[tech] 98% complete - Re: Cutover from mooneye to mailfish - 90% complete

Mark Tearle mtearle at ucc.asn.au
Thu Jun 25 20:55:51 AWST 2020 

Hi folks

Tonight's progress ....

Script Changes and Checks
=========================

X Update email backup script - /etc/cron.daily/zzdailybackup on mooneye

Cleanup and Tidyup
==================

X Test reboot of mailfish and check things come up cleanly
X Rerun ansible


Outstanding tasks ....
> > 
> > Further Upgrades
> > ================
> > 
> > * Security upgrades for mailman

Mark
--
Mark Tearle <mtearle at ucc.asn.au>


On Tue, 23 Jun 2020, at 12:08 AM, Mark Tearle wrote:
> Hi folks
> 
> Tonight's progress ....
> 
> X Prometheus dashboards for postfix
> X Record changes in ansible
> 
> 
> On Sun, 21 Jun 2020, at 11:39 PM, Mark Tearle wrote:
> > Hi folks 
> > 
> > X Update ucc hosts smarthost configurations
> > 
> > Done - except for 
> > 
> > catfish.ucc.asn.au
> > clownfish.ucc.asn.au
> > cobra.ucc.asn.au
> > meetings.ucc.asn.au
> > mollitz.ucc.asn.au
> > mylah.ucc.asn.au
> > myxine.ucc.asn.au
> > pinball.ucc.asn.au
> > samurai.ucc.asn.au
> > 
> > 
> > 
> > On Sun, 21 Jun 2020, at 1:17 AM, Mark Tearle wrote:
> > > Hi folks
> > > 
> > > I've mostly complete the cutover from mooneye to mailfish. My TODO
> > > list is below (X = done, * = TODO). I think everything should be
> > > working at the moment, but I've got some mop up work and configuration
> > > to do tomorrow.
> > > 
> > > There was a little scare in terms of config with a missing bit of IPv6
> > > config in the postfix main.cf file. Hopefully mailman interpreted that
> > > as a temporary failure and didn't bounce anybody off the lists.
> > > 
> > > Apologies for the abundance of test emails, etc and to the poor
> > > hostpersons who may have got lots of emails. Please forward any
> > > anomalous emails through to me and I'll look at them (mark at tearle.com if
> > > UCC email is broken)
> > > 
> > > If there is something majorly borken, please call me on 0418 958 985 and
> > > I'll look at it straight away. I'll do a cursory check in the morning,
> > > but won't be at the computer until after midday.
> > > 
> > > However, positive progress!
> > > 
> > > Cheers,
> > > Mark
> > > 
> > > 
> > > Ansible
> > > =======
> > > 
> > > X Added cron entry to magic_lists for ucc-add-announce script
> > > X Run ansible role again
> > > X Check logic around /var/mail bind mount (see /home/other/mailman)
> > > X Add start/stop for mailman and postfix to ansible role
> > > X Add ucc-fw script
> > > X Firewall http/https on mailfish to UCC only
> > > X Run ansible role again
> > > 
> > > Stop syncs
> > > ==========
> > > 
> > > X Force sync to mailfish
> > > X Stop sync script from mooneye to mailfish
> > > (Disable on mooneye, disable on mailfish)
> > > 
> > > Stop processes
> > > ==============
> > > 
> > > X Check list holds/etc on mooneye/lists.ucc.*
> > > X Check mailman qfiles empty on mooneye
> > > X Check mail queues empty on mooneye
> > > X Stop postfix on mooneye
> > > X Stop mailman on mooneye
> > > X Temporarily stop postfix and mailman on mailfish
> > > 
> > > Configuration Changes
> > > =====================
> > > 
> > > X Move existing mooneye postfix config out of the way
> > > 
> > > X Change mooneye postfix config to be a smarthost
> > > X Remove mailman from mooneye /etc/init.d
> > > X Update haproxy on mailauesi to point to mailfish
> > > 
> > > Firewall Changes
> > > ================
> > > 
> > > X Update murasoi firewall rules
> > > X - Change secure (.28) NAT rules for 465, 587, 588 to mailfish
> > > X - Add (.9) NAT rules for 465, 587, 588, 25 to mailfish
> > > X - Open firewall rules as needed for mailfish
> > > 
> > > Web Changes
> > > ===========
> > > 
> > > X Add proxy for lists.ucc.* on mussel
> > > X Add proxy for subscribe.ucc.* on mussel
> > > 
> > > Config fixes
> > > ============
> > > 
> > > X mynetworks postfix main.cf for IPv6 localhost
> > > X opendkim-internal add localhost
> > > 
> > > DNS Changes
> > > ===========
> > > 
> > > X Update DNS for smarthost.mail.ucc.* to point to mailfish
> > > X Leave DNS for mail.ucc.* to point to 130.95.13.9
> > > X Leave DNS for mailhost.ucc.* to point to 131.95.13.9
> > > 
> > > X Update DNS for lists.ucc.* to point to mussel, proxy to mailfish
> > > X Update DNS for subscribe.ucc.* to point to mussel, proxy to mailfish
> > > 
> > > * Update ucc hosts smarthost configurations
> > > 
> > > Script Changes and Checks
> > > =========================
> > > 
> > > X Empty qfiles on mailfish
> > > X Test policy systemhealth script on mailfish
> > > X Start Mailman Qrunners on mailfish
> > > X Check firewall on mailfish
> > > X Update ucc-adduser-ad to not use ssh key and integrate mailman queue script
> > > 
> > > * Update email backup script - /etc/cron.daily/zzdailybackup on mooneye
> > > 
> > > Cleanup and Tidyup
> > > ==================
> > > 
> > > X Email to tech at ucc.asn.au
> > > * Test reboot of mailfish and check things come up cleanly
> > > * Prometheus dashboards for postfix
> > > * Record changes in ansible
> > > * Rerun ansible
> > > 
> > > Further Upgrades
> > > ================
> > > 
> > > * Security upgrades for mailman
> > > _______________________________________________
> > > List Archives: http://lists.ucc.asn.au/pipermail/tech
> > > 
> > > Unsubscribe here: 
> > > https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au
> > >
> > _______________________________________________
> > List Archives: http://lists.ucc.asn.au/pipermail/tech
> > 
> > Unsubscribe here: 
> > https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au
> >
> _______________________________________________
> List Archives: http://lists.ucc.asn.au/pipermail/tech
> 
> Unsubscribe here: https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20200625/d72030e5/attachment.htm>

More information about the tech mailing list