Should we move to Scap3?
Currently we use a couple of Perl scripts to update a git repo and rsync it out to hosts. This works well in general, but there are a few missing features:
- staging/canary deploy
- instant switchover
- post-deploy checks
- auto (prompted) rollback when post-deploy checks fail
- Checks: we don't use nrpe in frack due to unresolved issues raised in a security review by Tim Starling several years ago. We can probably come up with a way to use nsca checks instead.
- In the scap model, deployment targets talk directly to gerrit. We have avoided this in fundraising because it may pull the gerrit server and other servers into PCI scope. We need to make sure this is not an issue.
- How are file ownership and permissions controlled with scap?
- Logging: I see scap logs locally, by IRC, and by udp2log. We'd want to add syslog handling since we rely on that for log centralization and storage.