Also, DS SSL certificate/key data is considered configuration for ATS. Is that
intended to be captured in the git repo, a reference to the riak key version
included, or excluded entirely? If it's excluded, wouldn't that create a gap
in rollbacks?
Jonathan G
On 3/16/21, 3:06 PM, "Eric Friedrich" <eric.friedric...@gmail.com> wrote:
Can you explain more about how the git repo works?
Is it a local repo or a git server somewhere?
How are configs on different servers stored (diff repos, diff branches,
diff directories, etc...)?
It sounds like a useful feature, but I think I'm missing the big picture.
On Tue, Mar 16, 2021, 4:01 PM Robert O Butts <r...@apache.org> wrote:
> I'd like to propose adding a feature to ORT/t3c to track config changes in
> a git repo.
>
> My plan is to add a flag `--git` with the options yes/no/auto, defaulting
> to `auto`. With 'auto' a repo will be committed to if it exists, but not
> created. With 'yes' the repo will be created and committed to. With 'no'
no
> git operations will be performed.
>
> The idea is, people who want to start using it can either add `--git=yes`
> to their server automation (whatever's running ORT/t3c, like cron or
> ansible), or simply run it as a one-time command on each server (like with
> Ansible Push). After that, if the repo exists, it will automatically be
> used.
>
> Defaulting to auto will prevent any manual runs from accidentally not
> committing to the repo if they forget the flag, but will also avoid
> creating the repo if it doesn't exist, which some users may not desire.
>
> Finally, a 'no' option allows any users who are already using git to
manage
> config and want to continue doing so outside ORT/t3c without ATC breaking
> and injecting new commits, to do so.
>
> I believe this will be a big benefit for operations, especially debugging
> production issues. For example:
> - in an emergency, halt any automation and git checkout to a previous
known
> good configuration
> - use git to see how files changed over time, and see when a breaking
> change occurred
> - search git, to see all previous values for a particular setting
> - correlate historical config changes with CDN traffic behavioral changes
>
> PR is here:
https://urldefense.com/v3/__https://github.com/apache/trafficcontrol/pull/5648__;!!CQl3mcHX2A!Rfw4o8SOtvhWXb3hqElHF07XAtr-moe58UJOw41lgQxp2viOS0kBTP9fAC05X5hIOwNR$
>
> Does anyone have any objections or concerns with this? Does anyone have
> their ATS config directory as a git repo today? Will the above options
> break anyone?
>
> If nobody comments in 72 hours, I'll assume Lazy Consensus.
>
> Thanks,
>
