GitHub Server Notes.md 4.2 KB
GitHub Server Notes
GitHub Enterprise Server is an APPLIANCE. No salt minion, No sft.
To SSH in you must have your public key manually added.
Host github Port 122 User admin HostName 10.80.101.78
Adding New Users to GitHub Teams
OKTA does NOT manage the permissions on the GitHub server. To give a user access to a new team, like mdr-engineering, log into the github server and access this URL: Login . Find the new user by clicking on the "Add a member" button.
Updating
ghe-update-check
ghe-upgrade /var/lib/ghe-updates/github-enterprise-2.17.22.hpkg
Upgrading major version
ghe-upgrade
fdisk -l
two partitions are installed. when you run an upgrade the VM will install the upgrade to the other partiion. After the upgrade it will switch the primary boot partitions. This leaves the previous version available for roll back.
Hit ghe- (TAB) to view all ghe commands. GitHub Command-line utilities
Installing new license
Should be able to do just via the UI. https://github.mdr.defpoint.com:8443/setup/upgrade. But there's a gotcha with disabling the DSA key (for a FEDRAMP POAM). Your services may not restart after updating the license.
+ cp /data/user/common/ssh_host_rsa_key /data/user/common/ssh_host_rsa_key.pub /data/user/common/ssh_host_dsa_key /data/user/common/ssh_host_dsa_key.pub /data/user/common/ssh_host_ecdsa_key /data/user/common/ssh_host_ecdsa_key.pub /etc/ssh/
cp: cannot stat '/data/user/common/ssh_host_dsa_key': No such file or directory
cp: cannot stat '/data/user/common/ssh_host_dsa_key.pub': No such file or directory
Jun 30 16:09:54 ERROR: Preparing storage device
License install procedure:
# Put the DSA key back in place
sudo bash -c "mv /data/user/user-tmp/ssh_host_dsa* /data/user/common/"
# Now install the new license using the UI
# And re-remove the DSA key ...
sudo mv /data/user/common/ssh_host_dsa_key* /data/user/user-tmp/
sudo systemctl restart babeld
I'll open a case with github too.
GitHub-Backup
The ghe-backup servers are instances running Docker.
Docker is installed via the docker salt state.
Most backup configuration is managed by the salt github.backup state:
/usr/local/github-backup-utilscontains a copy of the github repository https://github.com/github/backup-utils- Build of the docker image. Manual command is:
docker build --build-arg=http_proxy=$HTTP_PROXY --build-arg=https_proxy=$HTTPS_PROXY -t github/backup-utils:v3.0.0 .. You can run this if you get an error when applying the state. - A script is run via a cronjob in /etc/cron.d/ghe-backup, which calls the script /root/github-backup.sh. This script calls docker to run the backup.
First time accepting the key
If there is a new github or a new ghe-backup server, you will need to accept the ssh key. To do so, from the ghe-backup server, run:
sudo ssh -p 122 -i /etc/github-backup-utils/.ssh/id_rsa -o UserKnownHostsFile=/etc/github-backup-utils/.ssh/known_hosts github-enterprise-0.pvt.xdrtest.accenturefederalcyber.com -l admin
and accept the key.
Restoring
Restoring should be similar to the command called by /root/github-backup.sh, except with a 'ghe-restore' command.
Migration Steps to govcloud:
0) Create Okta App Manually 1) Stand everything up. 2) Run highstate 2x (This can t
- May have to pkg.upgrade and/or reboot 3) Copy /root/ghe-backup.sh to /root/ghe-backup-old.sh, and update hostname to legacy hostname 4) Run ssh command (above) to get key into known hosts file 5) Run the ghe-backup-old.sh script 6) Copy ghe-backup.sh to ghe-restore.sh 7) Edit ghe-restore.sh, change log file name and ghe-backup to ghe-restore 8) Run ghe-restore. 9) Log onto instance on port 8443 10) Let it do its thing, then go to settings:
- Update hostname to github.xdr.accenturefederalcyber.com
- Fix authentication with info from okta and step 0
- both the url and the http:// address need to be updated from the metadata
- Enable "Allow X-Forwarded-For"
- Keep "Enable Support for Proxy" enabled
- Fix proxy configuration
- Fix mailserver 11) Restore crontab to original 12) Disable old app in okta 13) Highstate salt