[Mageia-webteam] Webteam peers, bootstrapping

Romain d'Alverny rdalverny at gmail.com
Thu Jan 6 18:05:00 CET 2011 

On Thu, Jan 6, 2011 at 15:44, Michael Scherer <misc at zarb.org> wrote:
> Le jeudi 06 janvier 2011 à 14:27 +0100, Romain d'Alverny a écrit :
>>  * VCSes:
>>    - read access for everyone (peers & non-peers);
> the easy part

Always start with the easy part.

>>    - write access for:
>>      - webmasters (specific role, see below)
> so we need a group in ldap for that, i guess ?

Yes.

> For git like all dvcs, we are slightly more free in term of workflow, as
> explained for example here
> http://doc.bazaar.canonical.com/bzr.1.18-html/en/user-guide/bazaar_workflows.html .
>
> And so I feel that industrialisation of project hosting ( as we are
> somehow starting to do ) will be detrimental to the freedom of choice,
> and we should agree on a few workflow before starting to deploy too much
> things. ( ie, if we do want to automate thing, and that's one of the
> sysadmin team goal ).
>
> Deploying a simple git repository managed like a svn one would be easy
> and fast. But that would be marginally better than git-svn.

Indeed, unless you adapt manually for each project (one with a
gatekeeper merging changes, one with open bar^Waccess, etc.)

> Deploying a full system with workflow delegation is much more difficult,
> but that's what we would want.

Well... I may write it too fast, but I am not sure that, for instance
a gitorious setup (hard part) would prevent several workflows to grow
depending on the team working on it.

> So a compromise would be to decide for 1 simple workflow, use for
> everything in the first place, and postpone the deployment of a full
> system to later.

Yes, but what workflow then?

>>  * server logs:
>>    - read access to webmasters
>>    - some limited commands? what type? rsync/svn/git types?
>
> Well, limited command could be hard to achieve. I assume that read logs
> is just "set permission properly" ( easy to do ). Limitation of command
> could be done with sudo, but wouldn't change much if we give access to
> shell.
>
>>  * server deployment:
>>    - staging from a branch available to all peers
>>    - production push from staging available to webmasters only
>
> We can :
> - use sudo + script + ldap group
> - use $VCS based tags/branch + acl ( potentially based on ldap group
> again )

Hmm, sorry I'm lost here.

> ( and I am picky, but sysadmin is the name of the team
> in ldap, I do not know why people say sysadm everywhere, likely because
> of the name of the list and irc channel  :/ ).

Indeed :-p and that's 2 (!) chars less to type.

> So to summarize :
> - external people
> - webteam members
> - webmasters
>
> So 1st step, adding 2 group to ldap ?

Yep. webmasters and webpeers (or webteam members).

Romain

More information about the Mageia-webteam mailing list