review pre-requisites again

tsa-misc is not exactly a pre-requisite: none of the installers currently deploy it, and it might eventually go away if we go the "remote bootstrap" way.

review pre-requisites again
58393dc8 · anarcat · b01038e4 · 58393dc8
Verified Commit 58393dc8 authored 5 years ago by anarcat
--- a/tsa/howto/new-machine.mdwn
+++ b/tsa/howto/new-machine.mdwn
@@ -39,38 +39,47 @@ The following sites are not documented yet:
 Post-install configuration
 --------------------------

-The post-install configuration takes care of bootstrapping Puppet,
-basically, and everything else follows from there.
+The post-install configuration mostly takes care of bootstrapping
+Puppet and everything else follows from there. There are, however,
+still some unrelated manual steps but those should eventually all be
+automated (see [ticket #31239](https://trac.torproject.org/projects/tor/ticket/31239) for details of that work).

 ### Pre-requisites

-It assumes the following steps have already been taken by the above
-installer:
+The procedure below assumes the following steps have already been
+taken by the installer:

- 1. a hostname has been set, picked from the [[doc/naming-scheme]]
+ 0. partitions have been correctly setup, including some (>=1GB) swap
+    space (or at least a swap file) and a `tmpfs` in `/tmp`

- 2. a public IP address has been set and the host is available over
+ 1. a minimal Debian install has been booted
+
+ 2. a hostname has been set, picked from the [[doc/naming-scheme]]
+
+ 3. a public IP address has been set and the host is available over
    SSH on that IP address

- 3. the machine has a short hostname (e.g. `test`) which resolves to a
+ 4. the machine has a short hostname (e.g. `test`) which resolves to a
    fully qualified domain name (e.g. `test.torproject.org`) in the
    `torproject.org` domain (i.e. `/etc/hosts` is correctly configured)

- 4. DNS works on the machine (i.e. `/etc/resolv.conf` is correctly
+ 5. DNS works on the machine (i.e. `/etc/resolv.conf` is correctly
    configured)

- 5. the `tsa-misc` git repository is available on the machine
-
 ### Main procedure

 All commands to be run as root unless otherwise noted.

- 2. allocate and document the machine in the [Nextcloud
+ 1. allocate and document the machine in the [Nextcloud
    spreadsheet](https://nc.torproject.net/apps/onlyoffice/5395), and the [services page](https://trac.torproject.org/projects/tor/wiki/org/operations/services), if it's a new service

+ 2. clone the `tsa-misc` git repository on the machine:
+ 
+        git clone https://git.torproject.org/admin/tsa-misc.git
+
 3. set new root password, and document it

-  5. add to ldap on `alberti` using:
+ 5. add to ldap on `alberti` using:

        ldapvi -ZZ --encoding=ASCII --ldap-conf -h db.torproject.org -D "uid=$USER,ou=users,dc=torproject,dc=org"