Migrating GItLab & CI

Bonjour,

Here are my notes from yesterday’s migration of lab.enough.community + the associated runner. It is messy and there are a few bits missing. It is to be combined with the other topic regarding the resurection of qcow2 images downloaded from OpenStack.

There is nothing particularly difficult: only it involves multiple machines and must be done in the right order. It could be automated but that would only work if the qcow2 image being restored has been created via Enough.

Migration notes for gitlab:

  • ~/.enough/enough.community/lan-playbook.yml
- name: reverse proxy for lab.lan.enough.community
  hosts: proxy-service-group
  become: true

  pre_tasks:
    - name: dnat port 22 to lab.lan.enough.community
      lineinfile:
        path: /etc/nftables.conf
        insertafter: ".*chain prerouting"
        line: "     `tcp dport { ssh } dnat to 10.23.10.182`"

  roles:
    - role: proxy
      vars:
        website_proxy_name: "lab"
        website_proxy_pass: "https://lab.lan.enough.community"
        website_proxy_monitor_string: "GitLab"

- name: firewall for lab.enough.community
  hosts: localhost
  gather_facts: false

  tasks:
    - include_role:
        name: firewall
      vars:
        firewall_server: bind-host
        firewall_clients: [ 0.0.0.0/0 ]
        firewall_protocols: [ tcp ]
        firewall_ports: [ 22 ]
  • mac=,mac=fa:16:3e:31:8c:b2
  • domain=lan.enough.community
  • host=gitlab-host
  • service=gitlab
  • old_interface=ens4 # get that from /etc/network/interfaces
  • new_interface=enp1s0
  • new_secondary=enp2s0
  • enough --domain lan.enough.community backup download --hosts $host
  • sudo cp --sparse=always ~/.enough/lan.enough.community/backups/$host /var/lib/libvirt/images/enough/$domain/$host.qcow2
  • sudo chown libvirt-qemu:libvirt-qemu /var/lib/libvirt/images/enough/$domain/$host.qcow2
  • sudo virt-sysprep -a /var/lib/libvirt/images/enough/$domain/$host.qcow2 --edit "/etc/network/interfaces: s/${old_interface}/${new_interface}/’ --ssh-inject debian:file:/home/debian/.enough/lan.enough.community/infrastructure_key.pub --run-command ‘dpkg-reconfigure openssh-server’
  • add to /home/debian/.enough/lan.enough.community/inventory/hosts.yml
    gitlab-host:
      ansible_host: 10.23.10.181
      ansible_port: 2222
  • virt-install --connect qemu:///system --network network=enough-ext$mac --network network=enough-int --boot hd --name $host --memory 8192 --vcpus 2 --cpu host --disk path=/var/lib/libvirt/images/enough/$domain/$host.qcow2,bus=virtio,format=qcow2 --os-type=linux --os-variant=debian10 --graphics vnc --noautoconsole
  • virsh autostart $host
  • ip=$(virsh domifaddr $host)
  • enough --domain lan.enough.community ssh --driver libvirt $host
  • /etc/dhcp/dhclient.conf
    supersede domain-name "$domain";
    supersede domain-search "$domain";
    supersede domain-name-servers 10.23.10.2;
  • ifdown ${new_interface} ; ifup ${new_interface}
  • /etc/network/interfaces.d/50-cloud-init.cfg
  • ~/.enough/$domain/inventory/host_vars/$host/network.yml
     network_primary_interface: ${new_interface}
     network_secondary_interface: ${new_secondary}
  • ~/.enough/$domain/inventory/group_vars/gitlab.yml
    gitlab_host: "lab.enough.community"
  • enough --domain lan.enough.community playbook – --limit bind-host,icinga-host,${host},localhost --private-key ~/.enough/lan.enough.community/infrastructure_key venv/share/enough/enough-playbook.yml
  • docker exec --user git gitlab bin/rails runner -e production “Notify.test_email(‘loic@dachary.org’, ‘Message Subject’, ‘Message Body’).deliver_now”

Cheers