#6455 Investigate lists.pagure.org
Closed: Fixed 5 years ago Opened 6 years ago by pingou.

I think it would be cool to offer mailing lists to project hosted on pagure.io, but probably better to do it on pagure.org.

So what would it take to have a lists.pagure.org, ideally, it would be great to consolidate this on the current instance we run (if at all possible) to reduce the maintenance burden.

Thanks! :)


@abompard Another one for your input. Should be pretty easy to add lists.pagure.org to our current instance?

Metadata Update from @kevin:
- Issue tagged with: lists

6 years ago

Hey, @abompard, have you had some time to look into this?

Can I help with something?

@pingou what's the reason you think lists.pagure.org might be better? Just being curious.

@puiterwijk, be better than?

I'm just looking for a place that project hosted on pagure.io could ask for mailing list. @lists.pagure.org seemed better than @fedorahosted.org :)

I'm also interested in having officials pagure-devel and pagure-announce mailing lists that we could point people to.

Sure, I just meant in the @lists.pagure.io vs @lists.pagure.org :)

ah, that :)

No preferences there, either is fine by me. The entirely different domain name was more about potential security implications, but if lists.pagure.io is ok, I'm definitely fine with that :)

Yeah, it should be pretty trivial to add the lists.pagure.org domain to our current Mailman instance. We have to add it in ansible (for postfix and the Django config) and then create the domain in Mailman using the web UI. I don't know about the DNS MX records though.

Should we take this as an opportunity to write a SOP for it?

@abompard Can you make this so? :tophat:

Metadata Update from @kevin:
- Issue assigned to abompard
- Issue priority set to: Waiting on Asignee

5 years ago

Yeah I'll do it as soon as the freeze is over, sorry for the wait.

Wow this really slipped my mind, sorry. I've started writing the SOP and I'm testing it, but I don't know what I should change in Ansible to have the SMTP proxies forward the domain lists.pagure.io to mailman01. Any idea there?

So, our incoming smtp hits 3 machines we have in various locations: smtp-mm<whatever>.fedoraproject.org. Then those send it in to mailman01 to process.

You will need to add lists.pagure.io to:
roles/base/files/postfix/transports.mm-smtp
roles/base/files/postfix/main.cf/main.cf.smtp-mm

(for web): a new site in:
playbooks/include/proxies-websites.yml:
and a proxy to mailman01:
playbooks/include/proxies-reverseproxy.yml:

That should do it... in addition to any changes on mailman01 of course. Let me know if you want me to assist with any of that.

thanks Kevin. I've prepared all that but I realize I'll need an SSL certificate for lists.pagure.io. How can I make one? I don't have access to the private ansible repo so I'm not sure I can do it.

We have now a letsencrypt role. Just add that to the mailman playbook and it should request a cert from letsencrypt, have that redirected by our proxies to a certgetter machine and then place the certs on mailman01. Let me know if it fails for any reason...

@abompard have you made any progress on this? Anything I could help with?

I'd like to announce the lists in the 5.0 announcement :)

@kevin Sorry for the delay, one question: with that LetsEncrypt role, the SSL tunnel will not be handled by the proxy, but by mailman01? Currently mailman01's apache is not listening on port 443, everything SSL-related is done by the proxies. If we add lists.pagure.org to mailman01, can the proxies handle SSL for that domain too?

So, if you add the letsencrypt role to the proxy playbook, what it does is:

  • delegates to certgetter01.phx2.fedoraproject.org with the domain arguments passed it.
  • certgetter01 requests a cert from letsencrypt
  • letsencrypt needs to verify we own the domain, so it tells certgetter01 a filename and then it tries to get that file from lists.pagure.org to confirm the domain.
  • lists.pagure.org (which doesn't exist yet, but will when we add it to dns) points to our proxies.
  • Our proxies know to proxy anything that looks like a letsencrypt validation to certgetter01, and it gets it and is happy.

So, no, mailman01 doesn't need to do ssl, it's still all behind proxies.

Would you like me to setup this part of things? (dns, proxies, ssl cert) and you can then do whatever magic is needed for smtp hosts and mailman01?

Thanks for your reply and your offer Kevin, but I'd like to try and set it up. Here's the diff I'm coming up with, do you see something wrong or missing?

lpi.patch

Looks pretty reasonable to me... did we want lists.pagure.io or lists.pagure.org ?

I can make the dns entry whenever, but we will need a freeze break right now to change the proxies. Or we could wait until after freeze. I'm fine either way, happy to +1 a patch to the list. ;)

Cool! I think we only want lists.pagure.io, I can remove the alias directive.

I don't mind waiting after the freeze, this has been waiting a while already (sorry about that) but @pingou wanted to announce the lists with Pagure 5.0, and I don't know what that timeline is.

ok, dns is done.

Go ahead and send a freeze break to the list and if we get 2+1s we can go ahead and push it live. :)

+1 for the FBR, the timeline for this is hopefully next Monday :]

I think this is all done now?

Please reopen if there's anything further to do.

:inbox_tray:

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

5 years ago

I think this is all done now?

Yup, looks fine to me thanks :)

Metadata Update from @pingou:
- Issue status updated to: Open (was: Closed)

5 years ago

Metadata Update from @pingou:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata Update from @pingou:
- Issue status updated to: Open (was: Closed)

5 years ago

Metadata Update from @pingou:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata
Attachments 1
Attached 5 years ago View Comment