Create a template for requesting infrastructure resources

Publish the template decided upon in the Brussels meeting and announce it internaly.

cf https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsAdminTeamMinutes#Helpusersimprovewhenrequestingresources

added component::internal services/tor sysadmin team owner::tpa priority::medium severity::normal status::new type::task labels

kushal pointed us to resources from fedora that might be useful here:

• https://fedoraproject.org/wiki/Request_For_Resources
• https://infrastructure.fedoraproject.org/infra/docs/docs/sysadmin-guide/sops/requestforresources.rst

The next step is to create a staging instance for the resource. In this step the resource is fully added to Ansible/configuration management. The resource is added to caching/load balancing/databases and tested in this new env. Once initial deployment is done and tested, another email to the infrastructure list is done to note that the resource is available in staging.

The security officer should be informed as soon as the code is reasonably stable, so that they can start the audit or delegate the audit to someone.

Requirements for continuing:

• MUST have sign off of RFR sponsor that the resource is fully configured in Ansible and ready to be deployed.

• MUST have a deployment schedule for going to production. This will need to account for things like freezes and availability of infrastructure folks.

• MUST have an approved audit by the security officer or appointed delegate.

Production deployment

Finally the staging changes are merged over to production and the resource is deployed.

Monitoring of the resource is added and confirmed to be effective.

Maintenance

The resource will then follow the normal rules for production. Honoring freezes, updating for issues or security bugs, adjusting for capacity, etc.

Ticket comment template

You can copy/paste this template into your RFR ticket. Keep the values empty until you know answers - you can go back later and edit the ticket to fill in information as it develops.

Phase I

• Software:
• Advantage for Fedora:
• Sponsor:

Phase II

• Email list thread: https://lists.fedoraproject.org/....
• Upstream source: https://github.com/...
• Development contacts: <person1, person2>
• Maintainership contacts: <person2, person3>
• Load balanceable: <yes/no>
• Caching: <yes/no, which paths, ...>

Phase III

• SOP link: https://docs.pagure.io/infra-docs/.....
• Application Security Policy self-evaluation: ....
• Audit request: https://pagure.io/fedora-infrastructure/issue/.... (can be same)
• Audit timeline: <04-11-2025 - 06-11-2025> (timeline to be provided by the security officer upon audit request)

Phase IV

• Ansible playbooks: <ansible/playbooks/groups/myservice.yml>
• Fully rebuilt from ansible:
• Production goal: <08-11-2025>
• Approved audit: https://pagure.io/fedora-infrastructure/issue/....

.. _Application Security Policy: https://fedora-infra-docs.readthedocs.io/en/latest/dev-guide/security_policy.html

Trac:
Username: Alan khan