Skip to content

Instantly share code, notes, and snippets.

@djmitche

djmitche/gist.md Secret

Last active August 29, 2015 14:13
Show Gist options
  • Save djmitche/3da2379535c80f13eada to your computer and use it in GitHub Desktop.
Save djmitche/3da2379535c80f13eada to your computer and use it in GitHub Desktop.
Download ZIP
Cloudformation Deployment in usw1
Raw
gist.md

Steps

  • land patch in cloud-tools repo
  • deploy stack with incorrect CGW
  • downtime VPN connection, nagios1.private.releng.usw1 in nagios
  • delete correct CGW
    • VPN goes down
  • update template, re-deploy with correct CGW and with a 'private' subnet
  • verify VPN is back up
  • adjust nagios configuration as necessary for new VPN parameters
  • move nagios1 to the new private subnet
    • stop
    • make new AMI
    • deploy AMI in correct subnet (AZ must match: us-west-1a)
    • attach existing EBS volume (vol-b9a4eaed) to new instance
    • start and test
  • verify nagios1 accessible
    • set up new security group
  • re-enable monitoring of network, nagios1 (it's all just downtimed, so not strictly necessary)
  • clean up
    • leftover volumes
    • leftover instances
    • old subnets
    • old security groups
    • old VPC + cruft

CGW info

  • Type: ipsec.1
  • IP address: 63.245.214.82
  • BGP ASN: 65026
@djmitche
Copy link
Author

Deleting:

  • detach the Virtual Private Gateway
  • delete the "VPN Connection":
    • VPN ID: vpn-55c19010
    • State: available
    • Virtual Private Gateway: vgw-93c190d6
    • Customer Gateway: cgw-d8de8f9d (63.245.214.82)
    • Type: ipsec.1
    • VPC:
    • Routing: Dynamic
  • Delete "Virtual Private Gateway"

@djmitche
Copy link
Author

Old vpn was vpn-55c19010-{1,2}

  • 1: 169.254.253.17
  • 2: 169.254.253.21
proposal ipsec-prop-vpn-55c19010-1 {
    protocol esp;
    authentication-algorithm hmac-sha1-96;
    encryption-algorithm aes-128-cbc;
    lifetime-seconds 3600;
}
proposal ipsec-prop-vpn-55c19010-2 {
    protocol esp;
    authentication-algorithm hmac-sha1-96;
    encryption-algorithm aes-128-cbc;
    lifetime-seconds 3600;
}

@djmitche
Copy link
Author

New: vpn-b6cb99f3-{1,2}

  • 169.254.253.29
  • 169.254.253.25

@djmitche
Copy link
Author

snapshot of nagios1 is snap-84d67c46

@djmitche
Copy link
Author

nagios1 EBS is vol-b9a4eaed

@djmitche
Copy link
Author

Attaching via UI only allows /dev/sdf and higher;

aws ec2 attach-volume --region us-west-1 --volume-id vol-b9a4eaed  --instance-id i-d44e2c17 --device /dev/sda

seemed to work, though

@djmitche
Copy link
Author

Actually, UI just recommends /dev/sdf and higher; type what you want. /dev/sda1 worked (/dev/sda doesn't - PV uses partitions, not drives)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment