<!DOCTYPE html><html><head><title></title><style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style></head><body><div>Hi folks<br></div><div><br></div><div>With the assistance of Nick have been starting on untangling UCC's email setup. Ultimately, this is in aid of upgrading mooneye and the UCC mailman installation, but there'll be some diversions along the way.<br></div><div><br></div><div>Diagram<br></div><div>-------------<br></div><div><br></div><div>To that end, so far I've created a diagram of the current setup (attached). Let me know if you'd like me to run through it with you via a teleconf on meetings.ucc.asn.au<br></div><div><br></div><div>New DNS entries and haproxy<br></div><div>--------------------------------------------<br></div><div><br></div><div>In anticipation of the upcoming hijinx with UCC DNS, have created a set of new DNS names for:<br></div><div> IMAPS (port 993) - imaps.ucc.asn.au<br></div><div> POP3S (port 995) - pop3s.ucc.asn.au<br></div><div> SMTP AUTH/submission (port 587) - submission.ucc.asn.au<br></div><div><br></div><div>These all point at a new host VM running haproxy, which proxies these services to motsugo and mooneye.<br></div><div>This host is a new VM called mailauesi.ucc.asn.au and set up with ansible (more on that below)<br></div><div><br></div><div>I've also added SRV records, and an autodiscovery website to enable email clients to configure themselves automatically for UCC email. I've tested with Thunderbird and Evolution. More wider testing is needed with other clients, let me know if you can help.<br></div><div><br></div><div>I intend to email (probably tomorrow) the current users of IMAP and POP and get them to start using the new DNS entries.<br></div><div>diagram.<br></div><div><br></div><div>Ansible SOE<br></div><div>------------------<br></div><div><br></div><div>So to create this new VM host, I've generated a set of ansible roles reflecting UCC's SOE as documented on the wiki<br></div><div><br></div><div>These are in the repo at <a href="https://gitlab.ucc.asn.au/ucc-systems/ucc-ansible-soe">https://gitlab.ucc.asn.au/ucc-systems/ucc-ansible-soe</a><br></div><div><br></div><div>So far it has/uses roles to set up:<br></div><pre class="code highlight" lang="yaml"><span id="LC5" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_vm_guest</span></span> (Guest agents for VM)
<span id="LC6" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_sshd_config</span></span> (UCC sshd standard settings)
<span id="LC7" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_ad_client</span></span> (Join the UCC AD)
<span id="LC8" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">weareinteractive.sudo (Enable sudo for wheel)</span></span>
<span id="LC9" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_mounts_machineroom (/home, /away and /services NFS mounts)</span></span>
<span id="LC10" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_server_base_packages (UCC standard packages)</span></span>
<span id="LC11" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_central_syslog_client (UCC syslog)</span></span>
<span id="LC12" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_motd (UCC motd setup)</span></span>
<span id="LC13" class="line" lang="yaml"> <span class="pi">-</span> <span class="nv">roles/ucc_postfix_smarthost (UCC host postfix smarthost setup)</span></span>
<span id="LC14" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_security_harden (Security hardening)</span></span>
<span id="LC15" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_wheel_only (Restrict logins to wheel only on this host)</span></span>
<span id="LC16" class="line" lang="yaml"> <span class="pi">-</span> <span class="s">roles/ucc_mail_agents_haproxy</span></span> (haproxy setup for imaps/pop3s/submission)<br></pre><div><br></div><div>The majority of these roles can be reused for the next host to be set up with ansible. There was still some manual configuration on the server hosts needed for this machine.<br></div><div><br></div><div><br></div><div>Next Steps<br></div><div>----------------<br></div><div><br></div><ol><li>Email IMAPS/POP3 users to ask them to use new names<br></li><li>Look at moving the wikis off of mooneye. (Question is where to?)<br></li><li>Tidy up mooneye's apache config<br></li><li>Remove broken LDAP config on motsugo's dovecot<br></li><li>Move roundcube and SoGO to their own DNS/virtualhost name (remaining on the same host)<br></li><li>Look at imapproxy on mussel<br></li><li>Look more broadly at UCC web config and draw a diagram?<br></li><li>More work on UCC mailman setup - look at existing data/files that need to be migrated...<br></li><li>More yak shaving<br></li></ol><div><br></div><div><br></div><div><br></div><div><br></div><div>Mark<br></div><div><br></div><div id="sig26513633"><div>--<br></div><div>
<br></div><div>Mark Tearle <<a href="mailto:mtearle@ucc.asn.au">mtearle@ucc.asn.au</a>><br></div></div><div><br></div></body></html>