wiki:decommission_kvm

Version 5 (modified by Daniel Kahn Gillmor, 8 years ago) (diff)

you want to remove the guest user *after* wiping the guest disks

This page documents the steps to take in decommissioning a kvm guest.

Make sure any needed data is backed up.

The steps below assume that nothing needs to be preserved from the server. If something does need to be preserved, copy the data to another location before following these steps.

Shutting down the guest

We need the machine to be out of service so that we can wipe any sensitive data from the disks. In order to shutdown a guest so that it will not reboot, you'll need to be root@HOSTNAME.mayfirst.org. From the host, issue the command:

# update-service --remove /etc/sv/kvm/GUESTNAME

This command will shutdown the virtual machine. We need the machine to be out of service so that we can wipe any sensitive data from the disks.

Removing the guest directory

To ensure that the guest will not come back online, ever, you should remove the guest kvm directory with the following command as root@HOSTNAME.mayfirst.org:

# rm -rf /etc/sv/kvm/GUESTNAME

Ensure all sensitive data is overwritten

For this step, login as GUESTNAME@HOSTNAME.mayfirst.org to ensure that you do not overwrite data for other guests. Here we'll issue a dd command that writes zeros across the entire logical volume. The command is:

$ dd if=/dev/zero of=/dev/mapper/VOLUMEGROUPNAME-LOGICALVOLUMENAME bs=1M

A real world example would be:

0 bataille@ken:~$ dd if=/dev/zero of=/dev/mapper/vg_ken0-bataille bs=1M
dd: writing `/dev/mapper/vg_ken0-bataille': No space left on device
10001+0 records in
10000+0 records out
10485760000 bytes (10 GB) copied, 500.62382 s, 18.6 MB/s
1 bataille@ken:~$ 

Once this command finishes running, you can return the logical volume to the volume group.

Removing a Logical Volume

From root@HOSTNAME.mayfirst.org check the volume group with:

# vgs

This should give output that looks like this:

0 ken:/dev# vgs
  VG      #PV #LV #SN Attr   VSize VFree
  vg_ken0   1  15   0 wz--n- 1.82t 1.10t
0 ken:/dev#

Now you can remove the logical volume with the following command:

# lvremove VOLUMEGROUPNAME/LOGICALVOLUMENAME

Real world example:

0 ken:/dev# lvremove vg_ken0/bataille
Do you really want to remove active logical volume bataille? [y/n]: y
  Logical volume "bataille" successfully removed
0 ken:/dev#

Now run 'vgs' again and make sure the new disk space has been added back to the volume group. You should see an increase in the 'VFree' column of the output of the 'vgs' command.

Removing the guest user

# deluser --remove-home GUESTNAME

Clean up on helper servers

On jojobe.mayfirst.org (nagios server), check for and delete:

/etc/nagios3/conf.d/nodes/GUESTNAME.cfg

On the designated backup servers (should be designated in puppet file if it exists):

deluser --remove-home GUESTNAME-sync

On your own workstation in the MFPL puppet git repo:

git rm manifests/nodes/production/GUESTNAME.pp
git commit -m "decomissioning GUESTNAME"

Delete node from http://servers.mayfirst.org/

You've now decommissioned a server!