Page MenuHomeSoftware Heritage

Decomission webapp0 node (azure)
Closed, MigratedEdits Locked

Description

plan:

  • D4802: drop specific role and configuration
  • stop node from azure
  • clean up certificate for that node in puppet master
  • puppet agent run on pergamon (icinga)
  • eventually reload or restart the icinga service (so far not needed)
  • Free webapp0.softwareheritage.org dns entry name (gandi > "Delete a DNS zone record" > webapp0)
  • Delete node (clickety click in the click ui)

[1]

root@pergamon:~# puppet cert list --all | grep webapp0
+ "webapp0.softwareheritage.org"                                  (SHA256) F0:F1:DB:28:01:E5:A1:41:59:25:FD:BE:0C:4E:74:F9:EA:84:05:F4:F6:98:0D:4D:6B:3C:CA:3C:96:19:14:08
root@pergamon:~# swh-puppet-master-clean-certificate webapp0.softwareheritage.org
+ puppet node clean webapp0.softwareheritage.org
Notice: Revoked certificate with serial 136
Notice: Removing file Puppet::SSL::Certificate webapp0.softwareheritage.org at '/var/lib/puppet/ssl/ca/signed/webapp0.softwareheritage.org.pem'
webapp0.softwareheritage.org
+ puppet cert clean webapp0.softwareheritage.org
Warning: `puppet cert` is deprecated and will be removed in a future release.
   (location: /usr/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')
Notice: Revoked certificate with serial 136
+ systemctl restart apache2
root@pergamon:~# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for pergamon.softwareheritage.org
Info: Applying configuration version '1609766358'
Notice: /Stage[main]/Profile::Letsencrypt/Letsencrypt::Certonly[archive_production]/Exec[letsencrypt certonly archive_production]/returns: executed successfully
Error: Execution of '/usr/bin/nsupdate -k /etc/bind/keys/local-update /tmp/dns_rr-nsupdate-20210104-3825194-y6wa7' returned 2: update failed: REFUSED
Error: /Stage[main]/Profile::Bind_server::Primary/Resource_record[bardo.internal.admin.swh.network/PTR]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/nsupdate -k /etc/bind/keys/local-update /tmp/dns_rr-nsupdate-20210104-3825194-y6wa7' returned 2: update failed: REFUSED
Info: Stage[main]: Unscheduling all events on Stage[main]
Notice: Applied catalog in 43.50 seconds

Revisions and Commits

Related Objects

Event Timeline

ardumont triaged this task as Normal priority.Jan 4 2021, 11:08 AM
ardumont created this task.
ardumont updated the task description. (Show Details)
ardumont claimed this task.
ardumont updated the task description. (Show Details)

It seems an extra step puppet node deactivate webapp.softwareheritage.org is required as well.