Skip to content

netbox: migrate the vm to the admin vlan

Vincent Sellier requested to merge generated-differential-D7018-source into generated-differential-D7018-target
  • declare a new admin vhost
  • add a redirection for the old vhost
  • change the hostname where needed (certificate, vhosts, ...)
  • clean up no longer necessary inventory-vagrant entries

Related to T3873

Test Plan

vagrant and octo-diff ok.

  • bojimans considered as a new server due to the hostname update so no diff available

  • pergamon

diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
+ Exec[letsencrypt certonly inventory.internal.softwareheritage.org] =>
   parameters =>
     "command": "certbot --text --agree-tos --non-interactive certonly --rsa-key-...
     "environment": [
    
     ],
     "path": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
     "provider": "shell",
     "unless": "/usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/li...
*******************************************
- Exec[letsencrypt certonly netbox-vagrant]
*******************************************
  Exec[letsencrypt certonly netbox] =>
   parameters =>
     command =>
      - certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'netbox' -d 'inventory.internal.softwareheritage.org' --authenticator manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth' --manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup' --deploy-hook '/usr/local/bin/letsencrypt_puppet_export'
      + certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'netbox' -d 'inventory.internal.admin.swh.network' --authenticator manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth' --manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup' --deploy-hook '/usr/local/bin/letsencrypt_puppet_export'
     unless =>
      - /usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/live/netbox/cert.pem 'inventory.internal.softwareheritage.org'
      + /usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/live/netbox/cert.pem 'inventory.internal.admin.swh.network'
*******************************************
  File[/etc/bind/keys/local-update] =>
   parameters =>
     content =>
      @@ -2,4 +2,4 @@
       key local-update {
       	algorithm hmac-sha256;
      -	secret "RnUZ5OkCQJW0jKXUEQlLtvPzgc7cZevQkMIAmyci/pauR+Gt48njHze2VNqfkvsX8EF3gjrA/fNEk2m5cjZA8g==";
      +	secret "azVl7b68oI1B0OQgY99Ed3etzwtDxO3ZVA8KF8X6tULmb957u/koKrJe27OpBnZvE2Z0NMuuD7yjyKuZbnhhiQ==";
       };
*******************************************
  File[/etc/bind/rndc.key] =>
   parameters =>
     content =>
      @@ -2,4 +2,4 @@
       key rndc-key {
       	algorithm hmac-md5;
      -	secret "+euTM8F2D/MONDu/kaepXbH5Yw3vQ7acPYUdlVt8j0fMqz9d19CUH0Nu8D35GXjjqeemXbI/7V0GZ+uxIE1zJw==";
      +	secret "e6d9w8U/ARd2H9g7HddNCGjLMyZTDdPFlH6+LdK8jy4hqT58VdMwgi0br9r/smeq0jvf1vQ218hP9u0W5zndFg==";
       };
*******************************************
+ Letsencrypt::Certonly[inventory.internal.softwareheritage.org] =>
   parameters =>
     "additional_args": [
       "--authenticator manual",
       "--preferred-challenges dns",
       "--manual-public-ip-logging-ok",
       "--manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth'",
       "--manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup'"...
       "--deploy-hook '/usr/local/bin/letsencrypt_puppet_export'"
     ],
     "cert_name": "inventory.internal.softwareheritage.org",
     "config_dir": "/etc/letsencrypt",
     "cron_hour": 3,
     "cron_minute": 24,
     "cron_monthday": [
       "*"
     ],
     "custom_plugin": true,
     "deploy_hook_commands": [
    
     ],
     "domains": [
       "inventory.internal.softwareheritage.org"
     ],
     "ensure": "present",
     "environment": [
    
     ],
     "key_size": 4096,
     "letsencrypt_command": "certbot",
     "manage_cron": false,
     "plugin": "standalone",
     "post_hook_commands": [
    
     ],
     "pre_hook_commands": [
    
     ],
     "suppress_cron_output": false,
     "webroot_paths": [
    
     ]
*******************************************
- Letsencrypt::Certonly[netbox-vagrant]
*******************************************
  Letsencrypt::Certonly[netbox] =>
   parameters =>
     domains =>
      - ["inventory.internal.softwareheritage.org"]
      + ["inventory.internal.admin.swh.network"]
*******************************************
+ Resource_record[inventory-admin/CNAME] =>
   parameters =>
     "data": "bojimans.internal.admin.swh.network.",
     "keyfile": "/etc/bind/keys/local-update",
     "record": "inventory.internal.admin.swh.network",
     "type": "CNAME"
*******************************************
  Resource_record[inventory/CNAME] =>
   parameters =>
     data =>
      - bojimans.internal.softwareheritage.org.
      + bojimans.internal.admin.swh.network.
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.org

Migrated from D7018 (view on Phabricator)

Merge request reports