Page MenuHomePhabricator
Create Task
Maniphest T9760

Autoscaling for Almanac devices
Closed, DuplicatePublic
Actions

Description

(I might be misunderstanding the current state of things, but bear with me).

Currently it is difficult to scale a Drydock Pool. If I understand correctly, scaling a Drydock Pool involves:

  1. Creating a new Almanac device (let's call it buildXXX.phabricator.mydomain.com).
  2. Adding device interfaces for the new device.
  3. Generating private keys for the new device.
  4. Spinning up a new host and running ./bin/almanac register.

It would be a lot easier if this could all be done from the command line... something like this:

./bin/almanac create-device --name="..." --interfaces='...'
./bin/alamanac register --device='...' --private-key='...'

Related Objects

Event Timeline

joshuaspence created this task.Nov 10 2015, 11:39 PM
joshuaspence raised the priority of this task from to Needs Triage.
joshuaspence updated the task description. (Show Details)
joshuaspence added projects: Almanac, Drydock.
joshuaspence added a subscriber: joshuaspence.
epriestley added a subscriber: epriestley.Nov 10 2015, 11:43 PM

Don't do steps (3) or (4)! Those are useless at best, and dangerous at worst.

You should only generate keys or register devices which are directly part of the primary Phabricator cluster (running Phabricator itself and fully-trusted). The warning on bin/almanac trust-key is serious. Registering these devices will let your unit tests log in as any user, read and write any data, etc., which is very bad.

https://secure.phabricator.com/book/phabricator/article/drydock_hosts/#almanac-hosts is the current guidance on what you should do.

joshuaspence added a comment.Nov 10 2015, 11:49 PM

Ok thanks. So I don't need to register my build agent with ./bin/almanac register?

epriestley added a comment.Nov 10 2015, 11:49 PM

Right. You just need to:

  • Pick a name for it.
  • Plug in the IP address.
  • Bind it to your pool to actually put it in service.
joshuaspence added a comment.Nov 10 2015, 11:51 PM

So what does ./bin/almanac register actually do?

joshuaspence added a comment.Nov 10 2015, 11:52 PM
In T9760#144107, @epriestley wrote:
  • Bind it to your pool to actually put it in service.

This just means adding a device interface? So I could have a single Almanac device with multiple interfaces on the same port but pointing to different machines?

epriestley added a comment.Nov 10 2015, 11:54 PM

This just means adding a device interface?

No. Go to the Service, (buildpool001.mycompany.com) and bind new devices to add them to service (e.g., bind build003 and build004) or remove old devices (e.g., unbind build001 to take it out of service).

So I could have a single Almanac device with multiple interfaces on the same port but pointing to different machines?

Yes, but there's no advantage to doing this and it's incredibly confusing.

joshuaspence added a comment.Nov 10 2015, 11:57 PM

Right okay, but I can't autoscale the Drydock Pool right? Because I need to manually create new devices through the UI.

epriestley added a comment.Nov 10 2015, 11:57 PM

bin/almanac register is just a shortcut for "put the private half of a key in the right place on disk, and the public half on the specified Almanac device". Maybe a clearer name would be bin/almanac install-keys.

Build hosts should not be authenticating to Phabricator as cluster devices so they should not have any device keys.

epriestley added a comment.Nov 10 2015, 11:58 PM

Right, Almanac does not support autoscaling. We'll have an EC2 blueprint (and similar) in the future which can manage autoscaling more simply. Almanac is the ground level "I have a list of IPs" version of things.

joshuaspence added a comment.Nov 10 2015, 11:59 PM
In T9760#144113, @epriestley wrote:

Right, Almanac does not support autoscaling.

OK, thanks. This is basically the purpose of this ticket (it may be a duplicate)

joshuaspence renamed this task from Easier creation of Almanac devices to Autoscaling for Almanac devices.Nov 11 2015, 1:33 AM
epriestley added a comment.Nov 30 2015, 4:39 PM

I don't plan Almanac to ever autoscale. Autoscaling would be via a new, non-Almanac EC2 blueprint (or similar blueprints, which permit creation of new host resources). I'm just going to merge this into T5544.

epriestley closed this task as a duplicate of T5544: Implement EC2 blueprint for Drydock.Nov 30 2015, 4:40 PM
Phabricator · Built by Phacility