[mailman3] Create gunicorn configuration file

To make changing the gunicorn configuration more easily let's move
configuration values from systemd service to separate configuration
file.

The file will live in /etc/mailman3/gunicorn.conf.py.

inventory/group_vars/mailman

@@ -9,12 +9,12 @@ ipa_host_group: mailman
 ipa_host_group_desc: Mailing list services
 lvm_size: 950000
 # Used by the mailman role
-mailman_db_server: db01.iad2.fedoraproject.org
+mailman3_db_server: db01.iad2.fedoraproject.org
-mailman_domains:
+mailman3_domains:
   - lists.fedoraproject.org
   - lists.fedorahosted.org
   - lists.pagure.io
-mailman_login:
+mailman3_login:
   facebook:
     display_name: Facebook
     provider: facebook
@@ -57,11 +57,11 @@ primary_auth_source: ipa
 tcp_ports: [25, 80, 443]
 
 # mailman role variables
-mailman_rest_api_username: "{{ mailman_rest_api_user }}"
+mailman3_rest_api_username: "{{ mailman_rest_api_user }}"
-mailman_rest_api_password: "{{ mailman_rest_api_pass }}"
+mailman3_rest_api_password: "{{ mailman_rest_api_pass }}"
-mailman_mailman_db_pass: "{{ mailman_mm_db_pass }}"
+mailman3_mailman_db_pass: "{{ mailman_mm_db_pass }}"
-mailman_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}"
+mailman3_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}"
-mailman_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}"
+mailman3_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}"
-mailman_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}"
+mailman3_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}"
-mailman_hyperkitty_archiver_key: "{{ mailman_hk_archiver_key }}"
+mailman3_hyperkitty_archiver_key: "{{ mailman_hk_archiver_key }}"
-mailman_smtp_port: 587
+mailman3_smtp_port: 587

inventory/group_vars/mailman_stg

@@ -9,12 +9,12 @@ ipa_host_group: mailman
 ipa_host_group_desc: Mailing list services
 lvm_size: 350000
 # Used by the mailman role
-mailman_db_server: db01.stg.iad2.fedoraproject.org
+mailman3_db_server: db01.stg.iad2.fedoraproject.org
-mailman_domains:
+mailman3_domains:
   - lists.stg.fedoraproject.org
   - lists.stg.fedorahosted.org
   - lists.stg.pagure.io
-mailman_login:
+mailman3_login:
   facebook:
     display_name: Facebook
     provider: facebook
@@ -50,18 +50,18 @@ postfix_group: mailman-stg
 tcp_ports: [25, 80, 443]
 
 # mailman role variables
-mailman_log_level: debug
+mailman3_log_level: debug
-mailman_rest_api_username: "{{ mailman_stg_rest_api_user }}"
+mailman3_rest_api_username: "{{ mailman_stg_rest_api_user }}"
-mailman_rest_api_password: "{{ mailman_stg_rest_api_pass }}"
+mailman3_rest_api_password: "{{ mailman_stg_rest_api_pass }}"
-mailman_mailman_db_pass: "{{ mailman_mm_db_pass }}"
+mailman3_mailman_db_pass: "{{ mailman_mm_db_pass }}"
-mailman_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}"
+mailman3_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}"
-mailman_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}"
+mailman3_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}"
-mailman_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}"
+mailman3_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}"
-mailman_hyperkitty_archiver_key: "{{ mailman_hk_stg_archiver_key }}"
+mailman3_hyperkitty_archiver_key: "{{ mailman_hk_stg_archiver_key }}"
-mailman_openidc_server_url: "https://id.stg.fedoraproject.org/"
+mailman3_openidc_server_url: "https://id.stg.fedoraproject.org/"
-mailman_httpd_hostname: lists.stg.fedoraproject.org
+mailman3_httpd_hostname: lists.stg.fedoraproject.org
 
 # Setting debug variables to 'true' disables mail sending
 # If you want to enable it just set it to 'false'
-mailman_debug: true
+mailman3_debug: true
-mailman_hyperkitty_debug: true
+mailman3_hyperkitty_debug: true

roles/mailman3/defaults/main.yml

@@ -1,13 +1,13 @@
 ---
 # Mailman core settings
-mailman_webui_basedir: /srv/webui
+mailman3_webui_basedir: /srv/webui
-mailman_webui_confdir: /etc/mailman3
+mailman3_webui_confdir: /etc/mailman3
-mailman_rest_api_username: restadmin
+mailman3_rest_api_username: restadmin
-mailman_rest_api_password: changeme
+mailman3_rest_api_password: changeme
-mailman_rest_api_workers: 2
+mailman3_rest_api_workers: 2
-mailman_log_directory: /var/log/mailman3
+mailman3_log_directory: /var/log/mailman3
-mailman_log_level: info
+mailman3_log_level: info
-mailman_log_items:
+mailman3_log_items:
   - archiver
   - bounce
   - config
@@ -17,26 +17,25 @@ mailman_log_items:
   - subscribe
   - task
   - gunicorn
-mailman_smtp_port: 25
+mailman3_smtp_port: 25
-mailman_debug: false
+mailman3_debug: false
 
 # Mailman DB settings (the values should be provided by playbook)
-mailman_db_server: localhost
+mailman3_db_server: localhost
-mailman_mailman_db_pass: changeme
+mailman3_mailman_db_pass: changeme
 
 # Hyperkitty/Postorius settings (the values should be provided by playbook)
-mailman_hyperkitty_debug: false
+mailman3_hyperkitty_debug: false
-mailman_hyperkitty_admin_db_pass: changeme
+mailman3_hyperkitty_admin_db_pass: changeme
-mailman_hyperkitty_db_pass: changeme
+mailman3_hyperkitty_db_pass: changeme
-mailman_hyperkitty_cookie_key: changeme
+mailman3_hyperkitty_cookie_key: changeme
-mailman_hyperkitty_archiver_key: changeme
+mailman3_hyperkitty_archiver_key: changeme
-mailman_gunicorn_workers: "{{num_cpus * 2 + 1}}"
+mailman3_domains:
-mailman_domains:
 - lists.example.com
 - lists.example.org
-mailman_social_login: []
+mailman3_login: []
 
 # OpenID-connect settings
 # Attention that you should ensure that callback/redirect_url set at the provider side will end with /
 # see https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html#openid-connect
-mailman_openidc_server_url: https://id.fedoraproject.org/
+mailman3_openidc_server_url: https://id.fedoraproject.org/

roles/mailman3/files/gunicorn.conf.py

@@ -0,0 +1,8 @@
+"""Configuration file for mailman gunicorn instance."""
+import multiprocessing
+
+workers = multiprocessing.cpu_count() * 2 + 1
+max_requests = 50000
+timeout = 1000
+threads = 2 * multiprocessing.cpu_count()
+forwarded_allow_ips = "*"

roles/mailman3/files/systemd/mailmanweb.service

@@ -11,5 +11,5 @@ Type=simple
 User=mailman
 Group=mailman
 WorkingDirectory=/etc/mailman3
-ExecStart=/usr/bin/gunicorn --max-requests 50000 --timeout 1000 --workers={{ mailman_gunicorn_workers }} --forwarded-allow-ips="*" mailman_web.wsgi
+ExecStart=/usr/bin/gunicorn -c /etc/mailman3/gunicorn.conf.py mailman_web.wsgi
 ExecStop=/bin/kill -s TERM $MAINPID

roles/mailman3/handlers/main.yml

@@ -30,7 +30,7 @@
 
 - name: Initialize authentication providers
   ansible.builtin.command:
-    cmd: mailman-web loaddata "{{ mailman_webui_confdir }}/initial-data.json"
+    cmd: mailman-web loaddata "{{ mailman3_webui_confdir }}/initial-data.json"
     chdir: /etc/mailman3
   become_user: mailman
   become: true

roles/mailman3/tasks/main.yml

@@ -121,7 +121,7 @@
 #
 - name: Ensuring log directory exists
   ansible.builtin.file:
-    path: "{{ mailman_log_directory }}"
+    path: "{{ mailman3_log_directory }}"
     state: directory
     owner: mailman
     group: mailman
@@ -201,7 +201,7 @@
 - name: Install the hyperkitty/postorius settings file
   ansible.builtin.template:
     src: "{{ item }}.j2"
-    dest: "{{ mailman_webui_confdir }}/{{ item }}"
+    dest: "{{ mailman3_webui_confdir }}/{{ item }}"
     mode: "0644"
   with_items:
     - settings.py
@@ -216,7 +216,7 @@
 - name: Install the hyperkitty/postorius urls file
   ansible.builtin.copy:
     src: urls.py
-    dest: "{{ mailman_webui_confdir }}/urls.py"
+    dest: "{{ mailman3_webui_confdir }}/urls.py"
     mode: "0644"
   tags:
     - config
@@ -227,7 +227,7 @@
 
 - name: Create the fulltext index dir
   ansible.builtin.file:
-    path: "{{ mailman_webui_basedir }}/fulltext_index"
+    path: "{{ mailman3_webui_basedir }}/fulltext_index"
     state: directory
     owner: mailman
     group: mailman
@@ -238,7 +238,7 @@
 
 - name: Create the hyperkitty static files dirs
   ansible.builtin.file:
-    path: "{{ mailman_webui_basedir }}/{{ item }}"
+    path: "{{ mailman3_webui_basedir }}/{{ item }}"
     state: directory
     owner: mailman
     group: mailman
@@ -253,7 +253,7 @@
 
 - name: Create the fedora-specific hyperkitty img dir
   ansible.builtin.file:
-    path: "{{ mailman_webui_basedir }}/static-fedora/hyperkitty/img"
+    path: "{{ mailman3_webui_basedir }}/static-fedora/hyperkitty/img"
     state: directory
     owner: mailman
     group: mailman
@@ -265,7 +265,7 @@
 
 - name: Create the hyperkitty templates override dirs
   ansible.builtin.file:
-    path: "{{ mailman_webui_basedir }}/templates/{{ item }}"
+    path: "{{ mailman3_webui_basedir }}/templates/{{ item }}"
     state: directory
     owner: mailman
     group: mailman
@@ -280,7 +280,7 @@
 - name: Copy the initial user fixture
   ansible.builtin.template:
     src: initial-data.json.j2
-    dest: "{{ mailman_webui_confdir }}/initial-data.json"
+    dest: "{{ mailman3_webui_confdir }}/initial-data.json"
     owner: root
     group: mailman
     mode: "0640"
@@ -296,7 +296,7 @@
 - name: Replace the top.html template in hyperkitty/postorius to change banner
   ansible.builtin.copy:
     src: top.html
-    dest: "{{ mailman_webui_basedir }}/templates/hyperkitty/top.html"
+    dest: "{{ mailman3_webui_basedir }}/templates/hyperkitty/top.html"
     mode: "0644"
   notify:
     - Restart mailmanweb
@@ -308,7 +308,7 @@
 - name: Install our fedora-specific logo
   ansible.builtin.copy:
     src: logo-hyperkitty-fedora.png
-    dest: "{{ mailman_webui_basedir }}/static-fedora/logo-hyperkitty-fedora.png"
+    dest: "{{ mailman3_webui_basedir }}/static-fedora/logo-hyperkitty-fedora.png"
     mode: "0644"
   tags:
     - mailman
@@ -317,7 +317,7 @@
 - name: Install our fedora-specific favicon
   ansible.builtin.copy:
     src: favicon.ico
-    dest: "{{ mailman_webui_basedir }}/static-fedora/favicon.ico"
+    dest: "{{ mailman3_webui_basedir }}/static-fedora/favicon.ico"
     mode: "0644"
   tags:
     - mailman
@@ -326,7 +326,7 @@
 - name: Install our fedora-specific robots.txt
   ansible.builtin.copy:
     src: robots.txt
-    dest: "{{ mailman_webui_basedir }}/static-fedora/robots.txt"
+    dest: "{{ mailman3_webui_basedir }}/static-fedora/robots.txt"
     mode: "0644"
   tags:
     - mailman
@@ -335,7 +335,7 @@
 - name: Install our fedora-specific brand template override
   ansible.builtin.copy:
     src: navbar-brand.html
-    dest: "{{ mailman_webui_basedir }}/templates/hyperkitty/navbar-brand.html"
+    dest: "{{ mailman3_webui_basedir }}/templates/hyperkitty/navbar-brand.html"
     mode: "0644"
   tags:
     - mailman
@@ -344,7 +344,7 @@
 - name: Install our fedora-specific page headers
   ansible.builtin.copy:
     src: headers.html
-    dest: "{{ mailman_webui_basedir }}/templates/hyperkitty/headers.html"
+    dest: "{{ mailman3_webui_basedir }}/templates/hyperkitty/headers.html"
     mode: "0644"
   tags:
     - mailman
@@ -353,7 +353,7 @@
 - name: Install our fedora-specific login page extension
   ansible.builtin.copy:
     src: login_extra_top.html
-    dest: "{{ mailman_webui_basedir }}/templates/django_mailman3/login_extra_top.html"
+    dest: "{{ mailman3_webui_basedir }}/templates/django_mailman3/login_extra_top.html"
     mode: "0644"
   tags:
     - mailman
@@ -361,7 +361,7 @@
 
 - name: Create dirs for signup_closed page
   ansible.builtin.file:
-    path: "{{ mailman_webui_basedir }}/templates/account"
+    path: "{{ mailman3_webui_basedir }}/templates/account"
     state: directory
     owner: root
     group: root
@@ -373,7 +373,7 @@
 - name: Install our fedora-specific signup_closed page
   ansible.builtin.copy:
     src: signup_closed.html
-    dest: "{{ mailman_webui_basedir }}/templates/account/signup_closed.html"
+    dest: "{{ mailman3_webui_basedir }}/templates/account/signup_closed.html"
     mode: "0644"
   tags:
     - mailman
@@ -382,7 +382,7 @@
 - name: Install our fedmenu js hook
   ansible.builtin.template:
     src: bottom.html
-    dest: "{{ mailman_webui_basedir }}/templates/hyperkitty/bottom.html"
+    dest: "{{ mailman3_webui_basedir }}/templates/hyperkitty/bottom.html"
     mode: "0644"
   tags:
     - mailman
@@ -393,7 +393,7 @@
   ansible.builtin.command:
     cmd: |
       mailman-web migrate
-      --pythonpath {{ mailman_webui_confdir }}
+      --pythonpath {{ mailman3_webui_confdir }}
       --settings settings_admin
       --no-input
     chdir: /etc/mailman3
@@ -410,7 +410,7 @@
 - name: Install the fedora-specific modules
   ansible.builtin.copy:
     src: django_fedora_nosignup.py
-    dest: "{{ mailman_webui_confdir }}/django_fedora_nosignup.py"
+    dest: "{{ mailman3_webui_confdir }}/django_fedora_nosignup.py"
     owner: root
     group: root
     mode: "0644"
@@ -501,9 +501,21 @@
     - mailman
     - hyperkitty
 
+- name: Copy the configuration for gunicorn
+  ansible.builtin.copy:
+    src: gunicorn.conf.py
+    dest: /etc/mailman3/gunicorn.conf.py
+    owner: mailman
+    group: mailman
+    mode: "0640"
+  notify: Restart mailmanweb
+  tags:
+    - mailman
+    - hyperkitty
+
 - name: Systemd unit to start postorius/hyperkitty through gunicorn
-  ansible.builtin.template:
+  ansible.builtin.copy:
-    src: mailmanweb.service.j2
+    src: systemd/mailmanweb.service
     dest: /etc/systemd/system/mailmanweb.service
     mode: "0644"
   register: mailmanweb_systemd
@@ -530,7 +542,7 @@
 
 - name: Create the scripts dir
   ansible.builtin.file:
-    path: "{{ mailman_webui_basedir }}/bin"
+    path: "{{ mailman3_webui_basedir }}/bin"
     state: directory
     owner: root
     group: root
@@ -542,7 +554,7 @@
 - name: Install the scripts
   ansible.builtin.copy:
     src: "{{ item }}"
-    dest: "{{ mailman_webui_basedir }}/bin/{{ item }}"
+    dest: "{{ mailman3_webui_basedir }}/bin/{{ item }}"
     owner: root
     group: root
     mode: "0755"
@@ -558,7 +570,7 @@
 
 - name: Run the DMARC mitigation script
   ansible.builtin.command:
-    cmd: "python {{ mailman_webui_basedir }}/bin/enable_dmarc_mitigation.py"
+    cmd: "python {{ mailman3_webui_basedir }}/bin/enable_dmarc_mitigation.py"
   register: dmarc_output
   vars:
     pattern: "^Updated rows: [1-9]\\d*"
@@ -571,7 +583,7 @@
 - name: Install the staging-sync script
   ansible.builtin.copy:
     src: prod-to-stg.py
-    dest: "{{ mailman_webui_basedir }}/bin/prod-to-stg.py"
+    dest: "{{ mailman3_webui_basedir }}/bin/prod-to-stg.py"
     mode: "0755"
   when: env == "staging"
   tags: mailman
@@ -685,7 +697,7 @@
 
 - name: Set the SELinux policy for the static files directory
   community.general.sefcontext:
-    target: "{{ mailman_webui_basedir }}/static(/.*)?"
+    target: "{{ mailman3_webui_basedir }}/static(/.*)?"
     setype: httpd_sys_content_t
     state: present
   tags:
@@ -694,7 +706,7 @@
 
 - name: Set the SELinux policy for the templates override directory
   community.general.sefcontext:
-    target: "{{ mailman_webui_basedir }}/templates(/.*)?"
+    target: "{{ mailman3_webui_basedir }}/templates(/.*)?"
     setype: httpd_sys_content_t
     state: present
   tags:
@@ -702,7 +714,7 @@
     - selinux
 
 - name: Apply SELinux changes
-  ansible.builtin.command: restorecon -irv "{{ mailman_webui_basedir }}"
+  ansible.builtin.command: restorecon -irv "{{ mailman3_webui_basedir }}"
   register: restorecon_output
   changed_when: restorecon_output.stdout is defined and restorecon_output.stdout | length > 0
   tags:

roles/mailman3/templates/initial-data.json.j2

@@ -1,5 +1,5 @@
 [
-{% for host in mailman_domains %}
+{% for host in mailman3_domains %}
 {
     "fields": {
         "domain": "{{ host }}",
@@ -9,7 +9,7 @@
     "pk": {{ loop.index }}
 },
 {% endfor %}
-{% for service_name, service_data in mailman_login.items() %}
+{% for service_name, service_data in mailman3_login.items() %}
 {
     "fields": {
         "name": "{{ service_data.display_name }}",

roles/mailman3/templates/mailman-hyperkitty.cfg.j2

@@ -17,4 +17,4 @@ base_url: http://localhost/archives/
 
 # Shared API key, must be the identical to the value in HyperKitty's
 # settings.
-api_key: {{ mailman_hyperkitty_archiver_key }}
+api_key: {{ mailman3_hyperkitty_archiver_key }}

roles/mailman3/templates/mailman.cfg.j2

@@ -16,7 +16,7 @@ listinfo_url = /admin/
 # Set the paths to be Fedora-compliant
 layout: fhs
 
-{% if mailman_debug %}
+{% if mailman3_debug %}
 [devmode]
 enabled: yes
 recipient: ""
@@ -33,7 +33,7 @@ pid_file: /run/mailman3/master.pid
 
 [database]
 class: mailman.database.postgresql.PostgreSQLDatabase
-url: postgresql://mailmanadmin:{{ mailman_mailman_db_pass }}@{{ mailman_db_server }}/mailman
+url: postgresql://mailmanadmin:{{ mailman3_mailman_db_pass }}@{{ mailman3_db_server }}/mailman
 
 [archiver.hyperkitty]
 class: mailman_hyperkitty.Archiver
@@ -50,23 +50,23 @@ enable: yes
 [webservice]
 hostname: localhost
 port: 8001
-admin_user: {{ mailman_rest_api_username }}
+admin_user: {{ mailman3_rest_api_username }}
-admin_pass: {{ mailman_rest_api_password }}
+admin_pass: {{ mailman3_rest_api_password }}
-workers: {{ mailman_rest_api_workers }}
+workers: {{ mailman3_rest_api_workers }}
 
 [logging.root]
-level: {{ mailman_log_level }}
+level: {{ mailman3_log_level }}
-path: {{ mailman_log_directory }}/mailman.log
+path: {{ mailman3_log_directory }}/mailman.log
 
 [logging.database]
 level: warning
-path: {{ mailman_log_directory }}/database.log
+path: {{ mailman3_log_directory }}/database.log
 
-{% for item in mailman_log_items %}
+{% for item in mailman3_log_items %}
 
 [logging.{{ item }}]
-level: {{ mailman_log_level }}
+level: {{ mailman3_log_level }}
-path: {{ mailman_log_directory }}/{{ item }}.log
+path: {{ mailman3_log_directory }}/{{ item }}.log
 
 {% endfor %}
 
@@ -95,7 +95,7 @@ jump_chain: discard
 
 [mta]
 # Email is sent on the submission port to bypass spam checking.
-smtp_port: {{ mailman_smtp_port }}
+smtp_port: {{ mailman3_smtp_port }}
 # Remove DKIM signatures in the email headers.
 remove_dkim_headers: yes
 # Don't process old stale bounces

roles/mailman3/templates/mailmanweb.conf.j2

@@ -10,11 +10,11 @@ RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
 # The timeout should happen on gunicorn side, HTTP proxy should just wait
 Timeout 3600
 
-Alias /favicon.ico {{ mailman_webui_basedir }}/static/favicon.ico
+Alias /favicon.ico {{ mailman3_webui_basedir }}/static/favicon.ico
-Alias /robots.txt  {{ mailman_webui_basedir }}/static/robots.txt
+Alias /robots.txt  {{ mailman3_webui_basedir }}/static/robots.txt
-Alias /static      {{ mailman_webui_basedir }}/static
+Alias /static      {{ mailman3_webui_basedir }}/static
 
-<Directory "{{ mailman_webui_basedir }}/static">
+<Directory "{{ mailman3_webui_basedir }}/static">
     Order deny,allow
     Allow from all
     Require all granted
@@ -48,8 +48,8 @@ RewriteRule .* - [F,L]
 
 # Old static archives
 
-Alias /pipermail/ {{ mailman_webui_basedir }}/old-archives/pipermail/
+Alias /pipermail/ {{ mailman3_webui_basedir }}/old-archives/pipermail/
-<Directory {{ mailman_webui_basedir }}/old-archives/pipermail>
+<Directory {{ mailman3_webui_basedir }}/old-archives/pipermail>
     Options FollowSymLinks
     AllowOverride None
     Require all granted

roles/mailman3/templates/settings.py.j2

@@ -10,10 +10,10 @@ from mailman_web.settings.base import *  # noqa: F403
 from mailman_web.settings.mailman import *  # noqa: F403
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '{{ mailman_hyperkitty_cookie_key }}'
+SECRET_KEY = '{{ mailman3_hyperkitty_cookie_key }}'
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = {{ mailman_hyperkitty_debug }}
+DEBUG = {{ mailman3_hyperkitty_debug }}
 
 ADMINS = (
      ('HyperKitty Admin', 'abompard@fedoraproject.org'),
@@ -27,7 +27,7 @@ SITE_ID = 1
 # Hosts/domain names that are valid for this site; required if DEBUG is False
 # See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
 ALLOWED_HOSTS = [
-{% for host in mailman_domains %}
+{% for host in mailman3_domains %}
     "{{ host }}",
 {% endfor %}
     ".fedoraproject.org",
@@ -38,9 +38,9 @@ ALLOWED_HOSTS = [
 
 # Mailman API credentials
 MAILMAN_REST_API_URL = 'http://localhost:8001'
-MAILMAN_REST_API_USER = '{{ mailman_rest_api_username }}'
+MAILMAN_REST_API_USER = '{{ mailman3_rest_api_username }}'
-MAILMAN_REST_API_PASS = '{{ mailman_rest_api_password }}'
+MAILMAN_REST_API_PASS = '{{ mailman3_rest_api_password }}'
-MAILMAN_ARCHIVER_KEY = '{{ mailman_hyperkitty_archiver_key }}'
+MAILMAN_ARCHIVER_KEY = '{{ mailman3_hyperkitty_archiver_key }}'
 MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
 
 ROOT_URLCONF = 'urls'
@@ -68,7 +68,7 @@ INSTALLED_APPS = (
     'allauth.account',
     'allauth.socialaccount',
     'django_mailman3.lib.auth.fedora',
-{% for service_name, service_data in mailman_login.items() %}
+{% for service_name, service_data in mailman3_login.items() %}
 {% if service_data.provider != "fedora" %}
     'allauth.socialaccount.providers.{{ service_data.provider }}',
 {% endif %}
@@ -130,8 +130,8 @@ DATABASES = {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
         'NAME': 'hyperkitty',
         'USER': 'hyperkittyapp',
-        'PASSWORD': '{{ mailman_hyperkitty_db_pass }}',
+        'PASSWORD': '{{ mailman3_hyperkitty_db_pass }}',
-        'HOST': '{{ mailman_db_server }}',
+        'HOST': '{{ mailman3_db_server }}',
         'PORT': '',                      # Set to empty string for default.
     }
 }
@@ -230,7 +230,7 @@ SOCIALACCOUNT_ADAPTER = "django_fedora_nosignup.SignUpEnabledSocialAdapter"
 
 SOCIALACCOUNT_PROVIDERS = {
     'fedora': {
-        "server_url": "{{ mailman_openidc_server_url }}",
+        "server_url": "{{ mailman3_openidc_server_url }}",
         "token_auth_method": "client_secret_post",
     },
     'openid': {
@@ -301,7 +301,7 @@ COMPRESS_OFFLINE = True
 HAYSTACK_CONNECTIONS = {
     'default': {
         'ENGINE': 'xapian_backend.XapianEngine',
-        'PATH': "{{ mailman_webui_basedir }}/fulltext_index",
+        'PATH': "{{ mailman3_webui_basedir }}/fulltext_index",
     },
 }
 
@@ -355,7 +355,7 @@ LOGGING = {
             'level': 'DEBUG',
             #'class': 'logging.handlers.RotatingFileHandler',
             'class': 'logging.handlers.WatchedFileHandler',
-            'filename': '{{ mailman_log_directory }}/hyperkitty.log',
+            'filename': '{{ mailman3_log_directory }}/hyperkitty.log',
             'formatter': 'verbose',
         },
         'null': {

roles/mailman3/templates/settings_admin.py.j2

@@ -16,8 +16,8 @@ DATABASES = {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
         'NAME': 'hyperkitty',
         'USER': 'hyperkittyadmin',
-        'PASSWORD': '{{ mailman_hyperkitty_admin_db_pass }}',
+        'PASSWORD': '{{ mailman3_hyperkitty_admin_db_pass }}',
-        'HOST': '{{ mailman_db_server }}',
+        'HOST': '{{ mailman3_db_server }}',
         'PORT': '',
     }
 }