Proposal: abra-entrypoint.sh #381
Labels
No Label
abra
abra-gandi
awaiting-feedback
backups
bug
build
ci/cd
community organising
contributing
coopcloud.tech
democracy
design
documentation
duplicate
enhancement
finance
funding
good first issue
help wanted
installer
kadabra
performance
proposal
question
recipes.coopcloud.tech
security
test
wontfix
No Milestone
No project
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/organising#381
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Overview
There are many hacks contained in recipes in the entrypoint scripts. These are cut and pasted as needed, and there's no centralized way of providing the functionality that there's definitely a call for. In particular there are two hacks which are regularly used surrounding the entry point; one being converting secrets into environment variables (contained in boilerplate called
file_env
) and overriding the entrypoint for debugging purposes (as discussed in #373, but this is the normal way of debugging) on a temporary basis. There are undoubtedly numerous similar things contained in custom entrypoints in recipes.The solution that I propose is for abra to always override the entrypoint of the containers with a script that contains mechanisms to do things like
file_env
and overriding the entrypoint temporarily, but also is transparent to the recipe (thus working as it does now).Technical Details
The basic idea is that abra would override the entrypoint with its script, ship its script to the app, and set an environment variable which corrosponds to the entrypoint which was overriden. The script shipped to the app would ultimately call the script in this environment variable. This allows a trivial override of the entrypoint by merely overriding the environment variable, for things such as debugging, mediated by a new abra command (something like
abra app entrypoint <whateverapp> <whatevercontainer> commandline...
, orabra app entrypoint <whateverapp> <whatevercontainer> reset
to return to the default).Additionally, abra could set other environment variables which would cause other functionality to be used. This would be useful for recipe authors needing to load, for example, secrets into the environment. They would be passed by setting variables in the .env file.
I propose all of the environment variables be set with an
ABRA_
prefix; that we set other variables for use of the recipe authors, such as:ABRA_APP_DEFAULT_ENTRYPOINT
- the non-overriden entrypointABRA_APP_ENTRYPOINT
- the current entrypoint abra-entrypoint.sh will callABRA_FILEENV_<KEY>
- every one of these would find the file pointed to by the value and load it as environment variable<KEY>
I would also include things such as the fact that the container is running on coop (maybe like
ABRA_VERSION
or something) and the name of the app and other things of bookkeeping interest.We could also include mechanisms to run initialization scripts from
abra-entrypoint.sh
similar to docker-entrypoint.d, since this is a very common use of custom entrypoints.This mechanism would not override
entrypoint
orcommand
keys in compose files, but would insert a layer that would call them.Special thanks to @mayel:matrix.org for some inspiration, and discovering that you can find the original entrypoint, ultimately, with:
Thinking about it, the namespace
COOP
or similar might be better thanABRA
since that's the namespace used in labels that have similar functionality.Nice, thanks for writing it out! A lot there... some thoughts!
I have often just avoided debugging a thing or just dropped packaging a recipe because I had to override the entrypoint. It is a bit of work to do. And, it is very "wtf magic" for new packagers.
If this can be achieved in the backwards comptaible way it is being proposed and documented clearly on the recipe maintainers & operators document, it'd be great. I think this has a lot potential to make things smoother. It's feels like quite a substantial change, so it'd be great to really break it down.
For a concrete example, in https://git.coopcloud.tech/coop-cloud/peertube/src/branch/main/entrypoint.sh.tmpl, I could migrate the
file_env
into...FILEENV...
right? But I'd have to keep this override due to needingmkdir
/apt
commands? Or is this could be packed into the initialisation scripts?Those scripts would need to support Golang templating, I guess 🤔 It also seems a bit unclear how
abra
would internally manage the attached entrypoint config version... it would maybe have to remove and re-attach to avoid having to version but that might break swarm assumptions of being able to rollback... some devil in the details there...Do we imagine that existing recipes would migrate to this? Or just new maintainers would use it? Would this complicate stuff if people are looking for examples and see two approaches? Or is this just a handy thing for debugging?
My main concern would be that this creates a reliance between the recipe configurations and
abra
that we've tried to avoid so far? Ifabra
just dissapeared tomorrow, the recipe configs would live on in glory. If we have custom entrypoints that can only be loaded in viaabra
to do core init commands in order to run the container? Unsure if we want that.Just some thoughts and replies after writing a prototype of the script itself for my own use:
Thanks @cas! Sounds great 😄 It may be useful to try spec out each piece with some docker cli experiments or try to break it up into small pieces for code review or what not. Whatever you feel like! Looking forward to see where this goes.
this sounds really cool! I think this can be a big win for maintaining recipes and I really like to have the startup-scripts too. But also +1 for "how to use recipes without abra"-docs.
Documented current kludge approach: