A wireframe globe breaking out of chains

Free the internet

Support tools that break the chains of censorship and surveillance. Donate to the Tor Project today.

Through December 31, your gift will be matched, up to $250,000!

Donate now

infrastructure

% Improving the infrastructure behind Tails % intrigeri % December, 2014

Current Tails' challenges

Cadence & popularity

  • new release every 6 weeks
  • about 10k boots a day, doubles every year

Limited resources and time

  • mostly volunteer work
  • 2800 commits, by ~15 persons, in the last 6 months

Energy-draining release process

  • automated test suite, but:
  • still huge manual test suite
  • no way to freeze the APT repositories we are using

Roadmap

Tails 2.0

  • sustainability and maintainability: lots of continuous integration and infrastructure work
  • Greeter revamp
  • Icedove (Thunderbird)
  • support more download mirrors
  • nicer initial download and installation process

Tails 3.0

  • more hardening, more sandboxing
  • multi-platform installer

More?

  • port to Debian Jessie: WIP, must be finished in 2015

What we have

People

very few people involved in continuous integration and infrastructure work

Services

  • Jenkins:
    ISO images from major branches built after Git push
    PO files sanity checks
    thanks to jenkins.debian.net for the inspiration!
  • APT repository
  • rsync, Bitcoin, BitTorrent, etc.

Needed infrastructure improvements

Release process

  • building Debian packages
  • building ISO images
  • freezing for real

Quality assurance

  • does our stuff stop building?
  • does our stuff stop working?
  • does new stuff break anything?
  • notifications, integration with the review process
  • some day, gatekeeping?

Security

  • deterministic (reproducible) builds
  • hardening build flags status
  • same-day security updates

Internal communication

  • commit notifications
  • package upload notifications

Tails system administrators

Goals

The Tails system administrators set up and maintain the infrastructure that supports the development and operations of Tails, to:

  • make the life of Tails contributors easier
  • improve the quality of the Tails releases

Principles

  • Infrastructure as code
  • Free Software
  • Relationships with upstream

Infrastructure as code

We want to treat system administration like a (free) software development project.

Infrastructure as code: why?

  • enabling people to participate without accounts on our servers
  • reviewing changes applied to our systems
  • being able to reproduce our systems via automatic deployment
  • sharing knowledge with other people

Infrastructure as code: how?

  • publish as much as possible of our systems configuration
  • manage our whole infrastructure with configuration management tools

Free Software

Relationships with upstream

https://tails.boum.org/contribute/relationship_with_upstream/

Tools

  • Debian GNU/Linux
  • Puppet
  • Git to host and deploy configuration, including our Puppet modules

How to help?

Entry points

  • https://tails.boum.org/contribute/how/sysadmin/
  • https://tails.boum.org/contribute/working_together/roles/sysadmins/
  • "easy" tasks

Where to start?

  • #6295: Evaluate consequences of importing large amounts of packages into reprepro
  • #6891: Monitor broken links on our website
  • #6918: Track hardening status of the binaries shipped in Tails
  • #7427: Evaluate using aptly
  • #7125: Write a Puppet class to manage a Tails mirror
  • #5894: APT repository: notify incoming

Tell us about your skills and desires,

we'll help you get started :)

Contact

Talk to us