[tor-bugs] #33588 [Internal Services/Tor Sysadmin Team]: migrate to puppetserver and Puppet 6 before EOL (was: migrate to puppetserver before EOL)

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 10 20:16:23 UTC 2020 

#33588: migrate to puppetserver and Puppet 6 before EOL
-------------------------------------------------+---------------------
 Reporter:  anarcat                              |          Owner:  tpa
     Type:  project                              |         Status:  new
 Priority:  Low                                  |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tpa-roadmap-october                  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------
Changes (by anarcat):

 * keywords:   => tpa-roadmap-october


Old description:

> our current puppetmaster configuration ("apache + passenger") is
> deprecated and will be removed in Puppet 6. we need to switch to the
> alternative, which is "puppetserver", a daemon written in Clojure
> especially for that purpose.
>
> the tool is [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830904 not
> yet in Debian], so this can wait until then. otherwise we could also use
> the upstream puppet debian repositories.
>
> our "old" passenger configuration lead to at least one security issue
> (#33587) which was due to how complex that configuration is.

New description:

 our current puppetmaster configuration ("apache + passenger") is
 deprecated and will be removed in Puppet 6. we need to switch to the
 alternative, which is "puppetserver", a daemon written in Clojure
 especially for that purpose.

 the tool is [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830904 not
 yet in Debian], so this can wait until then. otherwise we could also use
 the upstream puppet debian repositories.

 our "old" passenger configuration lead to at least one security issue
 (#33587) which was due to how complex that configuration is.

 puppet 5, as a whole, is EOL in november 2020, so we should consider an
 upgrade path to Puppet 6 by then. the packaging work is happening in
 [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950182 bts #950182].

--

Comment:

 puppet 5 is EOL in november 2020, so this is broader than just
 puppetserver. also added a link to the Puppet 6 ticket in the Debian bts.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33588#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list