From 529fa0880a928b050662f1496c69b57a850565d1 Mon Sep 17 00:00:00 2001 From: Michal Konecny Date: Thu, 14 Mar 2024 15:02:24 +0100 Subject: [PATCH] [mailman] Update the role for mailman 3.3+ staging-only This updates the mailman role to work on EPEL 9. This is the first iteration, let's see what will work and what not after it. Signed-off-by: Michal Konecny --- roles/mailman/files/mailman3_urls.py | 18 +++ roles/mailman/tasks/main.yml | 198 +++++++++++++++---------- roles/mailman/templates/settings.py.j2 | 4 + 3 files changed, 140 insertions(+), 80 deletions(-) create mode 100644 roles/mailman/files/mailman3_urls.py diff --git a/roles/mailman/files/mailman3_urls.py b/roles/mailman/files/mailman3_urls.py new file mode 100644 index 0000000000..2d7a187880 --- /dev/null +++ b/roles/mailman/files/mailman3_urls.py @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- + +from django.conf.urls import include, url +from django.contrib import admin + +from django.core.urlresolvers import reverse_lazy +from django.views.generic import RedirectView + +urlpatterns = [ + url(r'^$', RedirectView.as_view( + url=reverse_lazy('list_index'), + permanent=True)), + url(r'^admin/', include('postorius.urls')), + url(r'^archives/', include('hyperkitty.urls')), + url(r'', include('django_mailman3.urls')), + url(r'^accounts/', include('allauth.urls')), + url(r'^django-admin/', admin.site.urls), +] diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml index 9d60ffa854..5dee7a4a6e 100644 --- a/roles/mailman/tasks/main.yml +++ b/roles/mailman/tasks/main.yml @@ -2,90 +2,92 @@ # Configuration for Mailman 3 # PostgreSQL initialization must have been done already +- name: Enable SELinux policies + block: + # + # SELinux + # + - name: set the SELinux policy for the configuration directory + sefcontext: + target: "{{ mailman_webui_confdir }}(/.*)?" + setype: etc_t + state: present + tags: + - mailman + - selinux -# -# SELinux -# -- name: set the SELinux policy for the configuration directory - sefcontext: - target: "{{ mailman_webui_confdir }}(/.*)?" - setype: etc_t - state: present - tags: - - mailman - - selinux + - name: set the SELinux policy for the fulltext index + sefcontext: + target: "{{ mailman_webui_basedir }}/fulltext_index(/.*)?" + setype: httpd_sys_rw_content_t + state: present + tags: + - mailman + - selinux -- name: set the SELinux policy for the fulltext index - sefcontext: - target: "{{ mailman_webui_basedir }}/fulltext_index(/.*)?" - setype: httpd_sys_rw_content_t - state: present - tags: - - mailman - - selinux + - name: set the SELinux policy for the static files directory + sefcontext: + target: "{{ mailman_webui_basedir }}/static(/.*)?" + setype: httpd_sys_content_t + state: present + tags: + - mailman + - selinux -- name: set the SELinux policy for the static files directory - sefcontext: - target: "{{ mailman_webui_basedir }}/static(/.*)?" - setype: httpd_sys_content_t - state: present - tags: - - mailman - - selinux + - name: set the SELinux policy for the templates override directory + sefcontext: + target: "{{ mailman_webui_basedir }}/templates(/.*)?" + setype: httpd_sys_content_t + state: present + tags: + - mailman + - selinux -- name: set the SELinux policy for the templates override directory - sefcontext: - target: "{{ mailman_webui_basedir }}/templates(/.*)?" - setype: httpd_sys_content_t - state: present - tags: - - mailman - - selinux + - name: set the SELinux policy for the log directory + sefcontext: + target: "/var/log/hyperkitty(/.*)?" + setype: httpd_log_t + state: present + tags: + - mailman + - selinux -- name: set the SELinux policy for the log directory - sefcontext: - target: "/var/log/hyperkitty(/.*)?" - setype: httpd_log_t - state: present - tags: - - mailman - - selinux + - name: set the SELinux policy for the generated postfix databases + sefcontext: + target: "{{ mailman_webui_basedir }}/var/data/postfix_.*" + setype: etc_aliases_t + state: present + tags: + - mailman + - selinux -- name: set the SELinux policy for the generated postfix databases - sefcontext: - target: "{{ mailman_webui_basedir }}/var/data/postfix_.*" - setype: etc_aliases_t - state: present - tags: - - mailman - - selinux + - name: set the SELinux policy for the old static archives + sefcontext: + target: "{{ mailman_webui_basedir }}/old-archives/pipermail(/.*)?" + setype: httpd_sys_content_t + state: present + tags: + - mailman + - selinux -- name: set the SELinux policy for the old static archives - sefcontext: - target: "{{ mailman_webui_basedir }}/old-archives/pipermail(/.*)?" - setype: httpd_sys_content_t - state: present - tags: - - mailman - - selinux + - name: allow Apache to remotely connect to PostgreSQL + seboolean: name=httpd_can_network_connect_db state=yes persistent=yes + tags: + - mailman + - selinux -- name: allow Apache to remotely connect to PostgreSQL - seboolean: name=httpd_can_network_connect_db state=yes persistent=yes - tags: - - mailman - - selinux + - name: allow Apache to remotely connect to Mailman + seboolean: name=httpd_can_network_connect state=yes persistent=yes + tags: + - mailman + - selinux -- name: allow Apache to remotely connect to Mailman - seboolean: name=httpd_can_network_connect state=yes persistent=yes - tags: - - mailman - - selinux - -- name: allow Apache to remotely connect to Memcached - seboolean: name=httpd_can_network_memcache state=yes persistent=yes - tags: - - mailman - - selinux + - name: allow Apache to remotely connect to Memcached + seboolean: name=httpd_can_network_memcache state=yes persistent=yes + tags: + - mailman + - selinux + when: env == 'production' # @@ -98,14 +100,17 @@ - hyperkitty.{{ansible_distribution}}.repo - hyperkitty.repo tags: mailman + when: env == 'production' - name: install GPG to validate the key package: state=present name=gnupg tags: mailman + when: env == 'production' - name: add the GPG key rpm_key: state=present key=https://repos.fedorapeople.org/repos/abompard/abompard.asc tags: mailman + when: env == 'production' - name: install needed packages package: name={{ item }} state=present @@ -133,23 +138,39 @@ tags: - packages - mailman + when: env == 'production' + +- name: install needed packages + package: name={{ item }} state=present + with_items: + - mailman3 + # - mailman3-hyperkitty + - hyperkitty + - postorius + - memcached + - fedora-messaging + - httpd + tags: + - packages + - mailman + when: env = 'staging' - name: setup the mailman3-fedmsg repo copy: src=mailman3-fedmsg-plugin.RedHat.repo dest=/etc/yum.repos.d/mailman3-fedmsg-plugin.repo - when: ansible_distribution == 'RedHat' + when: ansible_distribution == 'RedHat' and env == 'production' tags: mailman - name: add the GPG key for the mailman3-fedmsg-plugin repo rpm_key: state=present - key=https://copr-be.cloud.fedoraproject.org/results/ralph/fedmsg-python34/pubkey.gpg - when: ansible_distribution == 'RedHat' + key=https://copr-be.cloud.fedoraproject.org/results/ralph/fedmsg-python34/pubkey.gpg + when: ansible_distribution == 'RedHat' and env == 'production' tags: mailman - name: install the mailman3 fedmsg plugin rpm package: name=mailman3-fedmsg-plugin notify: restart mailman3 - when: ansible_distribution == 'RedHat' + when: ansible_distribution == 'RedHat' and env == 'production' tags: mailman - name: copy in our fedmsg-plugin conf file @@ -158,6 +179,7 @@ - fedmsgdconfig - mailman notify: restart mailman3 + when: env == 'production' - name: install packages when not using source extracts package: name={{ item }} state=present @@ -168,13 +190,14 @@ tags: - packages - mailman + when: env == 'production' ## install hotfix for e-mails containing broken unicode ## see issue https://pagure.io/fedora-infrastructure/issue/8824 ## see upstream merge request https://gitlab.com/mailman/mailman/-/merge_requests/350 - name: hotfix - let mailman cope with e-mails containing broken unicode patch: src={{ files }}/hotfix/mailman3/mailman3-broken-unicode-emails.patch - dest=/usr/lib/python3.4/site-packages/mailman/email/message.py + dest=/usr/lib/python3.4/site-packages/mailman/email/message.py notify: - restart mailman3 - reload apache @@ -182,6 +205,7 @@ - mailman - hotfix - patches + when: env == 'production' # Add the Nest banner # See issue https://pagure.io/fedora-infrastructure/issue/10103 @@ -332,6 +356,7 @@ tags: - config - mailman + when: env == 'production' - name: install the hyperkitty settings test file copy: src=settings_test.py @@ -340,6 +365,7 @@ tags: - config - mailman + when: env == 'production' - name: install the fedora-specific modules copy: src={{ item }}.py @@ -354,6 +380,17 @@ notify: - reload apache +- name: install the hyperkitty urls file + copy: src=mailman3_urls.py + dest="{{ mailman_webui_confdir }}/urls.py" + owner=root group=root mode=0644 + tags: + - config + - mailman + notify: + - reload apache + when: env == 'staging' + - name: install the hyperkitty urls file copy: src=urls.py dest="{{ mailman_webui_confdir }}/urls.py" @@ -363,6 +400,7 @@ - mailman notify: - reload apache + when: env == 'production' - name: install the hyperkitty wsgi file copy: src=webui.wsgi diff --git a/roles/mailman/templates/settings.py.j2 b/roles/mailman/templates/settings.py.j2 index a3d5d75fcc..083fc09649 100644 --- a/roles/mailman/templates/settings.py.j2 +++ b/roles/mailman/templates/settings.py.j2 @@ -75,7 +75,11 @@ INSTALLED_APPS = ( ) +{% if env == 'staging' %} +MIDDLEWARE = ( +{% else %} MIDDLEWARE_CLASSES = ( +{% endif %} 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',