Commit 761c577f authored by intrigeri's avatar intrigeri
Browse files

Clarify sysadmin doc about Git repositories for Puppet modules (refs: #14613)

 - Document the authoritative place for our Puppet modules
   and the synchronization mechanism to the public mirrors.
 - Clarify what's the manifests repo and its use of submodules.
 - Avoid pointing non-sysadmins to doc that won't work for them.
 - Point to the Puppet modules Git repo doc from contribute/how/sysadmin.
 - Make the link to our Puppet code more obvious on
   contribute/working_together/roles/sysadmins
parent 37d4ddd2
......@@ -198,51 +198,55 @@ available for the promotion material repository.
<a id="puppet"></a>
Puppet modules
--------------
Puppet code
-----------
Those who have SSH access to these repositories must configure their
SSH client a bit, e.g.:
### Puppet manifests
Host git.puppet.tails.boum.org
HostName d53ykjpeekuikgoq.onion
ProxyCommand torsocks monkeysphere ssh-proxycommand %h %p
Only Tails
[[system administrators|contribute/working_together/roles/sysadmins]]
have access to our Puppet manifests. If you are not a member of that
team, please skip to the _Puppet modules_ section below.
### tails
1. Configure your SSH client:
This is the main *public* Puppet module to manage Tails infrastructure,
including classes such as `tails::reprepro` and `tails::whisperback::relay`.
Host git.puppet.tails.boum.org
HostName d53ykjpeekuikgoq.onion
ProxyCommand torsocks monkeysphere ssh-proxycommand %h %p
Anyone can check it out like this:
git clone git://git.puppet.tails.boum.org/puppet-tails
Developers with write access to the repositories should instead:
git clone gitolite@git.puppet.tails.boum.org:puppet-tails
### Other Puppet modules
We use and publish a lot of other Puppet modules. See the section
about our [[other repositories|git#other-repositories]].
### tails_lizard_manifests
2. Clone our private Puppet manifests repository:
Developers with access to the APT secrets can check it out like this:
git clone gitolite@git.puppet.tails.boum.org:puppet-lizard-manifests && \
git submodule update --init
git clone gitolite@git.puppet.tails.boum.org:puppet-lizard-manifests
All the Puppet modules we use are tracked as Git submodules in
this repository.
### tails_secrets_apt
<a id="puppet-modules"></a>
Developers with access to the APT secrets can check it out like this:
### Puppet modules
git clone gitolite@git.puppet.tails.boum.org:puppet-tails_secrets_apt
We use and publish a lot of other Puppet modules. Each of them is
stored in a Git repository called `puppet-$module`. For example,
`puppet-tails` is the main public Puppet module we use to manage Tails
infrastructure, including classes such as `tails::reprepro` and
`tails::whisperback::relay`.
### tails_secrets_whisperback
If you are on the Tails system administration team, use the
authoritative repositories for these modules at
`git.puppet.tails.boum.org`:
Developers with access to the WhisperBack secrets can check it out like this:
- They are referenced as Git submodules in our private Puppet
manifests repository so you should have a local clone of
them already.
- Anything you push to these repositories (except `tails_secrets_*`)
is automatically synchronized to public mirrors at
<https://git-tails.immerda.ch/>.
- Do not push to the public mirrors: your changes would be
overwritten by the next automatic synchronization.
git clone gitolite@git.puppet.tails.boum.org:puppet-tails_secrets_whisperback
Otherwise, you can list, browse and fork these repositories using
their [[public mirrors|git#other-repositories]].
<a id="other-repositories"></a>
......
......@@ -104,6 +104,8 @@ To solve a problem with Puppet, you need to:
* Or, create a new Puppet module. But first, try to find an existing
module that can be adapted to our needs.
See the [[Puppet modules|contribute/git#puppet-modules]] we already use.
Many Puppet modules can be found in the [shared Puppet
modules](https://labs.riseup.net/code/projects/sharedpuppetmodules),
the [Puppet Forge](https://forge.puppetlabs.com/), and on GitHub.
......
......@@ -88,8 +88,9 @@ The main tools used to manage the Tails infrastructure are:
cases, we run the current stable release
* [Puppet](http://projects.puppetlabs.com/projects/puppet),
a configuration management system
- our [[Puppet code|contribute/git#puppet]]
* [Git](http://git-scm.com/) to host and deploy configuration,
including our [[Puppet modules|contribute/git#puppet]]
including our Puppet code
<a id="communication"></a>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment