrypt_1 is up-to-date
[2020-07-11 08:27:37.960][info]: Starting service discovery
Starting anarchist_project_gateway_1 ... done
Starting anarchist_project_gateway_proxy_gen_1 ... 
Starting anarchist_project_gateway_proxy_gen_1 ... done
Traceback (most recent call last):
  File "/project/.venv/lib/python3.6/site-packages/rkd/executor.py", line 65, in execute
    env=declaration.get_env()
  File "/project/.venv/lib/python3.6/site-packages/harbor/tasks/base.py", line 136, in execute
    return self.run(context)
  File "/project/.venv/lib/python3.6/site-packages/harbor/tasks/service.py", line 101, in run
    return strategies[strategy]()
  File "/project/.venv/lib/python3.6/site-packages/harbor/tasks/service.py", line 87, in <lambda>
    'rolling': lambda: self.deploy_rolling(service, context),
  File "/project/.venv/lib/python3.6/site-packages/harbor/tasks/service.py", line 170, in deploy_rolling
    raise e
  File "/project/.venv/lib/python3.6/site-packages/harbor/tasks/service.py", line 151, in deploy_rolling
    existing_containers = self.containers(ctx).scale_one_up(service)
  File "/project/.venv/lib/python3.6/site-packages/harbor/driver.py", line 372, in scale_one_up
    raise e
  File "/project/.venv/lib/python3.6/site-packages/harbor/driver.py", line 368, in scale_one_up
    capture=True
  File "/project/.venv/lib/python3.6/site-packages/harbor/driver.py", line 194, in compose
    return self.scope.sh(cmd, capture=capture)
  File "/project/.venv/lib/python3.6/site-packages/rkd/contract.py", line 282, in sh
    cmd=cmd, capture=capture, verbose=verbose, strict=strict, env=env
  File "/project/.venv/lib/python3.6/site-packages/rkd/taskutil.py", line 92, in sh
    return check_output('bash', shell=True, stdin=read).decode('utf-8')
  File "/usr/lib/python3.6/subprocess.py", line 356, in check_output
    **kwargs).stdout
  File "/usr/lib/python3.6/subprocess.py", line 438, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command 'bash' returned non-zero exit status 1.
Command '#!/bin/bash -eopipefail 
set -euo pipefail; export PYTHONUNBUFFERED=1;  /project/.venv/bin/harbor --no-ui --no-ui :harbor:service:up gateway_letsencrypt  --strategy=auto' returned non-zero exit status 1.Cannot start service "gateway_letsencrypt"

Steps to reproduce:
Deploy to a fresh environment - do a docker prune on containers, networks and volumes.

It is a very common mistake to try to deploy changes that were not commited or pushed to the server yet.

Harbor can optionally be setting up a daemon on host to listen for rolling-update of a service on UNIX socket - UNIX socket can be forwarded to inside of a docker container that takes webhooks (eg. thin-deployer)

This concept is very secure and clear.

Then merge Wolnosciowiec-Archive/ansible-harbor-role#3

The Harbor Simple Router could be used to perform a domain redirection, or informational HTML page publication (eg. "coming soon").

Use cases:

• Commit to repo and deploy to production for longer time
• In case of emergency do it on production, quickly replace existing container with a Harbor Simple Router forwarding the traffic somewhere / displaying maintenance page while turning off the original service

Often an administrator would like to quickly deploy a single container, without having to add a profile file into git.
This could be done by adding a new switch that could allow to read profile from commandline.

harbor :deployment:apply --service-selector 'name.startswith("matrix")'

I'm not sure if it works for other people, but for me the demo Gif on the README is extremely distorted:

If you want, you could try out my cast2gif renderer for Asciinema recordings. But unfortunately I don't have automated builds yet. 😕

Templates should have a possibility to be rendered anywhere in the project root directory.

Expectations:

• Rendered from ./containers/templates
• Into directory ./

Make gateway, service discovery and SSL optional, installable via Snippet Cooperative.

Travis is veeeeeery sloooow. Github Actions would improve the CI performance and clarity alot.