- declare a new admin vhost
- add a redirection for the old vhost
- change the hostname where needed (certificate, vhosts, ...)
- clean up no longer necessary inventory-vagrant entries
Related to T3873
Details
Details
- Reviewers
ardumont - Group Reviewers
System administrators - Maniphest Tasks
- T3873: Migrate inventory to the admin vlan
- Commits
- rSPSITEd6d9ca9a373c: netbox: migrate the vm to the admin vlan
vagrant and octo-diff ok.
- bojimans
considered as a new server due to the hostname update
so no diff available
- pergamon
diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
+ Exec[letsencrypt certonly inventory.internal.softwareheritage.org] =>
parameters =>
"command": "certbot --text --agree-tos --non-interactive certonly --rsa-key-...
"environment": [
],
"path": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"provider": "shell",
"unless": "/usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/li...
*******************************************
- Exec[letsencrypt certonly netbox-vagrant]
*******************************************
Exec[letsencrypt certonly netbox] =>
parameters =>
command =>
- certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'netbox' -d 'inventory.internal.softwareheritage.org' --authenticator manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth' --manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup' --deploy-hook '/usr/local/bin/letsencrypt_puppet_export'
+ certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'netbox' -d 'inventory.internal.admin.swh.network' --authenticator manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth' --manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup' --deploy-hook '/usr/local/bin/letsencrypt_puppet_export'
unless =>
- /usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/live/netbox/cert.pem 'inventory.internal.softwareheritage.org'
+ /usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/live/netbox/cert.pem 'inventory.internal.admin.swh.network'
*******************************************
File[/etc/bind/keys/local-update] =>
parameters =>
content =>
@@ -2,4 +2,4 @@
key local-update {
algorithm hmac-sha256;
- secret "RnUZ5OkCQJW0jKXUEQlLtvPzgc7cZevQkMIAmyci/pauR+Gt48njHze2VNqfkvsX8EF3gjrA/fNEk2m5cjZA8g==";
+ secret "azVl7b68oI1B0OQgY99Ed3etzwtDxO3ZVA8KF8X6tULmb957u/koKrJe27OpBnZvE2Z0NMuuD7yjyKuZbnhhiQ==";
};
*******************************************
File[/etc/bind/rndc.key] =>
parameters =>
content =>
@@ -2,4 +2,4 @@
key rndc-key {
algorithm hmac-md5;
- secret "+euTM8F2D/MONDu/kaepXbH5Yw3vQ7acPYUdlVt8j0fMqz9d19CUH0Nu8D35GXjjqeemXbI/7V0GZ+uxIE1zJw==";
+ secret "e6d9w8U/ARd2H9g7HddNCGjLMyZTDdPFlH6+LdK8jy4hqT58VdMwgi0br9r/smeq0jvf1vQ218hP9u0W5zndFg==";
};
*******************************************
+ Letsencrypt::Certonly[inventory.internal.softwareheritage.org] =>
parameters =>
"additional_args": [
"--authenticator manual",
"--preferred-challenges dns",
"--manual-public-ip-logging-ok",
"--manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth'",
"--manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup'"...
"--deploy-hook '/usr/local/bin/letsencrypt_puppet_export'"
],
"cert_name": "inventory.internal.softwareheritage.org",
"config_dir": "/etc/letsencrypt",
"cron_hour": 3,
"cron_minute": 24,
"cron_monthday": [
"*"
],
"custom_plugin": true,
"deploy_hook_commands": [
],
"domains": [
"inventory.internal.softwareheritage.org"
],
"ensure": "present",
"environment": [
],
"key_size": 4096,
"letsencrypt_command": "certbot",
"manage_cron": false,
"plugin": "standalone",
"post_hook_commands": [
],
"pre_hook_commands": [
],
"suppress_cron_output": false,
"webroot_paths": [
]
*******************************************
- Letsencrypt::Certonly[netbox-vagrant]
*******************************************
Letsencrypt::Certonly[netbox] =>
parameters =>
domains =>
- ["inventory.internal.softwareheritage.org"]
+ ["inventory.internal.admin.swh.network"]
*******************************************
+ Resource_record[inventory-admin/CNAME] =>
parameters =>
"data": "bojimans.internal.admin.swh.network.",
"keyfile": "/etc/bind/keys/local-update",
"record": "inventory.internal.admin.swh.network",
"type": "CNAME"
*******************************************
Resource_record[inventory/CNAME] =>
parameters =>
data =>
- bojimans.internal.softwareheritage.org.
+ bojimans.internal.admin.swh.network.
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.orgDiff Detail
Diff Detail
- Repository
- rSPSITE puppet-swh-site
- Lint
Automatic diff as part of commit; lint not applicable. - Unit
Automatic diff as part of commit; unit tests not applicable.