Skip to content
Snippets Groups Projects
Unverified Commit d9ccd76e authored by anarcat's avatar anarcat
Browse files

spellcheck

parent 32085f5d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 11 additions and 11 deletions
howto/retire-a-host.md
+ 11
11
View file @ d9ccd76e
......@@ -4,7 +4,7 @@ Warning: this procedure is difficult to follow and error-prone. A new
procedure is being established in Fabric, below. It should still work,
provided you follow the warnings.
1. long before (weeks or months) the machine is decomissioned, make
1. long before (weeks or months) the machine is retired, make
sure users are aware it will go away and of its replacement services
2. remove the host from `tor-nagios/config/nagios-master.cfg`
3. if applicable, stop the VM in advance:
......@@ -36,7 +36,7 @@ provided you follow the warnings.
* for a normal machine or a machine we do not own the parent host
for, wipe the disks using the method described below
6. remove it from ud-ldap: the host entry and any `@<host>` group memberships there might be as well as any `sudo` passwords users might have configured for that host
6. remove it from LDAP: the host entry and any `@<host>` group memberships there might be as well as any `sudo` passwords users might have configured for that host
7. if it has any associated records in `tor-dns/domains` or
`auto-dns`, or upstream's reverse dns thing, remove it from there
too. e.g.
......@@ -44,16 +44,16 @@ provided you follow the warnings.
grep -r -e build-x86-07 -e 78.47.38.230 -e 2a01:4f8:211:6e8:0:823:6:1
... and check upstream reverse DNS.
8. on pauli: `read host ; puppet node clean $host.torproject.org &&
8. on the puppet server (`pauli`): `read host ; puppet node clean $host.torproject.org &&
puppet node deactivate $host.torproject.org`
TODO: That procedure is incomplete, use the `retire.revoke-puppet`
job in fabric instead.
9. grep the `tor-puppet` repo for the host (and maybe its IP
9. grep the `tor-puppet` repository for the host (and maybe its IP
addresses) and clean up; also look for files with hostname in
their name
10. clean host from `tor-passwords`
11. remove any certs and backup keys from letsencrypt-domains and
letsencrypt-domains/backup-keys git repositories that are no
11. remove any certs and backup keys from `letsencrypt-domains.git` and
`letsencrypt-domains/backup-keys.git` repositories that are no
longer relevant:
git -C letsencrypt-domains grep -e $host -e storm.torproject.org
......@@ -115,7 +115,7 @@ offline and writing garbage:
This will take a long time. Note that it will start a GUI which is
useful because it will give you timing estimates, which the
commandline version [does not provide](https://github.com/martijnvanbrummelen/nwipe/issues/196).
command-line version [does not provide](https://github.com/martijnvanbrummelen/nwipe/issues/196).
WARNING: this procedure doesn't cover the case where the disk is an
SSD. See [this paper](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.187.3062&rep=rep1&type=pdf) for details on how classic data scrubbing
......@@ -142,7 +142,7 @@ When you return:
/tmp/root/sh` next time, although that is only [available in buster
and later](https://tracker.debian.org/pkg/vmtouch).
2. kill all processes but the SSH daemon, your SSH connexion and
2. kill all processes but the SSH daemon, your SSH connection and
shell. this will vary from machine to machine, but a good way is
to list all processes with `systemctl status` and `systemctl stop`
the services one by one. Hint: multiple services can be passed on
......@@ -154,11 +154,11 @@ When you return:
swapoff -a
4. unmount everything that can be unmounted (except `/proc`):
4. un-mount everything that can be unmounted (except `/proc`):
umount -a
5. remount everything else readonly:
5. remount everything else read-only:
mount -o remount,ro /
......@@ -182,7 +182,7 @@ of an emergency:
## Alternate, fabric-based procedure
1. long before (weeks or months) the machine is decomissioned, make
1. long before (weeks or months) the machine is retired, make
sure users are aware it will go away and of its replacement services
2. remove the host from `tor-nagios/config/nagios-master.cfg`
3. if applicable, stop the VM in advance:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment