From cab53d10aca58646b71f4b01b6eec015d6682e88 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Wed, 11 Oct 2023 18:54:47 +0000 Subject: [PATCH] Remove the old mailing list server Clean up references to lists.openstack.org other than as a virtual host on the new lists01.opendev.org Mailman v3 server. Update a few stale references to the old openstack-infra mailing list (and accompanying stale references to the OpenStack Foundation and OpenStack Infra team). Update our mailing list service documentation to reflect the new system rather than the old one. Once this change merges, we can create an archival image of the old server and delete it (as well as removing it from our emergency skip list for Ansible). Side note, the lists.openstack.org server will be 11.5 years old on November 1, created 2012-05-01 21:14:53 UTC. Farewell, old friend! Change-Id: I54eddbaaddc7c88bdea8a1dbc88f27108c223239 --- doc/source/lists.rst | 81 ++------- doc/source/project.rst | 6 +- hiera/common.yaml | 1 - inventory/base/hosts.yaml | 11 -- inventory/service/groups.yaml | 4 - .../host_vars/lists.openstack.org.yaml | 168 ------------------ .../static/files/ask.openstack.org/index.html | 3 +- playbooks/test-lists.yaml | 26 --- playbooks/zuul/run-base.yaml | 1 - playbooks/zuul/run-lists-post.yaml | 11 -- testinfra/test_lists_o_o.py | 62 ------- zuul.d/infra-prod.yaml | 14 -- zuul.d/project.yaml | 9 - zuul.d/system-config-run.yaml | 42 ----- 14 files changed, 23 insertions(+), 416 deletions(-) delete mode 100644 inventory/service/host_vars/lists.openstack.org.yaml delete mode 100644 playbooks/test-lists.yaml delete mode 100644 testinfra/test_lists_o_o.py diff --git a/doc/source/lists.rst b/doc/source/lists.rst index 08aedbd488..e02abab0b2 100644 --- a/doc/source/lists.rst +++ b/doc/source/lists.rst @@ -5,33 +5,33 @@ Mailing Lists ############# -`Mailman `_ is installed on -lists.openstack.org to run OpenStack related mailing lists, as well as -host list archives. +`The Mailman Suite `_ (Mailman Core, Postorius, +Hyperkitty) is installed on lists.opendev.org to run mailing lists for the +OpenDev Collaboratory and projects it hosts, as well as archives of those +lists. At a Glance =========== :Hosts: - * http://lists.openstack.org + * https://lists.opendev.org (and numerous other aliases) :Ansible: - * :git_file:`playbooks/service-lists.yaml` - * :git_file:`playbooks/roles/mailman` - * :git_file:`playbooks/roles/mailman-site` - * :git_file:`playbooks/roles/mailman-list` + * :git_file:`playbooks/service-lists3.yaml` + * :git_file:`playbooks/roles/mailman3` :Projects: - * http://www.gnu.org/software/mailman/ + * https://www.list.org/ + * https://gitlab.com/mailman/ :Bugs: * https://storyboard.openstack.org/#!/project/748 - * https://bugs.launchpad.net/mailman + * https://gitlab.com/mailman/ :Resources: - * `Mailman Documentation `_ + * `Mailman Documentation `_ Adding a List ============= A list may be added by adding it to the ``openstack-infra/system-config`` -repository in :git_file:`inventory/service/host_vars/lists.openstack.org.yaml`. +repository in :git_file:`inventory/service/host_vars/lists01.opendev.org.yaml`. For example: .. code-block:: yaml @@ -41,61 +41,14 @@ For example: admin: 'admin@example.com' password: "{{ mailman_list_password }}" -Scripted Changes to Lists -========================= +Scripted Interaction with Lists +=============================== This may only be performed with root access to the list server. -Mailman supports running a python code snippet in the context of -individual lists or every list on the system. The following example -adds an address to the list of banned addresses for every list. This -has proved useful in the case of attackers abusing the HTTP -subscription interface to subscribe a target's address to multiple -mailing lists. - -Banning an Address from All Lists ---------------------------------- - -Create the file `/usr/lib/mailman/bin/ban.py` with the following -content: - -.. code-block:: python - - def ban(m, address): - try: - m.Lock() - if address not in m.ban_list: - m.ban_list.append(address) - m.Save() - finally: - m.Unlock() - -And then run the withlist script as: - .. code-block:: bash - sudo -u list /usr/lib/mailman/bin/withlist -a -r ban "
" + sudo docker-compose -f /etc/mailman-compose/docker-compose.yaml exec -T -u mailman mailman-core mailman help -Because the script itself handles locking, do not use the `-l` -argument to withlist. To run the same script on a single list, use: - -.. code-block:: bash - - sudo -u list /usr/lib/mailman/bin/withlist -r ban listname "
" - -Note that the ban list accepts regular expressions, so to ban an -address and all suffixes, use '^address.*@example.com' as the "address -to ban". - -Lock Files ----------- - -If a list stops handling traffic for some time, it may be due to a -stale lock file. Mailman locks are in /srv/mailman/openstack/locks. -If a lock is held for a list, then ``listname.lock`` will exist. The -contents of the file will be the name of the lock sequence file which -was used to obtain the lock. That file is in the form -``listname.lock.hostname.pid.sequence``. If the process id in that -string no longer exists, it's safe to assume the process died without -cleaning up the lock. It should generally be safe to remove the -lockfile in that case. +Use context help for the CLI's many subcommands, or see the Mailman v3 +documentation for more details. diff --git a/doc/source/project.rst b/doc/source/project.rst index d2632413a9..4f18150ccb 100644 --- a/doc/source/project.rst +++ b/doc/source/project.rst @@ -39,7 +39,11 @@ Contributing this list to get smaller over time. We welcome contributions from new contributors. Reading this -documentation is the first step. You should also join our `mailing list `_. +documentation is the first step. You should also join our `announcements +`_ +and `discussion +`_ +mailing lists. We are most active on IRC, so please join the **#opendev** channel on OFTC. diff --git a/hiera/common.yaml b/hiera/common.yaml index 8b3f3f391c..93a1eae62e 100644 --- a/hiera/common.yaml +++ b/hiera/common.yaml @@ -29,7 +29,6 @@ cacti_hosts: - kdc03.openstack.org - kdc04.openstack.org - keycloak01.opendev.org -- lists.openstack.org - lists01.opendev.org - nb01.opendev.org - nb02.opendev.org diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml index 7eaca5cf38..4f3e5d8eca 100644 --- a/inventory/base/hosts.yaml +++ b/inventory/base/hosts.yaml @@ -308,17 +308,6 @@ all: - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKUtLplUhod5VnjVoTY5WHhjOHrRM6puFpFpcr9iJmOKkbnJ5V2SA8U0thFEne4XUoa/eZ3SiQ9Yt923+1MAcKQ=' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5qje1++4tUZ1U4sQ2Jsju/S4BdpCeiauSxZ2uMdQSegtjZ4GclxRjP4zJjL6P/iixTwjsu4dOEnvPt8B9JZGEaYERzKiqjIRT3I80mTjI0wsx+bN38Z2xg5Tm1O5xrOxT0rjA2zGJDRtMhk6IwmUg4DELlxUfalsWgpoZV0fYxUFneOgVuG8XY841b1igh2ScyOuSfu8RQFF3YTulzoT7o8QzgdKiliciLAWujy+4okN8wln5/atqiDuN7oi+9WYLt/HW2YZTUHd2/u+ZghgvbVVJ8xsB2gQ+BESS3P4YZsWMqM/7lz/7GVUQfolRnC5dyPOa9cwuoBW9ru6VGYH/' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSUpspKrIHEXRkP9xIa/hyKkauDvuPX0nVwWpUzQkIh' - lists.openstack.org: - ansible_host: 50.56.173.222 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 50.56.173.222 - public_v6: 2001:4800:780e:510:3bc3:d7f6:ff04:b736 - host_keys: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJXPszbNKhny/BiR9JAC/yvV5Knqh6ZgUlk21XzJlk7D3kCBcyuMCSlWskvQU/59pYM5pDSBf8+a//pvxoR3Cm0MBPrMEYGT3LcGY/lxsgHoHaHhMgRvdHKVNPsO852CuecCB31HnUZ5c0cZJQ3V5UzZzld5FRvp9tV6vxKdaLrkA8HEuktMj59Tgm3zUv7a6Ou6JV78NC8zFAw73ZUZYNgRZ118MSd3ZogBoHOLY0FEWF6vwYHOC3qp3655+SEHEzJOVxknntxeeaopVLqxuIOkfjDCAc8DIBhbFr/IevK34XWSlRJjXvQnYKpzA1/urwugsLvQKqFwjeVQZOn5Bb' - - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7wzqKuzV5f6N5lCoOMqdXE0j/LpGAU5/vfPadqzadQCY4xApfpbJgCnGWJ6dESAKhv8HRIZ7nVKuns8NfNQIU=' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4fR5POWlUrnu8JGSKLCxPFY5VCOwveqsDgCDWimWCD' lists01.opendev.org: ansible_host: 162.209.78.70 location: diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index ca66a898f1..24d34edfa7 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -39,7 +39,6 @@ groups: - lists99.opendev.org # All these servers are "special-cased" in specifically # as they are puppet and should be replaced "soon" - - lists.openstack.org - storyboard01.opendev.org - translate01.openstack.org borg-backup-server: @@ -92,7 +91,6 @@ groups: - graphite[0-9]*.opendev.org - insecure-ci-registry[0-9]*.opendev.org - keycloak[0-9]*.opendev.org - - lists.openstack.org - lists[0-9]*.opendev.org - meetpad[0-9]*.opendev.org - mirror[0-9]*.opendev.org @@ -105,8 +103,6 @@ groups: - tracing[0-9]*.opendev.org - translate[0-9]*.open*.org - zuul[0-9]*.opendev.org - mailman: - - lists.openstack.org mailman3: - lists[0-9]*.opendev.org meetpad: diff --git a/inventory/service/host_vars/lists.openstack.org.yaml b/inventory/service/host_vars/lists.openstack.org.yaml deleted file mode 100644 index 9c7b1fa95d..0000000000 --- a/inventory/service/host_vars/lists.openstack.org.yaml +++ /dev/null @@ -1,168 +0,0 @@ -mm_domains: 'lists.openstack.org' -exim_local_domains: "@:{{ mm_domains }}" -exim_enable_spf: true -exim_aliases: - root: "{{ ','.join(listadmins|default([])) }}" - interop-wg: openstack-discuss - openstack: openstack-discuss - openstack-dev: openstack-discuss - openstack-infra: openstack-discuss - openstack-operators: openstack-discuss - openstack-security: openstack-discuss - openstack-sigs: openstack-discuss - openstack-tc: openstack-discuss - user-committee: openstack-discuss - airship-discuss-owner: spam - community-owner: spam - edge-computing-owner: spam - foundation-board-confidential-owner: spam - foundation-board-owner: spam - foundation-owner: spam - legal-discuss-owner: spam - mailman-owner: spam - marketing-owner: spam - openstack-announce-owner: spam - openstack-docs-owner: spam - openstack-fr-owner: spam - openstack-i18n-owner: spam - openstack-infra-owner: spam - openstack-ko-owner: spam - openstack-qa-owner: spam - product-wg-owner: spam - user-committee-owner: spam - spam: ':fail: delivery temporarily disabled due to ongoing spam flood' -exim_domain_aliases: - community@lists.openstack.org: community@lists.openinfra.dev - edge-computing@lists.openstack.org: edge-computing@lists.opendev.org - foundation@lists.openstack.org: foundation@lists.openinfra.dev - foundation-board@lists.openstack.org: foundation-board@lists.openinfra.dev - foundation-board-confidential@lists.openstack.org: foundation-board-confidential@lists.openinfra.dev - goldmembers@lists.openstack.org: goldmembers@lists.openinfra.dev - marketing@lists.openstack.org: marketing@lists.openinfra.dev - staff@lists.openstack.org: staff@lists.openinfra.dev - summit-programming-committee@lists.openinfra.dev: summit-track-chairs@lists.openinfra.dev - summitsponsors@lists.openstack.org: summitsponsors@lists.openinfra.dev -exim_routers: - - mailman_verp_router: | - {% raw -%} - driver = dnslookup - condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\ - {eq{$sender_host_address}{::1}}}{yes}{no}} - {% endraw %} - domains = !+local_domains - ignore_target_hosts = <; 0.0.0.0; \ - 127.0.0.0/8; \ - ::1/128;fe80::/10;fe \ - c0::/10;ff00::/8 - senders = "*-bounces@*" - transport = mailman_verp_smtp - - dnslookup: '{{ exim_dnslookup_router }}' - - system_aliases: '{{ exim_system_aliases_router }}' - - domain_aliases: | - driver = redirect - allow_fail - allow_defer - data = ${lookup{$local_part@$domain}lsearch{/etc/aliases.domain}} - file_transport = address_file - pipe_transport = address_pipe - - localuser: '{{ exim_localuser_router }}' - - mailman_copy: | - driver = accept - domains = lists.openstack.org - local_parts = openstack-discuss - transport = local_copy - unseen - - mailman_router: | - driver = accept - domains = {{ mm_domains }} - local_part_suffix = -admin : \ - -bounces : -bounces+* : \ - -confirm : -confirm+* : \ - -join : -leave : \ - -owner : -request : \ - -subscribe : -unsubscribe - local_part_suffix_optional - require_files = ${lookup{${lc::$domain}}lsearch{/etc/mailman/sites}}/lists/${lc::$local_part}/config.pck - transport = mailman_transport -exim_transports: - - local_copy: | - driver = appendfile - file = /var/mail/$local_part - group = mail - mode = 0660 - - mailman_transport: | - driver = pipe - command = /var/lib/mailman/mail/mailman \ - '${if def:local_part_suffix \ - {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ - {post}}' \ - $local_part - current_directory = /var/lib/mailman - environment = HOST=${lc:$domain} - group = list - home_directory = /var/lib/mailman - user = list - - mailman_verp_smtp: | - driver = smtp - headers_add = Errors-To: ${return_path} - headers_remove = Errors-To - max_rcpt = 1 - return_path = ${local_part:$return_path}+$local_part=$domain@${domain:$return_path} -# We put lists.openstack.org first as it's the current servername -letsencrypt_certs: - lists-openstack-org-main: - - lists.openstack.org -mailman_multihost: true -mailman_sites: - - name: openstack - listdomain: lists.openstack.org - install_languages: ['de', 'fr', 'it', 'ko', 'ru', 'vi', 'zh_TW'] - lists: - - name: mailman - description: 'The mailman site list' - admin: 'nobody@openstack.org' - password: "{{ mailman_list_password }}" - - name: openstack-es - description: 'Lista de correo acerca de OpenStack en español' - admin: 'flavio@redhat.com' - password: "{{ mailman_list_password }}" - - name: openstack-fr - description: 'List of the OpenStack french user group' - admin: 'erwan@erwan.com' - password: "{{ mailman_list_password }}" - - name: openstack-i18n - description: 'List of the OpenStack Internationalization team.' - admin: 'guoyingc@cn.ibm.com' - password: "{{ mailman_list_password }}" - - name: openstack-it - description: 'Discussioni su OpenStack in italiano' - admin: 'stefano@openstack.org' - password: "{{ mailman_list_password }}" - - name: openstack-ko - description: 'OpenStack Korea Community Discussions in Korean (오픈스택 한국 커뮤니티 메일링리스트)' - admin: 'ianyrchoi@gmail.com' - password: "{{ mailman_list_password }}" - - name: openstack-zh - description: 'OpenStack社区中文讨论群组' - admin: 'yeluaiesec@gmail.com' - password: "{{ mailman_list_password }}" - - name: release-job-failures - description: 'Notification messages for failures from release-related build jobs.' - admin: 'doug@doughellmann.com' - password: "{{ mailman_list_password }}" - - name: embargo-notice - description: 'Announcements to stakeholders for embargoed security vulnerabilities.' - admin: 'jeremy@openstack.org' - password: "{{ mailman_list_password }}" - - name: release-announce - description: 'Announcement of official OpenStack releases.' - admin: 'thierry@openstack.org' - password: "{{ mailman_list_password }}" - - name: openstack-mentoring - description: 'List to coordinate interactions between mentors and mentees of the OpenStack mentoring program. Also for questions about the mentoring program (i.e. how to get involved, how it works, etc.' - admin: 'amy@demarco.com' - password: "{{ mailman_list_password }}" - - name: openstack-discuss - description: 'Discussion of OpenStack usage and development.' - admin: 'fungi@yuggoth.org' - password: "{{ mailman_list_password }}" diff --git a/playbooks/roles/static/files/ask.openstack.org/index.html b/playbooks/roles/static/files/ask.openstack.org/index.html index d1caa7b67a..2a842d62f2 100644 --- a/playbooks/roles/static/files/ask.openstack.org/index.html +++ b/playbooks/roles/static/files/ask.openstack.org/index.html @@ -18,7 +18,7 @@

The following options are available for community-based support.