- vagrant plugin install vagrant-sshfs
VCC-control: WARNING:root:Cannot call Open vSwitch: ovsdb-server.service is not running.
- install openvswitch on the node
- systemctl start ovsdb-server
- sudo pacman -S ansible-language-server ansbile-lint
- poetry init
- POETRY_VIRTUALENVS_IN_PROJECT=true poetry install --no-root
- poetry add ansible-creator
sshfs: bad mount point `Desktop/exam-2023-2024-vfs/project': No such file or directory
if a there's a space in the relative path the resolved one will be truncated ex: /home/fabio/Downloads/Fake Desktop/exam-2023-2024-vfsr
LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
We used ansible vault
we store the vault password in a file placed under project/secret.txt
this file should NOT be committed in the repository
to add support for the linter we create an ansible.cfg containing the path to the password file
to easy the usage of vault we added a vault_edit script inside the scripts folder
Traefik in swarm mode doesn't care about labels in the container root section but searches them in the deploy section
For some reason traefik doesn't accept crt and key in separate files but wants a single pem file
DO NOT GIVE THE SAME NAME TO ROUTER OF DIFFERENT SERVICES
If a container has multiple networks and at least one of them is unreachable from traefik
Traefik fails with a gateway timeout error and the page seems to not loading
This happens also when forwarding a port because the container is inserted into the ingress network
To solve this one should specify the network with traefik.docker.network=vcc_default
https://stackoverflow.com/a/67954730 https://doc.traefik.io/traefik/master/routing/providers/swarm/#services
When:
- make setup-services on a running swarm
- suspend the PC and resume it (causing a reload)
- every time you restart/re-deploy while a swam is already running
This affects only Grafana in my case (mon.vcc.local) causing a loop on the auth wait (could not reach auth.vcc.local)
short hostnames are resolved to the longest ones. this would lead to request to pass outside the docker swarm network without using the internal hostname. ex: traefik -> traefik.vcc.local instead of traefik
solution: change service name to avoid this match (ex. traefik -> reverse-proxy) better solution: see how hostnames are resolved
for some reason prometheus picks metrics from both the internal and the external ip where traefik is running
To fix this we can use traefik without binding it to the host port or by adding the following rule to prometheus:
- source_labels:
[
__meta_dockerswarm_task_port_publish_mode,
__meta_dockerswarm_network_ingress,
]
regex: host;
action: dropFor some reason the systemd plugin fails
For some reason sometimes forgejo reports a nfs stale file handle for the configuration file This was caused by a docker mount inside another mount which breaks nfs
For some reason traefik at first boot doesn't load the certificates created by the init container This was caused by the fact that traefik is stupid and doesn't watch for certificate changes
For some reason sometimes randomly keycloak doesn't show the option to access the admin page
solved with restart-mode: any
solved with restart-mode: any