While state of any cluster/ single node (like pooled/depooled state, weight) should be set on the kv store itself, the main configuration we store there should still come from a repository where we can have code reviews and a controlled deploy. I guess a dedicated directory under operations-puppet should suffice.
|Resolved||Joe||T97029 integrate (pybal|varnish)->varnish backend config/state with etcd or similar|
|Resolved||Joe||T97978 Create a tool to sync static configuration from a repository to the consistent k/v store|
|Resolved||Joe||T97973 Create an etcd puppet module + find suitable servers for deployment|
|Resolved||MoritzMuehlenhoff||T98009 Allow creation of SRV records in labs.|
|Open||Joe||T97972 Figure out a security model for etcd|
|Resolved||Joe||T118830 Backport etcd 2.2 to jessie|
|Resolved||Joe||T118831 Upgrade the production etcd cluster to 2.2|
|Resolved||Joe||T118833 Upgrade conftool to support credentials form a config file|
|Resolved||Joe||T118834 Upgrade python-etcd to 0.4.2+|
|Resolved||Joe||T97970 Package a modern version of etcd for jessie, trusty|
I have a fair interest in helping with this and I guess, depending on timeline, taking this on. I created something like this once before that the team was pretty happy with at the time. At the outset I would like to explore not having this configuration be in the puppet repo, and possibly having this configuration source be canonical for anything defined inside of it. An example are checks I setup friday for the RIPE Atlas anchors we have in prod. I had to pull the IP from the DNS repo and now it is defined in two places. I'm not suggesting right now we fold all of the DNS configuration into this, or ever necessarily, but I would seriously like to suggest making this repo completely canonical for relevant things and decoupling it's history from puppet.
Not sure what thought / plans are already in the works :)