diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-10-20 18:13:21 +0100 |
|---|---|---|
| committer | Ben Brown <ben.brown@codethink.co.uk> | 2017-10-23 11:11:15 +0000 |
| commit | 9e9fe7c0d71febcb68ce6e4bf528b534d56003da (patch) | |
| tree | aa4bc66a6b6b33a6045d56ca65517ca8b29a7a89 | |
| parent | 3d61f0999a100c38a0d4fe3b300a8f9e2ce19a6e (diff) | |
| download | infrastructure-9e9fe7c0d71febcb68ce6e4bf528b534d56003da.tar.gz | |
README.md: Remove some more cruft
We don't have any Ubuntu systems at the moment.
| -rw-r--r-- | README.md | 58 |
1 files changed, 4 insertions, 54 deletions
@@ -45,7 +45,6 @@ To run a playbook: To run an ad-hoc command (upgrading, for example): ansible -i hosts fedora -m command -a 'sudo dnf update -y' - ansible -i hosts ubuntu -m command -a 'sudo apt-get update -y' [Ansible]: http://www.ansible.com @@ -54,8 +53,7 @@ Security updates ---------------- Fedora security updates can be watched here: -<https://bodhi.fedoraproject.org/updates/?type=security>. Ubuntu issues -security advisories here: <http://www.ubuntu.com/usn/>. +<https://bodhi.fedoraproject.org/updates/?type=security>. The Baserock reference systems doesn't have such a service. The [LWN Alerts](https://lwn.net/Alerts/) service gives you info from all major Linux distributions. @@ -99,11 +97,6 @@ all machines. Run this: You should see lots of this sort of output: - mail | success >> { - "changed": false, - "ping": "pong" - } - frontend-haproxy | success >> { "changed": false, "ping": "pong" @@ -118,7 +111,9 @@ If you have a host key problem, that could be because somebody redeployed the system since the last time you connected to it with SSH, and did not transfer the SSH host keys from the old system to the new system. Check with other ops teams members about this. If you are sure the new host keys can -be trusted, you can remove the old ones with `ssh-keygen -R 192.168.x.y`, where 192.168.x.y is the internal IP address of the machine. You'll then be prompted to accept the new ones when you run Ansible again. +be trusted, you can remove the old ones with `ssh-keygen -R 10.3.x.y`, where +10.3.x.y is the internal IP address of the machine. You'll then be prompted to +accept the new ones when you run Ansible again. Once all machines respond to the Ansible 'ping' module, double check that every machine you can see in the OpenStack Horizon dashboard has a @@ -156,32 +151,6 @@ and if you forget to pass `-y` then it will hang forever waiting for input. You will then need to restart services. The `dnf needs-restarting` command might be useful, but rebooting the whole machine is probably easiest. -### Check and upgrade Ubuntu systems - -> Bear in mind that only the latest and the latest LTS release of Ubuntu receive any -security updates. - -Find out what version of Ubuntu is in use with this command: - - ansible ubuntu -i hosts -m setup -a 'filter=ansible_distribution_version' - -Check what version of a given package is in use with this command (using GLIBC -as an example). - - ansible -i hosts ubuntu -m command -a 'dpkg-query --show libc6' - -Check for available updates, and what they contain: - - ansible -i hosts ubuntu -m command -a 'apt-cache policy libc6' - ansible -i hosts ubuntu -m command -a 'apt-get changelog libc6' | head -n 20 - -You can update all the packages with: - - ansible -i hosts ubuntu -m command -a 'apt-get upgrade -y' --sudo - -You will then need to restart services. Rebooting the machine is probably -easiest. - ### Check and upgrade Baserock systems Check what version of a given package is in use with this command (using GLIBC @@ -308,25 +277,6 @@ system before long. The backups are taken without pausing services or snapshotting the data, so they will not be 100% clean. The current git.baserock.org data volume does not use LVM and cannot be easily snapshotted. -Backups of 'gerrit' and 'database' are handled by the -'baserock_backup/backup.py' script. This currently runs on an instance in -Codethink's internal OpenStack cloud. - -Instances themselves are not backed up. In the event of a crisis we will -redeploy them from the infrastructure.git repository. There should be nothing -valuable stored outside of the data volumes that are backed up. - -To prepare the infrastructure to run the backup scripts you will need to run -the following playbooks: - - ansible-playbook -i hosts baserock_frontend/instance-backup-config.yml - ansible-playbook -i hosts baserock_database/instance-backup-config.yml - ansible-playbook -i hosts baserock_gerrit/instance-backup-config.yml - -NOTE: to run these playbooks you need to have the public ssh key of the backups -instance in `keys/backup.key.pub`. - - Systems ------- |