[tor-bugs] #31957 [Internal Services/Tor Sysadmin Team]: automate upgrades
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 10 20:17:29 UTC 2020
#31957: automate upgrades
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: hiro
Type: project | Status:
| merge_ready
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: tpa-roadmap-february | Actual Points:
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by hiro):
Replying to [comment:15 anarcat]:
> > I have pushed a new branch addressing all your comments: unattended-
upgrades.
>
> it seems we now have three branches for this... i think it would have
been preferable to force-push to the topic branch instead of creating new
ones... please do cleanup the old ones to leave only the current one.
I thought it was easier to just reapply the patches cleanly. My plan was
to delete the old branches after merging, but since you have mentioned I
have now deleted the other branches.
>
> after you merge, do remove the good branch as well, of course. :)
Sure
>
> now as for the review of the `unattended-upgrades` branch...
>
> I don't think this is necessary:
>
> {{{
> +# a host that is monitored
> +class roles::unattended_upgrades {
> + include profile::unattended_upgrades
> +}
> }}}
>
> we don't need a role at all, we can include the profile in the relevant
roles. for example, this:
>
> {{{
> --- a/hiera/nodes/chives.torproject.org.yaml
> +++ b/hiera/nodes/chives.torproject.org.yaml
> @@ -1,2 +1,3 @@
> classes:
> - roles::ircbox
> + - roles::unattended_upgrades
> }}}
>
> ... could be turned into an `include profile::unattended_upgrades`
inside the `roles::ircbox`.
>
> that said, that's how the progressive deployment docs look right now, so
I can't really blame you for following it. :)
>
> anyways this looks good and I'd say go ahead with it. you are correctly
including the functionality only in one node in that way, that's the
important part to get right and it looks like you've done it. :)
>
> (if you're curious about why i'm now hesitant in adding roles to hiera
there: it's because those classes get added as prometheus labels which
creates needless noise in the prometheus time series and confuses
grafana...)
Ok I'll try to merge this as see how it goes for chives.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31957#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list