Our Ansible repository is finally public! (plus rotating a lot of passwords)

Community Infrastructure
1

After a long, really long journey, I’m very happy to announce that our ansible/puppet repository is now a public repository!

When we started this journey, I had the following requirements to open this repository:

  • All machines need to be completely automated (provisioned using terraform/ansible/puppet/docker), with automated security patches. In case I lose one machine, it doesn’t require me any special knowledge to recreate them
  • All systems that store relevant data should have backups, stored off site
  • All passwords and secrets used previously needed to be rotated.

With a ton of help from @permissionerror, we finally managed to do it! I cannot express how happy I am!

Recent changes:

  • we upgraded docker, ansible and puppet to recent versions (cc @raff and @burke)
  • we migrated all machines from Digital Ocean (one less thing to pay for)
  • there’s only one private repository in our github, but I think it should be either public or moved to our archive (cc @dkayiwa). That could allow us to stop paying for Github as well.
  • I rotated a bunch of passwords in our CI. Let me know if any of them breaks:
    • Maven repository credentials
    • transifex credentials
    • sonar credentials
    • sourceforge deployment key
    • github write permissions
    • ssh key for internal servers (deployment)

Let me know if you find any issues.

5 Likes
2

:thinking: Didn’t get a notification for that mention, strange… Is talk having issues?

Anyways, good work @cintiadr!

3

Interesting that i did not get a notification about this for 2 days. :expressionless:

I would like to start by thanking @cintiadr and @permissionerror for the great efforts you have put in to make this finally happen. You are so awesome!!! :smile:

I suspect that this repository was made private by accident. So i have just made it public. :slight_smile:

As for the rotated bunch of passwords in CI, could it be in any way related to this build failure? https://ci.openmrs.org/browse/TRAN-TRAN-1272

4

thanks @cintiadr and @permissionerror for the work u have done :+1:

5

Yeah, talk wasn’t sending emails and notifications were weird for the last two days. There’s another thread for that, but moving on :smiley:

Awesome! I will leave to @burke to ensure we don’t pay for github after this :slight_smile:

I’m on it, but I tested that build after rotating passwords, and it wasn’t red. Will chase that up.

6

Thank you @cintiadr and @permissionerror! It’s a great contribution. Good to have you.

7

@dkayiwa the problem wasn’t rotating the passwords, it was actually a duplication cleanup I did and clearly broke some transifex commands.

It should be fixed now.

8

Thank you for all your work on this @cintiadr and @permissionerror !

9

That was a nice catch! :slight_smile: