... | @@ -1365,6 +1365,25 @@ code is directly pushed to the Puppet server without validation. Work |
... | @@ -1365,6 +1365,25 @@ code is directly pushed to the Puppet server without validation. Work |
|
is being done to [implement automated checks](https://gitlab.torproject.org/tpo/tpa/team/-/issues/31226) but that is only
|
|
is being done to [implement automated checks](https://gitlab.torproject.org/tpo/tpa/team/-/issues/31226) but that is only
|
|
being deployed on some clients for now.
|
|
being deployed on some clients for now.
|
|
|
|
|
|
|
|
Note that PuppetDB itself holds performance information about the
|
|
|
|
Puppet agent runs, which are called "reports". Those reports contain
|
|
|
|
information about changes operated on each server, how long the agent
|
|
|
|
runs take and so on. Those metrics could be made more visible by using
|
|
|
|
a dashboard, but that has not been implemented yet (see [issue
|
|
|
|
31969][]).
|
|
|
|
|
|
|
|
[issue 31969]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/31969
|
|
|
|
|
|
|
|
The Puppet server, Puppet agents and PuppetDB keep logs of their
|
|
|
|
operations. The latter keeps its logs in `/var/log/puppetdb/` for a
|
|
|
|
maximum of 90 days or 1GB, whichever comes first (configured in
|
|
|
|
`/etc/puppetdb/request-logging.xml` and
|
|
|
|
`/etc/puppetdb/logback.xml`). The other logs are sent to `syslog`, and
|
|
|
|
usually end up in `daemon.log`.
|
|
|
|
|
|
|
|
Puppet should hold minimal personnally idenfiable information, like
|
|
|
|
user names, user public keys and project names.
|
|
|
|
|
|
# Discussion
|
|
# Discussion
|
|
|
|
|
|
This section goes more in depth into how Puppet is setup, why it was
|
|
This section goes more in depth into how Puppet is setup, why it was
|
... | | ... | |