[tech] Cutover from mooneye to mailfish - 90% complete

Mark Tearle mtearle at ucc.asn.au
Sun Jun 21 01:17:01 AWST 2020 

Hi folks

I've mostly complete the cutover from mooneye to mailfish.   My TODO
list is below (X = done, * = TODO).  I think everything should be
working at the moment, but I've got some mop up work and configuration
to do tomorrow.

There was a little scare in terms of config with a missing bit of IPv6
config in the postfix main.cf file.  Hopefully mailman interpreted that
as a temporary failure and didn't bounce anybody off the lists.

Apologies for the abundance of test emails, etc and to the poor
hostpersons who may have got lots of emails.    Please forward any
anomalous emails through to me and I'll look at them (mark at tearle.com if
UCC email is broken)

If there is something majorly borken, please call me on 0418 958 985 and
I'll look at it straight away.  I'll do a cursory check in the morning,
but won't be at the computer until after midday.

However, positive progress!

Cheers,
Mark


Ansible
=======

X Added cron entry to magic_lists for ucc-add-announce script
X Run ansible role again
X Check logic around /var/mail bind mount (see /home/other/mailman)
X Add start/stop for mailman and postfix to ansible role
X Add ucc-fw script
X Firewall http/https on mailfish to UCC only
X Run ansible role again

Stop syncs
==========

X Force sync to mailfish
X Stop sync script from mooneye to mailfish
   (Disable on mooneye, disable on mailfish)

Stop processes
==============

X Check list holds/etc on mooneye/lists.ucc.*
X Check mailman qfiles empty on mooneye
X Check mail queues empty on mooneye
X Stop postfix on mooneye
X Stop mailman on mooneye
X Temporarily stop postfix and mailman on mailfish

Configuration Changes
=====================

X Move existing mooneye postfix config out of the way

X Change mooneye postfix config to be a smarthost
X Remove mailman from mooneye /etc/init.d
X Update haproxy on mailauesi to point to mailfish

Firewall Changes
================

X Update murasoi firewall rules
X - Change secure (.28) NAT rules for 465, 587, 588 to mailfish
X - Add (.9) NAT rules for 465, 587, 588, 25 to mailfish
X - Open firewall rules as needed for mailfish

Web Changes
===========

X Add proxy for lists.ucc.* on mussel
X Add proxy for subscribe.ucc.* on mussel

Config fixes
============

X mynetworks postfix main.cf for IPv6 localhost
X opendkim-internal add localhost

DNS Changes
===========

X Update DNS for smarthost.mail.ucc.* to point to mailfish
X Leave DNS for mail.ucc.* to point to 130.95.13.9
X Leave DNS for mailhost.ucc.* to point to 131.95.13.9

X Update DNS for lists.ucc.* to point to mussel, proxy to mailfish
X Update DNS for subscribe.ucc.* to point to mussel, proxy to mailfish

* Update ucc hosts smarthost configurations

Script Changes and Checks
=========================

X Empty qfiles on mailfish
X Test policy systemhealth script on mailfish
X Start Mailman Qrunners on mailfish
X Check firewall on mailfish
X Update ucc-adduser-ad to not use ssh key and integrate mailman queue script

* Update email backup script - /etc/cron.daily/zzdailybackup on mooneye

Cleanup and Tidyup
==================

X Email to tech at ucc.asn.au
* Test reboot of mailfish and check things come up cleanly
* Prometheus dashboards for postfix
* Record changes in ansible
* Rerun ansible

Further Upgrades
================

* Security upgrades for mailman

More information about the tech mailing list