-
Notifications
You must be signed in to change notification settings - Fork 690
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Package (as much as possible) configuration files in the .deb #3214
Comments
This would also allow us to solve #1261 |
As for rollout, this should probably be done as part of the Xenial release. |
the only dynamic bits come in when a user has uploaded/enabled https certificates over the source onion address. yeah i agree with where you are going here though. I'd like to take away more of the logic from ansible and include in the installation media (#1532 ) and stuff it into the packages. |
My suggestion was something like this: We have a playbook called For example, this means we can silently (without admin intervention or knowledge) swap out Apache + config for nginx + config. |
So this issue isn't just about the apache config, but might include other important bits we need now or in the future. |
I'm reading through all of the templates now. We might be able to get away with 100% static configuration. |
oooooooo similar to this ticket proposal #3136 ? |
As part of thinking about the update to nginx (#2414) as well as removing mod_wsgi (#1389), @heartsucker and I realized there is a problem where most configuration files are statically configured by Ansible at install-time.
This is a problem, because things like the Apache configurations are now effectively immutable, making any thing that changes Apache configuration a manual upgrade (or sketchy postinstall script), instead of a simple file managed by dpkg.
The big question is whether or not any of the production configuration files contain site-specific configuration. If that is the case, we'll either need to split the configuration files or do some kind of dynamic configuration rendering.
At first glance, this is not the case: template substitutions seem to be for development vs. production (e.g. listening on 127.0.0.1 vs 0.0.0.0). I need to do an exhaustive inventory to make the call.
The text was updated successfully, but these errors were encountered: