Closed Bug 1160248 Opened 9 years ago Closed 8 years ago

Decomission ldapsync1.db.scl3.mozilla.com

Categories

(Infrastructure & Operations :: Infrastructure: LDAP, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: LDAP
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jabba, Assigned: gcox)

Details

(Keywords: spring-cleaning, Whiteboard: [vm-delete:1]) 

Since we now have a master in scl3, we no longer need the ldapsync host. We need to find all the slaves that are currently replicating from it and switch those to replicate from master.db.scl3.mozilla.com instead. This might involve ACL changes.

We also need to patch the hg pash.py config to send it's timestamp updates directly to the new master, instead of to the ldapsync host.

Once all that is done, the ldapsync1 host can be simply shut down and destroyed.
Assignee: infra → jdow
cc fubar because the pash.py config
This is ready to die. There has not been a single connection to the slapd daemon since Thursday of last week. This can be killed at any time (remove from nagios, kill, remove all references in puppet)
10.22.70.20 = ldapsync1.db.scl3
Pulled from nagios, change 111536.
No NFS, no netvault, powered off and pausing.
Assignee: jdow → gcox
Keywords: spring-cleaning
DNS, Inventory, RHN, puppetdashboard emptied.
No backups, no zeus.

Netflow cleanup:
[edit groups global-policies security policies from-zone <*> to-zone db policy ldapsync-ldaps match]
-       source-address any;
-       destination-address [ ldap.db.scl3 ldap.db.phx1 ldapsync1.db.scl3 ];
-       application [ ldaps ldap ];
+       source-address any;
+       destination-address [ ldap.db.scl3 ldap.db.phx1 ];
+       application [ ldaps ldap ];
[edit security policies from-zone dmz to-zone db policy ldapsync1--ldap match]
-      source-address [ hgssh1.dmz.scl3 hgssh2.dmz.scl3 reviewboard-hg1.dmz.scl3 ];
-      destination-address [ ldapmaster1.db.scl3 ldapsync1.db.scl3 ];
-      application [ junos-ldap ldaps ];
+      source-address [ hgssh1.dmz.scl3 hgssh2.dmz.scl3 reviewboard-hg1.dmz.scl3 ];
+      destination-address ldapmaster1.db.scl3;
+      application [ junos-ldap ldaps ];
[edit security policies from-zone db to-zone db]
-     policy neo-ldap-sync {
-         match {
-             source-address ldapsync1.db.scl3;
-             destination-address ldapmaster1.db.phx1;
-             application [ ldap-long-timeout ldaps-tcp ];
-         }
-         then {
-             permit;
-         }
-     }
-     policy neo-ldapmaster--ssh {
-         match {
-             source-address ldapsync1.db.scl3;
-             destination-address ldapmaster1.db.phx1;
-             application junos-ssh;
-         }
-         then {
-             permit;
-         }
-     }
[edit security zones security-zone db address-book]
-      address ldapsync1.db.scl3 10.22.70.20/32;

Puppet:
Sending        hiera/site.yaml
Sending        manifests/nodes/openldap.pp
Sending        modules/hg_new/files/pash/pash.py
Sending        modules/openldap/templates/moco-slapd.conf.erb
Deleting       modules/secrets/files/openldap/certs/ldapsync1.db.scl3.mozilla.com.crt
Committed revision 112225.

VM deleted from disk.  Spreadsheet updated.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [vm-delete:1]
You need to log in before you can comment on or make changes to this bug.