From a6ab3543fc3112f12700966b895a0fb5a9f3fed6 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Thu, 14 Sep 2023 02:47:29 +0000 Subject: [PATCH] Move Airship and Kata lists to Mailman 3 This uncomments the list additions for the lists.airshipit.org and lists.katacontainers.io sites on the new mailman server, removing the configuration for them from the lists.opendev.org server and, in the case of the latter, removing all our configuration management for the server as it was the only site hosted there. Change-Id: Ic1c735469583e922313797f709182f960e691efc --- inventory/base/hosts.yaml | 11 --- inventory/service/groups.yaml | 2 - .../host_vars/lists.katacontainers.io.yaml | 81 ------------------- .../host_vars/lists.openstack.org.yaml | 28 ------- .../host_vars/lists01.opendev.org.yaml | 64 +++++++-------- .../test-fixtures/results.yaml | 4 - .../handlers/main.yaml | 3 - playbooks/test-lists.yaml | 11 --- playbooks/zuul/run-base.yaml | 1 - .../host_vars/lists.katacontainers.io.yaml.j2 | 1 - testinfra/test_lists_k_i.py | 37 --------- testinfra/test_lists_o_o.py | 13 --- zuul.d/infra-prod.yaml | 1 - zuul.d/system-config-run.yaml | 11 --- 14 files changed, 32 insertions(+), 236 deletions(-) delete mode 100644 inventory/service/host_vars/lists.katacontainers.io.yaml delete mode 100644 playbooks/zuul/templates/host_vars/lists.katacontainers.io.yaml.j2 delete mode 100644 testinfra/test_lists_k_i.py diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml index 26f54401b3..7eaca5cf38 100644 --- a/inventory/base/hosts.yaml +++ b/inventory/base/hosts.yaml @@ -308,17 +308,6 @@ all: - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKUtLplUhod5VnjVoTY5WHhjOHrRM6puFpFpcr9iJmOKkbnJ5V2SA8U0thFEne4XUoa/eZ3SiQ9Yt923+1MAcKQ=' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5qje1++4tUZ1U4sQ2Jsju/S4BdpCeiauSxZ2uMdQSegtjZ4GclxRjP4zJjL6P/iixTwjsu4dOEnvPt8B9JZGEaYERzKiqjIRT3I80mTjI0wsx+bN38Z2xg5Tm1O5xrOxT0rjA2zGJDRtMhk6IwmUg4DELlxUfalsWgpoZV0fYxUFneOgVuG8XY841b1igh2ScyOuSfu8RQFF3YTulzoT7o8QzgdKiliciLAWujy+4okN8wln5/atqiDuN7oi+9WYLt/HW2YZTUHd2/u+ZghgvbVVJ8xsB2gQ+BESS3P4YZsWMqM/7lz/7GVUQfolRnC5dyPOa9cwuoBW9ru6VGYH/' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSUpspKrIHEXRkP9xIa/hyKkauDvuPX0nVwWpUzQkIh' - lists.katacontainers.io: - ansible_host: 166.78.47.37 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 166.78.47.37 - public_v6: 2001:4800:7817:101:be76:4eff:fe04:80b5 - host_keys: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkPpf6WNMAxeFbR3yiq9I7ifq2TshiTPSTRflj7NpoJQlBiX59PJ0bBiAF9phhdzGW33OAx/zp055bsj1sVHLoYpLzZ4tefvObt49f0N3+Az5jSW+xbNC0pCYL4BGGJiM3AB2/PKB+8l+/RyXOo4eQJoQxAMnCRsh+X2Ibs7L+S+IOjfA72Yz89tUH9dVPkvIrqGHKf4Z8cSU5OED2xmXTFXigtspFrrWbevmwtTXSl4+LlhqDRn/vfqpNMgqqS1EjrLuQErvCUcu4Klpx+CNfh/CBhmHNBqFW0w2BIGO9AEBFRU1QwBudVcS/cdUUM7QvbImuL1Om5ZXG1jEj16BZ' - - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDQJf+iFa/hHlZTy5qZQ700atL8HzhvbcJldnZ6lF9NCAXAX6e0GaoUZkSEOeXJ5ocgt+PCgwK8SYNnCwLxb+wI=' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3KKNA1elc/w9o5Q2G35s27FPLIdNIle4SHAuWfJWH3' lists.openstack.org: ansible_host: 50.56.173.222 location: diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index eee3c04ebe..ca66a898f1 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -92,7 +92,6 @@ groups: - graphite[0-9]*.opendev.org - insecure-ci-registry[0-9]*.opendev.org - keycloak[0-9]*.opendev.org - - lists.katacontainers.io - lists.openstack.org - lists[0-9]*.opendev.org - meetpad[0-9]*.opendev.org @@ -107,7 +106,6 @@ groups: - translate[0-9]*.open*.org - zuul[0-9]*.opendev.org mailman: - - lists.katacontainers.io - lists.openstack.org mailman3: - lists[0-9]*.opendev.org diff --git a/inventory/service/host_vars/lists.katacontainers.io.yaml b/inventory/service/host_vars/lists.katacontainers.io.yaml deleted file mode 100644 index d3c4f0f57f..0000000000 --- a/inventory/service/host_vars/lists.katacontainers.io.yaml +++ /dev/null @@ -1,81 +0,0 @@ -mm_domains: lists.katacontainers.io -exim_local_domains: "@:{{ mm_domains }}" -exim_aliases: - root: "{{ ','.join(listadmins|default([])) }}" -exim_routers: - - dnslookup: '{{ exim_dnslookup_router }}' - - system_aliases: '{{ exim_system_aliases_router }}' - - localuser: '{{ exim_localuser_router }}' - - mailman_verp_router: | - {% raw -%} - driver = dnslookup - # we only consider messages sent in through loopback - condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\ - {eq{$sender_host_address}{::1}}}{yes}{no}} - {% endraw %} - # we do not do this for traffic going to the local machine - domains = !+local_domains - ignore_target_hosts = <; 0.0.0.0; \ - 127.0.0.0/8; \ - ::1/128;fe80::/10;fe \ - c0::/10;ff00::/8 - # only the un-VERPed bounce addresses are handled - senders = "*-bounces@*" - transport = mailman_verp_smtp - - mailman_router: | - driver = accept - domains = {{ mm_domains }} - require_files = /var/lib/mailman/lists/${lc::$local_part}/config.pck - local_part_suffix_optional - local_part_suffix = -admin : \ - -bounces : -bounces+* : \ - -confirm : -confirm+* : \ - -join : -leave : \ - -owner : -request : \ - -subscribe : -unsubscribe - transport = mailman_transport -exim_transports: - - mailman_transport: | - driver = pipe - command = /var/lib/mailman/mail/mailman \ - '${if def:local_part_suffix \ - {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ - {post}}' \ - $local_part - current_directory = /var/lib/mailman - home_directory = /var/lib/mailman - user = list - group = list - - mailman_verp_smtp: | - driver = smtp - # put recipient address into return_path - return_path = \ - ${local_part:$return_path}+$local_part=$domain@${domain:$return_path} - max_rcpt = 1 - # Errors-To: may carry old return_path - headers_remove = Errors-To - headers_add = Errors-To: ${return_path} -extra_users: - - jbryce -letsencrypt_certs: - lists-katacontainers-io-main: - - lists.katacontainers.io -mailman_multihost: false -mailman_listdomain: 'lists.katacontainers.io' -mailman_lists: - - name: mailman - description: 'The mailman site list' - admin: 'nobody@openstack.org' - password: "{{ mailman_list_password }}" - - name: kata-dev - description: 'Kata Containers Development Mailing List (not for usage questions)' - admin: 'jonathan@openstack.org' - password: "{{ mailman_list_password }}" - - name: kata-hypervisor - description: 'Discussion of security and virtualization targeted at container use cases' - admin: 'jonathan@openstack.org' - password: "{{ mailman_list_password }}" - - name: embargo-notice - description: 'Announcements of embargoed notices for the Kata Containers project' - admin: 'jonathan@openstack.org' - password: "{{ mailman_list_password }}" diff --git a/inventory/service/host_vars/lists.openstack.org.yaml b/inventory/service/host_vars/lists.openstack.org.yaml index 49c27b29fd..4deb5e94f5 100644 --- a/inventory/service/host_vars/lists.openstack.org.yaml +++ b/inventory/service/host_vars/lists.openstack.org.yaml @@ -117,34 +117,6 @@ letsencrypt_certs: - lists.starlingx.io mailman_multihost: true mailman_sites: - - name: airship - listdomain: lists.airshipit.org - install_languages: ['en'] - lists: - - name: mailman - description: 'The mailman site list' - admin: 'nobody@openstack.org' - password: "{{ mailman_list_password }}" - - name: airship-announce - description: 'Announcements of Airship releases and other important information.' - admin: 'jonathan@openstack.org' - password: "{{ mailman_list_password }}" - - name: airship-discuss - description: 'Discussion of Airship usage and development.' - admin: 'jonathan@openstack.org' - password: "{{ mailman_list_password }}" - - name: airship-job-failures - description: 'Notification messages for failures from CICD jobs.' - admin: 'roman.gorshunov@att.com' - password: "{{ mailman_list_password }}" - - name: airship-security - description: 'Public Airship security advisories.' - admin: 'andrew.walters@att.com' - password: "{{ mailman_list_password }}" - - name: airship-embargo-notice - description: 'Embargoed security vulnerability announcements for Airship consumers.' - admin: 'andrew.walters@att.com' - password: "{{ mailman_list_password }}" - name: openinfra listdomain: lists.openinfra.dev install_languages: ['en'] diff --git a/inventory/service/host_vars/lists01.opendev.org.yaml b/inventory/service/host_vars/lists01.opendev.org.yaml index 8254f129ac..75a19e187f 100644 --- a/inventory/service/host_vars/lists01.opendev.org.yaml +++ b/inventory/service/host_vars/lists01.opendev.org.yaml @@ -94,42 +94,42 @@ mailman_sites: - name: zuul-jobs-failures description: 'Gets notifications about zuul-jobs periodic job failures.' owner: 'corvus@inaugust.com' + - listdomain: lists.airshipit.org + install_languages: ['en'] + lists: + - name: airship-announce + description: 'Announcements of Airship releases and other important information.' + owner: 'jonathan@openstack.org' + - name: airship-discuss + description: 'Discussion of Airship usage and development.' + owner: 'jonathan@openstack.org' + - name: airship-embargo-notice + description: 'Embargoed security vulnerability announcements for Airship consumers.' + owner: 'andrew.walters@att.com' + private: true + - name: airship-job-failures + description: 'Notification messages for failures from CICD jobs.' + owner: 'roman.gorshunov@att.com' + - name: airship-security + description: 'Public Airship security advisories.' + owner: 'andrew.walters@att.com' + - listdomain: lists.katacontainers.io + install_languages: ['en'] + lists: + - name: embargo-notice + description: 'Announcements of embargoed notices for the Kata Containers project' + owner: 'jonathan@openstack.org' + private: true + - name: kata-dev + description: 'Kata Containers Development Mailing List (not for usage questions)' + owner: 'jonathan@openstack.org' + - name: kata-hypervisor + description: 'Discussion of security and virtualization targeted at container use cases' + owner: 'jonathan@openstack.org' # The domains and lists below are currently commented out as we intend on # deploying a single domain and its lists at a time starting with # lists.opendev.org. As we deploy other domains we can uncomment these # blocks. Double check no new lists are been added or removed first. - #- listdomain: lists.airshipit.org - # install_languages: ['en'] - # lists: - # - name: airship-announce - # description: 'Announcements of Airship releases and other important information.' - # owner: 'jonathan@openstack.org' - # - name: airship-discuss - # description: 'Discussion of Airship usage and development.' - # owner: 'jonathan@openstack.org' - # - name: airship-embargo-notice - # description: 'Embargoed security vulnerability announcements for Airship consumers.' - # owner: 'andrew.walters@att.com' - # private: true - # - name: airship-job-failures - # description: 'Notification messages for failures from CICD jobs.' - # owner: 'roman.gorshunov@att.com' - # - name: airship-security - # description: 'Public Airship security advisories.' - # owner: 'andrew.walters@att.com' - #- listdomain: lists.katacontainers.io - # install_languages: ['en'] - # lists: - # - name: embargo-notice - # description: 'Announcements of embargoed notices for the Kata Containers project' - # owner: 'jonathan@openstack.org' - # private: true - # - name: kata-dev - # description: 'Kata Containers Development Mailing List (not for usage questions)' - # owner: 'jonathan@openstack.org' - # - name: kata-hypervisor - # description: 'Discussion of security and virtualization targeted at container use cases' - # owner: 'jonathan@openstack.org' #- listdomain: lists.openinfra.dev # install_languages: ['en'] # lists: diff --git a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml index 3929711e34..3d561bc57a 100644 --- a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml +++ b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml @@ -22,10 +22,6 @@ results: - letsencrypt - webservers - lists.katacontainers.io: - - letsencrypt - - mailman - mirror01.regionone.linaro.opendev.org: - afs-client - kerberos-client diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml index 4e2703d64a..a6fd149774 100644 --- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml +++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml @@ -42,9 +42,6 @@ include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml # mailman -- name: letsencrypt updated lists-katacontainers-io-main - include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml - - name: letsencrypt updated lists-openstack-org-main include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml diff --git a/playbooks/test-lists.yaml b/playbooks/test-lists.yaml index c50488af00..63d6ecfe44 100644 --- a/playbooks/test-lists.yaml +++ b/playbooks/test-lists.yaml @@ -12,17 +12,6 @@ loop_control: loop_var: zuul_mailman_site -- hosts: "lists.katacontainers.io" - tasks: - - # Make sure Mailman services are running so that they will attempt to - # deliver any pending list admin notifications and we can capture that - # activity in the Exim logs. - - name: Restart Mailman services - service: - name: "mailman" - state: restarted - - hosts: "localhost" tasks: diff --git a/playbooks/zuul/run-base.yaml b/playbooks/zuul/run-base.yaml index 80902c6248..81e3fdc0cd 100644 --- a/playbooks/zuul/run-base.yaml +++ b/playbooks/zuul/run-base.yaml @@ -143,7 +143,6 @@ - host_vars/letsencrypt01.opendev.org.yaml - host_vars/letsencrypt02.opendev.org.yaml - host_vars/lists.openstack.org.yaml - - host_vars/lists.katacontainers.io.yaml - host_vars/gitea99.opendev.org.yaml - host_vars/grafana01.opendev.org.yaml - host_vars/mirror01.openafs.provider.opendev.org.yaml diff --git a/playbooks/zuul/templates/host_vars/lists.katacontainers.io.yaml.j2 b/playbooks/zuul/templates/host_vars/lists.katacontainers.io.yaml.j2 deleted file mode 100644 index 277ccbaebd..0000000000 --- a/playbooks/zuul/templates/host_vars/lists.katacontainers.io.yaml.j2 +++ /dev/null @@ -1 +0,0 @@ -mailman_list_password: notarealpassword diff --git a/testinfra/test_lists_k_i.py b/testinfra/test_lists_k_i.py deleted file mode 100644 index 1ef2d220a2..0000000000 --- a/testinfra/test_lists_k_i.py +++ /dev/null @@ -1,37 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -testinfra_hosts = ['lists.katacontainers.io'] - -def test_mm_list_is_present(host): - cmd = host.run('list_lists --bare') - assert 'kata-dev' in cmd.stdout - -def test_mm_list_site(host): - cmd = host.run('curl --insecure ' - '--resolve lists.katacontainers.io:443:127.0.0.1 ' - 'https://lists.katacontainers.io/cgi-bin/mailman/listinfo') - assert 'lists.katacontainers.io Mailing Lists' in cmd.stdout - -def test_mm_list_site_redirect_http(host): - cmd = host.run('curl ' - '--resolve lists.katacontainers.io:80:127.0.0.1 ' - 'http://lists.katacontainers.io/cgi-bin/mailman/listinfo') - assert ('The document has moved here') in cmd.stdout - -def test_mm_list_site_static_files(host): - cmd = host.run('curl --insecure ' - '--resolve lists.katacontainers.io:443:127.0.0.1 ' - 'https://lists.katacontainers.io/robots.txt') - assert 'Disallow: /' in cmd.stdout diff --git a/testinfra/test_lists_o_o.py b/testinfra/test_lists_o_o.py index 51ff453e6b..7b3384c7d3 100644 --- a/testinfra/test_lists_o_o.py +++ b/testinfra/test_lists_o_o.py @@ -13,9 +13,6 @@ testinfra_hosts = ['lists.openstack.org'] def test_mm_list_is_present(host): - cmd = host.run('HOST=lists.airshipit.org list_lists --bare') - assert 'airship-discuss' in cmd.stdout - cmd = host.run('HOST=lists.openinfra.dev list_lists --bare') assert 'staff' in cmd.stdout @@ -26,10 +23,6 @@ def test_mm_list_is_present(host): assert 'starlingx-discuss' in cmd.stdout def test_mm_list_site(host): - cmd = host.run('curl --insecure ' - '--resolve lists.airshipit.org:443:127.0.0.1 ' - 'https://lists.airshipit.org/cgi-bin/mailman/listinfo') - assert 'lists.airshipit.org Mailing Lists' in cmd.stdout cmd = host.run('curl --insecure ' '--resolve lists.openinfra.dev:443:127.0.0.1 ' 'https://lists.openinfra.dev/cgi-bin/mailman/listinfo') @@ -44,12 +37,6 @@ def test_mm_list_site(host): assert 'lists.starlingx.io Mailing Lists' in cmd.stdout def test_mm_list_site_redirect_http(host): - cmd = host.run('curl ' - '--resolve lists.airshipit.org:80:127.0.0.1 ' - 'http://lists.airshipit.org/cgi-bin/mailman/listinfo') - assert ('The document has moved here') in cmd.stdout cmd = host.run('curl ' '--resolve lists.openinfra.dev:80:127.0.0.1 ' 'http://lists.openinfra.dev/cgi-bin/mailman/listinfo') diff --git a/zuul.d/infra-prod.yaml b/zuul.d/infra-prod.yaml index cfb40facd4..fbd5785149 100644 --- a/zuul.d/infra-prod.yaml +++ b/zuul.d/infra-prod.yaml @@ -570,7 +570,6 @@ files: - inventory/base - inventory/service/host_vars/lists.openstack.org.yaml - - inventory/service/host_vars/lists.katacontainers.io.yaml - playbooks/roles/iptables/ - playbooks/roles/base/exim - playbooks/roles/mailman/ diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index ae4ebb21e0..0016c47ac9 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -290,8 +290,6 @@ - <<: *bridge_node_x86 - name: lists.openstack.org label: ubuntu-focal - - name: lists.katacontainers.io - label: ubuntu-focal groups: - <<: *bastion_group required-projects: @@ -299,15 +297,12 @@ files: - playbooks/bootstrap-bridge.yaml - inventory/service/host_vars/lists.openstack.org.yaml - - inventory/service/host_vars/lists.katacontainers.io.yaml - inventory/service/group_vars/mailman.yaml - playbooks/roles/base/exim - playbooks/roles/mailman/ - playbooks/service-lists.yaml - playbooks/test-lists.yaml - playbooks/zuul/templates/host_vars/lists.openstack.org.yaml.j2 - - playbooks/zuul/templates/host_vars/lists.katacontainers.io.yaml.j2 - - testinfra/test_lists_k_i.py - testinfra/test_lists_o_o.py - playbooks/zuul/run-lists-post.yaml vars: @@ -318,12 +313,6 @@ - playbooks/service-lists.yaml run_test_playbook: playbooks/test-lists.yaml host-vars: - lists.katacontainers.io: - host_copy_output: - '/var/log/acme.sh': logs - '/var/log/apache2': logs - '/var/log/mailman': logs - '/etc/apache2/sites-enabled': logs lists.openstack.org: host_copy_output: '/etc/aliases.domain': logs_txt