[Gluster-infra] Lists server upgrade tomorrow

Michael Scherer mscherer at redhat.com
Thu Apr 15 13:37:24 UTC 2021


Le mercredi 14 avril 2021 à 17:16 +0200, Michael Scherer a écrit :
> Hi,
> 
> Since supercolony is still running on RHEL 6 (who is past its shelf
> life), it has to be upgraded to EL 7. So I installed another VM, used
> ansible, and we are ready to switch soon.
> 
> The plan for migration tomorrow is as follow (so I can refer later),
> for the moment of migration:
> 
> - disable the ansible playbook for supercolony
> - block postfix port 25 on iptables
> - make sure the postfix queue is empty
> - deal with current moderation tasks, check that
> /var/lib/mailman/data
> is empty
> - stop postfix
> - stop mailman (on both servers)
> 
> - sync the archives/ and lists/ to the new server with rsync
> 
> - start mailman on new server
> - switch the web proxy to go to the new server
> 
> - check this work fine on the web interface
> 
> - switch the DNS (so the MX record as well)
> 
> - announce the new server on list and see if the mail is sent
> 
> and later, deal with all the side effect of switching that I forgot
> (like, I guess, jenkins, and the IP reputation, and maybe some RH IT
> stuff)
> 
> If all goes well, it should take less than 30 minutes. There is
> almost
> no risk of losing mails. I am gonna send a email to announce the
> migration to devel and users. 

So as usual, not everything went well:

- Our old EL 6 server was without IP v6. The new one is IP v6 ready.
Postfix refused to start due to that (since the old server was
configured to be IP v4 only in postfix config).

But, I was lucky because at the same time, mailman decided to bounce
and spam everybody, so this got blackholed.

- the web interface and mailman didn't work out of the box. I suspect I
forgot one configuration file or one detail. I fixed it and now it
work.

- the firewall was also blocking port 25. While this is a very
efficient measure to prevent spam, I deemed it too efficient.

- of course, new IP mean new delay due to greylisting. On both side
when sending a mail to myself to test. But this worked

If you read that mail, it mean that the move worked.

I slowed it down so we do not hit limits too fast on gmail/yahoo/etc,
and with the greylisting cache being reset, delay might be observed
during the next few days.



-- 
Michael Scherer / He/Il/Er/Él
Sysadmin, Community Infrastructure



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20210415/c40abc03/attachment.sig>


More information about the Gluster-infra mailing list