WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0543b8addcdfc0220aae0b789d6beb44dbf3b6e7
fedora-infra_ansible/roles/mailman/tasks/main.yml
Nils Philippsen 0543b8addc mailman: cope with mails containing broken unicode 
See https://pagure.io/fedora-infrastructure/issue/8824 for details. This
enables the hotfix on staging only to enable testing.

Signed-off-by: Nils Philippsen <nils@redhat.com>
2020-04-27 12:51:05 +02:00

602 lines
16 KiB
YAML
Raw Blame History

---
# Configuration for Mailman 3
# PostgreSQL initialization must have been done already
#
# SELinux
# TODO: switch to the sefcontext module when we update Ansible to 2.2+
#
- name: install semanage
package: name=policycoreutils-python state=present
tags:
- mailman
- selinux
- name: set the SELinux policy for the configuration directory
command: semanage fcontext -a -t etc_t "{{ mailman_webui_confdir }}(/.*)?"
tags:
- mailman
- selinux
- name: set the SELinux policy for the fulltext index
command: semanage fcontext -a -t httpd_sys_rw_content_t "{{ mailman_webui_basedir }}/fulltext_index(/.*)?"
tags:
- mailman
- selinux
- name: set the SELinux policy for the static files directory
command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/static(/.*)?"
tags:
- mailman
- selinux
- name: set the SELinux policy for the templates override directory
command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/templates(/.*)?"
tags:
- mailman
- selinux
- name: set the SELinux policy for the log directory
command: semanage fcontext -a -t httpd_log_t "/var/log/hyperkitty(/.*)?"
tags:
- mailman
- selinux
- name: set the SELinux policy for the generated postfix databases
command: semanage fcontext -a -t etc_aliases_t "{{ mailman_webui_basedir }}/var/data/postfix_.*"
tags:
- mailman
- selinux
- name: set the SELinux policy for the old static archives
command: semanage fcontext -a -t httpd_sys_content_t "{{ mailman_webui_basedir }}/old-archives/pipermail(/.*)?"
tags:
- mailman
- selinux
- name: allow Apache to remotely connect to PostgreSQL
seboolean: name=httpd_can_network_connect_db state=yes persistent=yes
tags:
- mailman
- selinux
- name: allow Apache to remotely connect to Mailman
seboolean: name=httpd_can_network_connect state=yes persistent=yes
tags:
- mailman
- selinux
- name: allow Apache to remotely connect to Memcached
seboolean: name=httpd_can_network_memcache state=yes persistent=yes
tags:
- mailman
- selinux
#
# Packages
#
- name: setup the hyperkitty repo
copy: src={{item}} dest=/etc/yum.repos.d/hyperkitty.repo
with_first_found:
- hyperkitty.{{ansible_hostname}}.repo
- hyperkitty.{{ansible_distribution}}.repo
- hyperkitty.repo
tags: mailman
- name: install GPG to validate the key
package: state=present name=gnupg
tags: mailman
- name: add the GPG key
rpm_key: state=present key=https://repos.fedorapeople.org/repos/abompard/abompard.asc
tags: mailman
- name: install needed packages
package: name={{ item }} state=present
with_items:
- python-psycopg2
- python34-psycopg2
- hyperkitty
- hyperkitty-selinux
- postorius
- memcached
- python-pylibmc
- python-django-haystack-xapian
- yum-plugin-post-transaction-actions
# to run the test suite:
- python-beautifulsoup4
- python-mock
- python-whoosh
- python-tox
- python-vcrpy
# scripts
- python34-PyYAML
# mailman soft dep to convert html to plaintext
- lynx
- fedora-messaging
tags:
- packages
- mailman
- name: setup the mailman3-fedmsg repo
copy: src=mailman3-fedmsg-plugin.RedHat.repo
dest=/etc/yum.repos.d/mailman3-fedmsg-plugin.repo
when: ansible_distribution == 'RedHat'
tags: mailman
- name: add the GPG key for the mailman3-fedmsg-plugin repo
rpm_key: state=present key=https://copr-be.cloud.fedoraproject.org/results/ralph/fedmsg-python34/pubkey.gpg
when: ansible_distribution == 'RedHat'
tags: mailman
- name: install the mailman3 fedmsg plugin rpm
package: name=mailman3-fedmsg-plugin
notify: restart mailman3
when: ansible_distribution == 'RedHat'
tags: mailman
- name: copy in our fedmsg-plugin conf file
copy: src=fedmsg-plugin-conf.py dest=/etc/fedmsg.d/fedmsg-plugin-conf.py
tags:
- fedmsgdconfig
- mailman
notify: restart mailman3
- name: install packages when not using source extracts
when: ansible_hostname != "lists-dev.cloud.fedoraproject.org"
package: name={{ item }} state=present
with_items:
- mailman3
- mailman3-selinux
- mailman3-hyperkitty
tags:
- packages
- mailman
## install hotfix for e-mails containing broken unicode
## see issue https://pagure.io/fedora-infrastructure/issue/8824
## see upstream merge request https://gitlab.com/mailman/mailman/-/merge_requests/350
- name: hotfix - let mailman cope with e-mails containing broken unicode
patch: src=files/hotfix/mailman3/mailman3-broken-unicode-emails.patch dest=/usr/lib/python3.4/site-packages/mailman/email/message.py
when: env == "staging"
tags:
- mailman
- hotfix
- patches
#
# Initialize mailman (must be done after settings up the DBs)
#
#- name: add mailman to the apache group
# user: name=mailman groups=apache append=yes
# tags:
# - config
# - mailman
# #notify:
# # - restart mailman3
# access to the aliases files generated by mailman
- name: add postfix to the mailman group
user: name=postfix groups=mailman append=yes
tags:
- config
- mailman
notify:
- restart postfix
## for access to the full-text index
#- name: add apache to the mailman group
# user: name=apache groups=mailman append=yes
# tags:
# - config
# - mailman
# notify:
# - reload httpd
- name: set the mailman conffile
template: src={{ item }} dest=/etc/mailman.cfg
owner=root group=mailman mode=0640
with_first_found:
- mailman.cfg.{{ ansible_hostname }}.j2
- mailman.cfg.j2
tags:
- config
- mailman
notify:
- restart mailman3
- name: Create site/en dir
file: state=directory path=/var/lib/mailman3/templates/site/en
tags:
- config
- mailman
- name: set default list footer
copy: src=mailman-template-list-member-generic-footer.txt
dest=/var/lib/mailman3/templates/site/en/list:member:generic:footer.txt
owner=mailman group=mailman mode=0644
tags:
- config
- mailman
- name: set default list:admin:action:post template
copy: src=mailman-template-list-admin-action-post.txt
dest=/var/lib/mailman3/templates/site/en/list:admin:action:post.txt
owner=mailman group=mailman mode=0644
tags:
- config
- mailman
#
# Crontab
#
- name: set the hyperkitty crontab
template: src=crontab-webui.j2 dest=/etc/cron.d/hyperkitty
tags:
- config
- mailman
- name: set the mailman crontab
template: src=crontab-mailman3.j2 dest=/etc/cron.d/mailman3
tags:
- config
- mailman
#
# Logging
#
- name: hyperkitty logging -- directory
file: path=/var/log/hyperkitty state=directory
owner=root group=apache mode=2775
tags: mailman
- name: hyperkitty logging -- file creation
copy: content="" dest=/var/log/hyperkitty/hyperkitty.log
force=no
tags: mailman
- name: hyperkitty logging -- file permissions
file: path=/var/log/hyperkitty/hyperkitty.log state=file
owner=root group=apache mode=664
tags: mailman
- name: hyperkitty logging -- rotation
copy: src=hyperkitty.logrotate.conf
dest=/etc/logrotate.d/hyperkitty
tags: mailman
#
# HyperKitty + Postorius setup
#
- name: create the configuration directory
file: path={{ mailman_webui_confdir }} state=directory
tags: mailman
- name: install the hyperkitty settings file
template: src=settings.py.j2
dest="{{ mailman_webui_confdir }}/settings.py"
owner=root group=apache mode=0640
tags:
- config
- mailman
notify:
- reload apache
#- restart mailman3
- name: install the hyperkitty settings admin file
template: src=settings_admin.py.j2
dest="{{ mailman_webui_confdir }}/settings_admin.py"
owner=root group=root mode=0600
tags:
- config
- mailman
- name: install the hyperkitty settings test file
copy: src=settings_test.py
dest="{{ mailman_webui_confdir }}/settings_test.py"
owner=root group=root mode=0644
tags:
- config
- mailman
- name: install the fedora-specific modules
copy: src={{ item }}.py
dest="{{ mailman_webui_confdir }}/{{ item }}.py"
owner=root group=root mode=0644
with_items:
- django_fedora
- django_fedora_nosignup
tags:
- config
- mailman
notify:
- reload apache
- name: install the hyperkitty urls file
copy: src=urls.py
dest="{{ mailman_webui_confdir }}/urls.py"
owner=root group=root mode=0644
tags:
- config
- mailman
notify:
- reload apache
- name: install the hyperkitty wsgi file
copy: src=webui.wsgi
dest="{{ mailman_webui_confdir }}/webui.wsgi"
owner=root group=root mode=0644
tags:
- config
- mailman
notify:
- reload apache
- name: install the hyperkitty/postorius dummy httpd conf file
template: src=apache-dummy.conf.j2
dest=/etc/httpd/conf.d/{{ item }}.conf
with_items:
- hyperkitty
- postorius
tags:
- config
- mailman
notify:
- reload apache
- name: install the hyperkitty httpd conf file
template: src=apache.conf.j2
dest=/etc/httpd/conf.d/mailman-webui.conf
tags:
- config
- mailman
notify:
- reload apache
- name: create the fulltext index dir
file: path="{{ mailman_webui_basedir }}/fulltext_index"
state=directory owner=apache group=apache mode=0755
tags: mailman
- name: create the hyperkitty static files dir
file: path="{{ mailman_webui_basedir }}/static"
state=directory owner=root group=root mode=0755
tags: mailman
- name: create the fedora-specific static files dir
file: path="{{ mailman_webui_basedir }}/static-fedora"
state=directory owner=root group=root mode=0755
tags: mailman
- name: create the fedora-specific hyperkitty img dir
file: path="{{ mailman_webui_basedir }}/static-fedora/hyperkitty/img"
state=directory owner=root group=root mode=0755
tags: mailman
- name: create the hyperkitty templates override dirs
file: path="{{ mailman_webui_basedir }}/templates/{{ item }}"
state=directory owner=root group=root mode=0755
with_items:
- hyperkitty
- django_mailman3
tags: mailman
- name: install our fedora-specific logo
copy: src=logo-hyperkitty-fedora.png
dest="{{ mailman_webui_basedir }}/static-fedora/logo-hyperkitty-fedora.png"
tags: mailman
- name: install our fedora-specific favicon
copy: src=favicon.ico
dest="{{ mailman_webui_basedir }}/static-fedora/favicon.ico"
tags: mailman
- name: install our fedora-specific robots.txt
copy: src=robots.txt
dest="{{ mailman_webui_basedir }}/static-fedora/robots.txt"
tags: mailman
- name: install our fedora-specific brand template override
copy: src=navbar-brand.html
dest="{{ mailman_webui_basedir }}/templates/hyperkitty/navbar-brand.html"
tags: mailman
- name: install our fedora-specific page headers
copy: src=headers.html
dest="{{ mailman_webui_basedir }}/templates/hyperkitty/headers.html"
tags: mailman
- name: install our fedora-specific login page extension
copy: src=login_extra_top.html
dest="{{ mailman_webui_basedir }}/templates/django_mailman3/login_extra_top.html"
tags: mailman
- name: Create dirs for signup_closed page
file: path="{{ mailman_webui_basedir }}/templates/account"
state=directory owner=root group=root mode=0755
tags: mailman
- name: install our fedora-specific signup_closed page
copy: src=signup_closed.html
dest="{{ mailman_webui_basedir }}/templates/account/signup_closed.html"
tags: mailman
- name: Install our fedmenu js hook
template: src=bottom.html
dest="{{mailman_webui_basedir }}/templates/hyperkitty/bottom.html"
tags: mailman
#
# Plug HyperKitty into Mailman
#
- name: copy the mailman-hyperkitty conffile
copy: src=mailman-hyperkitty.cfg
dest="/etc/mailman3.d/hyperkitty.cfg"
owner=root group=mailman mode=0640
tags:
- config
- mailman
notify:
- restart mailman3
#
# Scripts
#
- name: install the migration conffile
template: src=mailman-migration.conf.j2
dest=/etc/mailman-migration.conf
owner=root group=root mode=0644
tags: mailman
- name: create the scripts dir
file: path="{{ mailman_webui_basedir }}/bin"
state=directory owner=root group=root mode=0755
tags: mailman
- name: install the migration environment
template: src=mailman-migration-path.sh.j2
dest=/etc/profile.d/mailman-migration-path.sh
owner=root group=root mode=0644
tags: mailman
- name: install the scripts
copy: src={{ item }} dest="{{ mailman_webui_basedir }}/bin/{{ item }}"
owner=root group=root mode=0755
tags: mailman
with_items:
- yamlget
- pg-give-rights.py
- post-update.sh
- import-mm2.py
- periodic.py
- mailman-sar.py
- name: install the templatized scripts
template: src={{ item }}.j2 dest="{{ mailman_webui_basedir }}/bin/{{ item }}"
owner=root group=root mode=0755
tags: mailman
with_items:
- manage.py
- name: install the staging-sync script
copy: src=prod-to-stg.py dest="{{ mailman_webui_basedir }}/bin/prod-to-stg.py"
when: env == "staging"
tags: mailman
- name: copy the initial user fixture
template: src=initial-data.json.j2
dest={{ mailman_webui_basedir }}/config/initial-data.json
owner=root group=apache mode=0640
when: inventory_hostname.startswith('mailman01')
tags: mailman
# Sync databases and collect static files on RPM install/upgrade
- name: install the post-transaction trigger
template: src=post-transaction.action.j2
dest=/etc/yum/post-actions/hyperkitty.action
tags: mailman
# Systemd
- name: install the systemd service files
template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
with_items:
- webui-qcluster
- webui-warm-up-cache
notify:
- systemctl daemon-reload
tags:
- config
- mailman
#
# Only run this on mailman01 for now.
# TODO: run it on lists-dev too
#
# The post-update scripts needs memcached to be up (django-compressor will
# store the timestamps there)
- name: start services
service: state=started enabled=yes name=memcached
tags: mailman
- name: run the post-update script
command: "{{ mailman_webui_basedir }}/bin/post-update.sh"
when: inventory_hostname.startswith('mailman01')
tags: mailman
## Postfix
#- name: create the postfix aliases
# command: su mailman -s /bin/sh -c "mailman3 aliases"
# creates=/var/lib/mailman3/data/postfix_lmtp.db
# Memcached
- name: set the memcached sysconfig file
copy: src=memcached.sysconfig dest=/etc/sysconfig/memcached
tags: mailman
notify:
- restart memcached
# SSL
- name: Letsencrypt for lists.pagure.org
include_role: name=letsencrypt
vars:
site_name: lists.pagure.io
when: env == 'production'
# Start services
- name: start services
service: state=started enabled=yes name={{ item }}
with_items:
- httpd
- mailman3
- postfix
- webui-qcluster
tags: mailman
when: inventory_hostname.startswith('mailman01.phx2') or inventory_hostname.startswith('lists-dev')
- name: enable one-shot services
service: enabled=yes name={{ item }}
with_items:
- webui-warm-up-cache
tags: mailman
when: inventory_hostname.startswith('mailman01.phx2') or inventory_hostname.startswith('lists-dev')
- name: Create /etc/pki/fedora-messaging
file:
dest: /etc/pki/fedora-messaging
mode: 0775
owner: root
group: root
state: directory
when: "deployment_type is defined"
tags:
- config
# FIXME: Need to create a mailman cert
- name: Deploy the Fedora mailman fedora-messaging cert
copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/mailman{{env_suffix}}.crt"
dest: /etc/pki/fedora-messaging/mailman{{env_suffix}}-cert.pem
mode: 0644
owner: root
group: root
when: "deployment_type is defined"
tags:
- config
- name: Deploy the Fedora infra fedora-messaging key
copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/mailman{{env_suffix}}.key"
dest: /etc/pki/fedora-messaging/mailman{{env_suffix}}-key.pem
mode: 0640
owner: root
group: root
when: "deployment_type is defined"
tags:
- config
Reference in New Issue View Git Blame Copy Permalink