There was a very interesting question from a user on slack. I thought it would be good to archive the question here and more importantly capture some ideas for strategies for how to accomplish the task.
Here’s the user’s original comment:
"I’m trying to simplify my docker entrypoint since my current one involves having a simultaneous script wait for the backend to start and then run sensuctl configure/create commands
The fundamental question:
Is it possible to initialize sensu-backend with resources when the backend container(s) is(are) started?
Unfortunately, no. Because the backend has to wait for the etcd store to initialize, it’s not possible to add resources in one step. And when using a clustered backend with embedded etcd, all the backend’s have to start and negotiate the etcd quorum process before any resources can be injected into the etcd store.
In fact as of Sensu Go 5.16, even the official Docker image uses an entry point script with that waits for the backend’s etcd store to become available before issuing sensu-backend init to set the initial admin user and password.
Just the top of my head, here’s my ideas on how to mitigate this and achieve resource creation as simply as possible.
Use docker compose and dockerize to run the sensuctl command. The dockerize project is pretty clever, allowing you to wait to run a container command until a specific service endpoint is available. This approach has the benefit of working well with a clustered sensu-backend. The downside is, it’s still a race with backend init. Can you be sure the sensuctl will run after the needed admin password is set?
Extend the entry point logic wait loop that is calling
sensu-backend initto also optionally call
sensuctl create -rif a particular directory is mounted into the container that contains resource files. The benefit here is the admin and password are already available to the entry script in order to run the backend init. It would be interesting to see someone make an attempt at this by contributing a Dockerfile here for people to test. I’m not how this would work in a clustered backend. If each backend is trying to create the same resources, that’s unneeded duplication of effort. The benefit is, you can be sure the sensuctl is run after the backend init.
Any other ideas?