Page MenuHomePhabricator

decommission phab1002/WMF4727
Closed, ResolvedPublicRequest

Description

This task will track the decommission-hardware of server phab1002.

The first 5 steps should be completed by the service owner that is returning the server to DC-ops (for reclaim to spare or decommissioning, dependent on server configuration and age.)

phab1002/WMF4727

Steps for service owner:

  • - all system services confirmed offline from production use
  • - set all icinga checks to maint mode/disabled while reclaim/decommmission takes place.
  • - remove system from all lvs/pybal active configuration
  • - any service group puppet/hiera/dsh config removed
  • - remove site.pp, replace with role(spare::system)
  • - unassign service owner from this task, check off completed steps, and assign to @RobH for followup on below steps.

Steps for DC-Ops:

The following steps cannot be interrupted, as it will leave the system in an unfinished state.

Start non-interrupt steps:

  • - disable puppet on host
  • - power down host
  • - update netbox status to Inventory (if decom) or Planned (if spare)
  • - disable switch port
  • - switch port assignment noted on this task (for later removal) - asw2-d-eqiad:ge-3/0/29
  • - remove all remaining puppet references (include role::spare)
  • - remove production dns entries
  • - puppet node clean, puppet node deactivate (handled by wmf-decommission-host)
  • - remove dbmonitor entries on neodymium/sarin: sudo curl -X DELETE https://debmonitor.discovery.wmnet/hosts/${HOST_FQDN} --cert /etc/debmonitor/ssl/cert.pem --key /etc/debmonitor/ssl/server.key (handled by wmf-decommission-host)

End non-interrupt steps.

  • - system disks wiped (by onsite)
  • - set back to asset tag as hostname in netbox once disks are securely wiped
  • - set network port to asset tag description

Event Timeline

irc update: synced with daniel to have him check/confirm state of this being ready for decom, he'll comment/apply changes as needed and assign back to me =]

Change 504940 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] phabricator: remove phab1002 as a phab failover server

https://gerrit.wikimedia.org/r/504940

Change 504940 merged by Dzahn:
[operations/puppet@production] phabricator: remove phab1002 as a phab failover server

https://gerrit.wikimedia.org/r/504940

Change 504951 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] install_server: remove phab1002, add phab1003

https://gerrit.wikimedia.org/r/504951

Change 504951 merged by Dzahn:
[operations/puppet@production] install_server: remove phab1002, add phab1003

https://gerrit.wikimedia.org/r/504951

Change 504957 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] partman/netboot: remove phab1002

https://gerrit.wikimedia.org/r/504957

Change 504957 merged by Dzahn:
[operations/puppet@production] partman/netboot: remove phab1002

https://gerrit.wikimedia.org/r/504957

Change 504959 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] site: turn phab1002 into a spare::system

https://gerrit.wikimedia.org/r/504959

Change 504959 merged by Dzahn:
[operations/puppet@production] site: turn phab1002 into a spare::system

https://gerrit.wikimedia.org/r/504959

Change 504964 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] mariadb: replace phab1002 grant comments with phab1003

https://gerrit.wikimedia.org/r/504964

Dzahn subscribed.

ready for non-interrupt steps. if you get past removing the prod DNS entries i may use the same IP for phab1003. that will avoid having to ask DBAs for updating mysql grants.

cookbooks.sre.hosts.decommission executed by robh@cumin1001 for hosts: phab1002.eqiad.wmnet

  • phab1002.eqiad.wmnet
    • Removed from Puppet master and PuppetDB
    • Downtimed host on Icinga
    • Downtimed management interface on Icinga
    • Removed from DebMonitor

Change 505006 had a related patch set uploaded (by RobH; owner: RobH):
[operations/dns@master] decom phab1002 production dns and use for phab1003

https://gerrit.wikimedia.org/r/505006

Change 505006 merged by RobH:
[operations/dns@master] decom phab1002 production dns and use for phab1003

https://gerrit.wikimedia.org/r/505006

Change 505298 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] site: turn phab1003 into a (but not the prod) phabricator server

https://gerrit.wikimedia.org/r/505298

Change 505298 merged by Dzahn:
[operations/puppet@production] site: turn phab1003 into a (but not the prod) phabricator server

https://gerrit.wikimedia.org/r/505298

Change 505332 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/dns@master] update SPF records from phab1001 to phab1003 IP

https://gerrit.wikimedia.org/r/505332

Change 505861 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] phab1002 decom

https://gerrit.wikimedia.org/r/505861

Change 505861 merged by RobH:
[operations/puppet@production] phab1002 decom

https://gerrit.wikimedia.org/r/505861

RobH updated the task description. (Show Details)
RobH edited projects, added ops-eqiad; removed Patch-For-Review.

Change 504964 abandoned by Dzahn:
mariadb: replace phab1002 grant comments with phab1003

Reason:
duplicate of https://gerrit.wikimedia.org/r/c/operations/puppet/ /496120

https://gerrit.wikimedia.org/r/504964

Change 510624 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] phabriator: delete phab1002.yaml Hiera file

https://gerrit.wikimedia.org/r/510624

Change 510624 merged by Dzahn:
[operations/puppet@production] phabriator: delete phab1002.yaml Hiera file

https://gerrit.wikimedia.org/r/510624

Cmjohnson subscribed.

John, please wipe the servers, remove from the rack, update netbox and the tracking sheet. Assign back to me once you finish so I can kill the switch ports.

Jclark-ctr updated the task description. (Show Details)
Jclark-ctr subscribed.

performed disk wipe changed hostname back to asset tag

[edit interfaces]
-   ge-3/0/29 {
-       description phab1002;
-       enable;
-   }

Change 542613 had a related patch set uploaded (by Papaul; owner: Papaul):
[operations/dns@master] DNS: Remove mgmt DNS for phab1002, astatine and production DNS for astatine

https://gerrit.wikimedia.org/r/542613

Change 542613 merged by Papaul:
[operations/dns@master] DNS: Remove mgmt DNS for phab1002, astatine and production DNS for astatine

https://gerrit.wikimedia.org/r/542613