wiki:decommission_kvm

Version 9 (modified by Ross, 7 years ago) (diff)

Adding instructions for revoking keys.

This page documents the steps to take in decommissioning a kvm guest.

Make sure any needed data is backed up.

The steps below assume that nothing needs to be preserved from the server. If something does need to be preserved, copy the data to another location before following these steps.

Revoke all Known Published Host keys

TODO: cleanup steps for doing so

Instructions from irc

10:55 <@jamie> in terms of key re-vocation, it should be two steps:
10:56 <@jamie> monkeysphere-host revoke-key
10:56 <@jamie> that revokes the server's ssh monkeysphere key
10:56 <@jamie> and then, to revoke the root@server.mayfirst.org's key:
10:57 <@jamie> gpg --list-secret-key to get the secret key id for the root user.
10:58 <@jamie> followed by gpg --edit-key <gpgid>
10:58 <@jamie> then: revkey
10:58 <@jamie> then save
10:58 <@jamie> then gpg --send-key <gpgid>

Shutting down the guest

We need the machine to be out of service so that we can wipe any sensitive data from the disks. In order to shutdown a guest so that it will not reboot, you'll need to be root@HOSTNAME.mayfirst.org. From the host, issue the command:

# update-service --remove /etc/sv/kvm/GUESTNAME

This command will shutdown the virtual machine. We need the machine to be out of service so that we can wipe any sensitive data from the disks.

Removing the guest directory

To ensure that the guest will not come back online, ever, you should remove the guest kvm directory with the following command as root@HOSTNAME.mayfirst.org:

# rm -rf /etc/sv/kvm/GUESTNAME

Ensure all sensitive data is overwritten

For this step, login as GUESTNAME@HOSTNAME.mayfirst.org to ensure that you do not overwrite data for other guests. We want to zero out all bytes on the logic volume to avoid this. However, be careful: doing this at full-speed can cause guests on the hosts to stop responding. Use the pv command to limit the IO rate. You may need to use apt-get to install pv on the host. The command is:

$ pv --rate-limit=1m < /dev/zero > /dev/mapper/VOLUMEGROUPNAME-LOGICALVOLUMENAME

A real world example would be:

TODO: new example that uses pv rather than dd

Once this command finishes running, you can return the logical volume to the volume group.

Removing a Logical Volume

From root@HOSTNAME.mayfirst.org check the volume group with:

# vgs

This should give output that looks like this:

0 ken:/dev# vgs
  VG      #PV #LV #SN Attr   VSize VFree
  vg_ken0   1  15   0 wz--n- 1.82t 1.10t
0 ken:/dev#

Now you can remove the logical volume with the following command:

# lvremove VOLUMEGROUPNAME/LOGICALVOLUMENAME

Real world example:

0 ken:/dev# lvremove vg_ken0/bataille
Do you really want to remove active logical volume bataille? [y/n]: y
  Logical volume "bataille" successfully removed
0 ken:/dev#

Now run 'vgs' again and make sure the new disk space has been added back to the volume group. You should see an increase in the 'VFree' column of the output of the 'vgs' command.

Removing the guest user

# deluser --remove-home GUESTNAME

Clean up on helper servers

On jojobe.mayfirst.org (nagios server), check for and delete:

/etc/nagios3/conf.d/nodes/GUESTNAME.cfg

On the designated backup servers (should be designated in puppet file if it exists):

deluser --remove-home GUESTNAME-sync

On your own workstation in the MFPL puppet git repo:

git rm manifests/nodes/production/GUESTNAME.pp
git commit -m "decomissioning GUESTNAME"

Delete node from http://servers.mayfirst.org/

Other system cleanup

On the host, you might also want to:

  • remove the guest user account
  • remove the associated /etc/udev/rules.d/92-kvm_creator-GUEST.rules

You've now decommissioned a server!