% Improving the infrastructure behind Tails % intrigeri % December, 2014 Current Tails' challenges ========================= Cadence & popularity -------------------- - new release every 6 weeks - about 10k boots a day, doubles every year Limited resources and time -------------------------- - mostly volunteer work - 2800 commits, by ~15 persons, in the last 6 months Energy-draining release process ------------------------------- - automated test suite, but: - still huge manual test suite - no way to freeze the APT repositories we are using Roadmap ======= Tails 2.0 --------- * sustainability and maintainability: lots of continuous integration and infrastructure work * Greeter revamp * Icedove (Thunderbird) * support more download mirrors * nicer initial download and installation process Tails 3.0 --------- * more hardening, more sandboxing * multi-platform installer More? ----- * port to Debian Jessie: WIP, must be finished in 2015 * What we have ============ People ------ *very* few people involved in continuous integration and infrastructure work Services -------- * Jenkins: ISO images from major branches built after Git push PO files sanity checks thanks to jenkins.debian.net for the inspiration! * APT repository * rsync, Bitcoin, BitTorrent, etc. Needed infrastructure improvements ================================== Release process --------------- * building Debian packages * building ISO images * freezing for real Quality assurance ----------------- * does our stuff stop building? * does our stuff stop working? * does new stuff break anything? * notifications, integration with the review process * some day, gatekeeping? Security -------- * deterministic (reproducible) builds * hardening build flags status * same-day security updates Internal communication ---------------------- * commit notifications * package upload notifications Tails system administrators =========================== Goals ----- The Tails system administrators set up and maintain the infrastructure that supports the development and operations of Tails, to: * make the life of Tails contributors easier * improve the quality of the Tails releases ## Principles * Infrastructure as code * Free Software * Relationships with upstream ## Infrastructure as code We want to treat system administration like a (free) software development project. ## Infrastructure as code: why? * enabling people to participate without accounts on our servers * reviewing changes applied to our systems * being able to reproduce our systems via automatic deployment * sharing knowledge with other people ## Infrastructure as code: how? * publish as much as possible of our systems configuration * manage our whole infrastructure with configuration management tools ## Free Software * [Debian Free Software Guidelines](https://www.debian.org/social_contract#guidelines) * exception: firmware needed by our hardware ## Relationships with upstream ## Tools * [Debian](https://www.debian.org/) GNU/Linux * [Puppet](http://projects.puppetlabs.com/projects/puppet) * [Git](http://git-scm.com/) to host and deploy configuration, including our Puppet modules How to help? ============ ## Entry points * * * "easy" tasks ## Where to start? * #6295: Evaluate consequences of importing large amounts of packages into reprepro * #6891: Monitor broken links on our website * #6918: Track hardening status of the binaries shipped in Tails * #7427: Evaluate using aptly * #7125: Write a Puppet class to manage a Tails mirror * #5894: APT repository: notify incoming ## Tell us about your skills and desires, we'll help you get started :) Contact ======= ## Talk to us * I'm here. * Sysadmins (private and encrypted) mailing-list: **** * Development mailing-list: **** * Private and encrypted mailing-list: **** * IRC: see * Web: ****