Verified Commit 8f8b9888 authored by anarcat's avatar anarcat
Browse files

document hosters.yaml mess 

Closes: team#41937
parent dacda955

howto/new-machine.md

+23 −8
Original line number Diff line number Diff line
@@ -207,7 +207,22 @@ above](#pre-requisites)! Some installers cover all of those steps, but most do n 
    [Nextcloud spreadsheet](https://nc.torproject.net/apps/onlyoffice/5395), and the [services page](service), if it's a

    new service



 2. clone the `fabric-tasks` git repository on the machine:

 2. add the machine's IP address to `hiera/common/hosters.yaml` if

    this is a machine in a new network. This is rare; Puppet will

    crash its catalog with this error when that's the case:



        Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: \

        Evaluation Error: Error while evaluating a Function Call, \

        IP 195.201.139.202 not found amoung hosters in hiera data! (file: /etc/puppet/code/environments/production/modules/profile/manifests/facter/hoster.pp, line: 13, column: 5) on node hetzner-nbg1-01.torproject.org



    The error was split over multiple lines to outline the IP address

    more clearly. When this happens, add the IP address and netmask

    from the main interface to the `hosters.yaml` file.



    In this case, the sole IP address (`195.201.139.202/32`) was added

    to the file.



 3. clone the `fabric-tasks` git repository on the machine:

 

        git clone https://gitlab.torproject.org/tpo/tpa/fabric-tasks.git
@@ -226,7 +241,7 @@ above](#pre-requisites)! Some installers cover all of those steps, but most do n 
    TODO: just ship the parts below as part of the installer so we

    don't need that checkout



 5. bootstrap puppet:

 4. bootstrap puppet:



    * on the new machine run the `installer/puppet-bootstrap-client`

      from the `fabric-tasks` git repo cloned earlier. copy-paste the
@@ -262,10 +277,10 @@ above](#pre-requisites)! Some installers cover all of those steps, but most do n 
      run the script to unblock the firewall so the client can connect

      and generate its certificate.



 7. ... and if the machine is handling mail, add it to [dnswl.org](https://www.dnswl.org/)

 5. ... and if the machine is handling mail, add it to [dnswl.org](https://www.dnswl.org/)

     (password in tor-passwords, `hosts-extra-info`)



 8. you will probably want to create a `/srv` filesystem to hole

 6. you will probably want to create a `/srv` filesystem to hole

    service files and data unless this is a very minimal

    system. Typically, installers may create the partition, but will

    *not* create the filesystem and configure it in `/etc/fstab`:
@@ -274,12 +289,12 @@ above](#pre-requisites)! Some installers cover all of those steps, but most do n 
        printf 'UUID=%s\t/srv\text4\tdefaults\t1\t2\n' $(blkid --match-tag UUID --output value /dev/sdb) >> /etc/fstab  &&

        mount /srv



 9. once everything is done, reboot the new machine to make sure

 7. once everything is done, reboot the new machine to make sure

    *that* still works:



        reboot



 10. if the machine was *not* installed from the Fabric installer (the

 8. if the machine was *not* installed from the Fabric installer (the

    `host.install-hetzner-robot` task), schedule a silence for backup

    alerts with: