Project

General

Profile

Task #1158

service policy

Added by Florian Effenberger almost 3 years ago. Updated 5 months ago.

Status:
In Progress
Priority:
Normal
Category:
-
Target version:
Team - Q4/2017
Start date:
Due date:
% Done:

0%

Estimated time:
Tags:
URL:

Description

Every service that is either

  • running on a TDF IP
  • and/or running on a TDF hostname
  • and/or provides productive services for the LibreOffice community

needs to follow a basic service policy, which needs to be drafted, announced and then enforced with a sensible deadline (2-3 months from the time of announcement).

Some ideas for the content:

  • ask for proper documentation
  • for mass-deployable services, have infra work on Salt recipes
  • name at least two responsible parties, with e-mail and one other mean of communication
  • document backup needs
  • document necessity for open ports
  • document necessity for own public IPv4
  • legal compliance

We might consider moving to a two-tier model, where services not following the above rules in due time get moved to a testing environment with restricted incoming and outgoing traffic, and a prominent "-test" in the hostname.

History

#1 Updated by Florian Effenberger over 2 years ago

To be revisited during next admin call for more concrete action items

#2 Updated by Florian Effenberger over 2 years ago

Notes from last admin call:

* List of services, hosts and VMs
* Salt inclusion, infra team access
* Build machines and repositories

#4 Updated by Florian Effenberger over 2 years ago

  • Target version set to Q4/2015

#5 Updated by Florian Effenberger over 2 years ago

  • Subject changed from draft policy for services to service policy
  • Description updated (diff)

#6 Updated by Florian Effenberger about 2 years ago

  • Target version changed from Q4/2015 to Q1/2016

#7 Updated by Florian Effenberger almost 2 years ago

Is there any update to this?
Was this discussed again in one of the calls, any further feedback or proposals?
Otherwise I think the ticket description can serve as a good template to distill a first policy out of it (which can easily be amended later on if needed)

#8 Updated by Alexander Werner almost 2 years ago

  • Status changed from New to In Progress
  • Tags Salt added

First proposal is deployd in the public infra documentation (salt-states-base.rtfd.org), will be refined more and more.

#9 Updated by Alexander Werner almost 2 years ago

Will validate the Policy Proposal together with Norbert's gerrit salting. If the proposal holds, it will become official.

#10 Updated by Florian Effenberger over 1 year ago

  • Target version changed from Q1/2016 to Q2/2016

Draft has been published and will be put live within the next days/weeks
Please send the latest version to Norbert and Andreas, both of which are board oversight for infra, so they can give comments as well (while Norbert IMHO is in the loop, not sure if Andreas is)

#11 Updated by Alexander Werner over 1 year ago

Incorporating changes from Jan, finishing touches, then mailing to Andreas and Norbert

#12 Updated by Florian Effenberger over 1 year ago

Some further thoughts:

  • BoD -> BoD oversight for infra
  • productive service needs to fulfill all legal requirements
  • testing service might get different, non-signed SSL certificate for security reasons (self-signed or different CA)

#13 Updated by Florian Effenberger over 1 year ago

  • Target version changed from Q2/2016 to Qlater
  • Tags deleted (Salt)

Shifting to later due to the infra changes

#14 Updated by Florian Effenberger about 1 year ago

  • Assignee changed from Alexander Werner to Guilhem Moulin

re-assigning to Guilhem in order to clean up Redmine queues
nothing concrete to do at the moment

#15 Updated by Florian Effenberger 5 months ago

  • Target version changed from Qlater to Q4/2017

Also available in: Atom PDF