Service Database Decommissioning Checlist
Purpose
This checklist is to ensure that all steps are taken to ensure that deleting a service database does not cause any disruption in other parts of the infrastructure.
Steps
- Determine any potential impact to any other services; see things to look out for below
- Are any services dependent on this database, directly or indirectly?
- Is the database backed up?
- Is there a specific borg repo for this database?
Ensure this database's entry is deleted for borgmatic, otherwise the auto backup service will error out
- Delete the database's entry from nixOS, on the dbserver's default.nix config
- Delete the database's secrets from sops-nix
- Delete the name of the database if it is being backed up with the
borg-configmodule - Push these changes to prod before continuing with the following steps
- Delete the database's entry from ansible
- Delete the database's secrets from any SOPS files they may be stored in
- Delete the database's entry from ansible, on the dbserver's host_vars config
- Ensure that the database's secrets are deleted everywhere
- Delete database secrets from Bitwarden Secrets Manager after 1 year in the event that access is needed again
- Delete entries of the database from any host_vars files in ansible, to stop it from re-provisioning
- Delete database secrets from Bitwarden Secrets Manager after 1 year in the event that access is needed again
DROPthe database from the db server it resides on