Change lizard's public IP
The folks that host our server need us to change lizard's IP from
- Check with our colo friends about the expected timeline: Week of June 4-11th (between Tails releases 4.19 and 4.20)
Communicate with A/I to schedule the change of
Inventory uses of the IP in our config and list impacts of this change (include Tails upgrades and
- Assert that the new IP works in the machine.
The week before, send out messages including the expected time/date:
- Short blog post
The authoritative server for our nameservers need to change the IP for
- Our GitLab provider needs to update a firewall rule that allows outgoing connections to our Gitolite
The day before:
- adjust A records in our DNS to a low TTL.
Add new IP-based SSH fingerprints entries in
- Tweet that it's about to happen
- Change Tinc node address for lizard (i.e. merge puppet-tails!61 (merged)) and run Puppet Agent on all hosts.
Change DNS records in Tails infra:
- Change A records in primary DNS
- Change A records in secondary DNS (this is probably automatic)
- Change lizard's network config (IP, Gateway and DNS)
Ensure all nodes can connect to Puppet Server via VPN (including
siband its VMs)
Fix Dropbear config as Grub extra options in
hieradata/node/lizard.tails.boum.org.yamland test that.
Make sure A/I's A record for
Update masterless config of
Update static host definitions in our monitoring node (
Remove old IP-based SSH fingerprints entries in
- Adjust DNS records back to normal TTL.
Make sure GitLab can connect to our Gitolite (and mirror
- Tweet that everything is working again.
- Let our colo friends know that the change was successful
- Make sure A/I's A record for
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information