From eab16ad7f9f570e48d1c92c40bc51c929191ae58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Tue, 12 May 2020 11:44:49 -0400
Subject: [PATCH] make fabric procedure the official robot proc
---
tsa/howto/new-machine-hetzner-robot.mdwn | 77 +++++++++++++++---------
1 file changed, 48 insertions(+), 29 deletions(-)
diff --git a/tsa/howto/new-machine-hetzner-robot.mdwn b/tsa/howto/new-machine-hetzner-robot.mdwn
index 1ecfd157..8a119987 100644
--- a/tsa/howto/new-machine-hetzner-robot.mdwn
+++ b/tsa/howto/new-machine-hetzner-robot.mdwn
@@ -30,8 +30,54 @@ able to proceed with the install.
Ordering physical servers from Hetzner can be very fast: we've seen 2
minutes turn around times.
-Install
--------
+Semi-automated install
+----------------------
+
+At this point you should have received an email from Hetzner with a
+subject like:
+
+ Subject: Your ordered SX62 server
+
+It should contain the SSH fingerprint, and IP address of the new host
+which we'll use below. The machine can be bootstrapped with a basic
+Debian installer with the [[Fabric]] code in the `tsa-misc` git
+repository. Here's an example of a commandline:
+
+ ./install -H root@88.99.194.57 \
+ --fingerprint 0d:4a:c0:85:c4:e1:fe:03:15:e0:99:fe:7d:cc:34:f7 \
+ --verbose \
+ hetzner-robot \
+ --fqdn=HOSTNAME.torproject.org \
+ --fai-disk-config=installer/disk-config/gnt-fsn-NVMe \
+ --package-list=installer/packages \
+ --post-scripts-dir=installer/post-scripts/
+
+Taking that apart:
+
+ * `-H root@88.99.194.57`: the IP address provided by Hetzner in the
+ confirmation email
+ * `--fingerprint`: the ed25519 MD5 fingerprint from the same email
+ * `--verbose`: important for now because otherwise the job is silent
+ except for errors, which could be confusing
+ * `hetzner-robot`: the install job type (only robot supported for now)
+ * `--fqdn=HOSTNAME.torproject.org`: the Fully Qualified Domain Name
+ to set on the machine, it is used in a few places, but the
+ `hostname` is correctly set to the `HOSTNAME` part only
+ * `--fai-disk-config=installer/disk-config/gnt-fsn-NVMe`: the disk
+ configuration, in [fai-setup-storage(8)](https://manpages.debian.org/setup-storage.8) format
+ * `--package-list=installer/packages`: the base packages to isntall
+ * `--post-scripts-dir=installer/post-scripts/`: post-install scripts,
+ magic glue that does everything
+
+The last two are passed to `grml-debootstrap` and should rarely be
+changed (although they could be coverted in to Fabric tasks
+themselves).
+
+See [[new-machine]] for post-install configuration steps, then follow
+[[new-machine-mandos]] for setting up the mandos client on this host.
+
+Manual install procedure
+------------------------
At this point you should have received an email from Hetzner with a
subject like:
@@ -233,32 +279,5 @@ which we'll use below.
reboot
-Semi-automated install
-----------------------
-
-The above procedure was automated using [[Fabric]] in the `tsa-misc`
-git repository. This still remains to be documented better, but the
-magic commandline for fsn-node-05 was:
-
- ./install -H root@88.99.194.57 --fingerprint 0d:4a:c0:85:c4:e1:fe:03:15:e0:99:fe:7d:cc:34:f7 --verbose hetzner-robot fsn-node-05.torproject.org installer/disk-config/gnt-fsn-NVMe installer/packages installer/post-scripts/
-
-Taking that apart:
-
- * `-H root@88.99.194.57`: that's the IP address provided by Hetzner
- in the confirmation email
- * `--fingerprint`: the ed25519 fingerprint from the same email
- * `hetzner-robot`: the install job type
- * `fsn-node-05.torproject.org`: the hostname to set on the machine
- * `installer/disk-config/gnt-fsn-NVMe`: the disk configuration
- * `installer/packages`: the base packages to isntall
- * `isntaller/post-scripts/`: post-install scripts
-
-The last two are passed to grml-debootstrap and should rarely be
-changed (although they could be coverted in to Fabric tasks
-themselves).
-
-Configuration
--------------
-
See [[new-machine]] for post-install configuration steps, then
follow [[new-machine-mandos]] for setting up the mandos client on this host.
--
GitLab