Decomission webapp0 node (azure)
plan:
-
infra/puppet/puppet-swh-site!291: drop specific role and configuration -
stop node from azure -
clean up certificate for that node in puppet master -
puppet agent run on pergamon (icinga) -
eventually reload or restart the icinga service (so far not needed) -
Free webapp0.softwareheritage.org dns entry name (gandi > "Delete a DNS zone record" > webapp0) -
Delete node (clickety click in the click ui) -
[1]
root@pergamon:~# puppet cert list --all | grep webapp0
+ "webapp0.softwareheritage.org" (SHA256) F0:F1:DB:28:01:E5:A1:41:59:25:FD:BE:0C:4E:74:F9:EA:84:05:F4:F6:98:0D:4D:6B:3C:CA:3C:96:19:14:08
root@pergamon:~# swh-puppet-master-clean-certificate webapp0.softwareheritage.org
+ puppet node clean webapp0.softwareheritage.org
Notice: Revoked certificate with serial 136
Notice: Removing file Puppet::SSL::Certificate webapp0.softwareheritage.org at '/var/lib/puppet/ssl/ca/signed/webapp0.softwareheritage.org.pem'
webapp0.softwareheritage.org
+ puppet cert clean webapp0.softwareheritage.org
Warning: `puppet cert` is deprecated and will be removed in a future release.
(location: /usr/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')
Notice: Revoked certificate with serial 136
+ systemctl restart apache2
root@pergamon:~# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for pergamon.softwareheritage.org
Info: Applying configuration version '1609766358'
Notice: /Stage[main]/Profile::Letsencrypt/Letsencrypt::Certonly[archive_production]/Exec[letsencrypt certonly archive_production]/returns: executed successfully
Error: Execution of '/usr/bin/nsupdate -k /etc/bind/keys/local-update /tmp/dns_rr-nsupdate-20210104-3825194-y6wa7' returned 2: update failed: REFUSED
Error: /Stage[main]/Profile::Bind_server::Primary/Resource_record[bardo.internal.admin.swh.network/PTR]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/nsupdate -k /etc/bind/keys/local-update /tmp/dns_rr-nsupdate-20210104-3825194-y6wa7' returned 2: update failed: REFUSED
Info: Stage[main]: Unscheduling all events on Stage[main]
Notice: Applied catalog in 43.50 seconds
Migrated from T2919 (view on Phabricator)