Skip to content

Changes

Page history
deployment docs for LDAp, probably incomplete authored by anarcat's avatar anarcat
Show whitespace changes
Inline Side-by-side
howto/ldap.md
View page @ f771217b
......@@ -354,6 +354,43 @@ same changes are performed in the git repository.
It is preferable, however, to [build and
upload](howto/build_and_upload_debs) `userdir-ldap` as a Debian package instead.
## Deploying new userdir-ldap releases
Our userdir-ldap codebase is deployed through Debian packages built by
hand on TPA's members computers, from our [userdir-ldap
repository][]. Typically, when we make changes to that repository, we
should make sure we send the patches upstream, to the [DSA
userdir-ldap repository][]. The right way to do *that* is to send the
patch by email, to <mailto:dsa@debian.org>, since they do not have
merge requests enabled on that repository.
If you are lucky, we will have the latest version of the upstream code
and your patch will apply cleanly upstream. If unlucky, you'll
actually need to merge with upstream first. This process is generally
done through those steps:
1. `git merge` the upstream changes, and resolve the conflicts
2. update the changelog (make sure you have the upstream version with
`~tpo1` as a suffix so that upgrades work when if we ever catch up
with upstream)
3. build the Debian package: `git buildpackage`
4. deploy the Debian package
Note that unless the change is trivial, the Debian package should be
deployed *very* carefully. Because userdir-ldap is such a critical
piece of infrastructure, it can easily break stuff like PAM and
logins, so it is important to deploy it one machine at a time, and run
`ud-replicate` on the deployed machine (and `ud-generate` if the
machine is the LDAP server).
So "deploy the Debian package" should actually be done by copying, by
hand, the package to specific servers over SSH, and only after testing
there, [uploading it to the Debian archive](howto/build_and_upload_debs).
Note that it's probably a good idea to update the [userdir-ldap-cgi
repository][] alongside userdir-ldap. The above process should
similarly apply.
## Pager playbook
An LDAP server failure can trigger lots of emails as `ud-ldap` fails
......