[tahoe-lafs-trac-stream] [Tahoe-LAFS] #4162: Infrastructure as Code to manage DNS configurations

Tahoe-LAFS trac at tahoe-lafs.org
Thu Jan 16 14:22:00 UTC 2025 

#4162: Infrastructure as Code to manage DNS configurations
--------------------------------+---------------------------
 Reporter:  btlogy              |          Owner:
     Type:  enhancement         |         Status:  new
 Priority:  normal              |      Milestone:  undecided
Component:  dev-infrastructure  |        Version:  n/a
 Keywords:                      |  Launchpad Bug:
--------------------------------+---------------------------
 ==== Scope
 !AsIs: The DNS configurations of `tahoe-lafs.org` are manually managed by
 Meejah and/or Brian via the [https://admin.gandi.net/ admin WebUI]
 provided by the DNS registrar and hosting 3rd party [https://gandi.net/
 Gandi].

 The current DNS configurations lack of visibility, reproducibility and
 agility, making it difficult, error-prone and slow to be audited,
 reviewed, changed or improved.

 !ToBe: The DNS configuration would be declaratively defined in a version-
 controlled repository and deployed using automated workflows, based on the
 principle of Infrastructure as Code (IaC).

 ==== Value

 - Contributors would be able to see the current configurations and propose
 changes using a well known workflow (pull request).
 - Maintainers would be able to approve and deploy changes w/o direct
 interact with the DNS provider.
 - The configurations and the workflows would be consistent, repeatable,
 and easily auditable.

 ==== Requirements

 - A fresh export of the DNS `tahoe-lafs.org` zone hosted by Gandi
 - A valid Personal Access Token (PAT) to read/write this zone via
 [https://api.gandi.net/docs/authentication/ API] of Gandi
 - Permissions to create/manage secrets in [https://github.com/tahoe-
 lafs/infrastructure infrastructure] repository
 - [https://opentofu.org/ OpenToFu] plan defining the current state in the
 existing [https://github.com/tahoe-lafs/infrastructure infrastructure]
 repository (WiP [https://github.com/LeastAuthority/tahoe-
 infrastructure/tree/1494f0cbbacf33ae9e7f1991860987cd7223b717/tf/core
 here])
 - Automated workflow (e.g.: using GHA) to continuously integrate and
 deploy the plan (WiP [https://github.com/LeastAuthority/tahoe-
 infrastructure/tree/1494f0cbbacf33ae9e7f1991860987cd7223b717/.github/workflows
 here])

 ==== Additional information

 This enhancement has already been discussed:

 - #3742
 - #4161

 And could (have) help(ed) making progress on those issues:

 - #2717
 - #2718
 - #2719
 - #2772
 - #4160

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4162>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list