Hello sysadmins, we'll be introducing a GNOME Infrastructure Apprentice Group very soon to welcome new participants within the team with very limited privileges to begin with. The Apprentices will be able to:
1. Access our Puppet repository in read-only mode by connecting through bastion.gnome.org 2. Propose, discuss changes and patches to the Puppet repository 3. Patches are subjected to the approval of at least two existing members who will then verify, test and eventually apply the modifications on the production machines More details on the program are available at [1]. Please review them and provide some feedback. Introducing the above mentioned Program took in a few problems for what concerns the huge amount of certificates, passwords, secret keys we kept on our Puppet repository in the past. Several actions have been taken on this side: 1. The Puppet repository has been cleansed from sensitive information: 1a: certificates (now stored on puppet-back [2]) 2a: passwords, secret keys (now stored on a Hiera GPG-encrypted database on Puppet-back) 2. Passwords and secret keys are now stored under /etc/puppet/hieradata/secrets.eyaml which is a GPG-encrypted yaml file. More details about the private keys used and how to add more recipients to the keyring are available at [3]. 3. /home/admin/secret has been moved to puppet-back under /srv/secret (accessible by root only). What remains on combobox are the files shared with the services (gnomeftp, ego, perf-web) still needing them to work properly. Please consider adding new files to the new path from now on. 4. The Puppet repository will be re-created (as a "shallow" clone) and all history will be moved to a parallel repository which full-access sysadmins will be able to access to. (through git's clone --depth) Please let me know if you have any question on the previous items. [1] https://wiki.gnome.org/Sysadmin/Apprentices [2] https://wiki.gnome.org/Sysadmin/SSL [3] https://wiki.gnome.org/Sysadmin/Puppet -- Cheers, Andrea Debian Developer, Fedora / EPEL packager, GNOME Infrastructure Team Coordinator, GNOME Foundation Board of Directors Secretary, GNOME Foundation Membership & Elections Committee Chairman Homepage: http://www.gnome.org/~av _______________________________________________ gnome-infrastructure mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
