Major TODO update with puppet issues0.2.2

1 files changed, 136 insertions, 6 deletions

diff --git a/TODO.md b/TODO.md
index c8978b9..d87e5f5 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,10 +1,19 @@
 TODO
 ====
 
+General
+-------
+
+  - setup ikiwiki website
+  - setup a proper issue tracker
+
 Hydra
 -----
 
   - module-update: get latest commit from production branch, setup branch if need.
+  - module-commit:
+    - check and set git-flow in all repositories
+    - check, install and test puppet pre-commit via git-hooks on all repositories using module-commit
   - bootless: properly support `$subdevice` in parted or always use first partition (like `/dev/sdb1`).
   - newkeys: split SSH/OpenPGP check: just generate OpenPGP key if absent.
   - ssh-config: hydra integration.
@@ -17,15 +26,136 @@ Hydractl
     - config parser using a custom function with `include` directive, avoiding `source`.
     - change default cryptsetup options.
     - support for cswap with passphrase.
+  - deploy: PREFIX support.
   - puppet-setup-stored: configure storeconfigs database.
   - backup-restore-user and backup-restore-users.
   - site backup, copy and restoration: call backup-restore-user
   - hydractl backup-restore-site {debian,wiki}.
   - wrapper to import/export monkeysphere keys into keyringer.
-  - enhance mysql-repair
-  - backup-restore-SERVICE: stop/start service
-  - backup-copy action
-  - backup-restore-reprepro: rsync -av /var/backups/remote/$ORIG/restore/$DATE/var/reprepro/ /var/reprepro/
+  - enhance mysql-repair.
+  - backup-restore-SERVICE: stop/start service.
+  - backup-copy action.
+  - backup-restore-reprepro: rsync -av /var/backups/remote/$ORIG/restore/$DATE/var/reprepro/ /var/reprepro/.
   - backup-restore-site:
-    - metastore integration for fine-grained permissions
-    - use metadata do detect drupal series
+    - metastore integration for fine-grained permissions.
+    - use metadata do detect drupal series.
+
+Puppet modules
+--------------
+
+### Security
+
+- loginrecords: deploy module.
+- ssh:
+  - access restrictions.
+    - denyhosts, but we don't want to log IPs.
+    - using shorewall: http://www.debian-administration.org/articles/250#comment_16
+    - alowed users / groups.
+  - deprecate server DSA keys and setup ECDSA support.
+  - enhanced cipher modes.
+- backup:
+  - turn on $doluks, $dolvm, $dombr and $dobios on backupninja::sys for servers and physical machines.
+  - sync-backups support for rsyncing from kvms / snapshots.
+- virtual: migrate away from vservers.
+  - kvm-manager or libvirt.
+- websites:
+  - freewvs.
+- puppet: masterless puppet:
+  - keyringer/gpg integration.
+    - http://it-dev.web.cern.ch/book/cern-puppet-development-user-guide/puppet-development-work-flow-git/hiera-hierarchical-databa-1
+    - https://github.com/compete/hiera_yamlgpg
+    - https://github.com/crayfishx/hiera-gpg
+  - how to distribute keys outside the repo (i.e, avoiding all nodes to have all keys?):
+    - add a monkeysphere auth subkey to every openpgp key used for backups.
+    - make backupninja wrap around monkeysphere: http://web.monkeysphere.info/doc/user-ssh-advanced/
+  - how to manage storeconfigs?
+  - http://current.workingdirectory.net/posts/2011/puppet-without-masters/
+  - http://andrewbunday.co.uk/2012/12/04/masterless-puppet-wrapper/
+  - http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html
+  - https://github.com/jordansissel/puppet-examples/tree/master/masterless
+
+### Fixes
+
+- general:
+  - rollback of commits about charset.
+  - switch to conf.d:
+    - php ("refactor" branch), remove E_STRICT from production's error_reporting.
+    - apache2.
+    - profile / bashrc.
+    - sudoers.
+- etherpad: `You need to set a sessionKey value in settings.json`.
+- annex: [Problems with large numbers of files](http://git-annex.branchable.com/forum/Problems_with_large_numbers_of_files/).
+- websites: php / wordpress / wp-cli: composer installation and dependencies:
+  - http://getcomposer.org/doc/00-intro.md#installation-nix
+  - https://github.com/wp-cli/wp-cli/wiki/Alternative-Install-Methods
+  - suhosin needs `suhosin.executor.include.whitelist = phar` on `/etc/php5/cli/conf.d/suhosin.ini`.
+- puppet:
+  - puppetlast.
+  - bug report: debian wheezy puppetmaster-passenger: not honoring certname / envvars LANG issue.
+  - bug report: debian wheezy puppet-common: needs the following patch: http://projects.puppetlabs.com/issues/10963
+- apache: inside vservers: `/usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted)`.
+- hydra: ensure `/tmp/system-upgrade` and `/tmp/system-upgrade-env are absent`.
+- backup: `sync-media-iterate [volume]`.
+- munin: enable/disable cgi graphing.
+- mysql:
+  - prefetech: https://github.com/DavidS/puppet-mysql-old/issues/3
+  - `symbolize is deprecated. Call the intern method on the object instead` (https://projects.puppetlabs.com/issues/17223).
+  - `using unique option prefix myisam-recover instead of myisam-recover-options is deprecated (...) Please use the full name instead`.
+- nodo:
+  - cleanup hidden `/.gem`.
+  - split prompt.sh in a separate bash-prompt repository and include it at `puppet-nodo` and `rhatto/apps.git`.
+
+### Features
+
+- snort: module managing service and /etc/snort/snort.debian.conf.
+- git: email notifications
+  - https://packages.debian.org/jessie/git-notifier
+  - https://github.com/mhagger/git-multimail
+  - using OpenPGP?
+- trac: ship http://trac.edgewall.org/wiki/TracGit#hooks
+- support for http/https proxy inside web nodes
+  - encrypted ssl keys: http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11440.html
+  - make all apache sites listen to 8080
+- git: gitolite:
+  - /root/.config/git/config permission denied ikiwiki issue:
+    - http://www.redmine.org/issues/13631
+    - https://answers.atlassian.com/questions/112982/permission-denied-errors-post-upgrade-to-stash-2
+    - https://bugs.gentoo.org/show_bug.cgi?id=460370
+    - http://rtime.felk.cvut.cz/~sojka/blog/using-ikiwiki-with-gitolite/
+    - related to ikiwiki's post-update hooks which is not getting the $HOME env correctly
+  - [monkeysphere integration](http://gitolite.com/gitolite/g2/monkeysphere.html).
+- mail: mlmmj:
+  - lists with hyphens are not working when mails are sent directly, but work when sent to an alias.
+  - `mail::mlmmj::domain` needs updating or additional domains should be added into `relay_domains`.
+- bind: nsupdate / dynamic dns:
+  - http://linux.yyz.us/nsupdate/
+  - http://linux.yyz.us/dns/ddns-server.html
+  - http://caunter.ca/nsupdate.txt
+  - http://www.rtfm-sarl.ch/articles/using-nsupdate.html
+- postfix:
+  - DKIM.
+  - gpg_mailgate support and wheezy changes in the remaining master.cf templates.
+- munin:
+  - lvm monitoring.
+  - filter rrdcache messages from syslog.
+- nagios: snmp, nrpe, nsca
+  - http://nagios.sourceforge.net/docs/3_0/addons.html
+  - http://www.math.wisc.edu/~jheim/snmp/
+- pyroscope: torrent workflow: torrent-maker, magnet2torrent and torrent-reseed:
+  - http://wiki.rtorrent.org/MagnetUri
+  - http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/
+  - https://github.com/danfolkes/Magnet2Torrent
+  - http://code.google.com/p/pyroscope/wiki/CommandLineTools
+- openid: provider:
+  - http://wiki.openid.net/w/page/12995226/Run%20your%20own%20identity%20server
+  - https://github.com/openid/php-openid
+  - http://simpleid.koinic.net/
+
+Repo management
+---------------
+
+- integration with puppet environments.
+- merge, review, pull requests for all modules.
+- automatic mirros: github, gitorious and bitbucket.
+- publish modules on puppet forge.
+- create shared projects: rinetd, runit, apcupsd, autossh, autofs, ejabberd, dhcp.