[tech] 95% complete - Re: Cutover from mooneye to mailfish - 90% complete

Mark Tearle mtearle at ucc.asn.au
Tue Jun 23 00:08:13 AWST 2020 

Hi folks

Tonight's progress ....

X Prometheus dashboards for postfix
X Record changes in ansible

Outstanding tasks ....

> Script Changes and Checks
> =========================
> 
> * Update email backup script - /etc/cron.daily/zzdailybackup on mooneye
> 
> Cleanup and Tidyup
> ==================
> 
> * Test reboot of mailfish and check things come up cleanly
> * Rerun ansible
> 
> Further Upgrades
> ================
> 
> * Security upgrades for mailman

Mark
--
Mark Tearle <mtearle at ucc.asn.au>

On Sun, 21 Jun 2020, at 11:39 PM, Mark Tearle wrote:
> Hi folks 
> 
> X Update ucc hosts smarthost configurations
> 
> Done - except for 
> 
> catfish.ucc.asn.au
> clownfish.ucc.asn.au
> cobra.ucc.asn.au
> meetings.ucc.asn.au
> mollitz.ucc.asn.au
> mylah.ucc.asn.au
> myxine.ucc.asn.au
> pinball.ucc.asn.au
> samurai.ucc.asn.au
> 
> 

> 
> 
> Mark
> -- 
> Mark Tearle <mtearle at tearle.com>
> 
> On Sun, 21 Jun 2020, at 1:17 AM, Mark Tearle wrote:
> > Hi folks
> > 
> > I've mostly complete the cutover from mooneye to mailfish. My TODO
> > list is below (X = done, * = TODO). I think everything should be
> > working at the moment, but I've got some mop up work and configuration
> > to do tomorrow.
> > 
> > There was a little scare in terms of config with a missing bit of IPv6
> > config in the postfix main.cf file. Hopefully mailman interpreted that
> > as a temporary failure and didn't bounce anybody off the lists.
> > 
> > Apologies for the abundance of test emails, etc and to the poor
> > hostpersons who may have got lots of emails. Please forward any
> > anomalous emails through to me and I'll look at them (mark at tearle.com if
> > UCC email is broken)
> > 
> > If there is something majorly borken, please call me on 0418 958 985 and
> > I'll look at it straight away. I'll do a cursory check in the morning,
> > but won't be at the computer until after midday.
> > 
> > However, positive progress!
> > 
> > Cheers,
> > Mark
> > 
> > 
> > Ansible
> > =======
> > 
> > X Added cron entry to magic_lists for ucc-add-announce script
> > X Run ansible role again
> > X Check logic around /var/mail bind mount (see /home/other/mailman)
> > X Add start/stop for mailman and postfix to ansible role
> > X Add ucc-fw script
> > X Firewall http/https on mailfish to UCC only
> > X Run ansible role again
> > 
> > Stop syncs
> > ==========
> > 
> > X Force sync to mailfish
> > X Stop sync script from mooneye to mailfish
> > (Disable on mooneye, disable on mailfish)
> > 
> > Stop processes
> > ==============
> > 
> > X Check list holds/etc on mooneye/lists.ucc.*
> > X Check mailman qfiles empty on mooneye
> > X Check mail queues empty on mooneye
> > X Stop postfix on mooneye
> > X Stop mailman on mooneye
> > X Temporarily stop postfix and mailman on mailfish
> > 
> > Configuration Changes
> > =====================
> > 
> > X Move existing mooneye postfix config out of the way
> > 
> > X Change mooneye postfix config to be a smarthost
> > X Remove mailman from mooneye /etc/init.d
> > X Update haproxy on mailauesi to point to mailfish
> > 
> > Firewall Changes
> > ================
> > 
> > X Update murasoi firewall rules
> > X - Change secure (.28) NAT rules for 465, 587, 588 to mailfish
> > X - Add (.9) NAT rules for 465, 587, 588, 25 to mailfish
> > X - Open firewall rules as needed for mailfish
> > 
> > Web Changes
> > ===========
> > 
> > X Add proxy for lists.ucc.* on mussel
> > X Add proxy for subscribe.ucc.* on mussel
> > 
> > Config fixes
> > ============
> > 
> > X mynetworks postfix main.cf for IPv6 localhost
> > X opendkim-internal add localhost
> > 
> > DNS Changes
> > ===========
> > 
> > X Update DNS for smarthost.mail.ucc.* to point to mailfish
> > X Leave DNS for mail.ucc.* to point to 130.95.13.9
> > X Leave DNS for mailhost.ucc.* to point to 131.95.13.9
> > 
> > X Update DNS for lists.ucc.* to point to mussel, proxy to mailfish
> > X Update DNS for subscribe.ucc.* to point to mussel, proxy to mailfish
> > 
> > * Update ucc hosts smarthost configurations
> > 
> > Script Changes and Checks
> > =========================
> > 
> > X Empty qfiles on mailfish
> > X Test policy systemhealth script on mailfish
> > X Start Mailman Qrunners on mailfish
> > X Check firewall on mailfish
> > X Update ucc-adduser-ad to not use ssh key and integrate mailman queue script
> > 
> > * Update email backup script - /etc/cron.daily/zzdailybackup on mooneye
> > 
> > Cleanup and Tidyup
> > ==================
> > 
> > X Email to tech at ucc.asn.au
> > * Test reboot of mailfish and check things come up cleanly
> > * Prometheus dashboards for postfix
> > * Record changes in ansible
> > * Rerun ansible
> > 
> > Further Upgrades
> > ================
> > 
> > * Security upgrades for mailman
> > _______________________________________________
> > List Archives: http://lists.ucc.asn.au/pipermail/tech
> > 
> > Unsubscribe here: 
> > https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au
> >
> _______________________________________________
> List Archives: http://lists.ucc.asn.au/pipermail/tech
> 
> Unsubscribe here: 
> https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20200623/b3166ac1/attachment.htm>

More information about the tech mailing list