Photo by DiBgd.
Remember, dimetrodons are not dinosaurs. They may be majestic and awesome, but as synapsids they’re actually more closely related to you than to any reptile, dinosaur or not.
The new goiardi 0.11.1 - Dimetrodon release is a relatively minor one, but it has some features I wanted to get out before stretch freezes for real.
Performance-wise, the most important change is a refactoring of the reindexing process with search. Now, it’s broken up into smaller chunks to make it more manageable, and only one reindexing job can run at a time. This avoids the problem where multiple reindexing jobs could be issued in quick succession, and it could happen that none of them would end up complete and the index would be in a bad state.
This release also lets you store secrets like public keys in an external service. Currently, the only supported service is vault. As of this writing client and user public keys, the shovey signing key, and user password hashes can be stored in vault instead of the database. The glaring omission right now is that the SSL certificate and keys for when goiardi itself is using TLS for HTTP connections are still stored as files on disk. That will be dealt with eventually, although having nginx sitting in front of goiardi and handling the TLS related duties is worth considering anyway.
From the CHANGELOG:
* Allow storing secrets (client & user public keys, shovey signing private keys, and user password hashes) in an external service. Currently only vault is supported. * Rework reindexing to break it into smaller chunks and ensure that only one reindexing job can run at a time. * Package goiardi for RHEL 7 and Debian jessie for s390x. Rather experimental, of course.