Move Airship and Kata lists to Mailman 3

This uncomments the list additions for the lists.airshipit.org and
lists.katacontainers.io sites on the new mailman server, removing
the configuration for them from the lists.opendev.org server and, in
the case of the latter, removing all our configuration management
for the server as it was the only site hosted there.

Change-Id: Ic1c735469583e922313797f709182f960e691efc

inventory/base/hosts.yaml

@@ -308,17 +308,6 @@ all:
         - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKUtLplUhod5VnjVoTY5WHhjOHrRM6puFpFpcr9iJmOKkbnJ5V2SA8U0thFEne4XUoa/eZ3SiQ9Yt923+1MAcKQ='
         - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5qje1++4tUZ1U4sQ2Jsju/S4BdpCeiauSxZ2uMdQSegtjZ4GclxRjP4zJjL6P/iixTwjsu4dOEnvPt8B9JZGEaYERzKiqjIRT3I80mTjI0wsx+bN38Z2xg5Tm1O5xrOxT0rjA2zGJDRtMhk6IwmUg4DELlxUfalsWgpoZV0fYxUFneOgVuG8XY841b1igh2ScyOuSfu8RQFF3YTulzoT7o8QzgdKiliciLAWujy+4okN8wln5/atqiDuN7oi+9WYLt/HW2YZTUHd2/u+ZghgvbVVJ8xsB2gQ+BESS3P4YZsWMqM/7lz/7GVUQfolRnC5dyPOa9cwuoBW9ru6VGYH/'
         - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSUpspKrIHEXRkP9xIa/hyKkauDvuPX0nVwWpUzQkIh'
-    lists.katacontainers.io:
-      ansible_host: 166.78.47.37
-      location:
-        cloud: openstackci-rax
-        region_name: DFW
-      public_v4: 166.78.47.37
-      public_v6: 2001:4800:7817:101:be76:4eff:fe04:80b5
-      host_keys:
-        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkPpf6WNMAxeFbR3yiq9I7ifq2TshiTPSTRflj7NpoJQlBiX59PJ0bBiAF9phhdzGW33OAx/zp055bsj1sVHLoYpLzZ4tefvObt49f0N3+Az5jSW+xbNC0pCYL4BGGJiM3AB2/PKB+8l+/RyXOo4eQJoQxAMnCRsh+X2Ibs7L+S+IOjfA72Yz89tUH9dVPkvIrqGHKf4Z8cSU5OED2xmXTFXigtspFrrWbevmwtTXSl4+LlhqDRn/vfqpNMgqqS1EjrLuQErvCUcu4Klpx+CNfh/CBhmHNBqFW0w2BIGO9AEBFRU1QwBudVcS/cdUUM7QvbImuL1Om5ZXG1jEj16BZ'
-        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDQJf+iFa/hHlZTy5qZQ700atL8HzhvbcJldnZ6lF9NCAXAX6e0GaoUZkSEOeXJ5ocgt+PCgwK8SYNnCwLxb+wI='
-        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3KKNA1elc/w9o5Q2G35s27FPLIdNIle4SHAuWfJWH3'
     lists.openstack.org:
       ansible_host: 50.56.173.222
       location:

inventory/service/groups.yaml

@@ -92,7 +92,6 @@ groups:
     - graphite[0-9]*.opendev.org
     - insecure-ci-registry[0-9]*.opendev.org
     - keycloak[0-9]*.opendev.org
-    - lists.katacontainers.io
     - lists.openstack.org
     - lists[0-9]*.opendev.org
     - meetpad[0-9]*.opendev.org
@@ -107,7 +106,6 @@ groups:
     - translate[0-9]*.open*.org
     - zuul[0-9]*.opendev.org
   mailman:
-    - lists.katacontainers.io
     - lists.openstack.org
   mailman3:
     - lists[0-9]*.opendev.org

inventory/service/host_vars/lists.katacontainers.io.yaml

@@ -1,81 +0,0 @@
-mm_domains: lists.katacontainers.io
-exim_local_domains: "@:{{ mm_domains }}"
-exim_aliases:
-  root: "{{ ','.join(listadmins|default([])) }}"
-exim_routers:
-  - dnslookup: '{{ exim_dnslookup_router }}'
-  - system_aliases: '{{ exim_system_aliases_router }}'
-  - localuser: '{{ exim_localuser_router }}'
-  - mailman_verp_router: |
-      {% raw -%}
-      driver = dnslookup
-      # we only consider messages sent in through loopback
-      condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
-                              {eq{$sender_host_address}{::1}}}{yes}{no}}
-      {% endraw %}
-      # we do not do this for traffic going to the local machine
-      domains = !+local_domains
-      ignore_target_hosts = <; 0.0.0.0; \
-                                        127.0.0.0/8; \
-                                        ::1/128;fe80::/10;fe \
-                                        c0::/10;ff00::/8
-      # only the un-VERPed bounce addresses are handled
-      senders = "*-bounces@*"
-      transport = mailman_verp_smtp
-  - mailman_router: |
-      driver            = accept
-      domains           = {{ mm_domains }}
-      require_files     = /var/lib/mailman/lists/${lc::$local_part}/config.pck
-      local_part_suffix_optional
-      local_part_suffix = -admin     : \
-             -bounces   : -bounces+* : \
-             -confirm   : -confirm+* : \
-             -join      : -leave     : \
-             -owner     : -request   : \
-             -subscribe : -unsubscribe
-      transport         = mailman_transport
-exim_transports:
-  - mailman_transport: |
-      driver = pipe
-      command = /var/lib/mailman/mail/mailman \
-          '${if def:local_part_suffix \
-                {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
-                {post}}' \
-          $local_part
-      current_directory = /var/lib/mailman
-      home_directory = /var/lib/mailman
-      user = list
-      group = list
-  - mailman_verp_smtp: |
-      driver = smtp
-      # put recipient address into return_path
-      return_path = \
-        ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
-      max_rcpt = 1
-      # Errors-To: may carry old return_path
-      headers_remove = Errors-To
-      headers_add = Errors-To: ${return_path}
-extra_users:
-  - jbryce
-letsencrypt_certs:
-  lists-katacontainers-io-main:
-    - lists.katacontainers.io
-mailman_multihost: false
-mailman_listdomain: 'lists.katacontainers.io'
-mailman_lists:
-  - name: mailman
-    description: 'The mailman site list'
-    admin: 'nobody@openstack.org'
-    password: "{{ mailman_list_password }}"
-  - name: kata-dev
-    description: 'Kata Containers Development Mailing List (not for usage questions)'
-    admin: 'jonathan@openstack.org'
-    password: "{{ mailman_list_password }}"
-  - name: kata-hypervisor
-    description: 'Discussion of security and virtualization targeted at container use cases'
-    admin: 'jonathan@openstack.org'
-    password: "{{ mailman_list_password }}"
-  - name: embargo-notice
-    description: 'Announcements of embargoed notices for the Kata Containers project'
-    admin: 'jonathan@openstack.org'
-    password: "{{ mailman_list_password }}"

inventory/service/host_vars/lists.openstack.org.yaml

@@ -117,34 +117,6 @@ letsencrypt_certs:
     - lists.starlingx.io
 mailman_multihost: true
 mailman_sites:
-  - name: airship
-    listdomain: lists.airshipit.org
-    install_languages: ['en']
-    lists:
-      - name: mailman
-        description: 'The mailman site list'
-        admin: 'nobody@openstack.org'
-        password: "{{ mailman_list_password }}"
-      - name: airship-announce
-        description: 'Announcements of Airship releases and other important information.'
-        admin: 'jonathan@openstack.org'
-        password: "{{ mailman_list_password }}"
-      - name: airship-discuss
-        description: 'Discussion of Airship usage and development.'
-        admin: 'jonathan@openstack.org'
-        password: "{{ mailman_list_password }}"
-      - name: airship-job-failures
-        description: 'Notification messages for failures from CICD jobs.'
-        admin: 'roman.gorshunov@att.com'
-        password: "{{ mailman_list_password }}"
-      - name: airship-security
-        description: 'Public Airship security advisories.'
-        admin: 'andrew.walters@att.com'
-        password: "{{ mailman_list_password }}"
-      - name: airship-embargo-notice
-        description: 'Embargoed security vulnerability announcements for Airship consumers.'
-        admin: 'andrew.walters@att.com'
-        password: "{{ mailman_list_password }}"
   - name: openinfra
     listdomain: lists.openinfra.dev
     install_languages: ['en']

inventory/service/host_vars/lists01.opendev.org.yaml

@@ -94,42 +94,42 @@ mailman_sites:
       - name: zuul-jobs-failures
         description: 'Gets notifications about zuul-jobs periodic job failures.'
         owner: 'corvus@inaugust.com'
+  - listdomain: lists.airshipit.org
+    install_languages: ['en']
+    lists:
+      - name: airship-announce
+        description: 'Announcements of Airship releases and other important information.'
+        owner: 'jonathan@openstack.org'
+      - name: airship-discuss
+        description: 'Discussion of Airship usage and development.'
+        owner: 'jonathan@openstack.org'
+      - name: airship-embargo-notice
+        description: 'Embargoed security vulnerability announcements for Airship consumers.'
+        owner: 'andrew.walters@att.com'
+        private: true
+      - name: airship-job-failures
+        description: 'Notification messages for failures from CICD jobs.'
+        owner: 'roman.gorshunov@att.com'
+      - name: airship-security
+        description: 'Public Airship security advisories.'
+        owner: 'andrew.walters@att.com'
+  - listdomain: lists.katacontainers.io
+    install_languages: ['en']
+    lists:
+      - name: embargo-notice
+        description: 'Announcements of embargoed notices for the Kata Containers project'
+        owner: 'jonathan@openstack.org'
+        private: true
+      - name: kata-dev
+        description: 'Kata Containers Development Mailing List (not for usage questions)'
+        owner: 'jonathan@openstack.org'
+      - name: kata-hypervisor
+        description: 'Discussion of security and virtualization targeted at container use cases'
+        owner: 'jonathan@openstack.org'
   # The domains and lists below are currently commented out as we intend on
   # deploying a single domain and its lists at a time starting with
   # lists.opendev.org. As we deploy other domains we can uncomment these
   # blocks. Double check no new lists are been added or removed first.
-  #- listdomain: lists.airshipit.org
-  #  install_languages: ['en']
-  #  lists:
-  #    - name: airship-announce
-  #      description: 'Announcements of Airship releases and other important information.'
-  #      owner: 'jonathan@openstack.org'
-  #    - name: airship-discuss
-  #      description: 'Discussion of Airship usage and development.'
-  #      owner: 'jonathan@openstack.org'
-  #    - name: airship-embargo-notice
-  #      description: 'Embargoed security vulnerability announcements for Airship consumers.'
-  #      owner: 'andrew.walters@att.com'
-  #      private: true
-  #    - name: airship-job-failures
-  #      description: 'Notification messages for failures from CICD jobs.'
-  #      owner: 'roman.gorshunov@att.com'
-  #    - name: airship-security
-  #      description: 'Public Airship security advisories.'
-  #      owner: 'andrew.walters@att.com'
-  #- listdomain: lists.katacontainers.io
-  #  install_languages: ['en']
-  #  lists:
-  #    - name: embargo-notice
-  #      description: 'Announcements of embargoed notices for the Kata Containers project'
-  #      owner: 'jonathan@openstack.org'
-  #      private: true
-  #    - name: kata-dev
-  #      description: 'Kata Containers Development Mailing List (not for usage questions)'
-  #      owner: 'jonathan@openstack.org'
-  #    - name: kata-hypervisor
-  #      description: 'Discussion of security and virtualization targeted at container use cases'
-  #      owner: 'jonathan@openstack.org'
   #- listdomain: lists.openinfra.dev
   #  install_languages: ['en']
   #  lists:

playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml

@@ -22,10 +22,6 @@ results:
     - letsencrypt
     - webservers
 
-  lists.katacontainers.io:
-    - letsencrypt
-    - mailman
-
   mirror01.regionone.linaro.opendev.org:
     - afs-client
     - kerberos-client

playbooks/roles/letsencrypt-create-certs/handlers/main.yaml

@@ -42,9 +42,6 @@
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml
 
 # mailman
-- name: letsencrypt updated lists-katacontainers-io-main
-  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
-
 - name: letsencrypt updated lists-openstack-org-main
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 

playbooks/test-lists.yaml

@@ -12,17 +12,6 @@
       loop_control:
         loop_var: zuul_mailman_site
 
-- hosts: "lists.katacontainers.io"
-  tasks:
-
-    # Make sure Mailman services are running so that they will attempt to
-    # deliver any pending list admin notifications and we can capture that
-    # activity in the Exim logs.
-    - name: Restart Mailman services
-      service:
-        name: "mailman"
-        state: restarted
-
 - hosts: "localhost"
   tasks:
 

playbooks/zuul/run-base.yaml

@@ -143,7 +143,6 @@
         - host_vars/letsencrypt01.opendev.org.yaml
         - host_vars/letsencrypt02.opendev.org.yaml
         - host_vars/lists.openstack.org.yaml
-        - host_vars/lists.katacontainers.io.yaml
         - host_vars/gitea99.opendev.org.yaml
         - host_vars/grafana01.opendev.org.yaml
         - host_vars/mirror01.openafs.provider.opendev.org.yaml

playbooks/zuul/templates/host_vars/lists.katacontainers.io.yaml.j2

@@ -1 +0,0 @@
-mailman_list_password: notarealpassword

testinfra/test_lists_k_i.py

@@ -1,37 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-testinfra_hosts = ['lists.katacontainers.io']
-
-def test_mm_list_is_present(host):
-    cmd = host.run('list_lists --bare')
-    assert 'kata-dev' in cmd.stdout
-
-def test_mm_list_site(host):
-    cmd = host.run('curl --insecure '
-                   '--resolve lists.katacontainers.io:443:127.0.0.1 '
-                   'https://lists.katacontainers.io/cgi-bin/mailman/listinfo')
-    assert '<TITLE>lists.katacontainers.io Mailing Lists</TITLE>' in cmd.stdout
-
-def test_mm_list_site_redirect_http(host):
-    cmd = host.run('curl '
-                   '--resolve lists.katacontainers.io:80:127.0.0.1 '
-                   'http://lists.katacontainers.io/cgi-bin/mailman/listinfo')
-    assert ('The document has moved <a href="'
-            'https://lists.katacontainers.io/cgi-bin/mailman/listinfo'
-            '">here</a>') in cmd.stdout
-
-def test_mm_list_site_static_files(host):
-    cmd = host.run('curl --insecure '
-                   '--resolve lists.katacontainers.io:443:127.0.0.1 '
-                   'https://lists.katacontainers.io/robots.txt')
-    assert 'Disallow: /' in cmd.stdout

testinfra/test_lists_o_o.py

@@ -13,9 +13,6 @@
 testinfra_hosts = ['lists.openstack.org']
 
 def test_mm_list_is_present(host):
-    cmd = host.run('HOST=lists.airshipit.org list_lists --bare')
-    assert 'airship-discuss' in cmd.stdout
-
     cmd = host.run('HOST=lists.openinfra.dev list_lists --bare')
     assert 'staff' in cmd.stdout
 
@@ -26,10 +23,6 @@ def test_mm_list_is_present(host):
     assert 'starlingx-discuss' in cmd.stdout
 
 def test_mm_list_site(host):
-    cmd = host.run('curl --insecure '
-                   '--resolve lists.airshipit.org:443:127.0.0.1 '
-                   'https://lists.airshipit.org/cgi-bin/mailman/listinfo')
-    assert '<TITLE>lists.airshipit.org Mailing Lists</TITLE>' in cmd.stdout
     cmd = host.run('curl --insecure '
                    '--resolve lists.openinfra.dev:443:127.0.0.1 '
                    'https://lists.openinfra.dev/cgi-bin/mailman/listinfo')
@@ -44,12 +37,6 @@ def test_mm_list_site(host):
     assert '<TITLE>lists.starlingx.io Mailing Lists</TITLE>' in cmd.stdout
 
 def test_mm_list_site_redirect_http(host):
-    cmd = host.run('curl '
-                   '--resolve lists.airshipit.org:80:127.0.0.1 '
-                   'http://lists.airshipit.org/cgi-bin/mailman/listinfo')
-    assert ('The document has moved <a href="'
-            'https://lists.airshipit.org/cgi-bin/mailman/listinfo'
-            '">here</a>') in cmd.stdout
     cmd = host.run('curl '
                    '--resolve lists.openinfra.dev:80:127.0.0.1 '
                    'http://lists.openinfra.dev/cgi-bin/mailman/listinfo')

zuul.d/infra-prod.yaml

@@ -570,7 +570,6 @@
     files:
       - inventory/base
       - inventory/service/host_vars/lists.openstack.org.yaml
-      - inventory/service/host_vars/lists.katacontainers.io.yaml
       - playbooks/roles/iptables/
       - playbooks/roles/base/exim
       - playbooks/roles/mailman/

zuul.d/system-config-run.yaml

@@ -290,8 +290,6 @@
         - <<: *bridge_node_x86
         - name: lists.openstack.org
           label: ubuntu-focal
-        - name: lists.katacontainers.io
-          label: ubuntu-focal
       groups:
         - <<: *bastion_group
     required-projects:
@@ -299,15 +297,12 @@
     files:
       - playbooks/bootstrap-bridge.yaml
       - inventory/service/host_vars/lists.openstack.org.yaml
-      - inventory/service/host_vars/lists.katacontainers.io.yaml
       - inventory/service/group_vars/mailman.yaml
       - playbooks/roles/base/exim
       - playbooks/roles/mailman/
       - playbooks/service-lists.yaml
       - playbooks/test-lists.yaml
       - playbooks/zuul/templates/host_vars/lists.openstack.org.yaml.j2
-      - playbooks/zuul/templates/host_vars/lists.katacontainers.io.yaml.j2
-      - testinfra/test_lists_k_i.py
       - testinfra/test_lists_o_o.py
       - playbooks/zuul/run-lists-post.yaml
     vars:
@@ -318,12 +313,6 @@
         - playbooks/service-lists.yaml
       run_test_playbook: playbooks/test-lists.yaml
     host-vars:
-      lists.katacontainers.io:
-        host_copy_output:
-          '/var/log/acme.sh': logs
-          '/var/log/apache2': logs
-          '/var/log/mailman': logs
-          '/etc/apache2/sites-enabled': logs
       lists.openstack.org:
         host_copy_output:
           '/etc/aliases.domain': logs_txt