Opened 12 months ago

Closed 9 months ago

#32390 closed task (fixed)

decomission storm / bracteata on February 11, 2020

Reported by: gaba Owned by: anarcat
Priority: Medium Milestone:
Component: Internal Services/Service - sandstorm Version:
Severity: Normal Keywords: tpa-roadmap-february
Cc: gaba Actual Points:
Parent ID: #32267 Points:
Reviewer: Sponsor:

Description

Hi!

We are migrating into nc.torproject.net. We are planning to shutdown storm in February. This is the ticket for us not to forget :)

Child Tickets

Change History (8)

comment:1 Changed 12 months ago by gaba

Parent ID: #32267

comment:2 Changed 10 months ago by anarcat

hum. it seems we're getting dangerously close to this deadline, maybe we want to send an announcement here?

comment:3 Changed 10 months ago by gaba

I sent it a few days ago.

comment:4 Changed 9 months ago by gaba

Keywords: tpa-roadmap-february added; gaba removed

comment:5 Changed 9 months ago by gaba

Cc: gaba added
Summary: decomission storm / bracteata on February 4, 2020decomission storm / bracteata on February 11, 2020

Let's give it more time. I will follow with people.

comment:6 Changed 9 months ago by anarcat

Owner: changed from hiro to anarcat
Status: newaccepted

taking this on now, storm is going down!

comment:7 Changed 9 months ago by anarcat

host retirement checklist:

  1. announced long ago, here, another announcement sent today to tor-internal@
  2. shutdown scheduled for now +5min
  3. undefined
  4. done:
    root@unifolium:~# echo rm -r /srv/vmstore/bracteata.torproject.org | at now + 7 days
    warning: commands will be executed using /bin/sh
    job 1 at Wed Feb 19 20:04:00 2020
    
  5. removed the following blob from LDAP:
    346 host=bracteata,ou=hosts,dc=torproject,dc=org
    host: bracteata
    hostname: bracteata.torproject.org
    objectClass: top
    objectClass: debianServer
    l: Falkenstein, Saxony, Germany
    distribution: Debian
    access: restricted
    admin: torproject-admin@torproject.org
    architecture: amd64
    sshRSAHostKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgSK0VMFXxG4tM2+4qPlTQ3MLPW0OrGS1JWubOEOrv6T1XAM/X4TTtL7b8ck3/WNivqz5FicZLEIVKMlz7hRL4JjoAG1G5GdHNFqlHtqG0+ZQCHCUOmWkRQeapHHYwHo9IkXl5beotmzN22a/nJHnfASWPEZbfsI2rVWLAarNL16YbXx5AZtT+ztN8qhLFqp7vo17YezG1c6cYI9ONwy/dxOEvRjgJe7E9KtJefMkuTmpHmekqHeHoesCCaq0yiLKH2Qjo9JyWVgKs1lrbS9TfftUS8KeZjWZ0JQnZFUpddOVjcCFMhx0cLn34zDwgeN3M+2zGQ9ymeqhf3jf3y7sl root@bracteata
    sshRSAHostKey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDs+Dct1Bn+VheKwB1ztfoytFKKV7t01EYk5vuDAcFl8 root@bracteata
    physicalHost: unifolium.torproject.org
    description: sandstorm
    purpose: sandstorm
    ipHostNumber: 78.47.38.231
    ipHostNumber: 2a01:4f8:211:6e8:0:823:7:1
    allowedGroups: storm
    
    also removed the storm user and group (UID/GID 1559), and the sudo password for the host for a few people
  6. removed storm and *.storm from domains (IPs 78.47.38.231 and 2a01:4f8:211:6e8:0:823:7:1)
  7. revoked from puppet:
    root@pauli:/home/anarcat# puppet node clean $host.torproject.org && puppet node deactivate $host.torproject.org
    Notice: Revoked certificate with serial 6
    Notice: Removing file Puppet::SSL::Certificate bracteata.torproject.org at '/var/lib/puppet/ssl/ca/signed/bracteata.torproject.org.pem'
    bracteata.torproject.org
    Submitted 'deactivate node' for bracteata.torproject.org with UUID af1cf582-45b6-4223-8be9-5175ddd0ddb5
    
  8. removed from puppet code (fa41d98c)
  9. remove from tor-passwords
  10. removed from spreadsheet
  11. removed from nagios
  12. scheduled backup deletion:
    root@bungei:/srv/backups/bacula# echo rm -rf /srv/backups/bacula/bracteata.torproject.org-OLD | at now + 30 days
    warning: commands will be executed using /bin/sh
    job 19 at Fri Mar 13 20:40:00 2020
    
  13. removed storm.* certificates from letsencrypt-domains and backup-keys, along with the copies on nevii
  14. N/A
  15. N/A

all done.

Last edited 9 months ago by anarcat (previous) (diff)

comment:8 Changed 9 months ago by anarcat

Resolution: fixed
Status: acceptedclosed

machine shutdown and data will be automatically removed from server in 7 days, backups in 30.

Note: See TracTickets for help on using tickets.