CR-2026-04-18: Rack Relocation — Implementation
Pre-Shutdown Phases
Phase 0: Borg Backup
# Mount Synology NFS
sudo mount -t nfs nas-01.inside.domusdigitalis.dev:/volume1/borg_backups /mnt/synology
# Load credentials
eval "$(dsec source d000 dev/storage)"
# Run backup
sudo -E BORG_PASSPHRASE="$BORG_PASSPHRASE" ~/.local/bin/borg-backup-synology.sh
# Verify latest archive
sudo -E BORG_PASSPHRASE="$BORG_PASSPHRASE" borg list /mnt/synology/borg-repo | tail -5
# Clear credentials and unmount
eval "$(dsec unsource)"
sudo umount /mnt/synologyPhase 1: Dump VM XML Definitions
Pull copies off-rack to workstation — if a drive dies in transit, these let you rebuild.
ssh kvm-01 'BACKUP_DIR="/mnt/onboard-ssd/backup-$(date +%Y%m%d)" && \
sudo mkdir -p "$BACKUP_DIR" && \
for vm in $(sudo virsh list --all --name); do
sudo virsh dumpxml "$vm" > "$BACKUP_DIR/$vm.xml"
done && \
ls -lh "$BACKUP_DIR"'ssh kvm-02 'BACKUP_DIR="/var/lib/libvirt/backup-$(date +%Y%m%d)" && \
sudo mkdir -p "$BACKUP_DIR" && \
for vm in $(sudo virsh list --all --name); do
sudo virsh dumpxml "$vm" > "$BACKUP_DIR/$vm.xml"
done && \
ls -lh "$BACKUP_DIR"'mkdir -p ~/Documents/rack-backup/{kvm-01,kvm-02}
scp kvm-01:/mnt/onboard-ssd/backup-$(date +%Y%m%d)/*.xml ~/Documents/rack-backup/kvm-01/
scp kvm-02:/var/lib/libvirt/backup-$(date +%Y%m%d)/*.xml ~/Documents/rack-backup/kvm-02/
ls -lh ~/Documents/rack-backup/kvm-01/ ~/Documents/rack-backup/kvm-02/Phase 2: Save Switch Config
enable
write mem
show running-config | redirect flash:pre-relocation-2026-04-18.txtPhase 3: Synology Config Backup
DSM → Control Panel → Update & Restore → Configuration Backup → Export.
Save the .dss file to workstation.
Shutdown Procedure
Shutdown order follows reverse dependency — consumers before providers.
Phase 4: Shutdown kvm-02 VMs
# Application VMs (no dependents)
for vm in 9800-WLC-02 ise-02; do
sudo virsh shutdown $vm
done
# Wait for application VMs
while sudo virsh list | grep -E 'WLC-02|ise-02' | grep -q running; do
sleep 3; echo "waiting for app VMs..."
done
# Network
sudo virsh shutdown vyos-02
# Infrastructure (DNS, secrets) — last
for vm in vault-03 vault-02 bind-02; do
sudo virsh shutdown $vm
done
# Wait for all
while sudo virsh list | grep -q running; do
sleep 3; echo "waiting..."
done
echo "kvm-02: all VMs off"
# Verify
sudo virsh list --all | awk 'NR>2 {print $2": "$3}'Phase 5: Shutdown kvm-01 VMs
# Application VMs
for vm in 9800-WLC-01 k3s-master-01 ipsk-mgr-01 ipa-01; do
sudo virsh shutdown $vm
done
# Wait for application VMs
while sudo virsh list | grep -E 'WLC-01|k3s|ipsk|ipa' | grep -q running; do
sleep 3; echo "waiting for app VMs..."
done
# Network
sudo virsh shutdown vyos-01
# Infrastructure — AD before DNS
for vm in vault-01 home-dc01 bind-01; do
sudo virsh shutdown $vm
done
# Wait for all
while sudo virsh list | grep -q running; do
sleep 3; echo "waiting..."
done
echo "kvm-01: all VMs off"
# Verify
sudo virsh list --all | awk 'NR>2 {print $2": "$3}'Phase 6: Shutdown Hypervisor Hosts
# kvm-02 first (secondary)
ssh kvm-02 'sudo shutdown -h now'
# kvm-01 second (primary)
ssh kvm-01 'sudo shutdown -h now'Phase 7: Shutdown NAS
Via DSM web UI: Control Panel → Hardware & Power → Shutdown.
Or via SSH:
ssh admin@nas-01 'sudo shutdown -h now'Phase 8: Power Off Physical Infrastructure
-
Switch — power off after
write memconfirmed -
UPS — power off last
Physical Relocation
-
All equipment powered off and verified
-
Cables labeled or photographed before disconnecting
-
Drives secured — avoid shock and vibration
-
Rack moved to new location
-
Cables reconnected per labels/photos
-
Power connected but NOT turned on yet
Startup Procedure
Startup order is the reverse of shutdown — providers before consumers.
Phase 9: Power On Physical Infrastructure
-
UPS — power on, verify clean power
-
Switch — power on, wait for POST
enable
show startup-config | include hostname
show vlan briefPhase 10: Power On NAS
Power on Synology. Wait for DSM to be accessible.
# From workstation — poll until NAS responds
while ! ping -c1 -W2 nas-01.inside.domusdigitalis.dev &>/dev/null; do
sleep 5; echo "waiting for NAS..."
done
echo "NAS is up"Phase 11: Power On Hypervisors
Power on kvm-01 and kvm-02 physically. Wait for SSH access.
# Poll until hypervisors respond
for host in kvm-01 kvm-02; do
while ! ssh -o ConnectTimeout=3 $host 'echo up' &>/dev/null; do
sleep 5; echo "waiting for $host..."
done
echo "$host is up"
donePhase 12: Start VMs — Infrastructure First
# DNS first — everything depends on resolution
sudo virsh start bind-01
# Wait for DNS to respond
while ! dig @bind-01.inside.domusdigitalis.dev inside.domusdigitalis.dev SOA +short &>/dev/null; do
sleep 3; echo "waiting for bind-01..."
done
echo "bind-01 DNS responding"
# Active Directory — depends on DNS
sudo virsh start home-dc01
# Vault — depends on DNS
sudo virsh start vault-01sudo virsh start bind-02
sudo virsh start vault-02
sudo virsh start vault-03Phase 13: Start VMs — Network
# kvm-01
ssh kvm-01 'sudo virsh start vyos-01'
# kvm-02
ssh kvm-02 'sudo virsh start vyos-02'Phase 14: Start VMs — Application
for vm in ipa-01 9800-WLC-01 k3s-master-01 ipsk-mgr-01; do
sudo virsh start $vm
donefor vm in ise-02 9800-WLC-02; do
sudo virsh start $vm
doneImplementation Log
| Time | Action | Result |
|---|---|---|
2026-04-18 14:01 |
Borg backup to Synology |
326,295 files, 44.35 GB, archive fingerprint 93797b86 |
VM XML dumps to workstation |
||
Switch write mem |
||
Synology config export |
||
kvm-02 VM shutdown |
||
kvm-01 VM shutdown |
||
Hypervisor shutdown |
||
NAS shutdown |
||
Physical relocation |
||
Startup sequence |
||
Post-relocation validation |