Migrating for monitoring, mail relay, bacukps, shared maintenance and more


The https://cloud.manach.net instance is currently installed and managed by me, which is not very resilient. Jean-Marc trusts @fpoulain to help with the maintenance which is great. In the weeks to come I will do the needful to migrate the virtual machine in the Enough.Community infrastructure.

With that in mind, here are the hairy details of the migration procedure:

  • schedule a downtime with Jean-Marc
  • download a VM backup image from the current OpenStack tenant
  • add a playbook modeled after cloud.enough.community which sets cloud.manach.net as a trusted host and make it a pet because it does not have a separate 3-replica volume that makes it disposable
  • manually create the VM in production, from the image and add the ansible infrastructure key
  • run molecule create -s preprod to fixup security groups etc.
  • run the playbook which should do nothing significant except create a tor hidden service as a bonus
  • ask Jean-Marc to update his DNS with the new IP
  • a few days after the migration delete the old VMs


What about mail sending ? Currently th MX is lautre.net, and no SPF record has been set (which is more and more problematic with big mail providers).
Possible options:

  • use the lautre.net infrastructure as a relay
  • use the Enough Community relay (then we should add a SPF record including lautre.net and enougth relays)
1 Like

Note that cloud.manach.net does not use the same relay as manach.net. It is a gandi.net mailbox which should simplify things.


$ dig +short MX manach.net
5 mx.lautre.net.
10 mx2.lautre.net.
$ dig +short MX cloud.manach.net

I meant for the outgoing SMTP server. cloud.manach.net is not supposed to receive mail.