[tor-project] Notes from TPA 2025 roadmap review meeting

[Gabriel Filion via tor-project <tor-project@xxxxxxxxxxxxxxxxxxxx>]

Hello all,

The TPA team had a meeting today where we prioritized our goals mostly 
for Q1 of 2025 and had discussions about how to go around furthering the 
merger with tails, especially on the Puppet side (e.g. so that both Tor 
and Tails infrastructures can become managed by only one tool)

Here are the notes from the meeting:

---
title: 2025 Q1 Roadmap meeting
---

# Roll call: who's there and emergencies

- anarcat
- groente
- lavamind
- lelutin
- zen

# Dashboard review

Normal per-user check-in:

- 
<https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=anarcat>
- 
<https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=groente>
- 
<https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=lavamind>
- 
<https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=lelutin>
- 
<https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=zen>

General dashboards:

- <https://gitlab.torproject.org/tpo/tpa/team/-/boards/117>
- <https://gitlab.torproject.org/groups/tpo/web/-/boards>
- <https://gitlab.torproject.org/groups/tpo/tpa/-/boards>

# 2025Q1 Roadmap review

Review priorities for January and the first quarter of 2025. Pick from 
the [2025
roadmap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/roadmap/2025).

Possibilities for Q1:

- [Puppet CI and 
improvements](https://gitlab.torproject.org/groups/tpo/tpa/-/milestones/8):
  GitLab MR workflow, etc
- Prometheus
- MinIO
- web stuff: download page coordination and deployment
- email stuff: eugeni retirement, puppet cleanup, lists server (endless 
stream
  of work?), re-examining open issues to see if we fixed anything
- discussions about SVN?
- tails merge:
  - password stores
  - security policy
  - rotations
  - Puppet: start to standardize and merge codebases, update TPA modules,
    standardize code layout, maybe switch to nftables on both sides?

Hoping *not* for Q1:

- rdsys containerization (but we need to discuss and confirm the roadmap 
with meskio)
- network team test network (discussions about design maybe?)
- upgrading to trixie

# Discuss and adopt the long term Tails merge roadmap

<https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-73-tails-infra-merge-roadmap>

In [the last discussion about the tails merge 
roadmap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/meeting/2024-11-11), 
we have:

> postpone[d] the "what happens when" discussion. We also identified 
that most services above "low complexity" will require their own 
discussions (e.g. "how do we manage the Puppet control repo", "how do we 
merge weblate") that will happen later.

So we try to schedule those items across the 5 years. And we can also 
discuss
specific roadmap items to see if we can settle some ideas already.

Or we postpone all of this to the 2026 roadmap.

Results of the discussion: We won't have time to discuss all of these, 
so maybe
we want to sort based on priority, and pick one or two to go more in depth.
Output should be notes to add to tpa-rfc-73 and a reviewed 2025 roadmap, 
then we
can call this done for the time being and come back closer to end of 
2025. We
will adopt TPA-RFC-73 as a general guide / rough plan and review as we go.

Here are all the medium and high complexity items we might want to discuss:

## 2025

See also the milestone: %"TPA-RFC-73: Tails merge (2025)"

- [Security Policy](#security-policy) (merge, discussion delegated to 
anarcat)
- [Shifts](#shifts) (merge, brainstorm a plan)
- Puppet merge (merge, brainstorm of a plan):
  - deploy dynamic environments (in progress)
  - we can't use environments to retire one of the two puppet servers, 
because
    of exported resources
  - Upgrade and converge Puppet modules
  - lots of default stuff get deployed by TPA when you hook up a server, we
    could try turning everything off by default, move the defaults to a 
profile
  - maybe prioritize things, prioritize A/B/C, example:
    - A: "noop TPA": Kill switch on both sides, merged ENC, g10k, review
      exported resources, have one codebase but 2 implementations, LDAP
      integration vs tails?
    - B: "priority merge start": one codebase, but different 
implementations.
      start merging services piecemeal, e.g. two backup systems, but single
      monitoring system?
    - C: lower priority services (e.g. backusp?)
    - D: etc
  - Implement commit signing
  - [EYAML](#eyaml) (2029, keep?) (migrate to trocla?)
- A plan for [Authentication](#authentication) (postpone discussion to 
later in 2025)
- [LimeSuvey](#limesurvey) (merge) (just migrate from tails to TPA?)
- [Monitoring](#monitoring) (migrate, brainstorm a plan)

We mostly talked about Puppet. groente and zen are going to start 
drafting up a
plan for Puppet!

## 2026

- Basic system functionality:
  - [Backups](#backups) (migrate) (migrate to bacula or test borg on 
backup-storage-01?)
  - [Authentication](#authentication) (merge) (to be discussed in 2025)
  - [DNS](#dns) (migrate) (migrate to PowerDNS?)
  - [Firewall](#firewall) (migrate) (migrate to nftables)
  - [TLS](#tls) (migrate, brainstorm a plan)
  - [Web servers](#web-servers) (merge, no discussion required, part of 
the Puppet merge)
- [Mailman](#mailman) (merge, just migrate to lists-01?)
- [XMPP](#xmpp) / [XMPP bot](#xmpp-bot) (migrate, delegate to tails, 
postponed:
  does Tails have plans to ditch XMPP?)

## 2027

- [APT repository](#apt-repository) (keep, nothing to discuss?)
- [APT snapshots](#apt-snapshots) (keep)
- [MTA](#mta) (merge) (brainstorm a plan)
- [Mirror pool](#mirror-pool) (migrate, brainstorm)
- [GitLab](#gitlab) (merge)
  - close the tails/sysadmin gitlab project?
  - brainstorm of a plan for the rest?
- [Gitolite](#gitolite) (migrate, retire Tails' Gitolite and puppetize 
TPA's?)

## 2028

- [Weblate](#weblate) (news from emmapeel?)

## 2029

- [Jenkins](#jenkins) (migrate, brainstorm a plan or date?)
- [VPN](#vpn)

# Metrics of the month

- hosts in Puppet: 91, LDAP: 90, Prometheus exporters: 512
- number of Apache servers monitored: 33, hits per second: 618
- number of self-hosted nameservers: 6, mail servers: 11
- pending upgrades: 5, reboots: 90
- average load: 0.56, memory available: 3.11 TiB/4.99 TiB, running 
processes: 169
- disk free/total: 60.95 TiB/142.02 TiB
- bytes sent: 434.13 MB/s, received: 282.53 MB/s
- planned bookworm upgrades completion date: was completed in 2024-12!
- [GitLab tickets][]: 257 tickets including...
  - open: 0
  - icebox: 160
  - roadmap::future: 48
  - needs information: 2
  - backlog: 21
  - next: 6
  - doing: 12
  - needs review: 8
  - (closed: 3867)

 [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards

Upgrade prediction graph lives at
<https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bookworm/>

Now also available as the main Grafana dashboard. Head to
<https://grafana.torproject.org/>, change the time period to 30 days, 
and wait a
while for results to render.
_______________________________________________
tor-project mailing list -- tor-project@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-project-leave@xxxxxxxxxxxxxxxxxxxx