switch mail from gmail relay to direct

futel · Aug 18, 2017 · 98dcad4 · 98dcad4
1 parent c90883a
commit 98dcad4
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 57 deletions.
diff --git a/asteriskserver/README b/asteriskserver/README
@@ -9,7 +9,7 @@ python -m unittest discover test
 
 all droplets:
 image CentOS 6.9 x32
-hostname futel-stage
+hostname futel-stage.phu73l.net
 size smallest
 region San Francisco 1
 ssh key (personal key)
@@ -22,42 +22,43 @@ wait for DNS to propagate
 create or check out release branch
 
 SSH into prod to find out what conf version is being used:
-ssh -F src/ssh_config futel-prod.phu73l.net 'grep "foo\|bar" /opt/asterisk/etc/asterisk/sip_callcentric.conf'
 
-ansible-playbook -i hosts baseinstall_playbook.yml --vault-password-file=conf/vault_pass.txt --extra-vars conf_version=<conf version not used by prod>
-ansible-playbook -i hosts secure_playbook.yml
-src/promote_stage.sh futel-stage.phu73l.net
+  ssh -F src/ssh_config futel-prod.phu73l.net 'grep "foo\|bar" /opt/asterisk/etc/asterisk/sip_callcentric.conf'
+
+deploy stage:
+
+  ansible-playbook -i hosts baseinstall_playbook.yml --vault-password-file=conf/vault_pass.txt --extra-vars conf_version=<conf version not used by prod>
+  ansible-playbook -i hosts secure_playbook.yml
+  src/promote_stage.sh futel-stage.phu73l.net
 
 if testplan has changed since last release branch, update google sheet testplan,
 keeping dates of nonupdated completed tests
 test stage against google sheet testplan
 
 ## promote stage to prod
 
-rename futel-prod droplet to futel-prod-back
-rename futel-stage droplet to futel-prod
-rename futel-prod hostname to futel-prod-back
-rename futel-stage hostname to futel-prod
+rename futel-prod.phu73l.net droplet to futel-prod-back
+rename futel-stage.phu73l.net droplet to futel-prod.phu73l.net
+rename futel-prod.phu73l.net hostname to futel-prod-back
+rename futel-stage.phu73l.net hostname to futel-prod.phu73l.net
   ssh -t -F src/ssh_config futel-prod.phu73l.net
   sudo hostname futel-prod-back && sudo sed -i '$s/futel-prod/futel-prod-back/' /etc/sysconfig/network
   ssh -t -F src/ssh_config futel-stage.phu73l.net
   sudo hostname futel-prod && sudo sed -i '$s/futel-stage/futel-prod/' /etc/sysconfig/network
 src/promote_stage.sh futel-stage.phu73l.net 
-change A record for futel-prod to point to new futel-prod
-remove A record for futel-stage
-point all callcentric DID forwarding rules to extensions corresponding to new
-futel-prod conf_version
+change A record for futel-prod.phu73l.net to point to new futel-prod.phu73l.net
+remove A record for futel-stage.phu73l.net
+point all callcentric DID forwarding rules to extensions corresponding to new conf_version on futel-prod.phu73l.net
   futel-r2d2 user to foo|bar
-point all voip.ms DID forwarding rules to subaccounts corresponding to new
-futel-prod conf_version
+point all voip.ms DID forwarding rules to subaccounts corresponding to new conf_version on futel-prod.phu73l.net
   185060_prod-foo|bar subaccount
 wait for DNS to propagate
 stop asterisk on futel-prod-back
   sudo service asterisk stop
 make a snapshot of futel-prod-back
 destroy droplet futel-prod-back
-test that futel-prod outgoing calls work
-test that futel-prod incoming call to incoming line works
-test that futel-prod incoming calls to extensions work or get channel unavailable
+test that prod outgoing calls work
+test that prod incoming call to incoming line works
+test that prod incoming calls to extensions work or get channel unavailable
 remove snapshots of futel-prod-back except for most recent
-test that futel-prod incoming calls to extensions work (may take time)
+test that prod incoming calls to extensions work (may take time)
diff --git a/asteriskserver/config.yml b/asteriskserver/config.yml
@@ -1,14 +1,5 @@
 ---
 # misc config of distro packages
-- name: load secrets
-  include_vars: "config_secrets.yml"
-  no_log: true
-- name: write relay creds
-  template:
-    src: src/sasl_passwd.j2
-    dest: /etc/postfix/sasl_passwd
-- name: update postfix to use relay creds
-  shell: postmap /etc/postfix/sasl_passwd
 - name: write postfix config
   copy:
     src: src/postfix/main.cf

diff --git a/asteriskserver/config_secrets.yml b/asteriskserver/config_secrets.yml
diff --git a/asteriskserver/src/postfix/main.cf b/asteriskserver/src/postfix/main.cf
@@ -1,33 +1,19 @@
-# postfix main.cf
 queue_directory = /var/spool/postfix
-
 command_directory = /usr/sbin
-
 daemon_directory = /usr/libexec/postfix
-
 data_directory = /var/lib/postfix
-
 mail_owner = postfix
-
 inet_interfaces = localhost
-
 inet_protocols = ipv4
+smtp_tls_security_level = may
+smtpd_tls_security_level = may
 
+#mydomain                = phu73l.net
+#myhostname              = futel-prod.phu73l.net
 mydestination = $myhostname, localhost.$mydomain, localhost
 
 unknown_local_recipient_reject_code = 550
 
-# gmail relay setup
-# XXX this may break local delivery? does that matter? probably not
-# XXX test this
-relayhost = [smtp.gmail.com]:587
-smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = 
-smtp_sasl_mechanism_filter = plain
-smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.trust.crt
-smtp_use_tls = yes
-
 alias_maps = hash:/etc/aliases
 
 alias_database = hash:/etc/aliases

diff --git a/asteriskserver/src/sasl_passwd.j2 b/asteriskserver/src/sasl_passwd.j2