We currently use config files in the collectively-owned
~staff folder on supernova for some parts of our website. Two examples I’m aware of are:
~staff/lab_status.yaml, which creates an urgent announcement banner on our homepage, usually used to inform people of outages
~staff/staff_hours/yaml, which controls https://www.ocf.berkeley.edu/staff-hours
This approach comes with a number of problems:
- We don’t have a clear edit history of these files
- If anyone messes up the syntax (YAML is confusing), it breaks the whole document
- Concurrent edits aren’t handled well-- if two staffers are editing the file at the same time, they might (opaquely) overwrite eachother’s changes.
A lot of configuration for our services ends up happening in ocflib, our Python library which is installed on all hosts. But updates to ocflib can take a long time to propagate. Also, changes to ocflib are subject to a “heavier” review process, which we don’t want to deal with for files like the staff-hours config, since those change often without needing to be reviewed.
We can also add validators to ensure that files don’t have syntax errors.
This idea was brought up by ckuehl, who has seen it used in practice at Yelp. chat logs
- Make the
srv-configsrepository on GitHub
- (probably) make a new unix user to “own” the files, ensure they have rw permissions and everything else has read-only access
- Write Puppet rules to make sure it’s on all the hosts
- Write Puppet rules to update it every x seconds (probably a cronjob)
- Write validators (git hooks? something else?)
- Rewrite the necessary parts of ocfweb to look for configs in the new location
- (stretch) Store lab hours in