[tech] 93% complete - Re: Cutover from mooneye to mailfish - 90% complete

Mark Tearle mtearle at tearle.com
Sun Jun 21 23:39:08 AWST 2020 

Hi folks 

X Update ucc hosts smarthost configurations

Done - except for 
 
catfish.ucc.asn.au
clownfish.ucc.asn.au
cobra.ucc.asn.au
meetings.ucc.asn.au
mollitz.ucc.asn.au
mylah.ucc.asn.au
myxine.ucc.asn.au
pinball.ucc.asn.au
samurai.ucc.asn.au


Outstanding tasks ....
> Script Changes and Checks
> =========================
> 
> * Update email backup script - /etc/cron.daily/zzdailybackup on mooneye
> 
> Cleanup and Tidyup
> ==================
> 
> * Test reboot of mailfish and check things come up cleanly
> * Prometheus dashboards for postfix
> * Record changes in ansible
> * Rerun ansible
> 
> Further Upgrades
> ================
> 
> * Security upgrades for mailman


Mark
-- 
Mark Tearle <mtearle at tearle.com>

On Sun, 21 Jun 2020, at 1:17 AM, Mark Tearle wrote:
> Hi folks
> 
> I've mostly complete the cutover from mooneye to mailfish.   My TODO
> list is below (X = done, * = TODO).  I think everything should be
> working at the moment, but I've got some mop up work and configuration
> to do tomorrow.
> 
> There was a little scare in terms of config with a missing bit of IPv6
> config in the postfix main.cf file.  Hopefully mailman interpreted that
> as a temporary failure and didn't bounce anybody off the lists.
> 
> Apologies for the abundance of test emails, etc and to the poor
> hostpersons who may have got lots of emails.    Please forward any
> anomalous emails through to me and I'll look at them (mark at tearle.com if
> UCC email is broken)
> 
> If there is something majorly borken, please call me on 0418 958 985 and
> I'll look at it straight away.  I'll do a cursory check in the morning,
> but won't be at the computer until after midday.
> 
> However, positive progress!
> 
> Cheers,
> Mark
> 
> 
> Ansible
> =======
> 
> X Added cron entry to magic_lists for ucc-add-announce script
> X Run ansible role again
> X Check logic around /var/mail bind mount (see /home/other/mailman)
> X Add start/stop for mailman and postfix to ansible role
> X Add ucc-fw script
> X Firewall http/https on mailfish to UCC only
> X Run ansible role again
> 
> Stop syncs
> ==========
> 
> X Force sync to mailfish
> X Stop sync script from mooneye to mailfish
>    (Disable on mooneye, disable on mailfish)
> 
> Stop processes
> ==============
> 
> X Check list holds/etc on mooneye/lists.ucc.*
> X Check mailman qfiles empty on mooneye
> X Check mail queues empty on mooneye
> X Stop postfix on mooneye
> X Stop mailman on mooneye
> X Temporarily stop postfix and mailman on mailfish
> 
> Configuration Changes
> =====================
> 
> X Move existing mooneye postfix config out of the way
> 
> X Change mooneye postfix config to be a smarthost
> X Remove mailman from mooneye /etc/init.d
> X Update haproxy on mailauesi to point to mailfish
> 
> Firewall Changes
> ================
> 
> X Update murasoi firewall rules
> X - Change secure (.28) NAT rules for 465, 587, 588 to mailfish
> X - Add (.9) NAT rules for 465, 587, 588, 25 to mailfish
> X - Open firewall rules as needed for mailfish
> 
> Web Changes
> ===========
> 
> X Add proxy for lists.ucc.* on mussel
> X Add proxy for subscribe.ucc.* on mussel
> 
> Config fixes
> ============
> 
> X mynetworks postfix main.cf for IPv6 localhost
> X opendkim-internal add localhost
> 
> DNS Changes
> ===========
> 
> X Update DNS for smarthost.mail.ucc.* to point to mailfish
> X Leave DNS for mail.ucc.* to point to 130.95.13.9
> X Leave DNS for mailhost.ucc.* to point to 131.95.13.9
> 
> X Update DNS for lists.ucc.* to point to mussel, proxy to mailfish
> X Update DNS for subscribe.ucc.* to point to mussel, proxy to mailfish
> 
> * Update ucc hosts smarthost configurations
> 
> Script Changes and Checks
> =========================
> 
> X Empty qfiles on mailfish
> X Test policy systemhealth script on mailfish
> X Start Mailman Qrunners on mailfish
> X Check firewall on mailfish
> X Update ucc-adduser-ad to not use ssh key and integrate mailman queue script
> 
> * Update email backup script - /etc/cron.daily/zzdailybackup on mooneye
> 
> Cleanup and Tidyup
> ==================
> 
> X Email to tech at ucc.asn.au
> * Test reboot of mailfish and check things come up cleanly
> * Prometheus dashboards for postfix
> * Record changes in ansible
> * Rerun ansible
> 
> Further Upgrades
> ================
> 
> * Security upgrades for mailman
> _______________________________________________
> List Archives: http://lists.ucc.asn.au/pipermail/tech
> 
> Unsubscribe here: 
> https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au
>

More information about the tech mailing list