Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Guide on how to migrate chatmail to a new host #429

Merged
merged 8 commits into from
Oct 29, 2024
Merged

Conversation

missytake
Copy link
Contributor

@missytake missytake commented Oct 16, 2024

This guide doesn't require knowing about firewalls, but utilizes the cmdeploy run --disable-mail command from #428 and the cmdeploy run --ssh-host command from #439. Should be merged after those.

supercedes #417

Tested by migrating c2 back and forth, especially the second time worked like a charm :)

@missytake
Copy link
Contributor Author

I wonder whether we should also preserve the DKIM key, as it might lead to rejected messages if multiple keys are around for the same dkim selector.

Copy link
Contributor

@hpk42 hpk42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest, it all looks workable but also rather error-prone/tedious, especially the constant overwriting of host identity keys.
I think we need a "cmdeploy --ssh-host=sshname" option because then one can just add "old" and "new" to /etc/hosts and do "cmdeploy --ssh-host=old run" etc, and skip all the hostkey-overwriting. It should also help with the NAT-issue and should not be hard to do.

@link2xt
Copy link
Contributor

link2xt commented Oct 17, 2024

I wonder whether we should also preserve the DKIM key, as it might lead to rejected messages if multiple keys are around for the same dkim selector.

I think we should generate a new DKIM selector for each deployment. Using current date like 20241017 for the selector name. Ideally DKIM selector to key mapping should be possible to cache indefinitely, so reusing DKIM selectors is not a good idea.

@missytake missytake changed the base branch from main to ssh-host-432 October 27, 2024 12:57
@missytake
Copy link
Contributor Author

I wonder whether we should also preserve the DKIM key, as it might lead to rejected messages if multiple keys are around for the same dkim selector.

I think we should generate a new DKIM selector for each deployment. Using current date like 20241017 for the selector name. Ideally DKIM selector to key mapping should be possible to cache indefinitely, so reusing DKIM selectors is not a good idea.

Do you consider #195 a blocker for merging this?

@missytake
Copy link
Contributor Author

To be honest, it all looks workable but also rather error-prone/tedious, especially the constant overwriting of host identity keys. I think we need a "cmdeploy --ssh-host=sshname" option because then one can just add "old" and "new" to /etc/hosts and do "cmdeploy --ssh-host=old run" etc, and skip all the hostkey-overwriting. It should also help with the NAT-issue and should not be hard to do.

With c9b574b we're down from 16 to 9 steps :)))

README.md Outdated Show resolved Hide resolved
Copy link
Contributor

@hpk42 hpk42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall looks great, some minor comments only.
Haven't run it myself though.
Changelog entry is missing.

missytake and others added 4 commits October 28, 2024 14:59
This guide doesn't require knowing about firewalls,
but utilizes the `cmdeploy run --disable-mail` command from #428.

supercedes #417
Co-authored-by: holger krekel  <holger@merlinux.eu>
@missytake missytake requested a review from hpk42 October 29, 2024 15:46
Base automatically changed from ssh-host-432 to main October 29, 2024 15:53
@missytake missytake merged commit b92d9c8 into main Oct 29, 2024
4 checks passed
@missytake missytake deleted the migration-guide branch October 29, 2024 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants