nicwaller / puppet-mailman Goto Github PK
View Code? Open in Web Editor NEWPuppet module for Mailman
Home Page: https://forge.puppetlabs.com/nwaller/mailman
License: Apache License 2.0
Puppet module for Mailman
Home Page: https://forge.puppetlabs.com/nwaller/mailman
License: Apache License 2.0
On Ubuntu Server 12.04, the username and groupname for Mailman is "list". uid=38. This needs to be set in params.
Right now, the module always redirects requests for the root /
to /mailman/listinfo
but in some cases people might want to have a custom landing page. So this redirect behaviour should be optional.
$cf3 = "RedirectMatch ^/?$ http://${server_name}/mailman/listinfo"
puppet-mailman/manifests/apache.pp
Line 60 in e735829
PS. Delete this file: puppet-mailman / templates / mailman_vhost.conf.erb
The mailman command genaliases
is automatically triggered when the config file changes, but due to a bug in genaliases before Mailman 2.1.15, large sites will experience temporary downtime when using genaliases.
So the call to genaliases should probably be commented out, or at least dependent on the version of Mailman in use.
puppet-mailman/manifests/init.pp
Line 126 in b2b8a89
Putting lock_dir on NFS fails with SELinux enforcing mode.
Workarounds include:
setenforce 0
In params.pp the value for config_dir is hardcoded. It should be possible for users of the module to change this value.
In Mailman, in MTA module for Postfix (and maybe others), the location of the aliases file is hardcoded as ${config_dir}/aliases. Therefore, in order to support alternate locations for the aliases file, it is necessary to support custom config_dir.
And furthermore, it is important to customize the location of the aliases file if you have multiple mailman servers that might all be updating that aliases file, then it should be on shared storage somewhere.
It seems that the Mailman program bin/rmlist
has the lists
folder hardcoded as a subdir of VAR_PREFIX instead of referring to LIST_DATA_DIR, at least in the version I'm using. If that's true, then the configuration must take care not to break this correspondence.
On Ubuntu Server 12.04, awk is installed to `/usr/bin/awk'. This causes a problem for mailmanversion.rb, the custom facter fact, because the path to awk is currently hardcoded.
/bin/awk not found on Ubuntu Server 12.04
Apache module custom_fragment expects a string, not an array. So the string needs to be precomposed by Puppet otherwise the entire puppet syntax gets written into the file.
Reproducible on Fedora 17, fits documentation and source code. Strangely did not notice on SL6.
It doesn't make sense to have var_prefix
as a parameter in init.pp
VAR_PREFIX is a variable that is set during Mailman compilation. Any given OS package will have a var_prefix associated with it, that needs to be set in params.pp.
The only reason var_prefix is a parameter is because the upstream Red Hat packages for Mailman have an error in bin/rmlist that explicitly depends on var_prefix instead of using list_data_dir.
TODO: try to get this fixed upstream.
Will need to fix minor details, like webserver user is apache instead of httpd.
It would be nice to include a helper class that sets up iptables using the puppetlabs/firewall module.
Hi Nic,
If you don't mind I would like to ask if your module is alive. We used is for a year or so however we are getting to much dependencies problems. Is it okay if I create some pull requests?
regards from Holland
Mark
On redhat, list_data_dir must be a direct descedent of var_prefix, due to a programming weakness in bin/rmlist introduced in the red hat packages. (they use var_prefix+"lists" instead of list_data_dir)
Double-check to ensure that creating lists from the web-based interface on a separate server works correctly, especially with regard to file permissions and SELinux permissions.
Facter doesn't report $::fqdn on Ubuntu Server 12.04. This is required to configure smtp_hostname
in init.pp. Also, the smtp hostname must have two or more DNS labels in order to satisfy Mailman.
(Discovered while testing for #14.)
Use Puppet apache module instead of trying to self-configure. It will be much easier to support in a cross-platform fashion, and dependencies aren't a huge problem as long as the module is published on puppet forge.
Currently on Ubuntu Server 12.04, there is a failure trying to install Package['httpd'].
The behaviour of rmlist
on Mailman for RedHat-based systems is to replace the aliases file instead of updating it in place, which causes problems if the aliases file is intended to be set up as a symlink.
Therefore, the aliases file will need to be placed explicitly instead of using symlinks.
Need to check to see if this module is affected by this behaviour. Also ensure that newlist and rmlist are added to regression tests for the future.
Postfix refuses connections from external hosts.
telnet 1.2.3.4:25
Trying 1.2.3.4...
telnet: connect to address 1.2.3.4: Connection refused
In init.pp, only some of the file resources specify a seltype (SELinux type). All file resources need to have a seltype associated for compliance with SELinux sysytems.
Firstrun error on Fedora 17. Testing revision 64ae9bb.
Error: Could not set 'file' on ensure: No such file or directory - /etc/postfix/main.cf.puppettmp_4771 at 116:/etc/puppet/modules/postfix/manifests/server.pp
Error: Could not set 'file' on ensure: No such file or directory - /etc/postfix/main.cf.puppettmp_4771 at 116:/etc/puppet/modules/postfix/manifests/server.pp
Wrapped exception:
No such file or directory - /etc/postfix/main.cf.puppettmp_4771
Error: /File[/etc/postfix/main.cf]/ensure: change from absent to file failed: Could not set 'file' on ensure: No such file or directory - /etc/postfix/main.cf.puppettmp_4771 at 116:/etc/puppet/modules/postfix/manifests/server.pp
SELinux prevents Apache starting on Fedora 17.
type=AVC msg=audit(1381089856.490:92): avc: denied { search } for
pid=5179 comm="httpd" name="mailman" dev="xvda1" ino=165377
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:mailman_log_t:s0 tclass=dir
SELinux prevents Apache from being able to { search } in /var/log/mailman directory. I guess it's not OK to mix and mingle Apache logs with Mailman logs.
This was discovered as part of #26.
options.pp
Right now, only a small subset of list defaults can be customized in this Module. It would make more sense, be more general, to allow all list defaults to be customized in Puppet.
The complete list can be found in Mailman/Defaults.py
.
Introduce a custom Fact for the installed Mailman version.
Add a postfix helper class to enable the simplest possible installation.
newlist fails on Ubuntu 12.04 on fresh install.
File "/var/lib/mailman/Mailman/Utils.py", line 557, in findtext
raise IOError(errno.ENOENT, 'No template file found', templatefile)
IOError: [Errno 2] No template file found: 'emptyarchive.html'
When I put my Mailman data onto an NFS mount, I had to set this seboolean in order to make Apache work correctly with the archives files.
setsebool -P httpd_use_nfs 1
This should be done automatically in the mailman::selinux class.
Parameter documentation for init class still needs to be filled out
Hiera example needs to show all numbers as strings because of validation requirement and strange parser behaviour. Include a warning about this.
Move code comments into PARAM documentation!
The apache stub helper uses the puppetlabs-apache module, and depends on the logroot
parameter which was introduced in version 0.9.0. So the Modulefile
should explicitly state that dependency.
Some people have private content in mailing lists that they might not want indexed by search engines. By default, this module should create a robots.txt file in the Apache web root. Also add a config option that allows changing this behaviour.
On a new test system, encountered these errors on first run.
Error: Could not set 'directory' on ensure: Could not find group mailman at 37:/etc/puppet/modules/mailman/manifests/etclinks.pp
Error: Could not set 'directory' on ensure: Could not find group mailman at 37:/etc/puppet/modules/mailman/manifests/etclinks.pp
Wrapped exception:
Could not find group mailman
Error: /File[/etc/mailman]/ensure: change from absent to directory failed: Could not set 'directory' on ensure: Could not find group mailman at 37:/etc/puppet/modules/mailman/manifests/etclinks.pp
Notice: /File[/etc/mailman/virtual-mailman]: Dependency File[/etc/mailman] has failures: true
Warning: /File[/etc/mailman/virtual-mailman]: Skipping because of failed dependencies
and later
Notice: /File[/etc/mailman/aliases.db]: Dependency File[/etc/mailman] has failures: true
Warning: /File[/etc/mailman/aliases.db]: Skipping because of failed dependencies
Notice: /File[/etc/mailman/aliases]: Dependency File[/etc/mailman] has failures: true
Warning: /File[/etc/mailman/aliases]: Skipping because of failed dependencies
Notice: /File[/var/lib/mailman/data/adm.pw]/ensure: created
Notice: /File[/etc/mailman/adm.pw]: Dependency File[/etc/mailman] has failures: true
Warning: /File[/etc/mailman/adm.pw]: Skipping because of failed dependencies
Notice: /File[/etc/mailman/creator.pw]: Dependency File[/etc/mailman] has failures: true
Warning: /File[/etc/mailman/creator.pw]: Skipping because of failed dependencies
Init.pp allows the path to some non-variable directories to be customized, but that isn't actually helpful at all because those directories are not automatically populated.
Example: if a user setting up a new installation was to customize $template_dir with a parameter to init.pp, they would end up with a non-functioning Mailman installation because $template_dir only works when it points to the dir where the templates are preinstalled.
The list of parameters should be reconsidered. Any parameter that will lead to a broken installation if changed should be removed.
Apache quickconfig needs to enable NameVirtualHost
On a brand new installation, attempting to use newlist
results in a fatal error from postalias.
postalias: fatal: open database /var/lib/mailman/data/aliases.db: Permission denied
This happens because postalias sheds root privileges and runs in the context of the owner of the aliases file, the mailman
user. We must have an owner set on the aliases file so that both Mailman and Apache can write to it, so the easiest way to fix this is by making Mailman the owner on $data_dir
.
This still results in a warning the first time newlist is used because postalias doesn't like overwriting zero-length files.
postalias: warning: removing zero-length database file: /var/lib/mailman/data/aliases.db
apache_error_log
[Sun Sep 15 02:50:56.897184 2013] [authz_core:error] [pid 10942] [client 142.207.112.53:58410] AH01630: client denied by server configuration: /usr/lib/mailman/cgi-bin/listinfo
This is likely to be a problem with the Apache .conf file I'm generating, relative to the requirements of Apache 2.4 in F18 and F19.
Source: http://forums.fedoraforum.org/showthread.php?t=288844
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.