Change Details

Impacts after migration: - [1] still reachable as before - the machine shall be reached at riverside.internal.admin.swh.network (ssh). Note: Node exposing sentry service: riverside.internal.softwareheritage.org [2]. [1] https://sentry.softwareheritage.org [2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/12/ Step-by-step plan: - [X] Gandi: Reduce sentry.s.o CNAME ttl early (days before migration starts, e.g. ~300s) - [X] Inventory: - [X] Reserve new ip in vlan 442 - [X] Deprecate the ip from vlan 440 - [X] D7045: Puppet manifest adaptations for moving the node to the admin vlan [4] - [X] Firewall: Open rule to allow access from pergamon to riverside:9000 - [X] On {pergamon, riverside, rp1} [5] - [X] Stop puppet agent - [X] On pergamon - [X] Deploy new puppet manifest change (last time we forgot ¯\_(ツ)_/¯) - [X] On riverside: - [X] Update the ip to the new vlan442 ip (192.168.50.70) - [X] Connect through ssh and adapt /etc/network/interfaces with new ip - [X] Modify directly through the proxmox ui (not `terraform`-ed yet) - [X] Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442 - [X] Update the hostname to riverside.i.a.s.n - [X] Remove the puppet certificates `rm -rf /var/lib/puppet/ssl` (agent node) - [X] Update facts deployment and subnets `/etc/facter/facts.d/deployment.txt` to `admin` [6] - [X] Reboot machine (poweroff, start) - [X] Run puppet with `puppet agent --test --fqdn riverside.internal.admin.swh.network` - [X] ~~Install necessary facts for cloud-init to stop tampering with /etc/hosts~~ - [X] On pergamon: - [X] Run puppet agent - [X] Decommission riverside.i.s.o certificate - [X] On rp1: - [X] Run puppet agent - [X] Gandi: Change sentry.s.o CNAME value from `pergamon` to `swh-rproxy3.inria.fr.` (to target the admin reverse proxy) - [X] Inventory: - [X] Change the reserved ip status to active - [X] Update sentry node with its new ip [1] - [ ] Terraform: - [ ] Reference riverside node in sysadm terraform admin manifest [3] [3] https://forge.softwareheritage.org/source/swh-sysadmin-provisioning/browse/master/proxmox/terraform/admin/admin.tf [4] Check the diff description/code for more details [5] ``` $ clush -b -w pergamon -w riverside -w rp1.internal.admin.swh.network "puppet agent --disable T3891" ``` [6] ``` root@riverside:~# cat /etc/facter/facts.d/deployment.txt deployment=admin root@riverside:~# cat /etc/facter/facts.d/subnet.txt subnet=sesi_rocquencourt_admin ```

Impacts after migration: - [1] still reachable as before - the machine shall be reached at riverside.internal.admin.swh.network (ssh). Note: Node exposing sentry service: riverside.internal.softwareheritage.org [2]. [1] https://sentry.softwareheritage.org [2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/12/ Step-by-step plan: - [X] Gandi: Reduce sentry.s.o CNAME ttl early (days before migration starts, e.g. ~300s) - [X] Inventory: - [X] Reserve new ip in vlan 442 - [X] Deprecate the ip from vlan 440 - [X] D7045: Puppet manifest adaptations for moving the node to the admin vlan [4] - [X] Firewall: Open rule to allow access from pergamon to riverside:9000 - [X] On {pergamon, riverside, rp1} [5] - [X] Stop puppet agent - [X] On pergamon - [X] Deploy new puppet manifest change (last time we forgot ¯\_(ツ)_/¯) - [X] On riverside: - [X] Update the ip to the new vlan442 ip (192.168.50.70) - [X] Connect through ssh and adapt /etc/network/interfaces with new ip - [X] Modify directly through the proxmox ui (not `terraform`-ed yet) - [X] Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442 - [X] Update the hostname to riverside.i.a.s.n - [X] Remove the puppet certificates `rm -rf /var/lib/puppet/ssl` (agent node) - [X] Update facts deployment and subnets `/etc/facter/facts.d/deployment.txt` to `admin` [6] - [X] Reboot machine (poweroff, start) - [X] Run puppet with `puppet agent --test --fqdn riverside.internal.admin.swh.network` - [X] ~~Install necessary facts for cloud-init to stop tampering with /etc/hosts~~ - [X] On pergamon: - [X] Run puppet agent - [X] Decommission riverside.i.s.o certificate - [X] On rp1: - [X] Run puppet agent - [X] Gandi: Change sentry.s.o CNAME value from `pergamon` to `swh-rproxy3.inria.fr.` (to target the admin reverse proxy) - [X] Inventory: - [X] Change the reserved ip status to active - [X] Update sentry node with its new ip [1] - [X] Clean up no longer necessary sentry reverse proxy on pergamon - [X] Gandi: Bump the sentry.s.o CNAME TTL to "standard" value of 1800 (like the others) - [ ] Terraform: - [ ] Reference riverside node in sysadm terraform admin manifest [3] [3] https://forge.softwareheritage.org/source/swh-sysadmin-provisioning/browse/master/proxmox/terraform/admin/admin.tf [4] Check the diff description/code for more details [5] ``` $ clush -b -w pergamon -w riverside -w rp1.internal.admin.swh.network "puppet agent --disable T3891" ``` [6] ``` root@riverside:~# cat /etc/facter/facts.d/deployment.txt deployment=admin root@riverside:~# cat /etc/facter/facts.d/subnet.txt subnet=sesi_rocquencourt_admin ```

Impacts after migration: - [1] still reachable as before - the machine shall be reached at riverside.internal.admin.swh.network (ssh). Note: Node exposing sentry service: riverside.internal.softwareheritage.org [2]. [1] https://sentry.softwareheritage.org [2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/12/ Step-by-step plan: - [X] Gandi: Reduce sentry.s.o CNAME ttl early (days before migration starts, e.g. ~300s) - [X] Inventory: - [X] Reserve new ip in vlan 442 - [X] Deprecate the ip from vlan 440 - [X] D7045: Puppet manifest adaptations for moving the node to the admin vlan [4] - [X] Firewall: Open rule to allow access from pergamon to riverside:9000 - [X] On {pergamon, riverside, rp1} [5] - [X] Stop puppet agent - [X] On pergamon - [X] Deploy new puppet manifest change (last time we forgot ¯\_(ツ)_/¯) - [X] On riverside: - [X] Update the ip to the new vlan442 ip (192.168.50.70) - [X] Connect through ssh and adapt /etc/network/interfaces with new ip - [X] Modify directly through the proxmox ui (not `terraform`-ed yet) - [X] Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442 - [X] Update the hostname to riverside.i.a.s.n - [X] Remove the puppet certificates `rm -rf /var/lib/puppet/ssl` (agent node) - [X] Update facts deployment and subnets `/etc/facter/facts.d/deployment.txt` to `admin` [6] - [X] Reboot machine (poweroff, start) - [X] Run puppet with `puppet agent --test --fqdn riverside.internal.admin.swh.network` - [X] ~~Install necessary facts for cloud-init to stop tampering with /etc/hosts~~ - [X] On pergamon: - [X] Run puppet agent - [X] Decommission riverside.i.s.o certificate - [X] On rp1: - [X] Run puppet agent - [X] Gandi: Change sentry.s.o CNAME value from `pergamon` to `swh-rproxy3.inria.fr.` (to target the admin reverse proxy) - [X] Inventory: - [X] Change the reserved ip status to active - [X] Update sentry node with its new ip [1] - [X] Clean up no longer necessary sentry reverse proxy on pergamon - [X] Gandi: Bump the sentry.s.o CNAME TTL to "standard" value of 1800 (like the others) - [ ] Terraform: - [ ] Reference riverside node in sysadm terraform admin manifest [3] [3] https://forge.softwareheritage.org/source/swh-sysadmin-provisioning/browse/master/proxmox/terraform/admin/admin.tf [4] Check the diff description/code for more details [5] ``` $ clush -b -w pergamon -w riverside -w rp1.internal.admin.swh.network "puppet agent --disable T3891" ``` [6] ``` root@riverside:~# cat /etc/facter/facts.d/deployment.txt deployment=admin root@riverside:~# cat /etc/facter/facts.d/subnet.txt subnet=sesi_rocquencourt_admin ```