[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30020 [Internal Services/Tor Sysadmin Team]: switch from our custom YAML implementation to Hiera

#30020: switch from our custom YAML implementation to Hiera
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  anarcat
     Type:  project                              |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:  #29387                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by anarcat):

 i got a little tired of battling this, so I took a small break. I still
 migrated a few roles:

 {{{
 civicrm_ext_2018
 civicrm_int_2018
 civicrm_ext
 civicrm_int
 public_git
 rt
 svn
 metrics
 exonerator
 bridges
 trac
 mandos_server
 }}}

 many of those were easy marks: the ssl::service stuff were just a lot of
 copy-paste, which might have been better implemented by having a
 parametrized class with the node-specific parameters in hiera, something
 like:

 {{{
 class profile::ssl_web($name, $onion = false) {
    ssl::service { $name: notify => Exec['service apache2 reload'], key =>
 true, onion => $onion }
 }
 }}}

 And in (say) `eugeni.torproject.org.yaml`, you would have:

 {{{
 profile::ssl_web::name: "lists.torproject.org"
 profile::ssl_web::onion: true
 classes:
   - profile::ssl_web
 }}}

 ... but I didn't want to overthink this just yet. plus we might want to
 manage those services more closely in Puppet eventually and such a class
 would just make it difficult. Besides, i suspect this would belong in the
 Apache module, not in a profile. '''And''' we should have a ''role'' in
 Hiera instead of a ''profile'', so we would end up creating the equivalent
 of the ''profile'' I ended up making anyways:

 {{{
 class profile::lists {
   ssl::service { 'lists.torproject.org':
     notify => Exec['service apache2 reload'],
     key    => true,
   }
 }
 }}}

 So I think it's the right conversion for now. I'm not converting the
 entire hierarchy to R/P/M just yet anyways, just switching to Hiera is
 enough work as it is.

 There are now 22 `has_role` calls left in the main `roles` class, down
 from around 50. Unfortunately, there is actually more roles in the
 `local.yaml` file (33) that I haven't considered or noticed, so we haven't
 crossed the magic halfway point just yet.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30020#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs