[tahoe-lafs-trac-stream] [Tahoe-LAFS] #4162: Infrastructure as Code to manage DNS configurations

Tahoe-LAFS trac at tahoe-lafs.org
Thu Jan 16 14:24:49 UTC 2025 

#4162: Infrastructure as Code to manage DNS configurations
------------------------------------+-----------------------
     Reporter:  btlogy              |      Owner:
         Type:  enhancement         |     Status:  new
     Priority:  normal              |  Milestone:  undecided
    Component:  dev-infrastructure  |    Version:  n/a
   Resolution:                      |   Keywords:
Launchpad Bug:                      |
------------------------------------+-----------------------
Description changed by btlogy:

Old description:

> ==== Scope
> !AsIs: The DNS configurations of `tahoe-lafs.org` are manually managed by
> Meejah and/or Brian via the [https://admin.gandi.net/ admin WebUI]
> provided by the DNS registrar and hosting 3rd party [https://gandi.net/
> Gandi].
>
> The current DNS configurations lack of visibility, reproducibility and
> agility, making it difficult, error-prone and slow to be audited,
> reviewed, changed or improved.
>
> !ToBe: The DNS configuration would be declaratively defined in a version-
> controlled repository and deployed using automated workflows, based on
> the principle of Infrastructure as Code (IaC).
>
> ==== Value
>
> - Contributors would be able to see the current configurations and
> propose changes using a well known workflow (pull request).
> - Maintainers would be able to approve and deploy changes w/o direct
> interact with the DNS provider.
> - The configurations and the workflows would be consistent, repeatable,
> and easily auditable.
>
> ==== Requirements
>
> - A fresh export of the DNS `tahoe-lafs.org` zone hosted by Gandi
> - A valid Personal Access Token (PAT) to read/write this zone via
> [https://api.gandi.net/docs/authentication/ API] of Gandi
> - Permissions to create/manage secrets in [https://github.com/tahoe-
> lafs/infrastructure infrastructure] repository
> - [https://opentofu.org/ OpenToFu] plan defining the current state in the
> existing [https://github.com/tahoe-lafs/infrastructure infrastructure]
> repository (WiP [https://github.com/LeastAuthority/tahoe-
> infrastructure/tree/1494f0cbbacf33ae9e7f1991860987cd7223b717/tf/core
> here])
> - Automated workflow (e.g.: using GHA) to continuously integrate and
> deploy the plan (WiP [https://github.com/LeastAuthority/tahoe-
> infrastructure/tree/1494f0cbbacf33ae9e7f1991860987cd7223b717/.github/workflows
> here])
>
> ==== Additional information
>
> This enhancement has already been discussed:
>
> - #3742
> - #4161
>
> And could (have) help(ed) making progress on those issues:
>
> - #2717
> - #2718
> - #2719
> - #2772
> - #4160

New description:

 ==== Scope
 !AsIs: The DNS configurations of `tahoe-lafs.org` are manually managed by
 Meejah and/or Brian via the [https://admin.gandi.net/ admin WebUI]
 provided by the DNS registrar and hosting 3rd party [https://gandi.net/
 Gandi].

 The current DNS configurations lack of visibility, reproducibility and
 agility, making it difficult, error-prone and slow to be audited,
 reviewed, changed or improved.

 !ToBe: The DNS configuration would be declaratively defined in a version-
 controlled repository and deployed using automated workflows, based on the
 principle of Infrastructure as Code (IaC).

 ==== Value

 - Contributors would be able to see the current configurations and propose
 changes using a well known workflow (pull request).
 - Maintainers would be able to approve and deploy changes w/o direct
 interact with the DNS provider.
 - The configurations and the workflows would be consistent, repeatable,
 and easily auditable.

 ==== Requirements

 - A fresh export of the DNS `tahoe-lafs.org` zone hosted by Gandi
 - A valid Personal Access Token (PAT) to read/write this zone via
 [https://api.gandi.net/docs/authentication/ API] of Gandi
 - Permissions to create/manage secrets in [https://github.com/tahoe-
 lafs/infrastructure infrastructure] repository
 - [https://opentofu.org/ OpenToFu] plan defining the current state in the
 existing [https://github.com/tahoe-lafs/infrastructure infrastructure]
 repository (WiP [https://github.com/LeastAuthority/tahoe-
 infrastructure/tree/1494f0cbbacf33ae9e7f1991860987cd7223b717/tf/core
 here])
 - Automated workflow (e.g.: using GHA) to continuously integrate and
 deploy the plan (WiP [https://github.com/LeastAuthority/tahoe-
 infrastructure/tree/1494f0cbbacf33ae9e7f1991860987cd7223b717/.github/workflows
 here])

 ==== Additional information

 This enhancement has already been discussed:

 - #3742
 - #4161

 And could help making progress/improvement on those issues:

 - #2717
 - #2718
 - #2719
 - #2772
 - #4142
 - #4160

--

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4162#comment:1>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list