(you could probably revert the conf/cassandra.yaml bit)

The root cause is that uffizi:/srv/storage/space is full.

So, that all happened and uffizi is now bare metal.

I've moved the backup crons to uffizi for now.

So, moving it to uffizi then; got it :)

I'm not 100% certain about the config of the array management interfaces as the system is going to move to predictable interface names that I'm not quite sure how to predict...

In T1895#35134, @douardda wrote:

For backup centralization, it can stay there for now I guess.

In T1895#35132, @olasd wrote:

I've setup a new virtual machine (aptly called "louvre") and I've given it the following setup:

• bare buster install, two network interfaces (private one with a temp ip address, public one unplugged)
• openvpn installed and config copied over from the original louvre (/etc/openvpn)
  • regenerated larger dh parameters so it would start
• strongswan installed and config copied over from louvre (/etc/ipsec.secrets and /etc/ipsec.conf)
• network config copied over from louvre and trimmed down

Looks like both services start up properly (and hiccup because the public ip address isn't really working yet).
To actually switch network related stuff over:

1. give current-louvre a new internal ip address
2. stop openvpn and strongswan on current-louvre
3. remove current-louvre's 100.1 and public ip addresses
4. clean up current-louvre's firewall config
5. add a new default route to 100.1 on current-louvre
6. reboot new-louvre with its new network setup

This should only be a minute or two downtime.

I've setup a new virtual machine (aptly called "louvre") and I've given it the following setup:

• bare buster install, two network interfaces (private one with a temp ip address, public one unplugged)
• openvpn installed and config copied over from the original louvre (/etc/openvpn)
  • regenerated larger dh parameters so it would start
• strongswan installed and config copied over from louvre (/etc/ipsec.secrets and /etc/ipsec.conf)
• network config copied over from louvre and trimmed down

So, internal-staging.softwareheritage.org feels like a really long base domain name, but I don't have a snappy alternative suggestion that gives me warm fuzzies.

I've now started work on refactoring the way we do Apache Virtual hosts in puppet, but it's still somewhat of a mess with the number of settings that still vary across hosts.

I've moved the clustershell setup to pergamon, by installing the clustershell command then copying the following files over:

I've done the first step of this, which is separating louvre from the rest of the proxmox cluster, following the instructions on https://pve.proxmox.com/wiki/Cluster_Manager#_remove_a_cluster_node.

In T979#34731, @olasd wrote:

After swapping in some memories from the Gandi simple hosting stuff, it's possible to upload certificates to Gandi using the legacy XML-RPC API. There's no explicit linking of certificates between the certificates API and the PaaS API, and ISTR that the PaaS stuff just picks up certificates automatically once uploaded.

After swapping in some memories from the Gandi simple hosting stuff, it's possible to upload certificates to Gandi using the legacy XML-RPC API. There's no explicit linking of certificates between the certificates API and the PaaS API, and ISTR that the PaaS stuff just picks up certificates automatically once uploaded.

After some puppet work: