Decomission ldapsync1.db.scl3.mozilla.com

RESOLVED FIXED

Status

RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: jabba, Assigned: gcox)

Tracking

({spring-cleaning})

Details

(Whiteboard: [vm-delete:1])

(Reporter)

Description

3 years ago
Since we now have a master in scl3, we no longer need the ldapsync host. We need to find all the slaves that are currently replicating from it and switch those to replicate from master.db.scl3.mozilla.com instead. This might involve ACL changes.

We also need to patch the hg pash.py config to send it's timestamp updates directly to the new master, instead of to the ldapsync host.

Once all that is done, the ldapsync1 host can be simply shut down and destroyed.
(Reporter)

Updated

3 years ago
Assignee: infra → jdow
cc fubar because the pash.py config
(Reporter)

Comment 2

3 years ago
This is ready to die. There has not been a single connection to the slapd daemon since Thursday of last week. This can be killed at any time (remove from nagios, kill, remove all references in puppet)
(Assignee)

Comment 3

3 years ago
10.22.70.20 = ldapsync1.db.scl3
Pulled from nagios, change 111536.
No NFS, no netvault, powered off and pausing.
Assignee: jdow → gcox
Keywords: spring-cleaning
(Assignee)

Comment 4

3 years ago
DNS, Inventory, RHN, puppetdashboard emptied.
No backups, no zeus.

Netflow cleanup:
[edit groups global-policies security policies from-zone <*> to-zone db policy ldapsync-ldaps match]
-       source-address any;
-       destination-address [ ldap.db.scl3 ldap.db.phx1 ldapsync1.db.scl3 ];
-       application [ ldaps ldap ];
+       source-address any;
+       destination-address [ ldap.db.scl3 ldap.db.phx1 ];
+       application [ ldaps ldap ];
[edit security policies from-zone dmz to-zone db policy ldapsync1--ldap match]
-      source-address [ hgssh1.dmz.scl3 hgssh2.dmz.scl3 reviewboard-hg1.dmz.scl3 ];
-      destination-address [ ldapmaster1.db.scl3 ldapsync1.db.scl3 ];
-      application [ junos-ldap ldaps ];
+      source-address [ hgssh1.dmz.scl3 hgssh2.dmz.scl3 reviewboard-hg1.dmz.scl3 ];
+      destination-address ldapmaster1.db.scl3;
+      application [ junos-ldap ldaps ];
[edit security policies from-zone db to-zone db]
-     policy neo-ldap-sync {
-         match {
-             source-address ldapsync1.db.scl3;
-             destination-address ldapmaster1.db.phx1;
-             application [ ldap-long-timeout ldaps-tcp ];
-         }
-         then {
-             permit;
-         }
-     }
-     policy neo-ldapmaster--ssh {
-         match {
-             source-address ldapsync1.db.scl3;
-             destination-address ldapmaster1.db.phx1;
-             application junos-ssh;
-         }
-         then {
-             permit;
-         }
-     }
[edit security zones security-zone db address-book]
-      address ldapsync1.db.scl3 10.22.70.20/32;

Puppet:
Sending        hiera/site.yaml
Sending        manifests/nodes/openldap.pp
Sending        modules/hg_new/files/pash/pash.py
Sending        modules/openldap/templates/moco-slapd.conf.erb
Deleting       modules/secrets/files/openldap/certs/ldapsync1.db.scl3.mozilla.com.crt
Committed revision 112225.

VM deleted from disk.  Spreadsheet updated.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Whiteboard: [vm-delete:1]
You need to log in before you can comment on or make changes to this bug.