c1c91886b4
This should now be a largely functional deployment of mailman 3. There are still some bits that need testing but we'll use followup changes to force failure and hold nodes. This deployment of mailman3 uses upstream docker container images. We currently hack up uids and gids to accomodate that. We also hack up the settings file and bind mount it over the upstream file in order to use host networking. We override the hyperkitty index type to xapian. All list domains are hosted in a single installation and we use native vhosting to handle that. We'll deploy this to a new server and migrate one mailing list domain at a time. This will allow us to start with lists.opendev.org and test things like dmarc settings before expanding to the remaining lists. A migration script is also included, which has seen extensive testing on held nodes for importing copies of the production data sets. Change-Id: Ic9bf5cfaf0b87c100a6ce003a6645010a7b50358
293 lines
12 KiB
YAML
293 lines
12 KiB
YAML
# Handlers for "letsencrypt update {{ key }}" events
|
|
#
|
|
# Note that because Ansible requires every called handler to have a
|
|
# listener, every host will need to provide a handler somehow.
|
|
#
|
|
# NOTE(ianw): as at 04/2019 it seems that something like
|
|
# listen: letsencrypt updated letsencrypt01-main-service
|
|
# doesn't actually register the handler.
|
|
#
|
|
# NOTE: import_tasks or include can not be used in handlers
|
|
# ("include_tasks" is okay).
|
|
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#imports-as-handlers
|
|
|
|
- name: letsencrypt updated eavesdrop01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated graphite02-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_graphite.yaml
|
|
|
|
- name: letsencrypt updated tarballs-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul-ci-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul-ci-git
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul01-opendev-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated zuul02-opendev-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated insecure-ci-registry01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml
|
|
|
|
- name: letsencrypt updated meetpad01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml
|
|
|
|
# mailman
|
|
- name: letsencrypt updated lists-katacontainers-io-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated lists-openstack-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated lists-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Static
|
|
- name: letsencrypt updated static-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-ask-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-docs-airshipit-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-ci-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-cinder-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-developer-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-devstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-docs-opendev-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-docs-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-docs-starlingx-io
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-eavesdrop-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-glance-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-git-airshipit-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-git-starlingx-io
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-git-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-git-zuul-ci-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-governance-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-horizon-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-keystone-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-meetings-opendev-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-nova-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-planet-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-service-types-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-specs-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-security-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-summit-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-swift-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-releases-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-tarballs-opendev-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-tarballs-openstack-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-zuul-ci-org
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated static-gating-dev
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Grafana
|
|
|
|
- name: letsencrypt updated grafana01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Codesearch (hound)
|
|
|
|
- name: letsencrypt updated codesearch01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# nodepool
|
|
|
|
- name: letsencrypt updated nb01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated nb02-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated nb03-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# paste
|
|
|
|
- name: letsencrypt updated paste-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# review
|
|
|
|
- name: letsencrypt updated review02-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# refstack
|
|
|
|
- name: letsencrypt updated refstack01-openstack-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Mirrors
|
|
|
|
- name: letsencrypt updated mirror01-dfw-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-iad-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-ord-rax-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-bhs1-ovh-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-gra1-ovh-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-regionone-linaro-us-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-mtl01-inap-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-sjc1-vexxhost-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-ca-ymq-1-vexxhost-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-regionone-limestone-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror01-regionone-osuosl-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-iad3-inmotion-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# Gate testing hosts:
|
|
- name: letsencrypt updated letsencrypt01-main-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt01-main-service.stamp'
|
|
|
|
- name: letsencrypt updated letsencrypt01-other-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt01-other-service.stamp'
|
|
|
|
- name: letsencrypt updated letsencrypt02-main-service
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/touch_file.yaml
|
|
vars:
|
|
touch_file: '/tmp/letsencrypt02-main-service.stamp'
|
|
|
|
- name: letsencrypt updated mirror01-openafs-provider-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated mirror02-openafs-provider-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated gitea99-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated nb01-test-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated etherpad01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated keycloak01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated storyboard01-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated translate01-openstack-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated ptg-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
- name: letsencrypt updated review99-opendev-org-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
|
|
|
# We split out handlers for each gitea host as handlers should be run in order
|
|
# This allows us to do a rolling restart of the gitea backends.
|
|
- name: letsencrypt updated gitea01-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea02-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea03-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea04-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea05-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea06-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea07-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|
|
|
|
- name: letsencrypt updated gitea08-main
|
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
|