Redeployment of baserock_frontend at CityCloud

The backup user's SSH public key was unnecessarily encrypted. I've
decrypted it for convenience.

3 files changed, 12 insertions, 50 deletions

diff --git a/README.md b/README.md
index 71ff071c..8a57a8c0 100644
--- a/README.md
+++ b/README.md
@@ -251,7 +251,7 @@ Deployment to OpenStack
 
 The intention is that all of the systems defined here are deployed to an
 OpenStack cloud. The instructions here harcode some details about the specific
-tenancy at [DataCentred](http://www.datacentred.io) that the Baserock project
+tenancy at [CityCloud](https://citycontrolpanel.com/) that the Baserock project
 uses. It should be easy to adapt them for other OpenStack hosts, though.
 
 ### Credentials
@@ -264,6 +264,9 @@ according to the OpenStack host you are deploying to:
  - `OS_USERNAME`
  - `OS_PASSWORD`
 
+For CityCloud you also need to ensure that `OS_REGION_NAME` is set to `Lon1`
+(for the London datacentre).
+
 When using `morph deploy` to deploy to OpenStack, you will need to set these
 variables, because currently Morph does not honour the standard ones. See:
 <https://storyboard.baserock.org/#!/story/35>.
@@ -294,7 +297,7 @@ as-is.
 
 The `$fedora_image_id` should reference a Fedora Cloud image. You can import
 these from <http://www.fedoraproject.org/>. At time of writing, these
-instructions were tested with Fedora Cloud 23 for x86_64.
+instructions were tested with Fedora Cloud 26 for x86_64.
 
 Backups
 -------
@@ -338,13 +341,14 @@ To deploy this system:
 
     nova boot frontend-haproxy \
         --key-name=$keyname \
-        --flavor=dc1.1x0 \
+        --flavor=1C-1GB \
         --image=$fedora_image_id \
         --nic="net-id=$network_id" \
-        --security-groups default,gerrit,shared-artifact-cache,web-server \
+        --security-groups default,shared-artifact-cache,web-server \
         --user-data ./baserock-ops-team.cloud-config
     ansible-playbook -i hosts baserock_frontend/image-config.yml
-    ansible-playbook -i hosts baserock_frontend/instance-config.yml
+    ansible-playbook -i hosts baserock_frontend/instance-config.yml \
+        --vault-password-file=...
     ansible-playbook -i hosts baserock_frontend/instance-backup-config.yml
 
     ansible -i hosts -m service -a 'name=haproxy enabled=true state=started' \
@@ -357,7 +361,7 @@ Full HAProxy 1.5 documentation: <https://cbonte.github.io/haproxy-dconv/configur
 If you want to add a new service to the Baserock Project infrastructure via
 the frontend, do the following:
 
-- request a subdomain that points at 185.43.218.170 (frontend)
+- request a subdomain that points at 37.153.173.19 (frontend)
 - alter the haproxy.cfg file in the baserock_frontend/ directory in this repo
   as necessary to proxy requests to the real instance
 - run the baserock_frontend/instance-config.yml playbook
diff --git a/baserock_hosts b/baserock_hosts
index b1db755d..5ac4514d 100644
--- a/baserock_hosts
+++ b/baserock_hosts
@@ -13,7 +13,7 @@ git ansible_ssh_host=192.168.222.58
 irclogs ansible_ssh_host=192.168.222.74
 
 [fedora]
-frontend-haproxy ansible_ssh_host=185.43.218.170
+frontend-haproxy ansible_ssh_host=37.153.173.19
 database-mariadb ansible_ssh_host=192.168.222.146
 mail ansible_ssh_host=192.168.222.145
 openid ansible_ssh_host=192.168.222.144
diff --git a/keys/backup.key.pub b/keys/backup.key.pub
index 1c9875b9..76a0105b 100644
--- a/keys/backup.key.pub
+++ b/keys/backup.key.pub
@@ -1,43 +1 @@
-$ANSIBLE_VAULT;1.1;AES256
-63396132363066393463343563323433666132333834653630393330383635366161353865383864
-3566303861653435356535393736303432616366666535630a656262383761623535613839323337
-37323766666161343737643838313639346437363761623232396264643562613039323861333839
-6439366138386265330a386166363963356538366664303162333865623166366538653136303232
-33636665633636356664373564313763383131333336646466356661623232623532373062363163
-33336231303665396635376463666337646233646632636363383636356665666338643165663332
-62653839636632646131376130623439336264366435643861353837383238316636366532323137
-39336137336665373762336638643464393561663465306462393739633237373231333032633538
-39316633653830613130303963653537306133373239303661323763343763666634636263366134
-37373639343232626665646533633764653430386437636261353831343634646133653839656232
-66663337623539363735376439653334396466613365393164376461623661363261393730373563
-35326434303431616139303330393732653938306335353061343065656262396439303265376639
-62396431383563386330373861326136343130616136303137616139383263663462356165323231
-66666533643732366266656261636261626165326138303832373433303263336262333234383232
-37666131363339343831663665333032323563313833613365316438623537336566383431383465
-65326638656533376236376164663238343363326463356637373330653566303163616565653061
-63653739316635393237306430643534306333303062643935326165663565626238666337386364
-32313363313730373363643433613163373361343961343566366334666230653234326334633437
-61653930353761313838393165353965623238373263306463326234303833356162656639313435
-39396132333731386663356361333438333033613634336362623635396263303934393938383662
-37396134373863643261646366643861326131336232336532613632323934666162663462316637
-38656333306534626133303333306139666364313935633633303733366233346236386132663835
-34653535333039306231363837663438346331663132316239663430326263363936373730386332
-35376433366564313965323866623962626165613539643737343337386434616236383333393162
-61336236323839306466373832343630623631333839313638386264663264383837663066373461
-31636566353039333934363364636439643362356662303037373234396237643063336466373437
-33353166383939643561346131353539333464666534343833643465346231393932313539323235
-62336361663164626236313732336461616132323339366466333166663765626466376137613832
-39333430323465643034383137353965316235306261633064306362396661343261636231636263
-66326536366663323938663364633864373233613562616165303266383431623961653063396462
-63343261326662666461386335666666383331363233353264356639633339393961616363336266
-38376133626536313238313331623461623034333438386339656330383863633132653763663865
-64663033356433326636303563393563653163616633376139616362663936383362323535383031
-62393836376236386366656662373730636332326462633336303766633831353837326335313230
-65653035343632373936316562613766616464643736303862643234636334656233393334313133
-63636633623531353535363066373630303332366432623938373234323433383834373166623864
-63633964653663646638353439633965643965666264636362383762326531633935623863303731
-38303936656439616361643833376634613732346365373137623938356366393765303430363139
-62666335353038323639643238663631343362653434346364333737373734303730323830373536
-34363762386634373439306362323233663562323639373933326432396235326536396462363166
-65373234626564303434663364316631363832353232656430333562663663323036666362643036
-3630386563343664386364383761373063626264353535666134
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJS+41ZpQJmZ+CVYSGmNzuRccZx6huOCigLSzTUmc2tB7bgzVu7KDXBI4AoFIC+bWfT2M++qcgvjPDsXbIKRHKtAW7jdHkjY1ee+SPJqvpuM9YvOp4tiMAxjHlprDmHYHrp3B3JUTKp1H+W37zmSkDN19Hg/2CLgADC3GgRsZMg0Kk1K8o4Fx626nuAUGX4wmWYS3FiRlvxM4wIhJbs5MJeO5/FQwj6dj0FBcjL4vxXCttVxdMawKXCaheTJcy0iK47ImJhHv3hfHEpGMpCI6bML5JIaaspTVnuAdfgKnQF67odJweUEZxltOW8/dGFwhXD3K9+GTbWiiw9jFshqX1pnGsrIRGNgQbluASoZslf/EUELixzYTx9XczmvkDWAS28jfshDYgkj3352wBG3MY6S+mXOwYa+WQhskk/EmIv6tzdxwrkA8smlxDtf2tOlhSMLxCBcZSUQ0KMlWdvdH/rB/JyJ430sWQJYsWwvIjZC7rlEsA2dzJL0c+fJpof5xIsaXpgflgx2UZdeTDfysbpaWdQurzPzOwt0QFQ2aM2x9owhKj908BohRviJg0tINXpdFSasNA8sDUSo8aagFxEB+R3HZj0MFiwRBIu3hxxXkZQn59JnQSyZs6F5eaHqPXv65l3or0/jBVcwTcIz2usAW0bf10Yn6DB3xD4uYbww== baserock.org backup automation