opendev/system-config
Code Issues Proposed changes
system-config/inventory/service/groups.yaml
Clark Boylan c1c91886b4 Add a mailman3 list server 
This should now be a largely functional deployment of mailman 3. There
are still some bits that need testing but we'll use followup changes to
force failure and hold nodes.

This deployment of mailman3 uses upstream docker container images. We
currently hack up uids and gids to accomodate that. We also hack up the
settings file and bind mount it over the upstream file in order to use
host networking. We override the hyperkitty index type to xapian. All
list domains are hosted in a single installation and we use native
vhosting to handle that.

We'll deploy this to a new server and migrate one mailing list domain at
a time. This will allow us to start with lists.opendev.org and test
things like dmarc settings before expanding to the remaining lists.

A migration script is also included, which has seen extensive
testing on held nodes for importing copies of the production data
sets.

Change-Id: Ic9bf5cfaf0b87c100a6ce003a6645010a7b50358
2022-11-11 23:20:19 +00:00

193 lines
5.1 KiB
YAML
Raw Blame History

plugin: yamlgroup
groups:
adns: adns*.open*.org
afs-server-common:
- afs[0-9]*.openstack.org
- afsdb[0-9]*.openstack.org
afs-file-server:
- afs[0-9]*.openstack.org
afs-db-server:
- afsdb[0-9]*.openstack.org
afs-client:
- mirror[0-9]*.opendev.org
- mirror-update[0-9]*.opendev.org
- ze[0-9]*.open*.org
- afsdb*.open*.org
- afs[0-9]*.open*.org
- static[0-9]*.opendev.org
borg-backup:
- etherpad[0-9]*.opendev.org
- gitea01.opendev.org
- review02.opendev.org
- zuul[0-9]*.opendev.org
- refstack01.openstack.org
- kdc03.openstack.org
- eavesdrop01.opendev.org
- paste01.opendev.org
- lists01.opendev.org
# These are test specific hosts that we add to the backup
# group to mimic as much as possible what their prod version
# end up doing.
- gitea99.opendev.org
- review99.opendev.org
- lists99.opendev.org
# All these servers are "special-cased" in specifically
# as they are puppet and should be replaced "soon"
- lists.openstack.org
- storyboard01.opendev.org
- translate01.openstack.org
borg-backup-server:
- backup02.ca-ymq-1.vexxhost.opendev.org
- backup01.ord.rax.opendev.org
cacti: cacti[0-9]*.open*.org
certcheck:
- cacti[0-9]*.open*.org
cloud-launcher:
- bridge.openstack.org
codesearch:
- codesearch[0-9]*.opendev.org
control-plane-clouds:
- bridge.openstack.org
disabled: []
dns:
- adns*.opendev.org
- ns*.opendev.org
eavesdrop: eavesdrop[0-9]*.opendev.org
etherpad: etherpad[0-9]*.open*.org
gitea:
- gitea[0-9]*.opendev.org
gitea-lb:
- gitea-lb[0-9]*.opendev.org
grafana:
- grafana[0-9]*.opendev.org
graphite:
- graphite*.opendev.org
jvb:
- jvb[0-9]*.opendev.org
kerberos-client:
- afs[0-9]*.open*.org
- afsdb*.open*.org
- kdc[0-9]*.openstack.org
- mirror[0-9]*.opendev.org
- mirror-update[0-9]*.opendev.org
- static[0-9]*.opendev.org
- ze[0-9]*.open*.org
kerberos-kdc:
- kdc03.openstack.org
- kdc04.openstack.org
kerberos-kdc-primary:
- kdc03.openstack.org
kerberos-kdc-replica:
- kdc04.openstack.org
keycloak: keycloak[0-9]*.opendev.org
letsencrypt:
- codesearch[0-9]*.opendev.org
- eavesdrop[0-9]*.opendev.org
- etherpad[0-9]*.opendev.org
- gitea[0-9]*.opendev.org
- grafana[0-9]*.opendev.org
- graphite[0-9]*.opendev.org
- insecure-ci-registry[0-9]*.opendev.org
- keycloak[0-9]*.opendev.org
- lists.katacontainers.io
- lists.openstack.org
- lists[0-9]*.opendev.org
- meetpad[0-9]*.opendev.org
- mirror[0-9]*.opendev.org
- nb[0-9]*.opendev.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- review[0-9]*.opendev.org
- static[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- translate[0-9]*.open*.org
- zuul[0-9]*.opendev.org
mailman:
- lists.katacontainers.io
- lists.openstack.org
mailman3:
- lists[0-9]*.opendev.org
meetpad:
- meetpad[0-9]*.opendev.org
mirror:
- mirror[0-9]*.opendev.org
mirror-update:
- mirror-update[0-9]*.opendev.org
nodepool:
- nb[0-9]*.opendev.org
- nl[0-9]*.open*.org
nodepool-builder:
- nb[0-9]*.opendev.org
nodepool-launcher:
- nl[0-9]*.open*.org
ns:
- ns[0-9]*.open*.org
paste:
- paste[0-9]*.opendev.org
puppet:
- cacti[0-9]*.open*.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- translate-dev[0-9]*.open*.org
- translate[0-9]*.open*.org
puppet4:
- cacti[0-9]*.open*.org
- storyboard[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
- translate[0-9]*.open*.org
- translate-dev[0-9]*.open*.org
refstack:
- refstack[0-9]*.openstack.org
registry:
- insecure-ci-registry[0-9]*.opendev.org
review:
- review[0-9]*.opendev.org
# This group disables operations like project-managment and
# replication. It is intended for staging new production servers.
#review-staging:
static:
- static[0-9]*.opendev.org
storyboard:
- storyboard[0-9]*.opendev.org
storyboard-dev:
- storyboard-dev[0-9]*.opendev.org
translate-dev:
- translate-dev[0-9]*.open*.org
translate:
- translate[0-9]*.open*.org
webservers:
- cacti[0-9]*.open*.org
- codesearch[0-9]*.opendev.org
# eavesdrop has its own group with custom ports
- etherpad[0-9]*.open*.org
- grafana[0-9]*.opendev.org
- graphite*.opendev.org
- keycloak[0-9]*.opendev.org
- nb[0-9]*.opendev.org
- nl[0-9]*.open*.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- static[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- translate-dev[0-9]*.open*.org
- translate[0-9]*.open*.org
zookeeper:
- zk[0-9]*.open*.org
zuul-lb:
- zuul-lb[0-9]*.opendev.org
zuul:
- ze[0-9]*.opendev.org
- zm[0-9]*.opendev.org
- zuul[0-9]*.opendev.org
zuul-executor:
- ze[0-9]*.opendev.org
zuul-merger:
- zm[0-9]*.opendev.org
zuul-preview:
- zp[0-9]*.opendev.org
zuul-scheduler:
- zuul[0-9]*.opendev.org
zuul-web:
- zuul[0-9]*.opendev.org
View Git Blame Copy Permalink