P:puppet: add decom instance script

Author: supertassu

modules/profile/files/puppet/server/jq-decom-instance.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# Removes an instance
+
+set -euo pipefail
+. /etc/jq-tarsnap-keygen.sh
+
+INSTANCE="$1"
+
+TARNSAP_KEYFILE="$TARSNAP_KEYS_BASE_PATH/$INSTANCE.key"
+
+echo "=== Cleaning up $INSTANCE"
+
+if [ -f "$TARNSAP_KEYFILE" ]; then
+  echo "Cleaning up old Tarsnap backups and key file"
+  if ! git -C "$TARSNAP_KEYS_BASE_PATH" diff-index --quiet HEAD --; then
+    echo "The private git directory has uncommitted changes, please fix that before running this script."
+    exit 1
+  fi
+
+  tarsnap --keyfile "$TARNSAP_KEYFILE" --nuke
+
+  git -C "$TARSNAP_KEYS_BASE_PATH" rm "$KEYFILE"
+  git -C "$TARSNAP_KEYS_BASE_PATH" commit -m "remove Tarsnap keys for $INSTANCE"
+fi
+
+echo "Removing from Puppet"
+
+sudo puppet node deactivate "$INSTANCE"
+sudo puppet node clean "$INSTANCE"
+
+echo "=== All done."

modules/profile/manifests/puppet/server.pp

@@ -187,6 +187,16 @@
     paths => [$private_repo_dir],
   }
 
+  # This also uses config from tarsnap::keymgmt.
+  file { '/usr/local/bin/jq-decom-instance':
+    ensure => file,
+    source => 'puppet:///modules/profile/puppet/server/jq-decom-instance.sh',
+    owner  => 'root',
+    group  => 'gitpuppet',
+    mode   => '0550',
+  }
+
+
   include profile::ssh::ca
 
   # Expose SSH keys so users can verify them