Runbooks — Operational Procedures¶
Concise, reproducible procedures for DR, burst, bootstrap, DNS cutover, VPN, secrets rotation, and related operations.
Each runbook is outcome-focused and linked to supporting evidence.
Access flags (
public,academy,mixed) follow the documentation access model in ADR-0021.
Conventions (applies to all runbooks)¶
- Pre-checks — prerequisites and environment sanity.
- Execute — ordered steps and commands.
- Verify — success criteria and dashboards to check.
- Artifacts — logs and exports to capture under
output/. - Rollback — safe, minimal reversal steps.
Runbook catalog¶
Categories: Bootstrap (20) · Burst (1) · Dr (10) · Networking (17) · Ops (4) · Platform (22) · Security (1)
All runbooks (75) — click to browse
- Bootstrap NetBox Foundation (HyOps Blueprint) — Bootstrap · P2 · public
- Bootstrap vault password provider — Bootstrap · P3 · public
- Create a GCP project with org/gcp/project-factory — Bootstrap · P2 · public
- Generate bootstrap secrets into runtime vault bundle — Bootstrap · P3 · public
- Init AWS credentials with hyops init aws — Bootstrap · P3 · public
- Init Azure credentials with hyops init azure — Bootstrap · P3 · public
- Init GCP credentials with hyops init gcp — Bootstrap · P3 · public
- Init HashiCorp Vault with hyops init hashicorp-vault — Bootstrap · P3 · public
- Init Hetzner credentials with hyops init hetzner — Bootstrap · P3 · public
- Initialise Proxmox target credentials — Bootstrap · P2 · public
- Initialise Terraform Cloud credentials — Bootstrap · P2 · public
- Install and initialise HybridOps.Core — Bootstrap · P3 · public
- Install prerequisites with hyops setup — Bootstrap · P3 · public
- NetBox Initial Seed & Bootstrap — Bootstrap · P2 · public
- Run cloud and on-prem init environment scripts — Bootstrap · P3 · public
- Runbook – Bootstrap Jenkins Controller on Control Node (ctrl-01) — Bootstrap · P2 · academy
- Runbook – Bootstrap Jenkins Docker Agent on Control Node (ctrl-01) — Bootstrap · P2 · academy
- Sync Azure Key Vault secrets into runtime vault bundle — Bootstrap · P3 · public
- Sync GCP Secret Manager secrets into runtime vault bundle — Bootstrap · P3 · public
- Sync HashiCorp Vault secrets into runtime vault bundle — Bootstrap · P3 · public
- Burst: Scale Out / In — Burst · P2 · public
- Cost Guardrail Breach During DR/Burst (Decision: DENY) — Dr · P2 · public
- DR Cutover – On-Prem RKE2 to Cloud Cluster — Dr · P1 · public
- Failback PostgreSQL HA to On-Prem (HyOps Blueprint) — Dr · P1 · public
- Failback – Cloud Cluster to On-Prem RKE2 — Dr · P2 · public
- Failover PostgreSQL HA to GCP (HyOps Blueprint) — Dr · P1 · public
- Ops: PostgreSQL — WAL-G Restore/Promote — Dr · P1 · public
- PostgreSQL DR Operating Model (Restore vs Warm Standby vs Multi-Cloud) — Dr · P1 · public
- PostgreSQL LXC (db-01) Failure and Promotion — Dr · P1 · public
- Prepare PostgreSQL HA Backup to GCP (HyOps Blueprint) — Dr · P2 · public
- Runner-Local DR Execution Model — Dr · P1 · public
- Add VLAN Gateway on Proxmox — Networking · P3 · public
- Cross-Vendor VRRP Gateway Failover — Networking · P2 · public
- Deploy Edge Control Plane (HyOps Blueprint) — Networking · P2 · public
- Ethernet/WiFi Uplink Failover — Networking · P3 · public
- Full Mesh Topology Configuration — Networking · P2 · public
- Inter-VLAN Firewall Baseline (Proxmox iptables) — Networking · P1 · public
- NCC Hub Setup (Azure Primary, GCP Peer) — Networking · P2 · public
- NETCONF Setup on CSR1000v — Networking · P3 · public
- Operate Internal DNS Cutover Records (HyOps) — Networking · P2 · public
- Operate PowerDNS Internal Authority (HyOps) — Networking · P2 · public
- Operate Proxmox SDN (network-sdn) — Networking · P2 · public
- Provision GCP Ops Runner (HyOps Blueprint) — Networking · P2 · public
- Provision Hetzner VyOS Edge (HyOps Blueprint) — Networking · P3 · public
- Provision On-Prem Ops Runner (HyOps Blueprint) — Networking · P2 · public
- Provision On-Prem PowerDNS Secondary (HyOps Blueprint) — Networking · P2 · public
- Provision On-Prem VyOS Edge (HyOps Blueprint) — Networking · P3 · public
- Provision Shared PowerDNS Primary (HyOps Blueprint) — Networking · P2 · public
- Jenkins Controller Outage on ctrl-01 — Ops · P1 · public
- Rotate Jenkins Service Principal Secret — Azure Key Vault (Zero‑Touch) — Ops · P2 · public
- Runbook – Ansible Collections Release — Ops · P2 · public
- Runbook – Argo CD / GitOps Sync Issues — Ops · P3 · public
- Bootstrap Linux Ops Runner (HyOps Module) — Platform · P2 · public
- Build Proxmox VM Templates (HyOps) — Platform · P2 · public
- Deploy EVE-NG (HyOps Blueprint) — Platform · P2 · public
- Deploy PostgreSQL HA (HyOps Blueprint) — Platform · P2 · public
- Deploy RKE2 Cluster (HyOps Blueprint) — Platform · P2 · public
- HybridOps v0.1 Stage1 Baseline Lock + Acceptance — Platform · P2 · public
- HyOps Cloud SQL External Replica Lifecycle — Platform · P3 · public
- HyOps On-Prem Template to VM Smoke — Platform · P2 · public
- NetBox DB Cutover to PostgreSQL HA (HyOps Blueprint) — Platform · P2 · public
- NetBox DB Migration to PostgreSQL HA (HyOps) — Platform · P2 · public
- Operate Cloud Object Repository Modules (HyOps) — Platform · P3 · public
- Operate EVE-NG Service (HyOps) — Platform · P2 · public
- Operate Generic Platform VMs (HyOps) — Platform · P2 · public
- Operate NetBox Service (HyOps) — Platform · P2 · public
- Operate PostgreSQL Core Service (HyOps) — Platform · P2 · public
- Operate PostgreSQL HA Backup (pgBackRest) (HyOps) — Platform · P2 · public
- Operate PostgreSQL HA Cluster (HyOps) — Platform · P2 · public
- Operate RKE2 Cluster Module (HyOps) — Platform · P2 · public
- Operate Shared VyOS Image Artifact Contract (HyOps) — Platform · P3 · public
- Operate Shared VyOS Image Build Pipeline (HyOps) — Platform · P3 · public
- Runbook – Build and Clean Documentation Sites (Public and Academy) — Platform · P3 · public
- Runbook – External Secrets / Azure Key Vault Projection Issues — Platform · P3 · public
- pfSense Firewall Flow Control — Security · P2 · public
Last generated: 2026-03-06T12:37:45Z