All entries for Monday 02 April 2007
April 02, 2007
Over the weekend, we migrated from qmail to Postfix on molotov. This is the culmination of two or three years of planning, but I don’t feel like writing a triumphant blog entry about it – while it is true that Postfix is running, it doesn’t feel finished yet. There are a number of rough edges in the configuration, and they will get fixed up over time.
The number of non-free packages on molotov is falling. With qmail gone, we’re down to Sun’s JVMs 5 & 6, and pine. Sun are releasing the remaining source code to most of the class libraries this spring – the latest rumour I heard suggested May. Alpine, the new version of pine under the Apache Licence v2.0, made a 0.98 release last week, so things are looking optimistic there. By the time I hand over the technical side of CompSoc to somebody else, we should be using 100% free software on the servers, with the possible exception of the gaming server.
For anyone who suggests this to be simply idealogically-motivated ‘zealotry’ or ‘fanaticism’, one aspect of the qmail migration illustrated the practical reasons for choosing the Debian-supported approach quite well. On Saturday evening, after struggling for a while to get SMTP-auth over TLS working with Postfix, I made the decision that it would be easier to put qmail back for the evening, and have another try the next morning. So, I went to install the latest version of qmail from the source packages. (Recall that the author of qmail does not allow modified binary redistributions.)
Having built and installed qmail again, I tested SMTP auth and TLS, to no avail. We had been using a patch against qmail that added these features. I hunted down the patch we were using, but it no longer applied either to the unmodified qmail source, or to the Debian-patched qmail source. Not wanting to mess around any further with patching qmail, it was actually easier to go back and finish installing Postfix. (I’d missed the fact that I needed to add the ‘postfix’ user to the ‘sasl’ group, and after that it all fell into place.)
If I couldn’t upgrade qmail during a migration, this means that we couldn’t have upgraded qmail at any point while we were using it. Our version was several Debian revision numbers out of date. (Recall also that the author of qmail has not released an update since June 1998, and everyone has to maintain a set of patches against that tarball, because of the licence.)
I do not want to have to patch the software we use, and I do not want to hand over a system that involves patching source tarballs. Broadly, I want to make administering the servers a task that a team of trained chimps could manage – it will make my life easier, as well as the lives of those who take over next year. The best way to do this is to ensure that we are using software that someone else (i.e. Debian or Ubuntu) is maintaining, and that generally means using free software.