summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2016-06-10 19:11:33 +0000
committerintrigeri <intrigeri@boum.org>2016-06-10 19:11:33 +0000
commit38bc3026b12820a8b56bc39955cc1e90b2226f29 (patch)
tree28bfe3b3807a8b5c30d95e3a37ab45c2cb34bc9e
parentfdb21a0676012dea5936f64226984533570f2557 (diff)
parent7989be01d56c25d0b340bfd1ac18a028dfe7e860 (diff)
Merge remote-tracking branch 'origin/master'
-rw-r--r--wiki/src/contribute/how/sysadmin.mdwn7
-rw-r--r--wiki/src/contribute/how/sysadmin/deploy_icinga2_checks.mdwn79
-rw-r--r--wiki/src/contribute/reports/SponsorS/2015/2016_05.mdwn (renamed from wiki/src/blueprint/SponsorS/reports/2016_05.mdwn)39
-rw-r--r--wiki/src/news/version_2.4/autoconfig.pngbin0 -> 37885 bytes
4 files changed, 108 insertions, 17 deletions
diff --git a/wiki/src/contribute/how/sysadmin.mdwn b/wiki/src/contribute/how/sysadmin.mdwn
index ee3667d..dee7906 100644
--- a/wiki/src/contribute/how/sysadmin.mdwn
+++ b/wiki/src/contribute/how/sysadmin.mdwn
@@ -119,6 +119,13 @@ For anything more substantial, please publish your work as a Git topic
branch. If you already know where to host your personal repositories,
this is great; or else you may ask us to host your repository.
+# Icinga2 checks
+
+Please have a look at [[this how-to|how/sysadmin/deploy_icinga2_checks]]
+to learn how to add new checks in our Icinga2 setup. The above
+instructions are applying to this how-to if you don't know Puppet. Send
+us you change proposal, we'll puppetize!
+
<a id="contact"></a>
# Contact information
diff --git a/wiki/src/contribute/how/sysadmin/deploy_icinga2_checks.mdwn b/wiki/src/contribute/how/sysadmin/deploy_icinga2_checks.mdwn
new file mode 100644
index 0000000..67570b5
--- /dev/null
+++ b/wiki/src/contribute/how/sysadmin/deploy_icinga2_checks.mdwn
@@ -0,0 +1,79 @@
+[[!meta title="Deploying Icinga2 checks in the Tails infrastructure"]]
+
+See [[our sysadmin contribution page|contribute/working_together/roles/sysadmins]]
+for a description of our Icinga2 setup.
+
+The upstream Icinga2 Puppet module, which may help in simplifying our
+Puppet manifest, requires to use the puppetdb backend to support its
+complex exported resources. In Debian Jessie, exported resources are
+only supported through the active record backend, so we can't really use
+this Puppet module right now. Until PuppetDB can be used (possibly in
+Stretch), we have to write more Puppet code to deploy new checks.
+
+# Plugins
+
+Icinga2 "plugins" are scripts or softwares executed by Icinga2 to
+retrieve services data. Icinga2 natively ships a bunch of them. Have a
+look [at the
+documentation](http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/plugin-check-commands)
+if one fits our needs. If not, you'll have to install your custom
+plugin. Check the `tails::monitoring::plugin::check_torbrowser_archive`
+manifest in the [[!tails_gitweb_repo puppet-tails]] for a good
+example.
+
+The plugins manifests are not deployed directly, but are rather
+included from their respective "check commands" manifests. See below.
+
+# Check commands
+
+"Check commands" are describing to Icinga2 the way to use plugins. It
+describes the options that can be used, and helps to configure for a
+service how this plugin will be executed. If you intend to use a new
+custom plugin, you also need to install the related check command. See
+the torbrowser-archive one for a good starter. See
+`tails::monitoring::checkcommand::torbrowser_archive` manifest in
+[[!tails_gitweb_repo puppet-tails]].
+
+If you're using a new custom plugin, that's the place where you should
+include its manifest so that it is installed on every system for which a
+service check is using it.
+
+# Services
+
+Once plugins and check commands are checked, you can define a related
+service check.
+
+Have a look at the `tails::monitoring::service:torbrowser_archive` class
+in [[!tails_gitweb_repo puppet-tails]] and the related service
+configuration template. It is the place where the related check command
+manifest has to be included.
+
+There are two types of service checks:
+
+## Remotely executed service
+
+Ran from the master on a remote hosted service. In this
+case, this service exported resources needs to be collected on the
+Icinga2 master only as we do in the `tails::monitoring::master` class
+for the `Tails::Monitoring::Service::Http` check in
+[[!tails_gitweb_repo puppet-tails]].
+
+## Locally executed service
+
+It needs to be deployed on every host that will run it.
+In this case, the exported resources for this kind of service checks
+need to be collected on the master, satellite and concerned system(s).
+That's what we do in the `tails::monitoring::{master,satellite,agent)`
+class for the `Tails::Monitoring::Service::Memory` check in
+[[!tails_gitweb_repo puppet-tails]]. Pay attention to the parameter
+passed at the exported resources collection.
+
+# Deploy
+
+Once all of the plugin, check command and service related manifests are
+checked, it's time to configure the service check. Declare it in the
+related node manifest **as an exported resource**.
+
+Depending if the service is local or remote, the Puppet clients may need
+to be run serveral time on different systems for the service check
+exported resource to be collected and realized correctly.
diff --git a/wiki/src/blueprint/SponsorS/reports/2016_05.mdwn b/wiki/src/contribute/reports/SponsorS/2015/2016_05.mdwn
index a43ff6c..c3090a2 100644
--- a/wiki/src/blueprint/SponsorS/reports/2016_05.mdwn
+++ b/wiki/src/contribute/reports/SponsorS/2015/2016_05.mdwn
@@ -2,18 +2,6 @@
[[!toc levels=2]]
-<div class="caution">
-<strong>Deadline: 2016-06-05</strong>
-</div>
-
-<div class="note">
-Deliverable identifiers and descriptions are not free-form: they must
-be copy'n'pasted as-is from the proposal sent to the sponsor.
-</div>
-
-[Last month's activity on Redmine](https://labs.riseup.net/code/projects/tails/issues?query_id=208)
-can be helpful.
-
This reports covers the activity of Tails in May 2016.
Everything in this report is public.
@@ -22,19 +10,34 @@ Everything in this report is public.
## A.1.1. Secure the Icedove autoconfig wizard
-Tails 2.4 has been released with our proper patches which provide the possibility to use the autoconfiguration wizard of Icedove while guessing mail server configurations only and by default over a secure connection and furthermore accepting only secure options to configure the account. ([[!tails_ticket 6158]], [[!tails_ticket 6369]])
+Tails 2.4 has been released with our proper patches which provide the
+possibility to use the automatic account configuration of Icedove to
+discover email server configurations only, and by default, over a secure
+connection and furthermore accepting only secure options to configure
+the account. ([[!tails_ticket 6158]], [[!tails_ticket 6369]])
This milestone is now completed.
## A.1.2. Make our improvements maintainable for future versions of Icedove
-On the upstream side, our patches to Thunderbird have finally been reviewed ([[https://bugzilla.mozilla.org/show_bug.cgi?id=971347]]). A second iteration of patches has been sent to upstream, after a first review. As of today, the upstream requests mostly code style modifications so that we're now confident that upstream wants and will include our patches very soon.
+On the upstream side, our patches to Thunderbird have finally been
+reviewed ([[https://bugzilla.mozilla.org/show_bug.cgi?id=971347]]). A
+second iteration of patches has been sent to upstream, after a first
+review. As of today, the upstream requests mostly code style
+modifications so that we're now confident that upstream wants and will
+include our patches very soon.
-Our patches to Torbirdy have all been merged and we're now simply waiting for a new release of the software. This will allow us to drop our custom built packages and use the default Debian one, once it's published.
+Our patches to TorBirdy have all been merged and we're now simply
+waiting for a new release of the software. This will allow us to drop
+our custom built packages and use the default Debian one, once it's
+published.
-This milestone is nearly completed and we hope that we can mark it as done before the next report.
+This milestone is nearly completed and we hope that we can mark it as
+done before the next report.
-We've changed Enigmail's settings in order to use keyservers only over HTTPS ([[!tails_ticket 10906]]) and modified our user documentation accordingly. ([[!tails_ticket 11125]])
+We've changed Enigmail's settings in order to use keyservers only over
+HTTPS ([[!tails_ticket 10906]]) and modified our user documentation
+accordingly. ([[!tails_ticket 11125]])
# B. Improve our quality assurance process
@@ -217,3 +220,5 @@ in the browser. We still have to make DAVE use the new pool of mirrors.
code. Sprint cleaning!
# E. Release management
+
+[[Tails 2.4~rc1|news/test_2.4-rc1]] was released for testing on May 26.
diff --git a/wiki/src/news/version_2.4/autoconfig.png b/wiki/src/news/version_2.4/autoconfig.png
new file mode 100644
index 0000000..315c530
--- /dev/null
+++ b/wiki/src/news/version_2.4/autoconfig.png
Binary files differ