... | ... | @@ -45,6 +45,9 @@ it will actually deliver emails to targets. |
|
|
## Pager playbook
|
|
|
|
|
|
TODO: pager playbook
|
|
|
<!-- information about common errors from the monitoring system and -->
|
|
|
<!-- how to deal with them. this should be easy to follow: think of -->
|
|
|
<!-- your future self, in a stressful situation, tired and hungry. -->
|
|
|
|
|
|
## Disaster recovery
|
|
|
|
... | ... | @@ -75,6 +78,23 @@ TODO: how to setup the service from scratch. puppet role and DNS? |
|
|
<!-- "architectural" document, which the final result might differ -->
|
|
|
<!-- from, sometimes significantly -->
|
|
|
|
|
|
<!-- a good guide to "audit" an existing project's design: -->
|
|
|
<!-- https://bluesock.org/~willkg/blog/dev/auditing_projects.html -->
|
|
|
|
|
|
<!-- things to evaluate here:
|
|
|
|
|
|
* services
|
|
|
* storage (databases? plain text files? cloud/S3 storage?)
|
|
|
* queues (e.g. email queues, job queues, schedulers)
|
|
|
* interfaces (e.g. webserver, commandline)
|
|
|
* authentication (e.g. SSH, LDAP?)
|
|
|
* programming languages, frameworks, versions
|
|
|
* dependent services (e.g. authenticates against LDAP, or requires
|
|
|
git pushes)
|
|
|
* deployments: how is code for this deployed (see also Installation)
|
|
|
|
|
|
how is this thing built, basically? -->
|
|
|
|
|
|
Some interesting "best practices" notes:
|
|
|
|
|
|
* https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/
|
... | ... | @@ -84,11 +104,43 @@ Some interesting "best practices" notes: |
|
|
Project is coordinated in [ticket #30608][].
|
|
|
|
|
|
There is no issue tracker specifically for this project, [File][] or
|
|
|
[search][] for issues in the [team issue tracker][search] component.
|
|
|
[search][] for issues in the [team issue tracker][search].
|
|
|
|
|
|
[File]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new
|
|
|
[search]: https://gitlab.torproject.org/tpo/tpa/team/-/issues
|
|
|
|
|
|
## Maintainer, users, and upstream
|
|
|
|
|
|
This service is mostly written as a set of Puppet manifests. It was
|
|
|
built by anarcat, and is maintained by TPA. There is no upstream.
|
|
|
|
|
|
It depends on patches on `userdir-ldap` that were partially merged in
|
|
|
the upstream, see [LDAP docs](howto/ldap#maintainer-users-and-upstream) for details.
|
|
|
|
|
|
## Monitoring and testing
|
|
|
|
|
|
TODO: monitoring and testing
|
|
|
|
|
|
<!-- describe how this service is monitored and how it can be tested -->
|
|
|
<!-- after major changes like IP address changes or upgrades. describe -->
|
|
|
<!-- CI, test suites, linting, how security issues and upgrades are -->
|
|
|
<!-- tracked -->
|
|
|
|
|
|
## Logs and metrics
|
|
|
|
|
|
TODO: logs and metrics
|
|
|
|
|
|
<!-- where are the logs? how long are they kept? any PII? -->
|
|
|
<!-- what about performance metrics? same questions -->
|
|
|
|
|
|
## Backups
|
|
|
|
|
|
No special backup of this service is required.
|
|
|
|
|
|
## Other documentation
|
|
|
|
|
|
TODO: <!-- references to upstream documentation, if relevant -->
|
|
|
|
|
|
# Discussion
|
|
|
|
|
|
## Overview
|
... | ... | |