You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sort of an extension of #174 , it would also be really nice if the temp key files weren't moved into their final locations until all keys have been uploaded, and then were moved as a batch at roughly the same time. The reason for this is that if you have services that depend on multiple keys, then those services end up getting bounced repeatedly as keys are uploaded. This isn't so painful for some services, but for other stuff -- e.g. wireguard -- this can be super obnoxious.
Run a script after all keys have been uploaded which
Stops all key units for keys that have changed
Moves the changed keys to their final location
Removes the temporary upload dir
Starts the key units for the changed keys all at once
This would also allow us to do away with the weird flappy service implementation here and the inotify watches which were mostly written that way to avoid issues with systemd's reliability when using path units (see #119), because I think we can safely assume that keys will only be touched via colemana itself so we don't have to account for other direct changes on the filesystem (although we would need to account for persistent keys that are available on boot if we went this route).
The text was updated successfully, but these errors were encountered:
hey @zhaofengli ! Just curious if you had a chance to see this ticket and think about my proposal? It's probably my only real pain point with colemana and I'd love to put a fix in for it if you're open to it!
Sort of an extension of #174 , it would also be really nice if the temp key files weren't moved into their final locations until all keys have been uploaded, and then were moved as a batch at roughly the same time. The reason for this is that if you have services that depend on multiple keys, then those services end up getting bounced repeatedly as keys are uploaded. This isn't so painful for some services, but for other stuff -- e.g. wireguard -- this can be super obnoxious.
A solution I'd propose here is the following:
This would also allow us to do away with the weird flappy service implementation here and the inotify watches which were mostly written that way to avoid issues with systemd's reliability when using path units (see #119), because I think we can safely assume that keys will only be touched via colemana itself so we don't have to account for other direct changes on the filesystem (although we would need to account for persistent keys that are available on boot if we went this route).
The text was updated successfully, but these errors were encountered: