baserock_mail: Update on top of Fedora 23, redeploy

The instance-config.yml script was failing to create a valid EXIM config
against the default /etc/exim.conf in Fedora 23, this is fixed now. The
regexp configuration approach is rather fragile.

Change-Id: Id1b4e3a854cb579ee58c1c4f7674415c6e8c096a

6 files changed, 49 insertions, 13 deletions

diff --git a/README.mdwn b/README.mdwn
index a9db18d5..b47a54d3 100644
--- a/README.mdwn
+++ b/README.mdwn
@@ -229,14 +229,31 @@ you want to check the database configuration matches what you expect.
 
 ### Mail relay
 
-The mail relay is currently a Fedora Cloud 21 image running Exim. You should be
-able to take a Fedora Cloud 21 base image, instantiate it in the
-'internal-mail-relay' security group, and then run
-'baserock_mail/instance-config.yml' to configure it and start the service.
+The mail relay is currently a Fedora Cloud 23 image running Exim.
 
 It is configured to only listen on its internal IP. It's not intended to
 receive mail, or relay mail sent by systems outside the baserock.org cloud.
 
+To deploy it:
+
+    nova boot mail \
+        --key-name $keyname \
+        --flavor dc1.1x0 \
+        --image $fedora_image_id \
+        --nic "net-id=$network_id,v4-fixed-ip=192.168.222.145" \
+        --security-groups default,internal-mail-relay \
+        --user-data ./baserock-ops-team.cloud-config
+
+    ansible-playbook -i hosts baserock_mail/image-config.yml
+    ansible-playbook -i hosts baserock_mail/instance-config.yml
+
+The mail relay machine is stateless.
+
+The internal IP address of this machine is hardcoded in some places (beyond the
+usual haproxy.cfg file), use 'git grep' to find all of them. You'll need to
+update all the relevant config files. We really need some internal DNS system
+to avoid this hassle.
+
 ### OpenID provider
 
 To deploy this system to production:
diff --git a/baserock_gerrit/gerrit.config b/baserock_gerrit/gerrit.config
index 41307e4a..2b253c03 100644
--- a/baserock_gerrit/gerrit.config
+++ b/baserock_gerrit/gerrit.config
@@ -21,7 +21,7 @@
 	# using XRDS.
 	openIdSsoUrl = https://openid.baserock.org/openid/xrds/
 [sendemail]
-	smtpServer = 192.168.222.111
+	smtpServer = 192.168.222.145
 	# Send mails as '${user} (Code Review) <gerrit.baserock.org>'
 	# The gerrit@baserock.org email comes from the user.email setting
 	# below
diff --git a/baserock_hosts b/baserock_hosts
index e84fd91a..f72c964b 100644
--- a/baserock_hosts
+++ b/baserock_hosts
@@ -19,7 +19,7 @@ mason-x86-64 ansible_ssh_host=192.168.222.80
 [fedora]
 frontend-haproxy ansible_ssh_host=185.43.218.170
 database-mariadb ansible_ssh_host=192.168.222.30
-mail ansible_ssh_host=192.168.222.111
+mail ansible_ssh_host=192.168.222.145
 openid ansible_ssh_host=192.168.222.144
 webserver ansible_ssh_host=192.168.222.127
 
diff --git a/baserock_mail/image-config.yml b/baserock_mail/image-config.yml
new file mode 100644
index 00000000..8d65b4f7
--- /dev/null
+++ b/baserock_mail/image-config.yml
@@ -0,0 +1,22 @@
+# System configuration for Baserock mail relay.
+#
+# This Ansible playbook expects to be run on a Fedora 23 Cloud image.
+---
+- hosts: mail
+  gather_facts: false
+  sudo: yes
+  tasks:
+  # See: https://fedoramagazine.org/getting-ansible-working-fedora-23/
+  - name: install Python2 and required deps for Ansible modules
+    raw: dnf install -y python2 python2-dnf libselinux-python
+
+  - name: enable persistant journal
+    shell: mkdir /var/log/journal
+    args:
+      creates: /var/log/journal
+
+  - name: ensure system up to date
+    dnf: name=* state=latest
+
+  - name: exim4 installation
+    dnf: name=exim state=installed
diff --git a/baserock_mail/instance-config.yml b/baserock_mail/instance-config.yml
index f4cb4927..cd276df7 100644
--- a/baserock_mail/instance-config.yml
+++ b/baserock_mail/instance-config.yml
@@ -1,17 +1,14 @@
 # Configuration for Baserock mail relay
 #
-# This Ansible playbook expects to be run on a Fedora 21 Cloud image.
+# This Ansible playbook expects to be run after the image-config.yml playbook.
 ---
 - hosts: mail
   gather_facts: false
   sudo: yes
   vars:
-    LOCAL_IP: 192.168.222.111
+    LOCAL_IP: 192.168.222.145
     PUBLIC_IP: 185.43.218.171
   tasks:
-  - name: exim4 installation
-    yum: name=exim state=installed
-
   # Fedora provides a default /etc/exim/exim.conf. Rather than copy it and
   # overwrite it, since we only need to make a few changes, I've used the
   # lineinfile module to do search-and-replace. It's a bit ugly though. It
@@ -67,7 +64,7 @@
   # For now, we just have the IP.
   - name: set primary hostname to public IP
     lineinfile:
-      regexp: '^#?primary_hostname = .*$'
+      regexp: '^#?\s+primary_hostname =.*$'
       line: 'primary_hostname = {{ PUBLIC_IP }}'
       dest: /etc/exim/exim.conf
 
diff --git a/baserock_storyboard/storyboard-vars.yml b/baserock_storyboard/storyboard-vars.yml
index 071ce8c9..1b7f3663 100644
--- a/baserock_storyboard/storyboard-vars.yml
+++ b/baserock_storyboard/storyboard-vars.yml
@@ -33,7 +33,7 @@ mysql_packages:
 
 storyboard_enable_email: 'True'
 storyboard_email_sender: StoryBoard (Do Not Reply) <do_not_reply@baserock.org>
-storyboard_email_smtp_host: 192.168.222.111
+storyboard_email_smtp_host: 192.168.222.145
 storyboard_email_smtp_timeout: 10
 
 storyboard_fqdn: storyboard.baserock.org