Fundraising/techops/procedures/servers-role-build

From Wikitech

Special notes when building out a host in the build role

Sometimes things can't be fully automated with puppet. A large portion of these steps were found while setting up frpm2001 in T242269 and T247133-

Here are some of the modifications needed on this build:

SSH

  1. Create root ssh keys
  2. Update authorized keys in git for git user on build role
  3. Update authorized keys in git for puppet user on build role
  4. Verify host keys for commonly made connections on new and existing build hosts

Hiera

Requires #SSH

  1. Update common.yaml to specify the host as a puppetmaster
  2. Add host specific hieradata/site/$host.yaml file where puppet master overrides will occur

Puppet

Requires #SSH and #Hiera

  1. Run puppet-merge for base and private repos
  2. Update modules/role/files/build/etc/motd.tail to reference new host as a puppetmaster

GPG

  1. Import gpg keys from another build host (frpm1002/frpm2001)
  2. Update gpg.conf file to contain fr_tech_ops group

MariaDB

  1. Update mysql grants to allow new host to connect to payments db
  2. Add /root/.payments-my.cnf with the correct info so the host can back up the payments db

Backups

Requires #SSH and #GPG

  1. Update authorized keys in git for backupmover user in the default role
  2. Update modules/role/manifests/logger.pp for backup definition
  3. Update modules/fundraising/templates/archive_sync.erb for backup sync
  4. Update modules/fundraising/templates/archive_purge.erb for backup purging

Code deploy

  1. Create ssh key for mwdeploy user
  2. Update authorized keys in git for mwdeploy user in the default role
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Fundraising/techops/procedures/servers-role-build&oldid=2093602"