[tor-bugs] #31957 [Internal Services/Tor Sysadmin Team]: automate upgrades

Mon Feb 10 15:08:13 UTC 2020

#31957: automate upgrades
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  anarcat
     Type:  project                              |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tpa-roadmap-february                 |  Actual Points:
Parent ID:                                       |         Points:  0.5
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):

 * status:  needs_review => needs_revision

Comment:

 quick patch review

  1. the first patch should be the raw import of the upstream repo,
 *without* the proposed patches... that way it's easier to see what we have
 done on top of the upstream repo... as things stand now it's unclear to me
 which patch exactly was used - the commit log points to
 https://github.com/voxpupuli/puppet-unattended_upgrades/issues/145 but
 that's an issue, not a patch... i'll go under the assertion that the patch
 merged is https://github.com/voxpupuli/puppet-unattended_upgrades/pull/148
 instead

  2. please do provide a review of the upstream pull request. if you think
 it's good, just say so in the pull request so I can officially merge it
 upstream. (note that I *can* merge it upstream without your approval, but
 i just think it's more transparent that way, plus it gives you some public
 credits on github and introduces you to the folks paying attention in the
 org)

  3. i haven't audited the upstream module's source code and will assume
 you have done due dilligence here :)

  4. did you test the deployment somewhere? how do you plan to do the
 deployment? just dropping it in `hiera/common.yaml` is a rather... bold
 move, I would say... ;) i have written instructions on how to do a
 progressive deployment here:
 https://help.torproject.org/tsa/howto/puppet/#Progressive_deployment

 note that the progressive deployments notes seem a bit dated now, these
 days I deploy classes as includes in a role instead of directly in hiera,
 because hiera includes classes in a non-deterministic way, which can be
 confusing sometimes. see the way profile::jumphost was progressively
 deployed for an example (commits 8c1d3087 c2439c7f dd3a1d7b c57b446c
 cdcc8576, etc)

 let me know if I can help any further! :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31957#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online