Project

General

Profile

Feature #6921

Publish our Puppet manifests

Added by intrigeri over 5 years ago. Updated about 2 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
-
Start date:
03/12/2014
Due date:
% Done:

0%

Feature Branch:
Type of work:
Sysadmin
Blueprint:
Starter:
No
Affected tool:

Description

Ideally, all secrets should be in dedicated, private Puppet modules, and we could publish our Puppet manifests.


Related issues

Related to Tails - Feature #6181: Make it possible to help with sysadmin Resolved 07/23/2013
Related to Tails - Feature #6922: Document how to replicate parts of our infrastructure for local testing In Progress 03/12/2014
Related to Tails - Bug #16958: Fix the design of our Puppet codebase & document design guidelines Confirmed

History

#1 Updated by intrigeri over 5 years ago

  • Related to Feature #6181: Make it possible to help with sysadmin added

#2 Updated by intrigeri over 5 years ago

  • Blocks Feature #6922: Document how to replicate parts of our infrastructure for local testing added

#3 Updated by intrigeri almost 5 years ago

  • Assignee set to bertagaz
  • Target version set to Tails_1.3

Blocks #6922, so setting the same target version and assignee.

#4 Updated by bertagaz almost 5 years ago

  • Assignee changed from bertagaz to intrigeri

#7 Updated by intrigeri almost 5 years ago

  • Assignee changed from intrigeri to bertagaz

#8 Updated by bertagaz over 4 years ago

  • Target version changed from Tails_1.3 to Tails_1.3.2

Wasn't completed in time, postponing to the next release.

#9 Updated by bertagaz over 4 years ago

  • Target version changed from Tails_1.3.2 to Sustainability_M1

Targeting for 2.0, as this is a sustainability related ticket.

#10 Updated by bertagaz over 4 years ago

  • Blocks deleted (Feature #6922: Document how to replicate parts of our infrastructure for local testing)

#11 Updated by sajolida about 4 years ago

  • Target version deleted (Sustainability_M1)

#12 Updated by u about 1 year ago

Was this worked on since?

#13 Updated by intrigeri about 1 year ago

Was this worked on since?

I've been slowly making some progress but we're not there yet.

#14 Updated by intrigeri about 2 months ago

  • Related to Feature #6922: Document how to replicate parts of our infrastructure for local testing added

#15 Updated by intrigeri about 2 months ago

I propose we give up on publishing our full set of manifests, reject this ticket, and instead do this:

  • When we do #16958, if we use the roles/profiles/classes design pattern, most likely we will create new public Puppet classes that include the bits and pieces we already have published. This will de facto move stuff from our private manifests to public repos and provide the higher-level view of how bits and pieces are glued together, that is currently missing for the greatest part in our public Puppet code.
  • Furthermore, while doing #6922, we will surely notice pain points that are caused by information or code being available only in our private manifests. And then we can figure out a good way to solve each such problem, be it via documentation or by moving more code to public Puppet modules (and doing whatever refactoring it takes).

Rationale: IMO, publishing our manifests should not be a goal in itself. It's a mean to reach other goals, i.e.:

  • Make it easier for our sysadmins to develop improvements and new features locally instead of doing that in our production environment.
  • Make it easier for other folks to contribute to the code that drives our infra, be it by auditing it or improving it.

I believe the alternate strategy I'm proposing will bring us closer to these goals than simply publishing our Puppet manifests. Thoughts?

#16 Updated by intrigeri about 2 months ago

  • Related to Bug #16958: Fix the design of our Puppet codebase & document design guidelines added

Also available in: Atom PDF