[Labs-l] Bots project is too permissive, let's discuss options

Petr Bena benapetr at gmail.com
Sat Dec 15 00:31:30 UTC 2012 

some bots may have installation scripts that configure users, groups and
folders and such, I don't know if it's possible to insert them into these
deployment procedures, but that would be cool


On Sat, Dec 15, 2012 at 1:29 AM, Ryan Lane <rlane at wikimedia.org> wrote:

> On Fri, Dec 14, 2012 at 3:55 PM, Petr Bena <benapetr at gmail.com> wrote:
>
>> Hi, I don't know what happened, but someone removed recursively all data
>> in ~wm-bot/logs
>>
>> I may have a backup but because this removal was done yesterday or
>> earlier and apparently happens every day, it's a problem, because even the
>> complete logs archive is almost empty now.
>>
>> Please be careful when you are running scripts as root on bots project,
>> since all stuff is in /data all users can change it and that kind of suck.
>> These logs were used by many wikimedia projects and this problem can cause
>> a lot of troubles.
>>
>>
> This really sucks. I think it's time we started a more formalized bots
> project.
>
> Petr mentioned that we should likely keep the current bots project as-is
> as a development project for bots, then have a bots-production project
> that's locked down. In bots-production no one would have root, and bots
> would be deployed to the instances.
>
> I've been writing a new deployment system for production. We may be able
> to use it for this as well. It uses git, which means all bots would need to
> be in a git repo, likely in gerrit. We could deploy all bot code to all
> instances, and have configuration for which instances bots run on.
>
> We really need to start pulling together a list of requirements for bots.
> I think we have a puppet manifest that Damian has been working on, which
> should be a good starting point.
>
> Does this sound like a good plan? Anyone have alternative ideas?
>
> - Ryan
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20121215/048596cc/attachment-0001.html>

More information about the Labs-l mailing list