Hello all,
The TPA team had a meeting today where we prioritized our goals mostly for Q1 of 2025 and had discussions about how to go around furthering the merger with tails, especially on the Puppet side (e.g. so that both Tor and Tails infrastructures can become managed by only one tool)
Here are the notes from the meeting:
--- title: 2025 Q1 Roadmap meeting ---
# Roll call: who's there and emergencies
- anarcat - groente - lavamind - lelutin - zen
# Dashboard review
Normal per-user check-in:
- https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=anarcat - https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=groente - https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=lavamind - https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=lelutin - https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&assignee_username=zen
General dashboards:
- https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 - https://gitlab.torproject.org/groups/tpo/web/-/boards - https://gitlab.torproject.org/groups/tpo/tpa/-/boards
# 2025Q1 Roadmap review
Review priorities for January and the first quarter of 2025. Pick from the [2025 roadmap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/roadmap/2025).
Possibilities for Q1:
- [Puppet CI and improvements](https://gitlab.torproject.org/groups/tpo/tpa/-/milestones/8): GitLab MR workflow, etc - Prometheus - MinIO - web stuff: download page coordination and deployment - email stuff: eugeni retirement, puppet cleanup, lists server (endless stream of work?), re-examining open issues to see if we fixed anything - discussions about SVN? - tails merge: - password stores - security policy - rotations - Puppet: start to standardize and merge codebases, update TPA modules, standardize code layout, maybe switch to nftables on both sides?
Hoping *not* for Q1:
- rdsys containerization (but we need to discuss and confirm the roadmap with meskio) - network team test network (discussions about design maybe?) - upgrading to trixie
# Discuss and adopt the long term Tails merge roadmap
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-73-tails-infra-merge-roadmap
In [the last discussion about the tails merge roadmap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/meeting/2024-11-11), we have:
postpone[d] the "what happens when" discussion. We also identified
that most services above "low complexity" will require their own discussions (e.g. "how do we manage the Puppet control repo", "how do we merge weblate") that will happen later.
So we try to schedule those items across the 5 years. And we can also discuss specific roadmap items to see if we can settle some ideas already.
Or we postpone all of this to the 2026 roadmap.
Results of the discussion: We won't have time to discuss all of these, so maybe we want to sort based on priority, and pick one or two to go more in depth. Output should be notes to add to tpa-rfc-73 and a reviewed 2025 roadmap, then we can call this done for the time being and come back closer to end of 2025. We will adopt TPA-RFC-73 as a general guide / rough plan and review as we go.
Here are all the medium and high complexity items we might want to discuss:
## 2025
See also the milestone: %"TPA-RFC-73: Tails merge (2025)"
- [Security Policy](#security-policy) (merge, discussion delegated to anarcat) - [Shifts](#shifts) (merge, brainstorm a plan) - Puppet merge (merge, brainstorm of a plan): - deploy dynamic environments (in progress) - we can't use environments to retire one of the two puppet servers, because of exported resources - Upgrade and converge Puppet modules - lots of default stuff get deployed by TPA when you hook up a server, we could try turning everything off by default, move the defaults to a profile - maybe prioritize things, prioritize A/B/C, example: - A: "noop TPA": Kill switch on both sides, merged ENC, g10k, review exported resources, have one codebase but 2 implementations, LDAP integration vs tails? - B: "priority merge start": one codebase, but different implementations. start merging services piecemeal, e.g. two backup systems, but single monitoring system? - C: lower priority services (e.g. backusp?) - D: etc - Implement commit signing - [EYAML](#eyaml) (2029, keep?) (migrate to trocla?) - A plan for [Authentication](#authentication) (postpone discussion to later in 2025) - [LimeSuvey](#limesurvey) (merge) (just migrate from tails to TPA?) - [Monitoring](#monitoring) (migrate, brainstorm a plan)
We mostly talked about Puppet. groente and zen are going to start drafting up a plan for Puppet!
## 2026
- Basic system functionality: - [Backups](#backups) (migrate) (migrate to bacula or test borg on backup-storage-01?) - [Authentication](#authentication) (merge) (to be discussed in 2025) - [DNS](#dns) (migrate) (migrate to PowerDNS?) - [Firewall](#firewall) (migrate) (migrate to nftables) - [TLS](#tls) (migrate, brainstorm a plan) - [Web servers](#web-servers) (merge, no discussion required, part of the Puppet merge) - [Mailman](#mailman) (merge, just migrate to lists-01?) - [XMPP](#xmpp) / [XMPP bot](#xmpp-bot) (migrate, delegate to tails, postponed: does Tails have plans to ditch XMPP?)
## 2027
- [APT repository](#apt-repository) (keep, nothing to discuss?) - [APT snapshots](#apt-snapshots) (keep) - [MTA](#mta) (merge) (brainstorm a plan) - [Mirror pool](#mirror-pool) (migrate, brainstorm) - [GitLab](#gitlab) (merge) - close the tails/sysadmin gitlab project? - brainstorm of a plan for the rest? - [Gitolite](#gitolite) (migrate, retire Tails' Gitolite and puppetize TPA's?)
## 2028
- [Weblate](#weblate) (news from emmapeel?)
## 2029
- [Jenkins](#jenkins) (migrate, brainstorm a plan or date?) - [VPN](#vpn)
# Metrics of the month
- hosts in Puppet: 91, LDAP: 90, Prometheus exporters: 512 - number of Apache servers monitored: 33, hits per second: 618 - number of self-hosted nameservers: 6, mail servers: 11 - pending upgrades: 5, reboots: 90 - average load: 0.56, memory available: 3.11 TiB/4.99 TiB, running processes: 169 - disk free/total: 60.95 TiB/142.02 TiB - bytes sent: 434.13 MB/s, received: 282.53 MB/s - planned bookworm upgrades completion date: was completed in 2024-12! - [GitLab tickets][]: 257 tickets including... - open: 0 - icebox: 160 - roadmap::future: 48 - needs information: 2 - backlog: 21 - next: 6 - doing: 12 - needs review: 8 - (closed: 3867)
[Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards
Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bookworm/
Now also available as the main Grafana dashboard. Head to https://grafana.torproject.org/, change the time period to 30 days, and wait a while for results to render.