Migrate getty node to admin vlan
Impacts after migration:
- [1] still reachable as before
- the machine shall be reached at getty.internal.admin.swh.network (ssh).
Note: Node exposing getty service: rp1.internal.admin.swh.network [2].
Step-by-step plan:
-
Inventory: -
Reserve new ip in vlan 442 (192.168.50.80) [3] -
Deprecate the ip from vlan 440 (192.168.100.102) [4]
-
-
Puppet manifest adaptations for moving the node to the admin vlan -
Firewall: Open rule to allow access from pergamon to getty:9000 -
On {pergamon, getty.admin} -
Stop puppet agent
-
-
On pergamon -
Deploy new puppet manifest change
-
-
On riverside: -
Update the ip to the new vlan442 ip -
Connect through ssh and adapt /etc/network/interfaces with new ip -
Modify directly through the proxmox ui (not terraform
-ed yet) -
Adapt hardware entry about network (proxmox ui) to change from vmbr0 to vmbr442
-
-
Update the hostname to getty.i.a.s.n -
Remove the puppet certificates rm -rf /var/lib/puppet/ssl
(agent node) -
Update facts deployment and subnets /etc/facter/facts.d/deployment.txt
toadmin
[5] -
Reboot machine (poweroff, start) -
Run puppet with puppet agent --test --fqdn getty.internal.admin.swh.network
-
Install necessary facts for cloud-init to stop tampering with /etc/hosts
-
-
On pergamon: -
Run puppet agent -
Decommission getty.i.s.o certificate
-
-
On rp1: -
Run puppet agent
-
-
Inventory: -
Change the reserved ip status to active -
Update sentry node with its new ip
-
-
Terraform: -
Reference sentry node in sysadm terraform admin manifestnode is diverging too much, the risk/benefit seems off so we don't do it.
-
-
[3] https://inventory.internal.admin.swh.network/ipam/ip-addresses/281/
-
[4] https://inventory.internal.admin.swh.network/ipam/ip-addresses/108/
-
[5]
root@getty:~# cat /etc/facter/facts.d/deployment.txt
deployment=admin
root@getty:~# cat /etc/facter/facts.d/subnet.txt
subnet=sesi_rocquencourt_admin
Migrated from T3898 (view on Phabricator)