Page MenuHomePhabricator

reclaim cescout1001.eqiad.wmnet
Closed, ResolvedPublicRequest

Description

This task will track the decommission-hardware of server cescout1001.eqiad.wmnet.

Reason: cescout1001 hosts the censorship monitoring tools (see T239250), including a Postgres replica that is no longer updated (and will not be in the future). Because of the disk space requirements (1TB), this was a physical host and now that those requirements have changed, the database is no longer required and this host should be moved to a VM instead; I will follow up with a request for that later, but for now we should decommission the physical host as we no longer need it.

With the launch of updates to the decom cookbook, the majority of these steps can be handled by the service owners directly. The DC Ops team only gets involved once the system has been fully removed from service and powered down by the decommission cookbook.

cescout1001

Steps for service owner:

  • - all system services confirmed offline from production use
  • - set all icinga checks to maint mode/disabled while reclaim/decommmission takes place. (likely done by script)
  • - remove system from all lvs/pybal active configuration
  • - any service group puppet/hiera/dsh config removed
  • - remove site.pp, replace with role(spare::system) recommended to ensure services offline but not 100% required as long as the decom script is IMMEDIATELY run below.
  • - login to cumin host and run the decom cookbook: cookbook sre.hosts.decommission <host fqdn> -t <phab task>. This does: bootloader wipe, host power down, netbox update to decommissioning status, puppet node clean, puppet node deactivate, debmonitor removal, and run homer.
  • - remove all remaining puppet references and all host entries in the puppet repo
  • - reassign task from service owner to DC ops team member depending on site of server.

End service owner steps / Begin DC-Ops team steps:

  • - system disks removed (by onsite)
  • - determine system age, under 5 years are reclaimed to spare, over 5 years are decommissioned.
  • - IF DECOM: system unracked and decommissioned (by onsite), update netbox with result and set state to offline
  • - IF DECOM: mgmt dns entries removed.
  • - IF RECLAIM: set netbox state to 'inventory' and hostname to asset tag

Event Timeline

ssingh raised the priority of this task from Medium to High.Apr 27 2021, 9:32 PM

cookbooks.sre.hosts.decommission executed by sukhe@cumin1001 for hosts: cescout1001.eqiad.wmnet

  • cescout1001.eqiad.wmnet (PASS)
    • Downtimed host on Icinga
    • Found physical host
    • Downtimed management interface on Icinga
    • Wiped all swraid, partition-table and filesystem signatures
    • Powered off
    • Set Netbox status to Decommissioning and deleted all non-mgmt interfaces and related IPs
    • Removed from DebMonitor
    • Removed from Puppet master and PuppetDB

Change 697828 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] site: decommission cescout1001

https://gerrit.wikimedia.org/r/697828

Change 697828 merged by Ssingh:

[operations/puppet@production] site: decommission cescout1001

https://gerrit.wikimedia.org/r/697828

Puppet roles/profiles/hiera configurations have not been removed as they will be needed for the cescout VM that will be provisioned later.

Noticed this during clinic duty: @ssingh If the decom cookbook ran on the host, you can can tick off the relevant parts under "Steps for service owner" and reassign to John Clark.

wiki_willy added projects: ops-eqiad, DC-Ops.
wiki_willy added subscribers: Jclark-ctr, wiki_willy.

Hi @ssingh - just a heads up to add the "ops-eqiad" project tag, when its ready for the dc-ops steps. Thanks, Willy

Thanks, Willy! I will make sure to do it in the future.

Cmjohnson renamed this task from decommission cescout1001.eqiad.wmnet to reclaim cescout1001.eqiad.wmnet.Aug 25 2021, 5:59 PM
Cmjohnson moved this task from Backlog to Decommission on the ops-eqiad board.
Cmjohnson updated the task description. (Show Details)