From 882d341d5c6b93497870303e5fbfb1b6ea91438f Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 13 Jun 2014 14:00:09 -0300 Subject: Major TODO update with puppet issues --- TODO.md | 142 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 136 insertions(+), 6 deletions(-) diff --git a/TODO.md b/TODO.md index c8978b9..d87e5f5 100644 --- a/TODO.md +++ b/TODO.md @@ -1,10 +1,19 @@ TODO ==== +General +------- + + - setup ikiwiki website + - setup a proper issue tracker + Hydra ----- - module-update: get latest commit from production branch, setup branch if need. + - module-commit: + - check and set git-flow in all repositories + - check, install and test puppet pre-commit via git-hooks on all repositories using module-commit - bootless: properly support `$subdevice` in parted or always use first partition (like `/dev/sdb1`). - newkeys: split SSH/OpenPGP check: just generate OpenPGP key if absent. - ssh-config: hydra integration. @@ -17,15 +26,136 @@ Hydractl - config parser using a custom function with `include` directive, avoiding `source`. - change default cryptsetup options. - support for cswap with passphrase. + - deploy: PREFIX support. - puppet-setup-stored: configure storeconfigs database. - backup-restore-user and backup-restore-users. - site backup, copy and restoration: call backup-restore-user - hydractl backup-restore-site {debian,wiki}. - wrapper to import/export monkeysphere keys into keyringer. - - enhance mysql-repair - - backup-restore-SERVICE: stop/start service - - backup-copy action - - backup-restore-reprepro: rsync -av /var/backups/remote/$ORIG/restore/$DATE/var/reprepro/ /var/reprepro/ + - enhance mysql-repair. + - backup-restore-SERVICE: stop/start service. + - backup-copy action. + - backup-restore-reprepro: rsync -av /var/backups/remote/$ORIG/restore/$DATE/var/reprepro/ /var/reprepro/. - backup-restore-site: - - metastore integration for fine-grained permissions - - use metadata do detect drupal series + - metastore integration for fine-grained permissions. + - use metadata do detect drupal series. + +Puppet modules +-------------- + +### Security + +- loginrecords: deploy module. +- ssh: + - access restrictions. + - denyhosts, but we don't want to log IPs. + - using shorewall: http://www.debian-administration.org/articles/250#comment_16 + - alowed users / groups. + - deprecate server DSA keys and setup ECDSA support. + - enhanced cipher modes. +- backup: + - turn on $doluks, $dolvm, $dombr and $dobios on backupninja::sys for servers and physical machines. + - sync-backups support for rsyncing from kvms / snapshots. +- virtual: migrate away from vservers. + - kvm-manager or libvirt. +- websites: + - freewvs. +- puppet: masterless puppet: + - keyringer/gpg integration. + - http://it-dev.web.cern.ch/book/cern-puppet-development-user-guide/puppet-development-work-flow-git/hiera-hierarchical-databa-1 + - https://github.com/compete/hiera_yamlgpg + - https://github.com/crayfishx/hiera-gpg + - how to distribute keys outside the repo (i.e, avoiding all nodes to have all keys?): + - add a monkeysphere auth subkey to every openpgp key used for backups. + - make backupninja wrap around monkeysphere: http://web.monkeysphere.info/doc/user-ssh-advanced/ + - how to manage storeconfigs? + - http://current.workingdirectory.net/posts/2011/puppet-without-masters/ + - http://andrewbunday.co.uk/2012/12/04/masterless-puppet-wrapper/ + - http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html + - https://github.com/jordansissel/puppet-examples/tree/master/masterless + +### Fixes + +- general: + - rollback of commits about charset. + - switch to conf.d: + - php ("refactor" branch), remove E_STRICT from production's error_reporting. + - apache2. + - profile / bashrc. + - sudoers. +- etherpad: `You need to set a sessionKey value in settings.json`. +- annex: [Problems with large numbers of files](http://git-annex.branchable.com/forum/Problems_with_large_numbers_of_files/). +- websites: php / wordpress / wp-cli: composer installation and dependencies: + - http://getcomposer.org/doc/00-intro.md#installation-nix + - https://github.com/wp-cli/wp-cli/wiki/Alternative-Install-Methods + - suhosin needs `suhosin.executor.include.whitelist = phar` on `/etc/php5/cli/conf.d/suhosin.ini`. +- puppet: + - puppetlast. + - bug report: debian wheezy puppetmaster-passenger: not honoring certname / envvars LANG issue. + - bug report: debian wheezy puppet-common: needs the following patch: http://projects.puppetlabs.com/issues/10963 +- apache: inside vservers: `/usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted)`. +- hydra: ensure `/tmp/system-upgrade` and `/tmp/system-upgrade-env are absent`. +- backup: `sync-media-iterate [volume]`. +- munin: enable/disable cgi graphing. +- mysql: + - prefetech: https://github.com/DavidS/puppet-mysql-old/issues/3 + - `symbolize is deprecated. Call the intern method on the object instead` (https://projects.puppetlabs.com/issues/17223). + - `using unique option prefix myisam-recover instead of myisam-recover-options is deprecated (...) Please use the full name instead`. +- nodo: + - cleanup hidden `/.gem`. + - split prompt.sh in a separate bash-prompt repository and include it at `puppet-nodo` and `rhatto/apps.git`. + +### Features + +- snort: module managing service and /etc/snort/snort.debian.conf. +- git: email notifications + - https://packages.debian.org/jessie/git-notifier + - https://github.com/mhagger/git-multimail + - using OpenPGP? +- trac: ship http://trac.edgewall.org/wiki/TracGit#hooks +- support for http/https proxy inside web nodes + - encrypted ssl keys: http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11440.html + - make all apache sites listen to 8080 +- git: gitolite: + - /root/.config/git/config permission denied ikiwiki issue: + - http://www.redmine.org/issues/13631 + - https://answers.atlassian.com/questions/112982/permission-denied-errors-post-upgrade-to-stash-2 + - https://bugs.gentoo.org/show_bug.cgi?id=460370 + - http://rtime.felk.cvut.cz/~sojka/blog/using-ikiwiki-with-gitolite/ + - related to ikiwiki's post-update hooks which is not getting the $HOME env correctly + - [monkeysphere integration](http://gitolite.com/gitolite/g2/monkeysphere.html). +- mail: mlmmj: + - lists with hyphens are not working when mails are sent directly, but work when sent to an alias. + - `mail::mlmmj::domain` needs updating or additional domains should be added into `relay_domains`. +- bind: nsupdate / dynamic dns: + - http://linux.yyz.us/nsupdate/ + - http://linux.yyz.us/dns/ddns-server.html + - http://caunter.ca/nsupdate.txt + - http://www.rtfm-sarl.ch/articles/using-nsupdate.html +- postfix: + - DKIM. + - gpg_mailgate support and wheezy changes in the remaining master.cf templates. +- munin: + - lvm monitoring. + - filter rrdcache messages from syslog. +- nagios: snmp, nrpe, nsca + - http://nagios.sourceforge.net/docs/3_0/addons.html + - http://www.math.wisc.edu/~jheim/snmp/ +- pyroscope: torrent workflow: torrent-maker, magnet2torrent and torrent-reseed: + - http://wiki.rtorrent.org/MagnetUri + - http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/ + - https://github.com/danfolkes/Magnet2Torrent + - http://code.google.com/p/pyroscope/wiki/CommandLineTools +- openid: provider: + - http://wiki.openid.net/w/page/12995226/Run%20your%20own%20identity%20server + - https://github.com/openid/php-openid + - http://simpleid.koinic.net/ + +Repo management +--------------- + +- integration with puppet environments. +- merge, review, pull requests for all modules. +- automatic mirros: github, gitorious and bitbucket. +- publish modules on puppet forge. +- create shared projects: rinetd, runit, apcupsd, autossh, autofs, ejabberd, dhcp. -- cgit v1.2.3