[tor-bugs] #32914 [Internal Services/Tor Sysadmin Team]: review the puppet bootstrapping process

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 20 20:29:18 UTC 2020 

#32914: review the puppet bootstrapping process
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  anarcat
     Type:  task                                 |         Status:  closed
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Minor                                |     Resolution:  fixed
 Keywords:  tpa-roadmap-february                 |  Actual Points:
Parent ID:  #31239                               |         Points:  1
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):

 * status:  needs_revision => closed
 * resolution:   => fixed


Comment:

 tying up loose ends here:

 > that is *mostly* the case with the caveat that we do "--waitforcert" on
 the client which might hang the installer for two minutes of the operator
 doesn't approve the certificate fast enough.

 this works in the bootstrap at least. we might not want to do that in the
 automated systems, but at least the --waitforcert is compatible with
 --test, which i was worried about.

 > i believe i have fixed that by masking the puppet service before
 installing the package, but this requires testing.

 i confirm this works.

 > i am wondering if we should simply skip the "puppet agent -t; ud-
 replicate" stage on the instance... this will eventually converge anyways,
 no?

 i added this as part of the client bootstrap script.

 >  another thing we should check is whether we can hook step 5 in the
 puppet bootstrap (because that's probably why it's there, otherwise it's
 something puppet could do itself):

 I moved this to the hetzner-robot installer and made it a requirement.

 > steps 7 (nevii) and 9 (do more puppet runs) should probably be removed
 on next run.

 done: i confirm that nevii figures it out eventually and step 9 was folded
 in bootstrap.

 i think we're done here. eventually the puppet bootstrap can be merged
 back into the one big installer, but for now it can't as long as we stick
 with the "shell script on server" design.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32914#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list