docs: Add management services doc #457
Conversation
| EOT | ||
|
|
||
| # Link the service to run at startup | ||
| RUN ln -s /usr/lib/systemd/system/management-client.service /etc/systemd/system/multi-user.target.wants/management-client.service |
There was a problem hiding this comment.
Minor nit let's put this enablement link in /usr, i.e.
RUN ln -s /usr/lib/systemd/system/management-client.service /usr/lib/systemd/system/multi-user.target.wants/management-client.service
|
|
||
| # Typically when using a management service, it will determine when to upgrade the system. | ||
| # So, disable bootc-fetch-apply-updates.timer if it is included in the base image. | ||
| systemctl disable bootc-fetch-apply-updates.timer |
| RUN dnf install management-client -y && dnf clean all | ||
|
|
||
| # Bake the credentials for the management service into the image | ||
| ARG activation_key=<INSERT KEY HERE> |
There was a problem hiding this comment.
I think a general best practice is to leave this empty, that way we can error out later if it's explicitly not set...I did that in the SSH key example.
Hmm...do you think we need this "activation key" bit in this doc? Just talking about how the service basically takes over the bootc updates?
I'm good with it in there too.
There was a problem hiding this comment.
removed the <> chunk. I think most of these type of management services will require some type of authentication, and documented how to bake the key into the image is interesting.
| [Unit] | ||
| Description=Run management client at boot | ||
| After=network-online.target | ||
| ConditionPathExists=/etc/management-client/.run_client_next_boot |
There was a problem hiding this comment.
Wait but wouldn't the agent want to run persistently?
There was a problem hiding this comment.
I added docs to the top summary to explain why this is setup to run once.
|
|
||
| # Set the flag to enable the service to run one time | ||
| # The systemd service will remove this file after the registration completes the first time | ||
| RUN touch /etc/management-client/.run_next_boot |
There was a problem hiding this comment.
BTW this is a really minor nit unrelated to all things but one tricky bit with containerfiles by default is you end up with a lot of tiny layers unless you build with --squash, so I tend to combine RUN lines where it makes sense, and if it goes past 5 lines I usually move into a build.sh that gets copied in and it's just RUN build.sh && rm -f build.sh.
There was a problem hiding this comment.
Added info to the top explaining the containerfile is not optimized.
ckyrouac
force-pushed
the
management-services-doc
branch
from
f945336
to
f30413e
Compare
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
ckyrouac
force-pushed
the
management-services-doc
branch
from
f30413e
to
75b6a6a
Compare
No description provided.