opendev/infra-specs
Code Issues Proposed changes

Merge "Add config repo split spec"

Browse Source
This commit is contained in:
Jenkins 2014-09-09 17:54:28 +00:00 committed by Gerrit Code Review
commit 375fcaa9d4
1 changed files with 152 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
specs/config-repo-split.rst Normal file
View File

@ -0,0 +1,152 @@
::
Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
This work is licensed under a Creative Commons Attribution 3.0
Unported License.
http://creativecommons.org/licenses/by/3.0/legalcode
==================================================
Split config into project-config and system-config
==================================================
Story: https://storyboard.openstack.org/#!/story/167
This describes a further refactor of the openstack-infra/config repo
to split system administration from project configuration.
Problem Description
===================
The config repo, particularly the openstack_project module, contains
both information on how our particular systems are operated (what we
might call system administration information) as well as the
configuration of those systems specific to their use hosting the
OpenStack project.
Much of the latter might be considered more like configuration data.
There are a number of people within the OpenStack project competent to
review changes to project and CI system configuration, but they are
overwhelmed by the system administration related changes in the same
repo.
Likewise, those who would like to help refactor the system
administration in the config repo to be more useful to other projects
and downstream users are not particularly interested in reviewing new
project changes. Further, colocating the two kinds of information
makes it potentially harder for downstream users of the config repo.
Future refactoring of the system administration portions of the
openstack_project module are anticipated by this specification, but
are not described here.
Proposed Change
===============
The following parts of the config repo will be extracted (preserving
history where possible) into a new git repo called
``openstack-infra/project-config``::
modules/openstack_project/files/jenkins_job_builder/config/*
modules/openstack_project/files/zuul/openstack_functions.py
modules/openstack_project/files/zuul/layout.yaml
modules/openstack_project/files/zuul/layout-dev.yaml
modules/openstack_project/files/accessbot/channels.yaml
modules/openstack_project/files/gerrit/acls/*
modules/openstack_project/files/gerrit/notify_impact.yaml
modules/openstack_project/files/nodepool/scripts/*
modules/openstack_project/files/review-dev.projects.yaml
modules/openstack_project/files/review.projects.yaml
modules/openstack_project/files/slave_scripts/*
modules/openstack_project/files/specs/index.html
modules/gerritbot/files/gerritbot_channel_config.yaml
Other files may move into the repo in the future as well as it becomes
clear how to separate them from system administration concerns
(ongoing work with multiple hiera data files may prove useful here).
Puppet configuration will then be updated to maintain a vcsrepo
checkout of the project-config repo (whose URL will be configurable to
support downstream use) and either reference or install files as
needed from it. Puppet templates (.erb files) will not be supported.
Some puppet actions are triggered by changes to these files, and that
will still need to be accomodated.
The files which have been added to ``project-config`` will be removed
from the config repo, and the config repo itself will be renamed to
``system-config``.
Alternatives
------------
N/A.
Implementation
==============
Assignee(s)
-----------
Primary assignee:
corvus (If you want to work on this, contact me!)
Work Items
----------
* Git filter-branch the listed files into a project-config repo
* Propose a change to adjust puppet config to install and reference
the project-config repo on related hosts, and remove related files.
* Freeze changes to related files.
* Update project-config with latest data from config.
* Land the above change.
* Unfreeze.
* Rename config to system-config, and update the puppet master to use
the new repo name.
Repositories
------------
Create openstack-infra/project-config from a git filter-branch of config.
Rename openstack-infra/config to openstack-infra/system-config
Servers
-------
N/A.
DNS Entries
-----------
N/A.
Documentation
-------------
The infra/config docs will need to be updated to reference the new
repo and locations of files. A new sphinx macro will need to be made
to support linking to the new repo within docs. An announcement
should be made to both the infra and dev lists.
Security
--------
None of the listed files have passwords in them and no template
parsing is immediately anticipated. If templates (to support, eg,
passwords in included files) are to be added to the project-config
repo and puppet is instructed to parse them, it could be instructed by
a template in the project-config repo to insert a password into a
wrong location and thereby either accidentally or intentially exposing
it. If templating is used, then reviewers of the project-config repo
should be selected with security-related trust in mind and reminded of
the potential for exposure.
Testing
-------
Private environment testing after the creation of the initial
project-config repo is likely to be the best way to test the change.
Dependencies
============
Related to this specification to split out puppet modules, but does
not depend on it: https://review.openstack.org/#/c/99990/