hi folks, Ricky Zhou and I had talked about this a few weeks ago and I wanted to finish up getting the ball rolling. I've made a new git repo available at:
/git/infra-hosts on lockbox01
This git tree is for structured and unstructured notes/info on our hosts.
there is one dir per host. You can put whatever you want into the dirs. It ends up propagating out to: /srv/web/infra/hosts on lockbox01.
That space is accessible from:
http://infrastructure.fedoraproject.org/infra/hosts for our hosts.
So - there should be nothing protected, private, nor confidential in this repo.
Puppet runs: If you look in any give host dir you will find a file named run-puppet there.
This file doesn't need to have anything in it but it does need to exist if you want puppet to be able to run on the host.
This file is checked for on each and every host before puppet is run via cron. If the file isn't available then puppet won't run. We'll get a report about hosts on which puppet hasn't run, of course.
So if you want to disable puppet on a box you'd just run:
git rm $hostname/run-puppet; git commit -a; git push
that's it - puppet won't run, unless someone runs something manually.
to reenable - just touch the file, git add it, commit and push
As other things come up we'll add them here and have central repository where these things can live.
let me know what you think.
-sv
On Wed, 06 Jul 2011 16:59:48 -0400 seth vidal skvidal@fedoraproject.org wrote:
hi folks, Ricky Zhou and I had talked about this a few weeks ago and I wanted to finish up getting the ball rolling. I've made a new git repo available at:
...snip...
As other things come up we'll add them here and have central repository where these things can live.
let me know what you think.
Sounds good to me.
As with anything like this we will need to try and keep it up to date with info, etc.
kevin
http://infrastructure.fedoraproject.org/infra/hosts for our hosts.
Maybe my interpretation is incorrect but I cannot access that URL (403 - Forbidden) from outside.
Puppet runs:
Awesome idea! I'm sure that will help stop the surprise moments of ... crap ... puppet ran on there after I thought I disabled it ...
-Adam
On Thu, 2011-07-07 at 12:53 -0400, Adam M. Dutko wrote:
http://infrastructure.fedoraproject.org/infra/hosts for our hosts.
Maybe my interpretation is incorrect but I cannot access that URL (403
- Forbidden) from outside.
Yes - that's correct. That path is only accessible from the host ips. I've debated that, though. Since there is nothing private/confidential there maybe I should open it up.
Thoughts?
Puppet runs:
Awesome idea! I'm sure that will help stop the surprise moments of ... crap ... puppet ran on there after I thought I disabled it ...
exactly and it should help us find out where puppet is disabled - if we can get everyone to agree to use that common location for things. -sv
Thoughts?
It probably makes sense to keep it accessible by tunnel only because there is the potential for "an oops I didn't mean to post that there..." moment.
can get everyone to agree to use that common location for things.
It's not as big as FHS and there aren't as many interested parties as FHS so I think it has a chance. :-)
On Thu, Jul 07, 2011 at 01:18:31PM -0400, seth vidal wrote:
On Thu, 2011-07-07 at 12:53 -0400, Adam M. Dutko wrote:
http://infrastructure.fedoraproject.org/infra/hosts for our hosts.
Maybe my interpretation is incorrect but I cannot access that URL (403
- Forbidden) from outside.
Yes - that's correct. That path is only accessible from the host ips. I've debated that, though. Since there is nothing private/confidential there maybe I should open it up.
Thoughts?
Open -- We already agree that we really would like to open the puppet repo but can't quite bring ourselves to since we don't know if there's any private data hidden away in the git repo's history.
Starting off with the expectation that this is public seems like a better procedure.
-Toshio
On Thu, Jul 7, 2011 at 9:30 PM, Toshio Kuratomi a.badger@gmail.com wrote:
.> Open -- We already agree that we really would like to open the puppet repo
but can't quite bring ourselves to since we don't know if there's any private data hidden away in the git repo's history.
Starting off with the expectation that this is public seems like a better procedure.
+1
On Jul 8, 2011 3:30 AM, "Toshio Kuratomi" a.badger@gmail.com wrote:
On Thu, Jul 07, 2011 at 01:18:31PM -0400, seth vidal wrote:
On Thu, 2011-07-07 at 12:53 -0400, Adam M. Dutko wrote:
http://infrastructure.fedoraproject.org/infra/hosts for our hosts.
Maybe my interpretation is incorrect but I cannot access that URL (403
- Forbidden) from outside.
Yes - that's correct. That path is only accessible from the host ips. I've debated that, though. Since there is nothing private/confidential there maybe I should open it up.
Thoughts?
Open -- We already agree that we really would like to open the puppet repo but can't quite bring ourselves to since we don't know if there's any private data hidden away in the git repo's history.
Starting off with the expectation that this is public seems like a better procedure.
-Toshio
+1
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
infrastructure@lists.fedoraproject.org