Project

General

Profile

FSFVMConfigurationManagement » History » Revision 2

Revision 1 (Denis 'GNUtoo' Carikli, 04/18/2021 10:27 AM) → Revision 2/3 (Denis 'GNUtoo' Carikli, 04/19/2023 11:10 PM)

h1. FSFVMConfigurationManagement 

 At the beginning the virtual machine was was administrated by the FSF sysadmins (through cfengine and FAI) and    and Replicant maintainers (without configuration management).  

 The Replicant maintainers now completely took over the management of the VM. The FSF is only doing backup for us through scripts that use SSH. 

 h2. History VM: 
 * It's not using cfengine anymore and the FSF sysadmins do not manage it anymore but they can help in case of issues (See [[FSFVMRootAccess]] for more details). 
 * We then took over FAI which is still being used for automatic updates only, but since it installed packages that increased the attack surface all the time (like samba) we switched to using unattended-upgrades. only 

 Future work: 
 * We then tried etckeeper need to look if using FAI still makes sense and configured it probably to do manual commits only. Though it didn't work for '/' (but worked fine for directories) find more robust ways to have automatic updates applied as FAI tends to also remove and/or replaces packages. 
 * We then moved to ad-hoc configurations are into using etckeeper for publishing at least part of the configuration in git with custom install scripts / Makefile and templating. git.