Skip to content
Snippets Groups Projects
Select Git revision
  • production protected
  • develop default protected
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
  • make-sure-we-run-a-openzfs-compatible-kernel
20 results
Blame Permalink
DEPLOYMENT-NOTES.rst 3.19 KiB

Deployment notes

  • 2023-06-19

    ZKAPAuthorizer's Tahoe-LAFS plugin name changed from "privatestorageio-zkapauthz-v1" to "privatestorageio-zkapauthz-v2". This causes Tahoe-LAFS to use a different filename to persist the plugin's Foolscap fURL. To preserve the original fURL value (required) each storage node needs this command run before the deployment:

    cp /var/db/tahoe-lafs/storage/private/storage-plugin.privatestorageio-zkapauthz-v{1,2}.furl

  • 2023-04-19

    The team switched from Slack to Zulip. For the monitoring notifications to reach Zulip, a webhook bot has to be created in Zulip and a secret URL has to be constructed as described in `https://zulip.com/integrations/doc/grafana`_ and added to the private_keys directory (See grid/local/private-keys/grafana-zulip-url for an example). Find the secret URL for production at `https://my.1password.com/vaults/7flqasy5hhhmlbtp5qozd3j4ga/allitems/rb22ipb6gvokohzq2d2hhv6t6u`_.

  • 2021-12-20

    `https://whetstone.private.storage/privatestorage/privatestorageops/-/issues/399`_ requires moving the PaymentServer database on the payments host onto a new dedicated filesystem.

    Follow these steps before deploying this version of PrivateStorageio:

    1. Deploy the PrivateStorageOps change that creates a new dedicated volume.

    2. Put a disk label on the new dedicated volume

      nix-shell -p parted --run 'parted /dev/nvme1n1 mklabel msdos'

    3. Put a properly aligned partition in the new disk label

      nix-shell -p parted --run 'parted /dev/nvme1n1 mkpart primary ext2 4096s 4G'

    4. Create a labeled filesystem on the partition

      mkfs.ext4 -L zkapissuer-data /dev/nvme1n1p1

    5. Deploy the PrivateStorageio update.

    6. Move the database file to the new location

      mv -iv /var/lib/zkapissuer/vouchers.sqlite3 /var/lib/zkapissuer-v2

    7. Clean up the old state directory

      rm -ir /var/lib/zkapissuer

    8. Start the PaymentServer service (not running because its path assertions were not met earlier)

      systemctl start zkapissuer

  • 2021-10-12 The secret in private-keys/grafana-slack-url needs to be changed to remove the SLACKURL= prefix.

  • 2021-09-30 Enable alerting needs a secret in private-keys/grafana-slack-url looking like the template in morph/grid/local/private-keys/grafana-slack-url and pointing to the secret API endpoint URL saved in this 1Password entry (or create a new secret URL at https://www.slack.com/apps/A0F7XDUAZ).

  • 2021-09-07 Manage access to payment metrics requires moving and chown'ing the PaymentServer database on the payments host:

    mkdir /var/lib/zkapissuer

mv /var/db/vouchers.sqlite3 /var/lib/zkapissuer/vouchers.sqlite3

chown -R zkapissuer:zkapissuer /var/lib/zkapissuer

chmod 750 /var/lib/zkapissuer
chmod 640 /var/lib/zkapissuer/vouchers.sqlite3