Skip to content
Snippets Groups Projects
Select Git revision
  • f526062058733d7ad97a849dee2f286fa1523c00
  • develop default protected
  • production protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
21 results

DEPLOYMENT-NOTES.rst

Blame
    • DEPLOYMENT-NOTES.rst 3.19 KiB

    Deployment notes

    • 2023-06-19

      ZKAPAuthorizer's Tahoe-LAFS plugin name changed from "privatestorageio-zkapauthz-v1" to "privatestorageio-zkapauthz-v2". This causes Tahoe-LAFS to use a different filename to persist the plugin's Foolscap fURL. To preserve the original fURL value (required) each storage node needs this command run before the deployment:

      cp /var/db/tahoe-lafs/storage/private/storage-plugin.privatestorageio-zkapauthz-v{1,2}.furl

    • 2023-04-19

      The team switched from Slack to Zulip. For the monitoring notifications to reach Zulip, a webhook bot has to be created in Zulip and a secret URL has to be constructed as described in `https://zulip.com/integrations/doc/grafana`_ and added to the private_keys directory (See grid/local/private-keys/grafana-zulip-url for an example). Find the secret URL for production at `https://my.1password.com/vaults/7flqasy5hhhmlbtp5qozd3j4ga/allitems/rb22ipb6gvokohzq2d2hhv6t6u`_.

    • 2021-12-20

      `https://whetstone.private.storage/privatestorage/privatestorageops/-/issues/399`_ requires moving the PaymentServer database on the payments host onto a new dedicated filesystem.

      Follow these steps before deploying this version of PrivateStorageio:

      1. Deploy the PrivateStorageOps change that creates a new dedicated volume.

      2. Put a disk label on the new dedicated volume

        nix-shell -p parted --run 'parted /dev/nvme1n1 mklabel msdos'

      3. Put a properly aligned partition in the new disk label

        nix-shell -p parted --run 'parted /dev/nvme1n1 mkpart primary ext2 4096s 4G'

      4. Create a labeled filesystem on the partition

        mkfs.ext4 -L zkapissuer-data /dev/nvme1n1p1

      5. Deploy the PrivateStorageio update.

      6. Move the database file to the new location

        mv -iv /var/lib/zkapissuer/vouchers.sqlite3 /var/lib/zkapissuer-v2

      7. Clean up the old state directory

        rm -ir /var/lib/zkapissuer

      8. Start the PaymentServer service (not running because its path assertions were not met earlier)

        systemctl start zkapissuer

    • 2021-10-12 The secret in private-keys/grafana-slack-url needs to be changed to remove the SLACKURL= prefix.

    • 2021-09-30 Enable alerting needs a secret in private-keys/grafana-slack-url looking like the template in morph/grid/local/private-keys/grafana-slack-url and pointing to the secret API endpoint URL saved in this 1Password entry (or create a new secret URL at https://www.slack.com/apps/A0F7XDUAZ).

    • 2021-09-07 Manage access to payment metrics requires moving and chown'ing the PaymentServer database on the payments host:

      mkdir /var/lib/zkapissuer

mv /var/db/vouchers.sqlite3 /var/lib/zkapissuer/vouchers.sqlite3

chown -R zkapissuer:zkapissuer /var/lib/zkapissuer

chmod 750 /var/lib/zkapissuer
chmod 640 /var/lib/zkapissuer/vouchers.sqlite3