TPA team issueshttps://gitlab.torproject.org/tpo/tpa/team/-/issues2024-03-28T20:24:38Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41219migrate TPA's gitolite repositories to GitLab2024-03-28T20:24:38Zanarcatmigrate TPA's gitolite repositories to GitLabWe have decided to retire Gitolite in #41180, give the good example and migrate our repos to GitLab. This is the table established in TPA-RFC-36:
| Repository | data | Problem ...We have decided to retire Gitolite in #41180, give the good example and migrate our repos to GitLab. This is the table established in TPA-RFC-36:
| Repository | data | Problem | Fate |
|-------------------------------|--------------------------------------|-------------------------------------|----------------------------------|
| `account-keyring` | OpenPGP keyrings | hooks into the static mirror system | convert to GitLab CI |
| `buildbot-conf` | old buildbot config? | obsolete | archive |
| `dip` | GitLab ansible playbooks? | duplicate of `services/gitlab/dip`? | archive? |
| `dns/auto-dns` | DNS zones source used by LDAP server | security | check OpenPGP signatures |
| `dns/dns-helpers` | DNSSEC generator used on DNS master | security | check OpenPGP signatures |
| `dns/domains` | DNS zones source used by LDAP server | security | check OpenPGP signatures |
| `dns/mini-nag` | monitoring on DNS primary | security | check OpenPGP signatures |
| `letsencrypt-domains` | TLS certificates generation | security | move to Puppet? |
| `puppet/puppet-ganeti` | puppet-ganeti fork | misplaced | destroy |
| `services/gettor` | ansible playbook for gettor | obsolete | archive |
| `services/gitlab/dip-configs` | GitLab ansible playbooks? | obsolete | archive |
| `services/gitlab/dip` | GitLab ansible playbooks? | duplicate of `dip`? | archive? |
| `services/gitlab/ldapsync` | LDAP to GitLab script, unused | obsolete | archive |
| `static-builds` | Jenkins static sites build scripts | obsolete | archive |
| `tor-jenkins` | Jenkins build scripts | obsolete | archive |
| `tor-nagios` | Icinga configuration | confidentiality? | abolish? see also [TPA-RFC-33][] |
| `tor-passwords` | password manager | confidentiality | migrate? |
| `tor-virt` | libvirt VM configuration | obsolete | destroy |
| `trac/TracAccountManager` | Trac tools | obsolete | archive |
| `trac/trac-email` | Trac tools | obsolete | archive |
| `tsa-misc` | miscellaneous scripts | none | migrate |
| `userdir-ldap-cgi` | fork of DSA's repository | none | migrate |
| `userdir-ldap` | fork of DSA's repository | none | migrate |
Update: we don't have the free cycles to do the right thing here and we're instead going to move to GitLab only the repositories that do not require special handling, that is: repositories that are `archive` or `migrate`. Everything else will be moved to special servers while we figure out what to do with that legacy stuff.
- [x] `account-keyring` (destroy, only use the copy on `alberti`)
- [ ] `buildbot-conf` (archive)
- [ ] `dip` (archive?)
- [x] `dns/auto-dns` (migrate to `nevii`)
- [x] `dns/dns-helpers` (migrate to `nevii`)
- [x] `dns/domains` (migrate to `nevii`)
- [x] `dns/mini-nag` (migrate to `nevii`)
- [x] `letsencrypt-domains` (migrate to `nevii`)
- [x] `puppet/puppet-ganeti` (destroy)
- [ ] `services/gettor` (archive)
- [ ] `services/gitlab/dip-configs` (archive)
- [ ] `services/gitlab/dip` (archive?)
- [ ] `services/gitlab/ldapsync` (archive)
- [ ] `static-builds` (archive)
- [ ] `tor-jenkins` (archive)
- [x] `tor-nagios` (move to `nagios`, see also [TPA-RFC-33][], #40755)
- [x] `tor-passwords` (move to `pauli`)
- [x] `tor-virt` (destroy)
- [ ] `trac/TracAccountManager` (archive)
- [ ] `trac/trac-email` (archive)
- [x] `tsa-misc` (migrate, renamed to `fabric-tasks`)
- [x] `userdir-ldap-cgi` (migrate)
- [x] `userdir-ldap` (migrate)
[TPA-RFC-33]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-33-monitoring
The repositories that were migrated to pauli, nevii or nagios need special configuration to get notifications working again. it would also be pretty awesome if they could push to a mirror on GitLab. Finally, they need docs. So extras in the checklist for those repos:
- [ ] IRC notifications
- [ ] email notifications
- [ ] documentation updates (particularly howto/tls, howto/dns is barely documented...)
- [ ] GitLab mirror (optional)legacy Git infrastructure retirement (TPA-RFC-36)anarcatanarcat2024-01-17https://gitlab.torproject.org/tpo/tpa/team/-/issues/41484deploy fabric-tasks on install and keep up to date in puppet2024-03-27T14:40:01Zanarcatdeploy fabric-tasks on install and keep up to date in puppetall hosts should have a copy of fabric-tasks. there's many useful things in that repo, and we should keep expanding it to have more useful things.
it would skip a step in the install procedure, but it would also allow us to dump ad-hoc ...all hosts should have a copy of fabric-tasks. there's many useful things in that repo, and we should keep expanding it to have more useful things.
it would skip a step in the install procedure, but it would also allow us to dump ad-hoc scripts that we currently leave lying around in /root or elsewhere.
this is part of the automated install task (#31239).(next) cluster scalinganarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41483metricsdb-01 out of swap2024-02-17T00:06:09ZKezmetricsdb-01 out of swapNagios has an alert for metricsdb-01: SWAP CRITICAL - 4% free (65MB out of 2047MB). It's almost exclusively because of a victoria-metric process: `victoria-metric 1800892 kB`.
@hiro I'm assigning this to you because you'll probably know...Nagios has an alert for metricsdb-01: SWAP CRITICAL - 4% free (65MB out of 2047MB). It's almost exclusively because of a victoria-metric process: `victoria-metric 1800892 kB`.
@hiro I'm assigning this to you because you'll probably know what to do with it better than meHiroHirohttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41464nextcloud is returning 502 bad gateway2024-03-14T00:48:16ZJim Newsomenextcloud is returning 502 bad gatewayI'm getting 502 bad gateway for https://nc.torproject.net/. Verified by thorin as wellI'm getting 502 bad gateway for https://nc.torproject.net/. Verified by thorin as wellmicahmicah@torproject.orgmicahmicah@torproject.org