migrate TPA's gitolite repositories to GitLab
We have decided to retire Gitolite in #41180 (closed), give the good example and migrate our repos to GitLab. This is the table established in TPA-RFC-36:
| Repository | data | Problem | Fate |
|---|---|---|---|
account-keyring |
OpenPGP keyrings | hooks into the static mirror system | convert to GitLab CI |
buildbot-conf |
old buildbot config? | obsolete | archive |
dip |
GitLab ansible playbooks? | duplicate of services/gitlab/dip? |
archive? |
dns/auto-dns |
DNS zones source used by LDAP server | security | check OpenPGP signatures |
dns/dns-helpers |
DNSSEC generator used on DNS master | security | check OpenPGP signatures |
dns/domains |
DNS zones source used by LDAP server | security | check OpenPGP signatures |
dns/mini-nag |
monitoring on DNS primary | security | check OpenPGP signatures |
letsencrypt-domains |
TLS certificates generation | security | move to Puppet? |
puppet/puppet-ganeti |
puppet-ganeti fork | misplaced | destroy |
services/gettor |
ansible playbook for gettor | obsolete | archive |
services/gitlab/dip-configs |
GitLab ansible playbooks? | obsolete | archive |
services/gitlab/dip |
GitLab ansible playbooks? | duplicate of dip? |
archive? |
services/gitlab/ldapsync |
LDAP to GitLab script, unused | obsolete | archive |
static-builds |
Jenkins static sites build scripts | obsolete | archive |
tor-jenkins |
Jenkins build scripts | obsolete | archive |
tor-nagios |
Icinga configuration | confidentiality? | abolish? see also TPA-RFC-33 |
tor-passwords |
password manager | confidentiality | migrate? |
tor-virt |
libvirt VM configuration | obsolete | destroy |
trac/TracAccountManager |
Trac tools | obsolete | archive |
trac/trac-email |
Trac tools | obsolete | archive |
tsa-misc |
miscellaneous scripts | none | migrate |
userdir-ldap-cgi |
fork of DSA's repository | none | migrate |
userdir-ldap |
fork of DSA's repository | none | migrate |
Update: we don't have the free cycles to do the right thing here and we're instead going to move to GitLab only the repositories that do not require special handling, that is: repositories that are archive or migrate. Everything else will be moved to special servers while we figure out what to do with that legacy stuff.
-
account-keyring(destroy, only use the copy onalberti) -
buildbot-conf(archive) -
dip(archive) -
dip-configs(archive) -
dns/auto-dns(migrate tonevii) -
dns/dns-helpers(migrate tonevii) -
dns/domains(migrate tonevii) -
dns/mini-nag(migrate tonevii) -
letsencrypt-domains(migrate tonevii) -
puppet/puppet-ganeti(destroy) -
services/gettor(archive) -
services/gitlab/dip-configs(archive) -
services/gitlab/dip(archive?) -
services/gitlab/ldapsync(archive) -
static-builds(archive) -
tor-jenkins(archive) -
tor-nagios(move tonagios, see also TPA-RFC-33, #40755 (closed)) -
tor-passwords(move topauli) -
tor-virt(destroy) -
trac/TracAccountManager(archive) -
trac/trac-email(archive) -
tsa-misc(migrate, renamed tofabric-tasks) -
userdir-ldap-cgi(migrate) -
userdir-ldap(migrate)
Other repositories gleaned around the legacy infra:
-
gitolite-admin(archive, keep private) -
/srv/git.torproject.org/git-helpers(archived, no redirects)
The repositories that were migrated to pauli, nevii or nagios need special configuration to get notifications working again. it would also be pretty awesome if they could push to a mirror on GitLab. Finally, they need docs. So extras in the checklist for those repos:
-
documentation updates (particularly howto/tls, howto/dns is barely documented...) -
IRC notifications (KGB?)delegate to gitlab -
email notifications (multimail?)see gitlab#71 -
GitLab mirror (with IRC hooks, see #41574 (closed))
maybe that could be split in a separate ticket too for now, but at least we need the docs update.