Draft
Conversation
This matches the test backend.
These are required to allow OS users to set their passwords. I wasn't sure whether they belong in packages.txt or core-packages.txt.
Moves all the configurable endpoints to other domains. The collector address was not configurable, so made it configurable via env var. These are write endpoints, so they should be writing to a separate system. Have also moved the proxy domains over, to basically be no proxy, to get them off the opensafely domains. We can add a ted-only proxy later. docker-proxy.opensafely.org was is a little tricky. We can change it for action images via DOCKER_PROXY, but we also use it for the airlock and agent images, which is hard coded in docker-compose.yaml, so I just changed the hardcoded values. Have updated the local DNS for these domains, and pointed it at localhost for now.
Testing with a test controller, these values worked. Most are just config overrides, however because the TED backend is completely separate from OS, some core changes were needed Specifically, DNS entries/hostnames, and DNS in the agent. Note that these values are what works with the test controller, will need change once we have proper controller
We previously used ed25519, but that is not supported in windows. It was not good default, in hindsight. And in the TED backend, we are using a self signed certificate generated by this code as our initial production cert, so this is needed.
- remove out of date comments - use proxy to get app images now its deployed - don't install collector
bloodearnest
force-pushed
the
add-ted-backend
branch
from
6f0812c to
d889fa2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The add-ted-backend branch is effectively a fork of backend-server that adds a new TED backend configuration, which is very similar to TPP.
This Draft PR is meant to serve as a useful way to see what changes were needed, but is not intended to be merged. There are some commits that fixed or improved things that might be worth merging separately, perhaps.
However, there are some commits that can't really be merged in their current form. Mainly the hosts changes.
This could be a fork, perhaps, instead, in future.