We should have open-source puppet manifests and configs that live in our Socorro repo, in the top-level ./puppet/ subdir. I don't think it's appropriate to just drop-ship our internal Mozilla IT puppet repo for several reasons - size/complexity, style, hardcoded secrets being top-of-mind. I have been working on a do-over in https://github.com/rhelmer/socorro-puppet/ that's based on our Vagrant manifests - needs more work obviously, but it's so far very simple and passes puppet-lint (last I checked). We can take code and/or learnings from Mozilla IT puppet repo of course! It uses hiera + templates to deal with secrets. This has been very helpful to me in spinning up test environments - all you need to do is: * customize common.yaml * copy files and run per README.md * run deploy.sh with latest socorro tarball I think once bug 1039876 lands and moves the vagrant stuff out of the way, we could use this as a starting point towards having public puppet+configs that live in the repo (except for actual secrets in common.yaml and friends) Thoughts?
Given that we're moving to AWS, and quite possibly away from Puppet (or, at least, a Puppet-centric system), this bug may soon become irrelevant. I propose that we close it WONTFIX for now, and re-open if we're still Puppet-centric going forward. Rob?
just 'wontfix' it
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.