[tor-project] Notes from TPA 2025 roadmap review meeting

Gabriel_Filion · January 13, 2025, 5:00pm

Hello all,

The TPA team had a meeting today where we prioritized our goals mostly for Q1 of 2025 and had discussions about how to go around furthering the merger with tails, especially on the Puppet side (e.g. so that both Tor and Tails infrastructures can become managed by only one tool)

Here are the notes from the meeting:

···

---
title: 2025 Q1 Roadmap meeting
---

# Roll call: who's there and emergencies

- anarcat
- groente
- lavamind
- lelutin
- zen

# Dashboard review

Normal per-user check-in:

- <Development · Boards · The Tor Project · GitLab;
- <Development · Boards · The Tor Project · GitLab;
- <Development · Boards · The Tor Project · GitLab;
- <Development · Boards · The Tor Project · GitLab;
- <Development · Boards · The Tor Project · GitLab;

General dashboards:

- <Sign in · GitLab;
- <Sign in · GitLab;
- <Sign in · GitLab;

# 2025Q1 Roadmap review

Review priorities for January and the first quarter of 2025. Pick from the [2025
roadmap](2025 · Wiki · The Tor Project / TPA / TPA team · GitLab).

Possibilities for Q1:

- [Puppet CI and improvements](Puppet CI · TPA · GitLab):
   GitLab MR workflow, etc
- Prometheus
- MinIO
- web stuff: download page coordination and deployment
- email stuff: eugeni retirement, puppet cleanup, lists server (endless stream
   of work?), re-examining open issues to see if we fixed anything
- discussions about SVN?
- tails merge:
   - password stores
   - security policy
   - rotations
   - Puppet: start to standardize and merge codebases, update TPA modules,
     standardize code layout, maybe switch to nftables on both sides?

Hoping *not* for Q1:

- rdsys containerization (but we need to discuss and confirm the roadmap with meskio)
- network team test network (discussions about design maybe?)
- upgrading to trixie

# Discuss and adopt the long term Tails merge roadmap

<https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-73-tails-infra-merge-roadmap>

In [the last discussion about the tails merge roadmap](2024 11 11 · Wiki · The Tor Project / TPA / TPA team · GitLab), we have:

> postpone[d] the "what happens when" discussion. We also identified that most services above "low complexity" will require their own discussions (e.g. "how do we manage the Puppet control repo", "how do we merge weblate") that will happen later.

So we try to schedule those items across the 5 years. And we can also discuss
specific roadmap items to see if we can settle some ideas already.

Or we postpone all of this to the 2026 roadmap.

Results of the discussion: We won't have time to discuss all of these, so maybe
we want to sort based on priority, and pick one or two to go more in depth.
Output should be notes to add to tpa-rfc-73 and a reviewed 2025 roadmap, then we
can call this done for the time being and come back closer to end of 2025. We
will adopt TPA-RFC-73 as a general guide / rough plan and review as we go.

Here are all the medium and high complexity items we might want to discuss:

## 2025

See also the milestone: %"TPA-RFC-73: Tails merge (2025)"

- [Security Policy](#security-policy) (merge, discussion delegated to anarcat)
- [Shifts](#shifts) (merge, brainstorm a plan)
- Puppet merge (merge, brainstorm of a plan):
   - deploy dynamic environments (in progress)
   - we can't use environments to retire one of the two puppet servers, because
     of exported resources
   - Upgrade and converge Puppet modules
   - lots of default stuff get deployed by TPA when you hook up a server, we
     could try turning everything off by default, move the defaults to a profile
   - maybe prioritize things, prioritize A/B/C, example:
     - A: "noop TPA": Kill switch on both sides, merged ENC, g10k, review
       exported resources, have one codebase but 2 implementations, LDAP
       integration vs tails?
     - B: "priority merge start": one codebase, but different implementations.
       start merging services piecemeal, e.g. two backup systems, but single
       monitoring system?
     - C: lower priority services (e.g. backusp?)
     - D: etc
   - Implement commit signing
   - [EYAML](#eyaml) (2029, keep?) (migrate to trocla?)
- A plan for [Authentication](#authentication) (postpone discussion to later in 2025)
- [LimeSuvey](#limesurvey) (merge) (just migrate from tails to TPA?)
- [Monitoring](#monitoring) (migrate, brainstorm a plan)

We mostly talked about Puppet. groente and zen are going to start drafting up a
plan for Puppet!

## 2026

- Basic system functionality:
   - [Backups](#backups) (migrate) (migrate to bacula or test borg on backup-storage-01?)
   - [Authentication](#authentication) (merge) (to be discussed in 2025)
   - [DNS](#dns) (migrate) (migrate to PowerDNS?)
   - [Firewall](#firewall) (migrate) (migrate to nftables)
   - [TLS](#tls) (migrate, brainstorm a plan)
   - [Web servers](#web-servers) (merge, no discussion required, part of the Puppet merge)
- [Mailman](#mailman) (merge, just migrate to lists-01?)
- [XMPP](#xmpp) / [XMPP bot](#xmpp-bot) (migrate, delegate to tails, postponed:
   does Tails have plans to ditch XMPP?)

## 2027

- [APT repository](#apt-repository) (keep, nothing to discuss?)
- [APT snapshots](#apt-snapshots) (keep)
- [MTA](#mta) (merge) (brainstorm a plan)
- [Mirror pool](#mirror-pool) (migrate, brainstorm)
- [GitLab](#gitlab) (merge)
- close the tails/sysadmin gitlab project?
- brainstorm of a plan for the rest?
- [Gitolite](#gitolite) (migrate, retire Tails' Gitolite and puppetize TPA's?)

## 2028

- [Weblate](#weblate) (news from emmapeel?)

## 2029

- [Jenkins](#jenkins) (migrate, brainstorm a plan or date?)
- [VPN](#vpn)

# Metrics of the month

- hosts in Puppet: 91, LDAP: 90, Prometheus exporters: 512
- number of Apache servers monitored: 33, hits per second: 618
- number of self-hosted nameservers: 6, mail servers: 11
- pending upgrades: 5, reboots: 90
- average load: 0.56, memory available: 3.11 TiB/4.99 TiB, running processes: 169
- disk free/total: 60.95 TiB/142.02 TiB
- bytes sent: 434.13 MB/s, received: 282.53 MB/s
- planned bookworm upgrades completion date: was completed in 2024-12!
- [GitLab tickets]: 257 tickets including...
   - open: 0
   - icebox: 160
   - roadmap::future: 48
   - needs information: 2
   - backlog: 21
   - next: 6
   - doing: 12
   - needs review: 8
   - (closed: 3867)

[Gitlab tickets]: Development · Boards · The Tor Project / TPA / TPA team · GitLab

Upgrade prediction graph lives at
<https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bookworm/>

Now also available as the main Grafana dashboard. Head to
<https://grafana.torproject.org/>, change the time period to 30 days, and wait a
while for results to render.
_______________________________________________
tor-project mailing list -- tor-project@lists.torproject.org
To unsubscribe send an email to tor-project-leave@lists.torproject.org