Infrastructure retire machine SOP

Introduction

When a machine (be it virtual instance or real physical hardware is decommisioned, a set of steps must be followed to ensure that the machine is properly removed from the set of machines we manage and doesn’t cause problems down the road.

Retire process

  1. Ensure that the machine is no longer used for anything. Use git-grep, stop services, etc.

  2. Remove the machine from ansible. Make sure you not only remove the main machine name, but also any aliases it might have (or move them to an active server if they are active services. Make sure to search for the IP address(s) of the machine as well. Ensure dns is updated to remove the machine.

  3. Remove the machine from any labels in hardware devices like consoles or the like.

  4. If the machine is a vm, dump it’s xml with 'virsh dumpxml fqdn > fqdn.xml' and then undefine it with 'virsh undefine fqdn'. If it’s needed again you can use 'virsh define' to redefine it.

  5. Ensure the storage for the vm is saved off: 'lvrename -f /dev/vg_guests/fqdn /dev/vg_guests/fqdn-retired-YYYY-MM-DD'

  6. Ensure the machine is removed from both forward and reverse DNS.

  7. If the machine was on the vpn, revoke it’s openvpn certs in ansible-private.

  8. Remove the host from ipa in the ipa web ui.

Want to help? Learn how to contribute to Fedora Docs