Page MenuHomePhabricator

decommission auth1001
Closed, ResolvedPublicRequest

Description

This task will track the decommission-hardware of server auth1001 (which got replaced by auth1002, see T196698

With the launch of updates to the decom cookbook, the majority of these steps can be handled by the service owners directly. The DC Ops team only gets involved once the system has been fully removed from service and powered down by the decommission cookbook.

<ENTER SINGLE HOSTNAME PER CHECKLIST HERE>

Steps for service owner:

  • - all system services confirmed offline from production use
  • - set all icinga checks to maint mode/disabled while reclaim/decommmission takes place.
  • - remove system from all lvs/pybal active configuration
  • - any service group puppet/hiera/dsh config removed
  • - remove site.pp, replace with role(spare::system) recommended to ensure services offline but not 100% required as long as the decom script is IMMEDIATELY run below.
  • - login to cumin host and run the decom cookbook: cookbook sre.hosts.decommission <host fqdn> -t <phab task>. This does: bootloader wipe, host power down, netbox update to decommissioning status, puppet node clean, puppet node deactivate, debmonitor removal.
  • - remove all remaining puppet references (include role::spare) and all host entries in the puppet repo
  • - remove ALL dns entries except the asset tag mgmt entries.
  • - reassign task from service owner to DC ops team member depending on site of server: codfw = @Papaul, eqiad = @Cmjohnson, all other sites = @RobH.

End service owner steps / Begin DC-Ops team steps:

  • - disable switch port / set to asset tag if host isn't being unracked / remove from switch if being unracked.
  • - system disks wiped (by onsite)
  • - determine system age, under 5 years are reclaimed to spare, over 5 years are decommissioned. If uncertain, ask @wiki_willy.
  • - IF DECOM: system unracked and decommissioned (by onsite), update racktables with result
  • - IF DECOM: switch port configration removed from switch once system is unracked.
  • - IF DECOM: add system to decommission tracking google sheet
  • - IF DECOM: mgmt dns entries removed.

Related Objects

Event Timeline

MoritzMuehlenhoff created this task.
MoritzMuehlenhoff added a project: Operations.

cookbooks.sre.hosts.decommission executed by jmm@cumin1001 for hosts: auth1001.eqiad.wmnet

  • auth1001.eqiad.wmnet (PASS)
    • Downtimed host on Icinga
    • Downtimed management interface on Icinga
    • Wiped bootloaders
    • Powered off
    • Set Netbox status to Decommissioning
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB
MoritzMuehlenhoff updated the task description. (Show Details)

Change 541764 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/puppet@production] auth1001: Remove remaining puppet references

https://gerrit.wikimedia.org/r/541764

Change 541764 merged by Muehlenhoff:
[operations/puppet@production] auth1001: Remove remaining puppet references

https://gerrit.wikimedia.org/r/541764

Change 541766 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/dns@master] Remove DNS entries for auth1001

https://gerrit.wikimedia.org/r/541766

Change 541766 merged by Muehlenhoff:
[operations/dns@master] Remove DNS entries for auth1001

https://gerrit.wikimedia.org/r/541766

MoritzMuehlenhoff updated the task description. (Show Details)
MoritzMuehlenhoff edited projects, added ops-eqiad; removed Patch-For-Review.
RobH removed a subscriber: RobH.Oct 9 2019, 8:29 PM
Cmjohnson moved this task from Backlog to Decommission on the ops-eqiad board.Oct 24 2019, 12:12 PM
Jclark-ctr added a subscriber: RobH.
Jclark-ctr updated the task description. (Show Details)Feb 5 2020, 10:49 PM
RobH removed a subscriber: RobH.Mar 3 2020, 6:01 PM
edit interfaces interface-range vlan-private1-d-eqiad]
-    member ge-3/0/10;
[edit interfaces interface-range disabled]
     member ge-1/0/6 { ... }
+    member ge-3/0/10;
[edit interfaces]
-   ge-3/0/10 {
-       description auth1001;
-       enable;
-   }
Papaul updated the task description. (Show Details)Mar 19 2020, 4:54 PM
Papaul added a subscriber: RobH.
RobH removed a subscriber: RobH.Mar 19 2020, 5:44 PM
Papaul closed this task as Resolved.Mar 20 2020, 3:53 PM
Papaul updated the task description. (Show Details)
Papaul added a subscriber: RobH.

complete

Dzahn added a subscriber: Dzahn.Mar 20 2020, 4:10 PM

This is in netbox as status"offline" but should be "decommissioning", right?

Change 582147 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] bastionhost: replace auth1001 with auth1002 in pam-sshd config

https://gerrit.wikimedia.org/r/582147

Change 582147 abandoned by Dzahn:
bastionhost: replace auth1001 with auth1002 in pam-sshd config

https://gerrit.wikimedia.org/r/582147