Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

[mailman3] Use gunicorn instead of apache

Browse source 
Use apache only as reverse proxy, but run mailman-web through gunicorn.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This commit is contained in:
Michal Konecny 2024-03-26 15:14:32 +01:00
parent cd83c8377c
commit 0a1fbd509f
7 changed files with 84 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files

1
playbooks/groups/mailman.yml
View file

@ -109,6 +109,7 @@
mailman_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}"
mailman_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}"
mailman_hyperkitty_archiver_key: "{{ mailman_hk_stg_archiver_key }}"
mailman_httpd_hostname: lists.stg.fedoraproject.org
when: env == "staging"
- {role: fedmsg/base,
when: env != "staging"}

3
roles/mailman3/defaults/main.yml
View file

@ -26,6 +26,7 @@ mailman_hyperkitty_admin_db_pass: changeme
mailman_hyperkitty_db_pass: changeme
mailman_hyperkitty_cookie_key: changeme
mailman_hyperkitty_archiver_key: changeme
mailman_gunicorn_workers: 4
mailman_domains:
- lists.example.com
- lists.example.org
@ -33,4 +34,4 @@ mailman_social_login: []
# Apache configuration
# Use mailman-web wsgi for mailman3
wsgi_dir: /usr/lib/python3.9/site-packages/mailman_web
mailman_httpd_hostname: lists.fedoraproject.org

6
roles/mailman3/handlers/main.yml
View file

@ -5,8 +5,14 @@
- name: reload apache
service: name=httpd state=reloaded
- name: restart apache
service: name=httpd state=restarted
- name: restart memcached
service: name=memcached state=restarted
- name: systemctl daemon-reload
command: /usr/bin/systemctl daemon-reload
- name: restart mailmanweb
service: name=maimanweb state restarted

149
roles/mailman3/tasks/main.yml
View file

@ -2,91 +2,6 @@
# Configuration for Mailman 3
# PostgreSQL initialization must have been done already
#
# SELinux
#
- name: Set the SELinux policy for the fulltext index
community.general.sefcontext:
target: "{{ mailman_webui_basedir }}/fulltext_index(/.*)?"
setype: httpd_sys_rw_content_t
state: present
tags:
- mailman
- selinux
- name: Set the SELinux policy for the static files directory
community.general.sefcontext:
target: "{{ mailman_webui_basedir }}/static(/.*)?"
setype: httpd_sys_content_t
state: present
tags:
- mailman
- selinux
- name: Set the SELinux policy for the templates override directory
community.general.sefcontext:
target: "{{ mailman_webui_basedir }}/templates(/.*)?"
setype: httpd_sys_content_t
state: present
tags:
- mailman
- selinux
- name: set the SELinux policy for the log directory
community.general.sefcontext:
target: "{{ mailman_log_directory }}(/.*)?"
setype: httpd_log_t
state: present
tags:
- mailman
- selinux
- name: Set the SELinux policy for the generated postfix databases
community.general.sefcontext:
target: "{{ mailman_webui_basedir }}/var/data/postfix_.*"
setype: etc_aliases_t
state: present
tags:
- mailman
- selinux
- name: Set the SELinux policy for the old static archives
community.general.sefcontext:
target: "{{ mailman_webui_basedir }}/old-archives/pipermail(/.*)?"
setype: httpd_sys_content_t
state: present
tags:
- mailman
- selinux
- name: Allow Apache to remotely connect to PostgreSQL
ansible.posix.seboolean:
name: httpd_can_network_connect_db
state: yes
persistent: yes
tags:
- mailman
- selinux
- name: Allow Apache to remotely connect to Mailman
ansible.posix.seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
tags:
- mailman
- selinux
- name: Allow Apache to remotely connect to Memcached
ansible.posix.seboolean:
name: httpd_can_network_memcache
state: yes
persistent: yes
tags:
- mailman
- selinux
- name: Install needed packages
ansible.builtin.package:
name: "{{item}}"
@ -98,6 +13,7 @@
- mailman3
- memcached
- postorius
- python3-gunicorn
- python3-mailman-hyperkitty
- python3-mailman-web
- python3-mod_wsgi
@ -207,19 +123,6 @@
ansible.builtin.template:
src: settings.py.j2
dest: "{{ mailman_webui_confdir }}/settings.py"
owner: mailman
group: apache
mode: 0640
tags:
- config
- mailman
notify:
- reload apache
- name: Install the hyperkitty/postorius httpd conf file
ansible.builtin.template:
src: apache.conf.j2
dest: /etc/httpd/conf.d/mailman-webui.conf
tags:
- config
- mailman
@ -230,8 +133,8 @@
ansible.builtin.file:
path: "{{ mailman_webui_basedir }}/fulltext_index"
state: directory
owner: apache
group: apache
owner: mailman
group: mailman
mode: 0755
tags: mailman
@ -280,7 +183,7 @@
src: top.html
dest: "{{ mailman_webui_basedir }}/templates/hyperkitty/top.html"
notify:
- reload apache
- restart mailmanweb
tags:
- mailman
- banner
@ -399,6 +302,26 @@
when:
- static_root_dir is changed
- name: Systemd unit to start postorius/hyperkitty through gunicorn
ansible.builtin.template:
src: mailmanweb.service.j2
dest: /etc/systemd/system/mailmanweb.service
register: mailmanweb_systemd
notify: restart mailmanweb
tags:
- mailman
- systemd
- name: Enable the mailmanweb server
ansible.builtin.systemd:
name: mailmanweb
daemon-reload: "{% if mailmanweb_systemd is changed %}yes{% else %}no{% endif %}"
state: started
enabled: yes
tags:
- mailman
- systemd
#
# Scripts
#
@ -447,6 +370,29 @@
- mailman
- memcached
# Httpd
- name: Import needed httpd configurations
ansible.builtin.template:
src: "mailmanweb.conf.j2"
dest: "/etc/httpd/conf.d/mailmanweb.conf"
notify:
- reload apache
tags:
- config
- httpd
- mailman
- name: Allow Apache to remotely connect to gunicorn
ansible.posix.seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
notify:
- restart apache
tags:
- mailman
- selinux
# Start services
- name: Start services
ansible.builtin.systemd:
@ -456,6 +402,7 @@
with_items:
- httpd
- mailman3
- mailmanweb
- postfix
- webui-qcluster
- webui-warm-up-cache

43
roles/mailman3/templates/apache.conf.j2
View file

@ -1,43 +0,0 @@
Alias /favicon.ico {{ mailman_webui_basedir }}/static/favicon.ico
Alias /robots.txt {{ mailman_webui_basedir }}/static/robots.txt
Alias /static {{ mailman_webui_basedir }}/static
#ErrorLog /var/log/httpd/webui_error.log
#CustomLog /var/log/httpd/webui_access.log combined
WSGIScriptAlias / {{ wsgi_dir }}/wsgi.py
WSGIDaemonProcess webui display-name=webui maximum-requests=1000 processes=4 threads=30 python-path={{ wsgi_dir }}
WSGIProcessGroup webui
WSGISocketPrefix run/wsgi
WSGIRestrictStdout On
WSGIRestrictSignal Off
WSGIPythonOptimize 1
<Directory "{{ wsgi_dir }}">
<Files wsgi.py>
Order deny,allow
Allow from all
Require all granted
</Files>
</Directory>
<Directory "{{ mailman_webui_basedir }}/static">
Order deny,allow
Allow from all
Require all granted
</Directory>
# Old static archives
Alias /pipermail/ {{ mailman_webui_basedir }}/old-archives/pipermail/
<Directory {{ mailman_webui_basedir }}/old-archives/pipermail>
Options FollowSymLinks
AllowOverride None
Require all granted
AddDefaultCharset Off
</Directory>
RedirectMatch ^/pipermail[/]*$ /
RedirectMatch ^/mailman/listinfo/$ /
RedirectMatch ^/mailman$ /

12
roles/mailman3/templates/mailmanweb.conf.j2 Normal file
View file

@ -0,0 +1,12 @@
<VirtualHost *:80>
ServerName {{ mailman_httpd_hostname }}
DocumentRoot /var/www/html/
# CustomLog logs/{{ mailman_httpd_hostname }}.log combined
# ErrorLog logs/{{ mailman_httpd_hostname }}_error.log
RewriteEngine On
RewriteCond $1 !^.well-known
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

15
roles/mailman3/templates/mailmanweb.service.j2 Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description= Mailman Web ui
DefaultDependencies=no
After=network.target
[Install]
WantedBy=multi-user.target
[Service]
Type=simple
User=mailman
Group=mailman
WorkingDirectory=/etc/mailman3
ExecStart=/usr/bin/gunicorn --workers={{ mailman_gunicorn_workers }} --forwarded-allow-ips="*" mailman_web.wsgi
ExecStop=/bin/kill -s TERM $MAINPID