show how to keep a vanity site around when we remove a static comp

howto/static-component.md

@@ -91,25 +91,27 @@ from a sysadmin perspective. User documentation lives in [doc/static-sites](doc/
 
 ## Removing a component
 
- 1. remove the component to Puppet, in `modules/roles/misc/static-components.yaml`
+This procedure can be followed if we remove a static component. We
+should, however, generally keep a redirection to another place to
+avoid breaking links, so the instructions also include notes on how to
+keep a "vanity site" around.
 
- 2. remove the host to DNS, if not already present, see [howto/dns](howto/dns). this
-    can be either in `dns/domains.git` or `dns/auto-dns.git`
+This procedure is common to all cases:
+
+ 1. remove the component to Puppet, in `modules/roles/misc/static-components.yaml`
 
- 3. remove the Apache virtual host, by removing a line like this in
+ 2. remove the Apache virtual host, by removing a line like this in
     [howto/puppet](howto/puppet) to
     `modules/roles/templates/static-mirroring/vhost/static-vhosts.erb`:
 
         vhost(lines, 'onionperf.torproject.org')
 
- 4. remove an SSL service, by removing a line in [howto/puppet](howto/puppet) to
+ 3. remove an SSL service, by removing a line in [howto/puppet](howto/puppet) to
     `modules/roles/manifests/static_mirror_web.pp`:
 
         ssl::service { onionperf.torproject.org': ensure => 'ifstatic', notify  => Exec['service apache2 reload'], key => true, }
 
- 5. remove the Let's encrypt certificate, see [howto/letsencrypt](howto/letsencrypt) for details
-
- 6. remove onion service, by removing another `onion::service` line in
+ 4. remove onion service, by removing another `onion::service` line in
     [howto/puppet](howto/puppet) to `modules/roles/manifests/static_mirror_onion.pp`:
 
         onion::service {
@@ -118,19 +120,19 @@ from a sysadmin perspective. User documentation lives in [doc/static-sites](doc/
             [...]
         }
 
- 7. remove the `sudo` rules for the role user
+ 5. remove the `sudo` rules for the role user
 
- 8. remove the home directory specified on the server (often
+ 6. remove the home directory specified on the server (often
     `staticiforme`, but can be elsewhere) and mirrors, for example:
  
         ssh staticiforme "mv /home/ooni /home/ooni-OLD ; echo rm -rf /home/ooni-OLD | at now + 7 days"
         cumin -o txt 'C:roles::static_mirror_web' 'mv /srv/static.torproject.org/mirrors/ooni.torproject.org /srv/static.torproject.org/mirrors/ooni.torproject.org-OLD'
         cumin -o txt 'C:roles::static_mirror_web' 'echo rm -rf /srv/static.torproject.org/mirrors/ooni.torproject.org-OLD | at now + 7 days'
 
- 9. consider removing the role user and group in LDAP, if there are no
+ 7. consider removing the role user and group in LDAP, if there are no
     files left owned by that user
 
- 10. remove from Nagios, e.g.:
+ 8. remove from Nagios, e.g.:
  
         -
          name: mirror static sync - atlas
@@ -138,6 +140,31 @@ from a sysadmin perspective. User documentation lives in [doc/static-sites](doc/
          hosts: global
          servicegroups: mirror
 
+If we *do* want to keep a vanity site for the redirection, we should
+also do this:
+
+ 1. add an entry to `roles::static_mirror_web_vanity`, in the
+    `ssl::service` block of
+    `modules/roles/manifests/static_mirror_web_vanity.pp`
+
+ 2. add a redirect in the template
+    (`modules/roles/templates/static-mirroring/vhost/vanity-vhosts.erb`),
+    for example:
+
+        Use vanity-host onionperf.torproject.org ^/(.*)$ https://gitlab.torproject.org/tpo/metrics/team/-/wikis/onionperf
+
+If we do *not* want to keep a vanity site, we should also do this:
+
+ 2. remove the host to DNS, if not already present, see [howto/dns](howto/dns). this
+    can be either in `dns/domains.git` or `dns/auto-dns.git`
+
+ 3. remove the Let's encrypt certificate, see [howto/letsencrypt](howto/letsencrypt) for details
+
+To deploy the changes globally immediately, run this:
+
+        ssh staticiforme puppet agent -t
+        cumin 'C:roles::static_mirror_web or C:roles::static_mirror_web_vanity' 'puppet agent -t'
+
 ## Pager playbook
 
 TODO: add a pager playbook.