Changeset 161b93ae in darkpeak-services

Jul 15, 2018, 2:44:25 PM (2 years ago)
Mat Booth <mat.booth@…>
ansible, keycloak, master, matrix, pleroma

Moved the TODO lists over to the issue tracker.

2 edited



    r8b7e2c00 r161b93ae  
    1 Things that need to be done before we move from the legacy Docker setup to the new Ansible setup.
    3 * Run scripts against a staging server to check everything is working
    4 * Have ansible scripts that bring up every service we want to keep
    5 * Get backups of the current server
    6 * Work out a plan to migrate user data between old and new servers
    7 * Bring up a new server and migrate data over one service at a time, repointing DNS as we go
    8 * Bring down the old server
     1For the list of tasks remaining before we can consider the migration complete, see:

    r8b7e2c00 r161b93ae  
    1 - Create users and groups as part of each web service's role rather than having php-fpm role create them indirectly.
    2 - Shorten the merry dance of simlinks involved in the location of mediawiki's LocalSettings.php file (which involves allowing the execution of php code in several directories that might otherwise be sensible to keep out of php-fpm's path, like /etc/mediawiki)
    3 - Have each role create its own webroot directory, or at least pass owner, group and mode as variables to the nginx role's "configure-nginx-website.yml" playbook. This would avoid having to fix webroot permissions for roles that use php-fpm(e.g. ttrss, mediawiki).
    4   - Some roles that require nginx (git/znc/ipsilon) require no webroot directory because they simply use nginx to proxy requests to other processes, so it may be better to have the roles that need one create them
    5 - Move mastodon's webroot from /home/mastodon/live to /var/www/mastodon for consistency.
    6 - Fix the "include" deprecation warnings.
    7 - Ensure all users of LDAP are talking over TLS and actually verify certs
    8 - Replace the "darkpeak" LDAP user with a proper system user for services such as SSSD to bind with
    9 - We'll probably end up with random logos and other kinds of branding in a bunch of places -- this should be consolidated somehow (maybe submodule the design repo?)
    10 - Finish implementing git hosting:
    11   - Static site hosting (missing hook)
    12   - Add a hook for closing trac tickets from commit messages (darkpeak infra repos only)
    13 - Ipsilon is currently storing session/user data in sqlite3 -- probably should migrate it to make use of the postgres role, then it will no longer need a home directory. Anything it doesn't store in a db is ephemera that could live in /tmp or some other tmpfs location
    14 - Move to latest version of FreeIPA (and ansiblise at the same time)
     1For the master TODO list, see the issue tracker at:
Note: See TracChangeset for help on using the changeset viewer.