Project

General

Profile

Actions
Copy link

tickets #115289

closed

mx3/mx4: need two new virtual machines

Added by pjessen over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
pjessen
Category:
Core services and virtual infrastructure
Target version:
-
Start date:
2022-08-14
Due date:
% Done:

90%

Estimated time:

Description

In preparation for some outage next year, we wish to add two new mail servers for opensuse.org, mx3 and mx4. One in Provo, one on our external rsync machine. Nothing unusual, 10Gb of root filesystem, 4Gb of RAM, 2-4 CPUs, one external interface.

Actions
Copy link
 #1

Updated by pjessen over 1 year ago

  • Private changed from Yes to No
Actions
Copy link
 #2

Updated by crameleon over 1 year ago

Hi,

mx3 already exists in RackTables:


summary
Common name:    mx3.infra.opensuse.org
Object type:    VM
Visible label:  mx3
Server container:   stonehat.infra.opensuse.org
contact person: admin@opensuse.org
FQDN:   mx3.infra.opensuse.org,mx3.opensuse.org
RAM (GB):   4
SW type:    openSUSE Leap 15.x

Is it obsolete and the name can be reused or do you want to increment your mx numbers? :-)

Actions
Copy link
 #4

Updated by pjessen over 1 year ago

crameleon wrote:

summary
Common name:  mx3.infra.opensuse.org
Object type:  VM
Visible label:    mx3
Server container: stonehat.infra.opensuse.org
contact person:   admin@opensuse.org
FQDN: mx3.infra.opensuse.org,mx3.opensuse.org
RAM (GB): 4
SW type:  openSUSE Leap 15.x

Is it obsolete and the name can be reused or do you want to increment your mx numbers? :-)

mx3 sounds good :-)
I was not aware we had one, but I have access etc. Locally, mx3 is known as ipx-mx1.

Actions
Copy link
 #5

Updated by pjessen over 1 year ago

  • Status changed from New to In Progress

The reverse ipv6 mapping needs updating:
mx3.o.o = 62.146.92.203, 2a01:138:a004::203
62.146.92.203 -> mx3.o.o
2a01:138:a004::203 -> slimhat.o.o

host slimhat.opensuse.org.
slimhat.opensuse.org has address 62.146.92.211
slimhat.opensuse.org has IPv6 address 2a01:138:a004::211
Actions
Copy link
 #6

Updated by crameleon over 1 year ago

  • Category deleted (Core services and virtual infrastructure)
  • Assignee deleted (opensuse-admin)

So the existing mx3 is fine and only the new mx4 is needed?
Will check PTR records afterwards.

Actions
Copy link
 #7

Updated by crameleon over 1 year ago

  • Category set to Core services and virtual infrastructure
  • Assignee set to crameleon
Actions
Copy link
 #8

Updated by pjessen over 1 year ago

crameleon wrote:

So the existing mx3 is fine and only the new mx4 is needed?

Yes, it looks like MX3 is just a bare bones VM, ready to be configured.

Actions
Copy link
 #9

Updated by crameleon over 1 year ago

  • Status changed from In Progress to Blocked
Actions
Copy link
 #10

Updated by crameleon over 1 year ago

  • Status changed from Blocked to In Progress
  • % Done changed from 40 to 70

Finished the VM setup without your completions now. Please submit a merge request filling out the empty fields in the Salt pillar ID file soon and re-apply the highstate - you can check one of the existing mx's for a template.

Details for mx4.infra.opensuse.org:
RackTables (SUSE internal): https://racktables.nue.suse.com/index.php?page=object&object_id=19348
Salt ID: https://gitlab.infra.opensuse.org/infra/salt/-/blob/production/pillar/id/mx4_infra_opensuse_org.sls
SSH Host Keys:

SHA256:Ur07RbI/g1SK5BGm/uLLQh15fAhNv731aBj7E2dHcy0 (RSA)
SHA256:0vO0/jnAibFIq78WDHPmcyB/O4WaEC7JgBxu9UmDc3I (ED25519)
SHA256:COqoMPKZ2hDsQ3OEfYFHP8yJHkzpIfnUOD943y2N/x8 (ECDSA)

New DNS records (forward, done):

mx4.opensuse.org. 3600 IN A 91.193.113.77
mx4.opensuse.org. 3600 IN AAAA 2a07:de40:401::77

New DNS records (reverse, still pending via https://github.com/SUSE/suse-it-infra/pull/3085):

--- a/route53/aws/ptr_01/0.4.e.d.7.0.a.2.ip6.arpa.tf
+++ b/route53/aws/ptr_01/0.4.e.d.7.0.a.2.ip6.arpa.tf
@@ -71,6 +71,11 @@ module "z0_4_e_d_7_0_a_2_ip6_arpa" {
+    {
+      name    = "7.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.4.0"
+      type    = "PTR"
+      records = ["mx4.opensuse.org."]
+    },

--- a/route53/aws/ptr_01/113_193_91_in-addr.tf
+++ b/route53/aws/ptr_01/113_193_91_in-addr.tf
@@ -106,6 +106,11 @@ module "z113_193_91_in-addr_arpa" {
+    {
+      name    = "77"
+      type    = "PTR"
+      records = ["mx4.opensuse.org."]
+    },

The reverse zones responsible for mx3 are not managed by SUSE or openSUSE, according to a NS query:

0.0.0.0.4.0.0.a.8.3.1.0.1.0.a.2.ip6.arpa. 60 IN SOA nsX.ext-dc.de. hostmaster.ext-dc.de. 2022021510 1800 60 60 60
92.146.62.in-addr.arpa. 3600    IN  SOA ns1.ip-exchange.de. dns.ip-partner.de. 2022021601 86400 3600 604800 86400

Will update once my tasks are complete. In the meanwhile, the machine should already be accessible via SSH.

Actions
Copy link
 #11

Updated by crameleon over 1 year ago

  • % Done changed from 70 to 80

mx4 reverse DNS is now deployed.

Actions
Copy link
 #12

Updated by crameleon over 1 year ago

  • Status changed from In Progress to Feedback
  • Assignee changed from crameleon to pjessen
Actions
Copy link
 #13

Updated by pjessen over 1 year ago

  • Status changed from Feedback to Workable

DNS setup for mx4 looks good. For mx3, the reverse ipv6 record still says "slimhat.opensuse.org.".

Fyi, it is unlikely I'll be doing any work on the MX setup this side of Christmas.

Actions
Copy link
 #14

Updated by crameleon over 1 year ago

The mx3 PTR change has been requested with the hosting provider (thank you, Bernhard!).

Actions
Copy link
 #15

Updated by bmwiedemann over 1 year ago

  • % Done changed from 80 to 90

reverse DNS was updated:

host 2a01:138:a004::203
3.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.a.8.3.1.0.1.0.a.2.ip6.arpa domain name pointer mx3.opensuse.org.

Actions
Copy link
 #16

Updated by crameleon over 1 year ago

  • Status changed from Workable to Resolved

Thanks for the update, Bernhard. Per, please update the Salt pillar/id/ when convenient. Closing this as the original request seems resolved.

Actions
Copy link

Also available in: Atom PDF