Skip to content

Update decomissioning script with necessary instruction

This also renames explicitely the script from swh-puppet-master-clean-certificate to swh-puppet-master-decomission.

This uninstalls the old script to install the new one.

Related to T3027

Test Plan

octocatalog-diff pergamon:

diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
  File[/etc/bind/keys/local-update] =>
   parameters =>
     content =>
      @@ -2,4 +2,4 @@
       key local-update {
        algorithm hmac-sha256;
      - secret "xxlzXIUXzgSRcMSVhRzQmceMkoi7xUENrAimAcgm8wkxFzgFqSgHs34wCqtvhKn/gymUT4F3CQslmQW2ueZpPw==";
      + secret "3HMpggs9nAa9lTPp7rpGkUG+MpsQ17/PeXmW8E/sK4gaYKJAoPg6H8KIrDTIVBEGd2D4w7nIYRqgmHQBi8JRFQ==";
       };
*******************************************
  File[/etc/bind/rndc.key] =>
   parameters =>
     content =>
      @@ -2,4 +2,4 @@
       key rndc-key {
        algorithm hmac-md5;
      - secret "YbLxiSqY4n7Z6iYx1EH04nMfmGtONuWa3xnD4lQkuN7df7atwU4xT88q4le3HrgRqYRZDW4w5WKo8BB4xVEFHg==";
      + secret "v9p5NHqDpJSyodHXY6Wn+kn4JKez23DrMPYePk5ZO4M/l55JkGKY2Lkh7xr03QGjRULNZJiQbWKZTusL55YHqA==";
       };
*******************************************
  File[/usr/local/sbin/swh-puppet-master-clean-certificate] =>
   parameters =>
     ensure =>
      - file
      + absent
*******************************************
+ File[/usr/local/sbin/swh-puppet-master-decomission] =>
   parameters =>
      "ensure": "file"
      "group": "root"
      "mode": "0755"
      "owner": "root"
      "content": >>>
#!/usr/bin/env bash

# Use:
# $0 CERTNAME ...

# Example:
# $0 storage0.internal.staging.swh.network db0.internal.staging.swh.network

set -x

puppet node deactivate $@
puppet node clean $@
puppet cert clean $@
systemctl restart apache2
<<<
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.org

Migrated from D5007 (view on Phabricator)

Merge request reports

Loading