Runbooks — Operational Procedures¶
Concise, reproducible procedures for DR, burst, bootstrap, DNS cutover, VPN, secrets rotation, and related operations.
Each runbook is outcome-focused and linked to supporting verification records.
Access flags (
public,academy,mixed) follow the documentation access model in ADR-0021.
Conventions (applies to all runbooks)¶
- Pre-checks — prerequisites and environment sanity.
- Execute — ordered steps and commands.
- Verify — success criteria and dashboards to check.
- Records — logs and state to capture under the runtime root.
- Rollback — safe, minimal reversal steps.
Runbook catalog¶
Categories: Bootstrap (18) · Burst (1) · Dr (15) · Networking (18) · Ops (3) · Platform (21) · Security (1)
Published Runbooks (77)¶
- Bootstrap NetBox Foundation (HyOps Blueprint) — Bootstrap · P2 · public
- Bootstrap vault password provider — Bootstrap · P3 · public
- Create a GCP project with org/gcp/project-factory — Bootstrap · P2 · public
- Generate bootstrap secrets into runtime vault bundle — Bootstrap · P3 · public
- Init AWS credentials with hyops init aws — Bootstrap · P3 · public
- Init Azure credentials with hyops init azure — Bootstrap · P3 · public
- Init GCP credentials with hyops init gcp — Bootstrap · P3 · public
- Init HashiCorp Vault with hyops init hashicorp-vault — Bootstrap · P3 · public
- Init Hetzner credentials with hyops init hetzner — Bootstrap · P3 · public
- Initialise Proxmox target credentials — Bootstrap · P2 · public
- Initialise Terraform Cloud credentials — Bootstrap · P2 · public
- Install and initialise HybridOps.Core — Bootstrap · P3 · public
- Install prerequisites with hyops setup — Bootstrap · P3 · public
- Runbook – Bootstrap Jenkins Controller on Control Node (ctrl-01) — Bootstrap · P2 · academy
- Runbook – Bootstrap Jenkins Docker Agent on Control Node (ctrl-01) — Bootstrap · P2 · academy
- Sync Azure Key Vault secrets into runtime vault bundle — Bootstrap · P3 · public
- Sync GCP Secret Manager secrets into runtime vault bundle — Bootstrap · P3 · public
- Sync HashiCorp Vault secrets into runtime vault bundle — Bootstrap · P3 · public
- Burst: Scale Out / In — Burst · P2 · public
- Cleanup the PostgreSQL App-Data DR Proof Lanes — Dr · P3 · public
- Cost Guardrail Breach During DR/Burst (Decision: DENY) — Dr · P2 · public
- DR Cutover – On-Prem RKE2 to Cloud Cluster — Dr · P1 · public
- Establish PostgreSQL Cloud SQL Standby in GCP (HyOps Blueprint) — Dr · P2 · public
- Failback PostgreSQL Cloud SQL DR to On-Prem (HyOps Blueprint) — Dr · P1 · public
- Failback PostgreSQL HA to On-Prem (HyOps Blueprint) — Dr · P1 · public
- Failback – Cloud Cluster to On-Prem RKE2 — Dr · P2 · public
- Failover PostgreSQL HA to GCP (HyOps Blueprint) — Dr · P1 · public
- Ops: PostgreSQL — WAL-G Restore/Promote — Dr · P1 · public
- PostgreSQL DR Operating Model (Restore vs Warm Standby vs Multi-Cloud) — Dr · P1 · public
- PostgreSQL LXC (db-01) Failure and Promotion — Dr · P1 · public
- Prepare PostgreSQL HA Backup to GCP (HyOps Blueprint) — Dr · P2 · public
- Promote PostgreSQL Cloud SQL DR in GCP (HyOps Blueprint) — Dr · P1 · public
- Repeatable PostgreSQL App-Data DR Drill — Dr · P2 · public
- Runner-Local DR Execution Model — Dr · P1 · public
- Add VLAN Gateway on Proxmox — Networking · P3 · public
- Cross-Vendor VRRP Gateway Failover — Networking · P2 · public
- Deploy Edge Control Plane (HyOps Blueprint) — Networking · P2 · public
- Ethernet/WiFi Uplink Failover — Networking · P3 · public
- Extend On-Prem Into Hetzner Site-A (HyOps Blueprint) — Networking · P2 · public
- Full Mesh Topology Configuration — Networking · P2 · public
- Inter-VLAN Firewall Baseline (Proxmox iptables) — Networking · P1 · public
- Legacy Variant: NCC Hub Setup (Azure Primary, GCP Peer) — Networking · P2 · public
- NETCONF Setup on CSR1000v — Networking · P3 · public
- Operate Internal DNS Cutover Records (HyOps) — Networking · P2 · public
- Operate PowerDNS Internal Authority (HyOps) — Networking · P2 · public
- Operate Proxmox SDN (network-sdn) — Networking · P2 · public
- Provision GCP Ops Runner (HyOps Blueprint) — Networking · P2 · public
- Provision Hetzner VyOS Edge (HyOps Blueprint) — Networking · P2 · public
- Provision On-Prem Ops Runner (HyOps Blueprint) — Networking · P2 · public
- Provision On-Prem PowerDNS Secondary (HyOps Blueprint) — Networking · P2 · public
- Provision On-Prem VyOS Edge (HyOps Blueprint) — Networking · P3 · public
- Provision Shared PowerDNS Primary (HyOps Blueprint) — Networking · P2 · public
- Jenkins Controller Outage on ctrl-01 — Ops · P1 · public
- Rotate Jenkins Service Principal Secret — Azure Key Vault (Zero‑Touch) — Ops · P2 · public
- Runbook – Ansible Collections Release — Ops · P2 · public
- Bootstrap Linux Ops Runner (HyOps Module) — Platform · P2 · public
- Build Proxmox VM Templates (HyOps) — Platform · P2 · public
- Deploy EVE-NG (HyOps Blueprint) — Platform · P2 · public
- Deploy PostgreSQL HA (HyOps Blueprint) — Platform · P2 · public
- Deploy RKE2 Cluster (HyOps Blueprint) — Platform · P2 · public
- HybridOps v0.1 Stage1 Baseline Lock + Acceptance — Platform · P2 · public
- HyOps Cloud SQL External Replica Lifecycle — Platform · P3 · public
- HyOps On-Prem Template to VM Smoke — Platform · P2 · public
- NetBox DB Cutover to PostgreSQL HA (HyOps Blueprint) — Platform · P2 · public
- NetBox DB Migration to PostgreSQL HA (HyOps) — Platform · P2 · public
- Operate Cloud Object Repository Modules (HyOps) — Platform · P3 · public
- Operate EVE-NG Service (HyOps) — Platform · P2 · public
- Operate Generic Platform VMs (HyOps) — Platform · P2 · public
- Operate NetBox Service (HyOps) — Platform · P2 · public
- Operate PostgreSQL Core Service (HyOps) — Platform · P2 · public
- Operate PostgreSQL HA Backup (pgBackRest) (HyOps) — Platform · P2 · public
- Operate PostgreSQL HA Cluster (HyOps) — Platform · P2 · public
- Operate RKE2 Cluster Module (HyOps) — Platform · P2 · public
- Operate Shared Manual Gates (HyOps) — Platform · P3 · public
- Operate Shared VyOS Image Build Pipeline (HyOps) — Platform · P2 · public
- Operate Shared VyOS Image Registration Contract (HyOps) — Platform · P3 · public
- Legacy Variant: pfSense Firewall Flow Control — Security · P2 · public
Last generated: 2026-03-09T11:16:55Z