Migrating for monitoring, mail relay, bacukps, shared maintenance and more

loic · July 24, 2018, 3:36pm

Bonjour,

The https://cloud.manach.net instance is currently installed and managed by me, which is not very resilient. Jean-Marc trusts @fpoulain to help with the maintenance which is great. In the weeks to come I will do the needful to migrate the virtual machine in the Enough.Community infrastructure.

With that in mind, here are the hairy details of the migration procedure:

schedule a downtime with Jean-Marc
download a VM backup image from the current OpenStack tenant
add a playbook modeled after cloud.enough.community which sets cloud.manach.net as a trusted host and make it a pet because it does not have a separate 3-replica volume that makes it disposable
manually create the VM in production, from the image and add the ansible infrastructure key
run molecule create -s preprod to fixup security groups etc.
run the playbook which should do nothing significant except create a tor hidden service as a bonus
ask Jean-Marc to update his DNS with the new IP
a few days after the migration delete the old VMs

Cheers

fpoulain · July 30, 2018, 8:09am

What about mail sending ? Currently th MX is lautre.net, and no SPF record has been set (which is more and more problematic with big mail providers).
Possible options:

use the lautre.net infrastructure as a relay
use the Enough Community relay (then we should add a SPF record including lautre.net and enougth relays)

loic · July 30, 2018, 8:15am

Note that cloud.manach.net does not use the same relay as manach.net. It is a gandi.net mailbox which should simplify things.

fpoulain · July 30, 2018, 8:34am

Curious:

$ dig +short MX manach.net
5 mx.lautre.net.
10 mx2.lautre.net.
$ dig +short MX cloud.manach.net
$

loic · July 30, 2018, 8:44am

I meant for the outgoing SMTP server. cloud.manach.net is not supposed to receive mail.