SteamWorks and PICO come together in "mkroot" (explanation)
The best usage scenario for Pulley and Crank in the current setup would be:
- Run Pulley in the Control Tower container on information sources such as the IdentityHub
- Allow the Control Tower to read [and write] LDAP objects in information sources such as the IdentityHub
- Trigger configuration scripts from the Control Tower on various containers using Pipeline Commands (PICO) commands picoput and picoget. Connections are setup by "mkroot" command
rootfs_cmdpipe
. - Let the Control Tower check that containers have completed the requested changes.
- Allow the Control Tower to [read and] write LDAP objects in information sources such as the IdentityHub
- There will be more. For instance, nameserver updates. For instance, certificate control.
The following containers run the following parts of this approach:
- Info Sources such as IdentityHub run the Crank, both for reading and writing. (But also see the Design Alternative in the next message!)
-
Control Tower runs Pulley and invokes
picoput
to send Pipeline Commands to service containers. It has more coordinating responsibilities, such asacmetool
to maintain certificates and[k]nsupdate
to setup dynamic elements in DNS, including well-timed DANE information. -
Service Containers (like web or chat) listen with
picoget
for Pipeline Commands that update their configuration.
In this, PICO is used as the persistent queue of configuration update commands. When an update comes in over LDAP, it can be translated to any number of these changes, which are stored for ASAP delivery via PICO.
-or-
-src-
control-tower.graphml
-prt-
control-tower.pdf
Edited by Rick van Rein