Skip to content
Snippets Groups Projects
Verified Commit 84d114bf authored by anarcat's avatar anarcat
Browse files

split out tasks reserved to the repo publication team#29387

parent b2cd53a5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 18 deletions
howto/puppet.md
+ 5
18
View file @ 84d114bf
......@@ -1793,15 +1793,6 @@ This is the data that needs to be moved into Trocla at the time of writing:
A full audit should be redone before this is completed.
The actual issues that need to be resolved to close this ticket are
really just 1 and 2, however: it just means we would need to push to
two repositories to get our code public. So as a temporary measure, we
would push the public repositories twice: once to the public git
repository (ie. here) and once to the private one. Eventually, we
would push directly with Puppet which, with access keys, would push
public repositories here. But that's not essential to close this
ticket, which is just about publishing our darn source code.
### Use a control repository
The base of the infrastructure is a [control-repo](https://puppet.com/docs/pe/latest/control_repo.html) ([example](https://github.com/puppetlabs/control-repo),
......@@ -1836,15 +1827,11 @@ job.
In other words, this is the checklist:
* [x] convert everything to hiera (#30020) - this requires creating `roles` for each machine (more or less) -- effectively done as far as this issue is concerned
* [ ] move current `modules/` into `site-modules/` and audit for private data
* [ ] move any private data into `hiera/`, currently known private data:
* `modules/postfix/files/virtual` - email addresses
* `modules/postfix/files/access-1-sender-reject` and related - email addresses
* sudoers configurations?
* secrets in /etc/puppet (hopefully not in git, but just in case)
* [x] convert everything to hiera (tpo/tpa/team#30020) - this
requires creating `roles` for each machine (more or less) --
effectively done as far as this issue is concerned
* [ ] sanitize repository (tpo/tpa/team#29387)
* [ ] move `3rdparty` modules into `modules/`
* [ ] publish everything but `hiera/` as a new (secret) repository
Once this is done, the final picture will look like this in `/etc/puppet`:
......@@ -1975,7 +1962,7 @@ would not matter because of the checksums in the control repository.
### Use a role account
To avoid permission issues, use a role account (say `git`) to accept
pushes and enforce git hooks.
pushes and enforce git hooks (tpo/tpa/team#29663).
### Use local test environments
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment