[tor-bugs] #30020 [Internal Services/Tor Sysadmin Team]: switch from our custom YAML implementation to Hiera
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 17 20:45:33 UTC 2019
#30020: switch from our custom YAML implementation to Hiera
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: anarcat
Type: project | Status:
| assigned
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #29387 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by anarcat):
Another possible solution is to move from LDAP to Hiera for host metadata.
That is where, after all, Puppet is getting some of those IP addresses
from and it would be possible to simply do lookups in Hiera for those, if
it was properly loaded and ordered.
Another case I found is `roles::weblog_sink` which constructs SSH keys
from the YAML data. This could be generated from exported resources as
well, for example with the
[https://puppet.com/docs/puppet/4.8/type.html#sshauthorizedkey
ssh_authorized_keys builtin type].
So in other words, I think this project is doable, but it will require
refactoring and lots of work.
In the end, though, we would have one YAML file per host in
`hiera/nodes/$FQDN.yaml`. This could be made fairly human-readable if we
make a good template, and be the single source of truth for all
information about a host including hosting provider, cost and so on,
solving our inventory problem, (partly) described in #29816.
I think this is worth it and will make it easier to get people involved in
Puppet work.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30020#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list