Test instance of our infrastructure

To: debian-devel@lists.debian.org
Subject: Test instance of our infrastructure
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Mon, 28 Nov 2016 12:04:17 +0000
Message-id: <[🔎] 22588.7489.556275.461113@chiark.greenend.org.uk>

We are running a multitude of services.

Our usual approach to these services is that we fix things when they
break, test our client code against the live instance (with perhaps a
special area of the database - eg the `experimental' suite).  I have
found writing server-side software in this environment is awkward.  My
own service has a test suite which sets up a stunt environment, but
inevitably stunt environments in test suites are much less like the
real thing than a staging instance.

Should we not have public test instances of all these things ?

I suggest we should declare (perhaps as a DEP?) a systematic scheme
which recommends to infrastructure operators answers to the following
questions:
  - how to address the test instance of each service
  - relationships between test instances of different services
  - access control
  - availability policy
  - usual contents of a test instance
  - hosting arrangements

My starting points for answers to these questions are something like
this:

 * Most of our services are addressed via domain names,
   *.debian.org or *.debian.net.  Test instance of a service are
   correspondingly at *.infratest.debian.{org,net}.

 * Test instances should talk to the test instances of other
   services.  For example bugs.infratest.debian.org should track
   package data from ftp.infratest.debian.org.

 * Access control should be identical to the live service by default,
   but enhanced access will be available on a much more relaxed basis
   (depending on the service).  Passwords to access, and secret keys
   held by, test instances will be different.

 * Test instances should normally be up, but may be down or broken
   or something when they are being worked on.

 * Test instances will get a copy of the corresponding real instance
   copied to them on a monthly basis.  We will filter the data to make
   it more manageable, on the basis of package names and/or dates.
   Any confidential data will not be copied.

 * I don't know about hosting arrangements.  We should ask DSA's
   opinion.  I think that test instances should run on a different
   host to the live instance, so that security bugs in test instances
   are not so much of a concern.

If we wrote some of this down then infrastructure operators (like me,
wrt the dgit git server) can start to think about implement it.  I
think it will be work at first but make a lot of things easier.

Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to:

Follow-Ups:
- Re: Test instance of our infrastructure
  - From: Holger Levsen <holger@layer-acht.org>
- Re: Test instance of our infrastructure
  - From: Niels Thykier <niels@thykier.net>

Prev by Date: Re: Difference in behaviour between pbuilder and sbuild
Next by Date: Re: Difference in behaviour between pbuilder and sbuild
Previous by thread: Re: Difference in behaviour between pbuilder and sbuild
Next by thread: Re: Test instance of our infrastructure
Index(es):
- Date
- Thread