Task #1158
closed
Added by Florian Effenberger about 10 years ago.
Updated over 4 years ago.
Target version:
Team - Q2/2020
Description
Every service that is either
- running on a TDF IP
- and/or running on a TDF hostname
- and/or provides productive services for the LibreOffice community
needs to follow a basic service policy, which needs to be drafted, announced and then enforced with a sensible deadline (2-3 months from the time of announcement).
Some ideas for the content:
- ask for proper documentation
- for mass-deployable services, have infra work on Salt recipes
- name at least two responsible parties, with e-mail and one other mean of communication
- document backup needs
- document necessity for open ports
- document necessity for own public IPv4
- legal compliance
We might consider moving to a two-tier model, where services not following the above rules in due time get moved to a testing environment with restricted incoming and outgoing traffic, and a prominent "-test" in the hostname.
To be revisited during next admin call for more concrete action items
Notes from last admin call:
* List of services, hosts and VMs
* Salt inclusion, infra team access
* Build machines and repositories
- Target version set to Q4/2015
- Subject changed from draft policy for services to service policy
- Description updated (diff)
- Target version changed from Q4/2015 to Q1/2016
Is there any update to this?
Was this discussed again in one of the calls, any further feedback or proposals?
Otherwise I think the ticket description can serve as a good template to distill a first policy out of it (which can easily be amended later on if needed)
- Status changed from New to In Progress
- Tags Salt added
First proposal is deployd in the public infra documentation (salt-states-base.rtfd.org), will be refined more and more.
Will validate the Policy Proposal together with Norbert's gerrit salting. If the proposal holds, it will become official.
- Target version changed from Q1/2016 to Q2/2016
Draft has been published and will be put live within the next days/weeks
Please send the latest version to Norbert and Andreas, both of which are board oversight for infra, so they can give comments as well (while Norbert IMHO is in the loop, not sure if Andreas is)
Incorporating changes from Jan, finishing touches, then mailing to Andreas and Norbert
Some further thoughts:
- BoD -> BoD oversight for infra
- productive service needs to fulfill all legal requirements
- testing service might get different, non-signed SSL certificate for security reasons (self-signed or different CA)
- Target version changed from Q2/2016 to Qlater
- Tags deleted (
Salt)
Shifting to later due to the infra changes
- Assignee changed from Alexander Werner to Guilhem Moulin
re-assigning to Guilhem in order to clean up Redmine queues
nothing concrete to do at the moment
- Target version changed from Qlater to Q4/2017
- Target version changed from Q4/2017 to Q3/2018
There are actually a few tasks going on in parallel to that effect, so parts of this is done
I'll postpone some bits to Q3
- Target version changed from Q3/2018 to Q3/2019
Is something like that in the works? Maybe a topic for an upcoming infra call?
- Target version changed from Q3/2019 to Q2/2020
- Status changed from In Progress to Closed
Is current practice - when a service gets deployed, all these details need to be filled into Salt
No external documentation required so far (plus Salt states public as well), so closing this one for the moment
Should a need come up, can always be re-opened
Also available in: Atom
PDF