Opened 8 months ago

Closed 12 days ago

#32179 closed defect (fixed)

retire orestis

Reported by: weasel Owned by: weasel
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #31659 Points:
Reviewer: Sponsor:

Description (last modified by weasel)

this is an (old-style) onionoo frontend going only to the old backends. cf. #31659.

onionoo-frontend-0[12] are perfectly able to handle the current load. We can retire this instance.

Child Tickets

Change History (9)

comment:1 Changed 8 months ago by weasel

Owner: changed from tpa to weasel
Status: newaccepted
Summary: retire orestismove orestis to new-style onionoo

Actually, let's eventually rebuild this as a new style backend since it lives at sunet.

comment:2 Changed 8 months ago by irl

Ok cool, ping me when it's ready for that.

comment:3 Changed 8 months ago by weasel

I think I meant frontend there. I.e., the thing running haproxy/varnish and doing ipsec to the hosts that run the java code.

comment:4 Changed 8 months ago by weasel

Summary: move orestis to new-style onionoomove orestis to be a new-style onionoo frontend

comment:5 Changed 2 months ago by anarcat

this is blocked on #32268

comment:6 Changed 13 days ago by weasel

Description: modified (diff)
Summary: move orestis to be a new-style onionoo frontendretire orestis

onionoo-frontend-0[12] are perfectly able to handle the current load. We can retire this instance.

comment:7 Changed 12 days ago by anarcat

already shutdown, removed from nagios and puppet

comment:8 Changed 12 days ago by anarcat

removed from source code, spreadsheet, what's left:

  1. remove from tor-passwords
  2. remove from LDAP
  3. retire actual data (./retire in tsa-misc and retire at sunet)

comment:9 Changed 12 days ago by anarcat

Resolution: fixed
Status: acceptedclosed

scheduled backups removal, revoked puppet:

$ ./retire -v -H orestis.torproject.org retire-all
starting tasks at 2020-05-25 17:37:03.873529
not wiping instance orestis.torproject.org data: no parent host
scheduling orestis.torproject.org backup disks removal on host bungei.torproject.org
checking for path "/srv/backups/bacula/orestis.torproject.org/" on bungei.torproject.org
scheduling rm -rf "/srv/backups/bacula/orestis.torproject.org/" to run on bungei.torproject.org in 30 days
warning: commands will be executed using /bin/sh
job 32 at Wed Jun 24 21:37:00 2020
Notice: Revoked certificate with serial 50
Notice: Removing file Puppet::SSL::Certificate orestis.torproject.org at '/var/lib/puppet/ssl/ca/signed/orestis.torproject.org.pem'
orestis.torproject.org
Submitted 'deactivate node' for orestis.torproject.org with UUID 2484e196-707a-42f6-91a2-ef0c46654d16
completed tasks, elasped: 0:00:10.723336 (user 2.13 system 0.09 chlduser 0.03 chldsystem 0.03 RSS 42.4 MB)

removed from LDAP:

367 host=orestis,ou=hosts,dc=torproject,dc=org
host: orestis
hostname: orestis.torproject.org
objectClass: top
objectClass: debianServer
distribution: Debian
access: restricted
admin: torproject-admin@torproject.org
architecture: amd64
physicalHost: cloud.ipnett.se
description: onionoo
purpose: onionoo.torproject.org
allowedGroups: onionoo
allowedGroups: onionoo-unpriv
l: Sweden
ipHostNumber: 2001:6b0:5a:5000::4
ipHostNumber: 89.45.235.19
sshRSAHostKey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrDQvHxq6hpRz47n2MOUm0ylhPfCO0BtEtb5FjdaWXL root@orestis
sshRSAHostKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAmeNHl4EMYDLtK/O8MxdllXX8Vf7Ryjo+7WwPmssCe1bWpUn5BbT7pJALTirF2Su7QB3iEQeVI/RBp7rsG5LKi7itJ4CaEuD8i/wKnl/paUeHIAGgg/zsvpwBAg96GloFpUeMUSVMaWfDYIwfDXB2Z0zkPU1ctQVMLXnLftHTGKn0ZUpjxXCBpC1E5gee2AHqnfR3vFRhe+xpMS/9PsOeOjaACl0aNmNQJaWqRVreM3HewxLP2LgdQlqzsSr5ukj9prhf3+265+yQf9fNStHRIXzk4RsEBGYx3gAmme9qJJ+/nh0JSqhSXHRt1Squx0u+pmUV/XsyRUm0dvdahLP3 root@orestis
rebootPolicy: rotation

removed from tor-passwords.

deleted instance from sunet as well, which reminds me we have some spare capacity there now.

all done.

Note: See TracTickets for help on using tickets.