Skip to content
Snippets Groups Projects
Normal view Permalink
rename-a-host.md 2.26 KiB
Newer Older
Jérôme Charaoui's avatar
add howto/rename-a-host
Jérôme Charaoui committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 
[[_TOC_]]

# How to

This page contains the procedure to rename a host. It hasn't been tested very
much, so proceed with caution.

## Remove host from Puppet

Start by stopping the `puppet-run` timer and disabling Puppet on the machine:

    systemctl stop puppet.timer && \
    puppet agent --disable "renaming in progress"

Then, in `tor-puppet`, remove references to the host. At the very least the
Jérôme Charaoui's avatar
document new tor-puppet-hiera-enc split (tpo/tpa/team#41819)  
Jérôme Charaoui committed
16 17 
node's classification yaml should be removed from
`tor-puppet-hiera-enc.git/nodes`.
Jérôme Charaoui's avatar
add howto/rename-a-host
Jérôme Charaoui committed
18 19 20 

Revoke its certificates from the Puppet server using the retirement script:
anarcat's avatar
follow fabric jobs renames  
anarcat committed
21 
    fab -H foo.torproject.org retire.revoke-puppet
Jérôme Charaoui's avatar
add howto/rename-a-host
Jérôme Charaoui committed
22 23 24 25 26 27 28 29 30 31 32 33 

## Change the hostname

On the host being renamed, change the hostname:

    hostnamectl set-hostname bar.torproject.org && \
    sed -i 's/foo/bar/g' /etc/hosts

Then adjust the SSH host keys. Generating new keys isn't mandatory:

    sed -i 's/foo/bar/' /etc/ssh/ssh_host_*.pub
Jérôme Charaoui's avatar
howto/rename-a-host: add ud-ldap fix  
Jérôme Charaoui committed
34 35 36 37 38 39 
We also need to fix the `thishost` symlink in ud-ldap data:

    ud-replicate
    cd /var/lib/misc && ln -sf bar.torproject.org thishost
    rm -rf foo.torproject.org
Jérôme Charaoui's avatar
add howto/rename-a-host
Jérôme Charaoui committed
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 
## Rename the machine in the infrastructure

### Ganeti

    ganeti-instance rename foo.torproject.org bar.torproject.org

### LDAP

Run a search/replace with the old and new hostname in the host's stanza.

### Mandos

We need to let the mandos server know about the new hostname:

    sed -i 's/foo/bar/' /etc/mandos/clients.conf && \
    systemctl restart mandos.service

### DNS

Both forward and reverse DNS should be adjusted to use the new hostname.

### DNSWL

### External hoster platform

If the host is a machine host at Hetzner or another provider, the name should
be changed there as well.

## Re-bootstrap Puppet on the host

Now the host is ready to be added back to Puppet. A new certificate will be
generated in this step.

    puppet agent --enable && \
    cd ~ && \
anarcat's avatar
s/tsa-misc/fabric-tasks/ everywhere (tpo/tpa/team#41219)  
anarcat committed
75 76 
    test -d fabric-tasks || git clone https://gitlab.torproject.org/tpo/tpa/fabric-tasks.git && \
    cd fabric-tasks && \
Jérôme Charaoui's avatar
add howto/rename-a-host
Jérôme Charaoui committed
77 78 79 80 81 82 
    ./installer/puppet-bootstrap-client

## Schedule backups removal

This will schedule the removal of backups under the old hostname:
anarcat's avatar
follow fabric jobs renames  
anarcat committed
83 
    fab -H foo.torproject.org retire.remove-backups
Jérôme Charaoui's avatar
add howto/rename-a-host
Jérôme Charaoui committed
84 85 86 

## Adjust documentation
Jérôme Charaoui's avatar
howto/rename-a-host: mention tor-passwords  
Jérôme Charaoui committed
87 88 
Adjust documentation that may refer to the old hostname, including the
tor-passwords, the wiki and the Tor "VM Hosts" spreadsheet.