[Mageia-webteam] Webteam peers, bootstrapping
Romain d'Alverny
rdalverny at gmail.com
Thu Jan 6 18:05:00 CET 2011
On Thu, Jan 6, 2011 at 15:44, Michael Scherer <misc at zarb.org> wrote:
> Le jeudi 06 janvier 2011 à 14:27 +0100, Romain d'Alverny a écrit :
>> * VCSes:
>> - read access for everyone (peers & non-peers);
> the easy part
Always start with the easy part.
>> - write access for:
>> - webmasters (specific role, see below)
> so we need a group in ldap for that, i guess ?
Yes.
> For git like all dvcs, we are slightly more free in term of workflow, as
> explained for example here
> http://doc.bazaar.canonical.com/bzr.1.18-html/en/user-guide/bazaar_workflows.html .
>
> And so I feel that industrialisation of project hosting ( as we are
> somehow starting to do ) will be detrimental to the freedom of choice,
> and we should agree on a few workflow before starting to deploy too much
> things. ( ie, if we do want to automate thing, and that's one of the
> sysadmin team goal ).
>
> Deploying a simple git repository managed like a svn one would be easy
> and fast. But that would be marginally better than git-svn.
Indeed, unless you adapt manually for each project (one with a
gatekeeper merging changes, one with open bar^Waccess, etc.)
> Deploying a full system with workflow delegation is much more difficult,
> but that's what we would want.
Well... I may write it too fast, but I am not sure that, for instance
a gitorious setup (hard part) would prevent several workflows to grow
depending on the team working on it.
> So a compromise would be to decide for 1 simple workflow, use for
> everything in the first place, and postpone the deployment of a full
> system to later.
Yes, but what workflow then?
>> * server logs:
>> - read access to webmasters
>> - some limited commands? what type? rsync/svn/git types?
>
> Well, limited command could be hard to achieve. I assume that read logs
> is just "set permission properly" ( easy to do ). Limitation of command
> could be done with sudo, but wouldn't change much if we give access to
> shell.
>
>> * server deployment:
>> - staging from a branch available to all peers
>> - production push from staging available to webmasters only
>
> We can :
> - use sudo + script + ldap group
> - use $VCS based tags/branch + acl ( potentially based on ldap group
> again )
Hmm, sorry I'm lost here.
> ( and I am picky, but sysadmin is the name of the team
> in ldap, I do not know why people say sysadm everywhere, likely because
> of the name of the list and irc channel :/ ).
Indeed :-p and that's 2 (!) chars less to type.
> So to summarize :
> - external people
> - webteam members
> - webmasters
>
> So 1st step, adding 2 group to ldap ?
Yep. webmasters and webpeers (or webteam members).
Romain
More information about the Mageia-webteam
mailing list