Project

General

Profile

Feature #10760

Decide how to manage ecours and other systems with Puppet

Added by intrigeri about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Infrastructure
Target version:
Start date:
12/15/2015
Due date:
% Done:

100%

Feature Branch:
Type of work:
Sysadmin
Blueprint:
Starter:
Affected tool:

Description

Now that we're very soon going to have 2+ machines, we need to decide about what Puppet master they'll use, and if they're not going to use lizard's then we need to decide about their Puppet tree Git repo.


Related issues

Related to Tails - Feature #11094: Deploy a VPN between the monitoring host and Lizard Resolved 02/09/2016
Duplicated by Tails - Feature #10245: Decide how to manage systems outside of lizard Duplicate 09/25/2015
Blocks Tails - Feature #9484: Deploy the monitoring setup to production Resolved 01/09/2015
Blocks Tails - Feature #8647: Install an OS on the machine that will host the production monitoring setup Resolved 12/15/2015
Blocks Tails - Feature #6250: Configure the lizard failover Rejected 08/22/2013

History

#1 Updated by intrigeri about 4 years ago

  • Blocks Feature #9484: Deploy the monitoring setup to production added

#2 Updated by intrigeri about 4 years ago

  • Assignee set to bertagaz
  • QA Check set to Info Needed

#4 Updated by intrigeri about 4 years ago

  • Blocks Feature #8647: Install an OS on the machine that will host the production monitoring setup added

#5 Updated by intrigeri about 4 years ago

  • Category set to Infrastructure

#6 Updated by intrigeri about 4 years ago

#7 Updated by intrigeri about 4 years ago

  • Duplicated by Feature #10245: Decide how to manage systems outside of lizard added

#8 Updated by bertagaz about 4 years ago

  • Status changed from Confirmed to In Progress
  • Assignee changed from bertagaz to intrigeri
  • % Done changed from 0 to 10

Ecours will host our monitoring server. This means it won't share any data hosted on Lizard. It will simply collect check results, present them in a readable way and notify when needed.

There are mainly three options to configure it using puppet:

Option A: Puppetmaster on Ecours, with a dedicated manifest

Add complexity with two different puppet-sync to manage, submodules to keep in sync between two different manifests, but would help to better abstract our code in submodules.

Option B: Puppetmaster on Ecours, with Lizard's manifest

Easier to manage regarding our puppet code, which would stay in one repo only compared to previous option. But with this we won't be able to use exported resources, which are handy to simplify the manifests. We also would have to rewrite our Lizard manifest to remove any secrets Ecours doesn't need to store.

Option C: Puppet agent on Ecours using Lizard's puppetmaster

This one seems a bit more easy again compared to other options (no need to rewrite Lizard's manifest). Downside is that it asks to secure the connection between Lizard and Ecours, but this will probably also be needed with the Lizard failover system we plan to host.

I think option C would be the way to go. It would prepare us to a "near" future where we'll have to administrate more systems, and deal with one puppetmaster only seems easier and has benefits. It here's an agreement, the next step would be to connect Ecours to Lizard's puppetmaster, using some VPN solution. I'd go for tinc, which is quite easy to deploy compared to more complete solutions like strongswan

#9 Updated by intrigeri about 4 years ago

  • Target version changed from Tails_2.0 to Tails_2.2

#10 Updated by intrigeri about 4 years ago

  • Status changed from In Progress to Resolved
  • QA Check changed from Info Needed to Pass

There are mainly three options to configure it using puppet:

Thanks for the summary!

I think option C would be the way to go. It would prepare us to a "near" future where we'll have to administrate more systems, and deal with one puppetmaster only seems easier and has benefits.

Agreed, let's do that.

It here's an agreement, the next step would be to connect Ecours to Lizard's puppetmaster, using some VPN solution. I'd go for tinc, which is quite easy to deploy compared to more complete solutions like strongswan

Fine with me. I'll let you create a subtask of #5734 to track this.

#11 Updated by intrigeri about 4 years ago

  • Assignee deleted (intrigeri)
  • % Done changed from 10 to 100

#12 Updated by bertagaz about 4 years ago

Created #11094

#13 Updated by bertagaz about 4 years ago

  • Related to Feature #11094: Deploy a VPN between the monitoring host and Lizard added

Also available in: Atom PDF