#30020: switch from our custom YAML implementation to Hiera
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: anarcat
Type: project | Status:
| assigned
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #29387 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by anarcat):
i got a little tired of battling this, so I took a small break. I still
migrated a few roles:
{{{
civicrm_ext_2018
civicrm_int_2018
civicrm_ext
civicrm_int
public_git
rt
svn
metrics
exonerator
bridges
trac
mandos_server
}}}
many of those were easy marks: the ssl::service stuff were just a lot of
copy-paste, which might have been better implemented by having a
parametrized class with the node-specific parameters in hiera, something
like:
{{{
class profile::ssl_web($name, $onion = false) {
ssl::service { $name: notify => Exec['service apache2 reload'], key =>
true, onion => $onion }
}
}}}
And in (say) `eugeni.torproject.org.yaml`, you would have:
{{{
profile::ssl_web::name: "lists.torproject.org"
profile::ssl_web::onion: true
classes:
- profile::ssl_web
}}}
... but I didn't want to overthink this just yet. plus we might want to
manage those services more closely in Puppet eventually and such a class
would just make it difficult. Besides, i suspect this would belong in the
Apache module, not in a profile. '''And''' we should have a ''role'' in
Hiera instead of a ''profile'', so we would end up creating the equivalent
of the ''profile'' I ended up making anyways:
{{{
class profile::lists {
ssl::service { 'lists.torproject.org':
notify => Exec['service apache2 reload'],
key => true,
}
}
}}}
So I think it's the right conversion for now. I'm not converting the
entire hierarchy to R/P/M just yet anyways, just switching to Hiera is
enough work as it is.
There are now 22 `has_role` calls left in the main `roles` class, down
from around 50. Unfortunately, there is actually more roles in the
`local.yaml` file (33) that I haven't considered or noticed, so we haven't
crossed the magic halfway point just yet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30020#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
