In our mailman meeting today Faidon pointed out the service IP can't be just switched over since sodium is not in the same rack with ganeti machines
Description
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
fermium: override role default IPs | operations/puppet | production | +2 -0 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | faidon | T84041 Replace all instances of lighttpd with nginx | |||
Resolved | faidon | T84053 mailman - replace lighttpd | |||
Resolved | LSobanski | T111653 Encrypt all the things | |||
Resolved | faidon | T82576 Enable STARTTLS (both inbound and outbound) on lists | |||
Resolved | JanZerebecki | T55259 Add Forward Secrecy to all HTTPS sites | |||
Resolved | Dzahn | T90351 Improve SSL of lists.wikimedia.org | |||
Resolved | Dzahn | T83541 Upgrade Exim to >=4.73 | |||
Duplicate | None | T97492 Upgrade to Mailman 3.0 | |||
Resolved | Dzahn | T110141 TTL back up to normal 1H | |||
Resolved | • MZMcBride | T27231 Mailman mailing list archiver truncates if a line begins with "From" | |||
Resolved | None | T66818 Mitigate strict DMARC policy on the mailing lists | |||
Resolved | Dzahn | T80945 Get rid of all Ubuntu Lucid (10.04) installs | |||
Resolved | Dzahn | T82698 shutdown sodium after mailman has migrated to jessie VM | |||
Resolved | Dzahn | T105756 Mailman Upgrade (Jessie & Mailman 2.x) and migration to a VM | |||
Resolved | Dzahn | T108080 service IP can't be switched over |
Event Timeline
This is legacy from lily which @mark handled in the last migration. Looks like we could assign a new IP for lists. It's used as a secondary on the server for lists web and exim and the DNS SPF records for lists.
If we track current usage, a new one should be fine to allocate unless I'm missing something.
need new service IPs in public1-eqiad-c
then https://gerrit.wikimedia.org/r/#/c/230240/1 can be adjusted later
Change 230240 had a related patch set uploaded (by Dzahn):
fermium: override role default IPs
Looking at usage; it's sparse so we can easily add a new IP via hiera alone once the autobound{lists} variables in role::lists are in hiera.
can we start here by picking an IP (both v4 and v6) to be used in the new network? just allocate one for now would be a step forward
You cannot just use a service ip from public1-eqiad-c.... Until ganeti vm's have a public subnet for use, this seems blocked.
From the VM creation task and Alex comments there - my understanding is Ganeti is just using the public subnet for eqiad c1 and no specific subnet beyond that.
oh, then yea just allocate one out of that subnet... and setting the proper vlan id's in creation.
Change 230240 abandoned by John F. Lewis:
fermium: override role default IPs
Reason:
outdated to a significant point. producing new patch is easier.