Impacts after migration:
- [1] still reachable as before
- the machine shall be reached at getty.internal.admin.swh.network (ssh).
Note:
Node exposing getty service: rp1.internal.admin.swh.network [2].
[1] http://getty.internal.softwareheritage.org:9000/
[2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/52/
Step-by-step plan:
- Inventory:
- Reserve new ip in vlan 442 (192.168.50.80) [3]
- Deprecate the ip from vlan 440 (192.168.100.102) [4]
- Puppet manifest adaptations for moving the node to the admin vlan
- Firewall: Open rule to allow access from pergamon to getty:9000
- On {pergamon, getty.admin}
- Stop puppet agent
- On pergamon
- Deploy new puppet manifest change
- On riverside:
- Update the ip to the new vlan442 ip
- Connect through ssh and adapt /etc/network/interfaces with new ip
- Modify directly through the proxmox ui (not terraform-ed yet)
- Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442
- Update the hostname to getty.i.a.s.n
- Remove the puppet certificates rm -rf /var/lib/puppet/ssl (agent node)
- Update facts deployment and subnets /etc/facter/facts.d/deployment.txt to admin [5]
- Reboot machine (poweroff, start)
- Run puppet with puppet agent --test --fqdn getty.internal.admin.swh.network
-
Install necessary facts for cloud-init to stop tampering with /etc/hosts
- Update the ip to the new vlan442 ip
- On pergamon:
- Run puppet agent
- Decommission getty.i.s.o certificate
- On rp1:
- Run puppet agent
- Inventory:
- Change the reserved ip status to active
- Update sentry node with its new ip
- Terraform:
-
Reference sentry node in sysadm terraform admin manifestnode is diverging too much, the risk/benefit seems off so we don't do it.
-
[3] https://inventory.internal.admin.swh.network/ipam/ip-addresses/281/
[4] https://inventory.internal.admin.swh.network/ipam/ip-addresses/108/
[5]
root@getty:~# cat /etc/facter/facts.d/deployment.txt deployment=admin root@getty:~# cat /etc/facter/facts.d/subnet.txt subnet=sesi_rocquencourt_admin