Univention Bugzilla – Bug 52934
Docker container must have synchronized UCRV of the host
Last modified: 2023-10-26 11:59:38 CEST
The last update of the Kelvin API causes a disfunctional import at the customer environment. The reason was, that the UCRV of the host are not in the container. Especially in the kelvin api app/container this problem will cause many support tickets the more the API will be used. If we will dockerize more and more apps and services, we need a mechanism to synchronize our heart of configuration to these docker container. There are already ideas and also a PoC created.
Another customer wanted to override the max length for the username which is set to 20 by default using UCRV ucsschool/username/max_length and tried to define it on the host. This did not work for obvious reasons. The definition of the UCRV inside the container will not survive the next update of the Kelvin-API unless there is a generic solution.
To comment 2: Workaround is to write a custom hook script: https://docs.software-univention.de/manual-4.4.html#computers:Installation_and_Remove_hooks The workaround does not reduce the importance of this bug report.
And again. A customer missed the entries "Windows home drive" and "Windows logon script" after creating new users via kelvin. This was caused by empty values of these UCR in the docker. Why these UCR where lost I could not check as we do not write the logfile config-reistry-replog in the docker. We still need a mechanism to ensure the UCR we need in a docker are set and not get lost.
The long term approach for the configuration of container based implementations will be the newly released "Distributed Configuration Database" (DCD) Ap, which provides a redundant configuration store from which configuration settings can be retrieved using an API. This should fix this problem (as the Kelvin API can retrieve configuration changes automatically) and also the challenge to configure all Kelvin API deployments identically (as all Kelvin API deployments can request the configuration from the same DCD cluster).
Will there be a solution based on the current UCR or do we have to wait for DCD to get introduced?
Happened again with the variable ucsschool/import/roleshare for a customer.
The customer has to change the proxy Variables, which are also not synced into the docker containers.
We have created an import hook that runs once a user gets created through Kelvin. This hook needs configuration stored in UCR. Now if we do not have the host variables available inside the container, is there at least a way to define a set of UCR variables that are always set inside the container and that survive container restarts and updates? Something like a "start script" for the container?
(In reply to Cornelius Hald from comment #11) > We have created an import hook that runs once a user gets created through > Kelvin. This hook needs configuration stored in UCR. > > Now if we do not have the host variables available inside the container, is > there at least a way to define a set of UCR variables that are always set > inside the container and that survive container restarts and updates? > > Something like a "start script" for the container? There is a hook directory for such scripts which at least covers the upgrade scenario: https://docs.software-univention.de/manual/5.0/en/software/further-software.html#hook-scripts-for-administrators