Site/Location: eqiad
Number of systems: 1
Service: mailman3
Networking Requirements: external IP needed for exim4
Processor Requirements: 2
Memory: 3GB
Disks: 20GB
Other Requirements:
More info: The puppetization of mailman3 is mostly done (T256536: Puppetize mailman3), there is some other parts left that can be done out-of-the-box in production (like dkim, acme, prometheus, etc.). One complicating factor is that the old mailman doesn't follow the .eqiad.wmnet naming convention and it is lists1001.wikimedia.org. So I assume the test VM should be lists1002.wikimedia.org as well. Also, In order to be able to check how things are going. I'd like to have root rights there (but won't do anything that changes state of that vm). We should also add DNS records to lists-next.wikimedia.org and dkim records for it
Description
Details
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Security | None | T181803 Stop storing Mailman passwords in plain text | ||
| Resolved | None | T118641 Implement proper AAA for lists.wikimedia.org (mailman) | |||
| Resolved | None | T190054 List archives on lists.wikimedia.org is not mobile friendly | |||
| Resolved | None | T115329 "From" at start of line becomes ">From" in pipermail | |||
| Resolved | None | T52864 Upgrade GNU Mailman from 2.1 to Mailman3 | |||
| Resolved | Legoktm | T276686 Requesting a test VM in production for mailman3 |
Event Timeline
One complicating factor is that the old mailman doesn't follow the .eqiad.wmnet naming convention and it is lists1001.wikimedia.org. So I assume the test VM should be lists1002.wikimedia.org as well. Also, In order to be able to check how things are going.
*.wikimedia.org means it's in the public networking setup, presumably because exim needs to be publicly reachable. Before creating the VM, the main thing we need to know is what the specs should be. For reference, the current lists1001 VM has 2 CPUs / 6GB memory / 300GB disk (65% full). See the form at https://wikitech.wikimedia.org/wiki/SRE_Team_requests#Virtual_machine_requests_(Production) - though I can take care of the "paperwork" if you can suggest some specs. I would assume that we will create a fresh "real" VM once we're satisfied with our tests so we can just estimate for now, doesn't have to be perfect.
What about the database? I assume we need to ask DBA for space somewhere.
And then...can/should we have a standby VM in codfw?
I'd like to have root rights there (but won't do anything that changes state of that vm).
This seems reasonable to me, however because it will be a new group with sudo rights, it will need to be discussed/approved at the SRE meeting (this coming Monday or two weeks from now). We should file a new task asking for the new group, including the following information:
- Do you want root access long-term or will we downgrade it to just sudo on specific commands once the service is fully setup (i.e. "mailman3-admins")
- Do you need access to the mailman2 setup or just mailman3? If yes, is the current "mailman-admins" sufficient or do you need full root?
And then we will need a standard access request ticket to add you to the new group(s) with your WMDE manager's approval.
Added some specs. I would not bother much as this is a test system and will be deleted once we are sure it works fine.
And then...can/should we have a standby VM in codfw?
I don't think we need it for the test system. For the production, sure.
I'd like to have root rights there (but won't do anything that changes state of that vm).
This seems reasonable to me, however because it will be a new group with sudo rights, it will need to be discussed/approved at the SRE meeting (this coming Monday or two weeks from now). We should file a new task asking for the new group, including the following information:
T276712: Request for creation of mailman3-roots group Done
- Do you want root access long-term or will we downgrade it to just sudo on specific commands once the service is fully setup (i.e. "mailman3-admins")
For now, full root but later let's downgrade it to the specific commands.
- Do you need access to the mailman2 setup or just mailman3? If yes, is the current "mailman-admins" sufficient or do you need full root?
For mailman2 (for migration) I need access too but a) that can be later once we have the test setup fully working b) I need only "mailman-admins" and nothing more.
And then we will need a standard access request ticket to add you to the new group(s) with your WMDE manager's approval.
I'm doing this in my volunteer capacity. Here's the comment in a Sunday :D
Change 673590 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[operations/puppet@production] install_server: Add lists1002.wikimedia.org
Change 673590 merged by Legoktm:
[operations/puppet@production] install_server: Add lists1002.wikimedia.org
Change 673591 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[operations/puppet@production] site.pp: Add lists1002.wikimedia.org
Change 673591 merged by Legoktm:
[operations/puppet@production] site.pp: Add lists1002.wikimedia.org