Change Details

Impacts after migration: - [1] still reachable as before - the machine shall be reached at getty.internal.admin.swh.network (ssh). Note: Node exposing getty service: rp1.internal.admin.swh.network [2]. [1] http://getty.internal.softwareheritage.org:9000/ [2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/52/ Step-by-step plan: - [ ] Inventory: - [x] Reserve new ip in vlan 442 (192.168.50.80) [3] - [ ] Deprecate the ip from vlan 440 (192.168.100.102) [4] - [ ] Puppet manifest adaptations for moving the node to the admin vlan - [ ] Firewall: Open rule to allow access from pergamon to getty:9000 - [ ] On {pergamon, getty.admin} - [ ] Stop puppet agent - [ ] On pergamon - [ ] Deploy new puppet manifest change - [ ] On riverside: - [ ] Update the ip to the new vlan442 ip - [ ] Connect through ssh and adapt /etc/network/interfaces with new ip - [ ] Modify directly through the proxmox ui (not `terraform`-ed yet) - [ ] Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442 - [ ] Update the hostname to getty.i.a.s.n - [ ] Remove the puppet certificates `rm -rf /var/lib/puppet/ssl` (agent node) - [ ] Update facts deployment and subnets `/etc/facter/facts.d/deployment.txt` to `admin` [5] - [ ] Reboot machine (poweroff, start) - [ ] Run puppet with `puppet agent --test --fqdn getty.internal.admin.swh.network` - [ ] ~~Install necessary facts for cloud-init to stop tampering with /etc/hosts~~ - [ ] On pergamon: - [ ] Run puppet agent - [ ] Decommission getty.i.s.o certificate - [ ] On rp1: - [ ] Run puppet agent - [ ] Inventory: - [ ] Change the reserved ip status to active - [ ] Update sentry node with its new ip - [ ] Terraform: - [ ] ~~Reference sentry node in sysadm terraform admin manifest~~ node is diverging too much, the risk/benefit seems off so we don't do it. [3] https://inventory.internal.admin.swh.network/ipam/ip-addresses/281/ [4] https://inventory.internal.admin.swh.network/ipam/ip-addresses/108/ [5] ``` root@getty:~# cat /etc/facter/facts.d/deployment.txt deployment=admin root@getty:~# cat /etc/facter/facts.d/subnet.txt subnet=sesi_rocquencourt_admin ```

TBDImpacts after migration: - [1] still reachable as before - the machine shall be reached at getty.internal.admin.swh.network (ssh). Note: Node exposing getty service: rp1.internal.admin.swh.network [2]. [1] http://getty.internal.softwareheritage.org:9000/ [2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/52/ Step-by-step plan: - [ ] Inventory: - [x] Reserve new ip in vlan 442 (192.168.50.80) [3] - [ ] Deprecate the ip from vlan 440 (192.168.100.102) [4] - [ ] Puppet manifest adaptations for moving the node to the admin vlan - [ ] Firewall: Open rule to allow access from pergamon to getty:9000 - [ ] On {pergamon, getty.admin} - [ ] Stop puppet agent - [ ] On pergamon - [ ] Deploy new puppet manifest change - [ ] On riverside: - [ ] Update the ip to the new vlan442 ip - [ ] Connect through ssh and adapt /etc/network/interfaces with new ip - [ ] Modify directly through the proxmox ui (not `terraform`-ed yet) - [ ] Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442 - [ ] Update the hostname to getty.i.a.s.n - [ ] Remove the puppet certificates `rm -rf /var/lib/puppet/ssl` (agent node) - [ ] Update facts deployment and subnets `/etc/facter/facts.d/deployment.txt` to `admin` [5] - [ ] Reboot machine (poweroff, start) - [ ] Run puppet with `puppet agent --test --fqdn getty.internal.admin.swh.network` - [ ] ~~Install necessary facts for cloud-init to stop tampering with /etc/hosts~~ - [ ] On pergamon: - [ ] Run puppet agent - [ ] Decommission getty.i.s.o certificate - [ ] On rp1: - [ ] Run puppet agent - [ ] Inventory: - [ ] Change the reserved ip status to active - [ ] Update sentry node with its new ip - [ ] Terraform: - [ ] ~~Reference sentry node in sysadm terraform admin manifest~~ node is diverging too much, the risk/benefit seems off so we don't do it. [3] https://inventory.internal.admin.swh.network/ipam/ip-addresses/281/ [4] https://inventory.internal.admin.swh.network/ipam/ip-addresses/108/ [5] ``` root@getty:~# cat /etc/facter/facts.d/deployment.txt deployment=admin root@getty:~# cat /etc/facter/facts.d/subnet.txt subnet=sesi_rocquencourt_admin ```