Change Details

Impacts after migration: - [1] still reachable as before - the machine shall be reached at riverside.internal.admin.swh.network. Note: Node exposing sentry service: riverside.internal.softwareheritage.org [2]. [1] https://sentry.softwareheritage.org [2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/12/ Step-by-step plan: - [x] Inventory: - [x] Reserve new ip in vlan 442 - [x] Deprecate the ip from vlan 440 - [ ] Puppet: - [ ] Hostname change from riverside.i.s.o to riverside.internal.admin.swh.network - [ ] Install sentry behind the admin reverse proxy - [ ] Adapt service to use the new fqdn - [ ] On pergamon: - [ ] Stop puppet agent - [ ] Deploy new manifest - [ ] On riverside: - [ ] Stop puppet agent - [ ] Update the ip to the new vlan442 ip (192.168.50.70) - [ ] Modify directly through the proxmox ui (it's not in terraform yet) - [ ] Connect through ssh and adapt /etc/network/interfaces with new ip - [ ] Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442 - [ ] Update the hostname to riverside.i.a.s.n - [ ] Remove the puppet certificates `rm -rf /var/lib/puppet/ssl` (agent node) - [ ] Update the facts `/etc/facter/facts.d/deployment.yaml` to `admin` - [ ] Reboot machine (poweroff, start) - [ ] Run puppet with `puppet agent --test --fqdn riverside.internal.admin.swh.network` - [ ] Install necessary facts for cloud-init to stop tampering with /etc/hosts - [ ] On pergamon: - [ ] Run puppet agent - [ ] Decommission sentry.i.s.o certificate - [ ] Firewall: - [ ] Open rule to allow traffic to sentry node (if need be) - [ ] Inventory: - [ ] Change the reserved ip status to active - [ ] Update sentry node with its new ip [1] - [ ] Terraform: - [ ] Reference riverside node in sysadm terraform admin manifest [3] [3] https://forge.softwareheritage.org/source/swh-sysadmin-provisioning/browse/master/proxmox/terraform/admin/admin.tf

Impacts after migration: - [1] still reachable as before - the machine shall be reached at riverside.internal.admin.swh.network (ssh). Note: Node exposing sentry service: riverside.internal.softwareheritage.org [2]. [1] https://sentry.softwareheritage.org [2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/12/ Step-by-step plan: - [x] Inventory: - [x] Reserve new ip in vlan 442 - [x] Deprecate the ip from vlan 440 - [ ] Puppet: - [ ] Hostname change from riverside.i.s.o to riverside.internal.admin.swh.network - [ ] Install sentry behind the admin reverse proxy - [ ] Adapt service to use the new fqdn - [ ] Gandi: - [ ] Reduce ttl of sentry.s.o - [ ] Change sentry.s.o to target the admin reverse proxy - [ ] On pergamon: - [ ] Stop puppet agent - [ ] Deploy new manifest - [ ] On riverside: - [ ] Stop puppet agent - [ ] Update the ip to the new vlan442 ip (192.168.50.70) - [ ] Modify directly through the proxmox ui (it's not in terraform yet) - [ ] Connect through ssh and adapt /etc/network/interfaces with new ip - [ ] Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442 - [ ] Update the hostname to riverside.i.a.s.n - [ ] Remove the puppet certificates `rm -rf /var/lib/puppet/ssl` (agent node) - [ ] Update the facts `/etc/facter/facts.d/deployment.yaml` to `admin` - [ ] Reboot machine (poweroff, start) - [ ] Run puppet with `puppet agent --test --fqdn riverside.internal.admin.swh.network` - [ ] Install necessary facts for cloud-init to stop tampering with /etc/hosts - [ ] On pergamon: - [ ] Run puppet agent - [ ] Decommission sentry.i.s.o certificate - [ ] Firewall: - [ ] Open rule to allow traffic to sentry node (if need be) - [ ] Inventory: - [ ] Change the reserved ip status to active - [ ] Update sentry node with its new ip [1] - [ ] Terraform: - [ ] Reference riverside node in sysadm terraform admin manifest [3] [3] https://forge.softwareheritage.org/source/swh-sysadmin-provisioning/browse/master/proxmox/terraform/admin/admin.tf

Impacts after migration: - [1] still reachable as before - the machine shall be reached at riverside.internal.admin.swh.network (ssh). Note: Node exposing sentry service: riverside.internal.softwareheritage.org [2]. [1] https://sentry.softwareheritage.org [2] https://inventory.internal.admin.swh.network/virtualization/virtual-machines/12/ Step-by-step plan: - [x] Inventory: - [x] Reserve new ip in vlan 442 - [x] Deprecate the ip from vlan 440 - [ ] Puppet: - [ ] Hostname change from riverside.i.s.o to riverside.internal.admin.swh.network - [ ] Install sentry behind the admin reverse proxy - [ ] Adapt service to use the new fqdn - [ ] Gandi: - [ ] Reduce ttl of sentry.s.o - [ ] Change sentry.s.o to target the admin reverse proxy - [ ] On pergamon: - [ ] Stop puppet agent - [ ] Deploy new manifest - [ ] On riverside: - [ ] Stop puppet agent - [ ] Update the ip to the new vlan442 ip (192.168.50.70) - [ ] Modify directly through the proxmox ui (it's not in terraform yet) - [ ] Connect through ssh and adapt /etc/network/interfaces with new ip - [ ] Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442 - [ ] Update the hostname to riverside.i.a.s.n - [ ] Remove the puppet certificates `rm -rf /var/lib/puppet/ssl` (agent node) - [ ] Update the facts `/etc/facter/facts.d/deployment.yaml` to `admin` - [ ] Reboot machine (poweroff, start) - [ ] Run puppet with `puppet agent --test --fqdn riverside.internal.admin.swh.network` - [ ] Install necessary facts for cloud-init to stop tampering with /etc/hosts - [ ] On pergamon: - [ ] Run puppet agent - [ ] Decommission sentry.i.s.o certificate - [ ] Firewall: - [ ] Open rule to allow traffic to sentry node (if need be) - [ ] Inventory: - [ ] Change the reserved ip status to active - [ ] Update sentry node with its new ip [1] - [ ] Terraform: - [ ] Reference riverside node in sysadm terraform admin manifest [3] [3] https://forge.softwareheritage.org/source/swh-sysadmin-provisioning/browse/master/proxmox/terraform/admin/admin.tf