Page MenuHomePhabricator
Create Task
Maniphest T351202

stewards1001 / stewards2001: automatically subscribe stewards to mailman lists (was: Enable API access for Mailman3)
Open, Stalled, LowPublic
Actions

Description

The stewards* production virtual machines were created (T344164) to facilitate onboarding and offboarding stewards from/their roles, see the parent task. One of the major bottlenecks when (on/off)boarding stewards is provisioning/revoking access to a number of mailing lists, such as:

  • stewards-l
  • global-sysops
  • global-renamers
  • checkuser-l
  • stewards-usergroup

I would like to wire membership management for those lists to the tool that I'm working on. However, Mailman3 doesn't have an easily accessible API. According to a discussion with @Ladsgroup I had about Mailman's API, the API exists, but it is restricted to production network and requires a secret that enables the client to access anything in Mailman.

Since the onboarding tool for stewards resides in production (ATM,stewards1001 and stewards2001), I believe it might be possible to provision the secret to those machines, and make use of the API to manage those lists automatically. Is that a correct assumption? Do we need to do anything else to make that possible? Is there a different way to automate list membership management in this case?

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
lists: send email to meta admin when steward list members are syncedoperations/puppetproduction+5 -3
mailman3: remove superfluous double quotes in sync_list_membersoperations/puppetproduction+1 -1
mailman3: fix quoting in mail_cmd for sync_list_membersoperations/puppetproduction+3 -3
mailman: list sync, add option to mail changes to an adminoperations/puppetproduction+16 -2
lists::automation: explain how this can sync mailman list membersoperations/puppetproduction+18 -1
lists: ensure list member sync only happens on the active serveroperations/puppetproduction+6 -0
mailman3: defined type to sync list members, create timers for each listoperations/puppetproduction+62 -13
mailman3: add missing whitespace in sync_list_membersoperations/puppetproduction+1 -1
lists::automation: Update stewards-l in real modeoperations/puppetproduction+1 -1
lists/stewards: add timer to run mailman syncmembers for stewards-loperations/puppetproduction+14 -1
lists::automation: double quote end text to enable interpolationoperations/puppetproduction+1 -1
lists::automation: add missing spaces before line breaksoperations/puppetproduction+2 -2
lists::automation: fix heredoc syntax, remove double quotesoperations/puppetproduction+2 -2
lists::automation: don't try to write to logfile from commandoperations/puppetproduction+7 -7
lists: add timer to sync data from stewards hostsoperations/puppetproduction+15 -0
stewards: make rsync server listen on IPv6 as well, not just 0.0.0.0operations/puppetproduction+4 -1
stewards: add rsync server, let lists primary host pull dataoperations/puppetproduction+17 -0
lists: start a class for automating certain subscriptionsoperations/puppetproduction+11 -0
stewards-onboarder: Add mediawiki_api to the configoperations/puppetproduction+5 -0
stewards: add config and export dirs, steward onboarder configoperations/puppetproduction+30 -2
stewards: let puppet create /srv/exportsoperations/puppetproduction+2 -1
Show related patches Customize query in gerrit
Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
roles: remove stewards-usergroup@lists.wikimedia.org from the steward rolerepos/stewards/onboarding-system!1jjmc89steward-remove-wmsugmain
Customize query in GitLab

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
gerritbot added a comment.Apr 19 2024, 9:42 PM

Change #1022193 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists: start a class for automating certain subscriptions

https://gerrit.wikimedia.org/r/1022193

LSobanski moved this task from Work in Progress (Tracking tasks) to Work in Progress on the collaboration-services board.Apr 23 2024, 10:20 AM
gerritbot added a comment.Apr 23 2024, 9:29 PM

Change #1023505 had a related patch set uploaded (by Urbanecm; author: Urbanecm):

[operations/puppet@production] stewards-onboarder: Add mediawiki_api to the config

https://gerrit.wikimedia.org/r/1023505

gerritbot added a comment.Apr 23 2024, 9:43 PM

Change #1023505 merged by Dzahn:

[operations/puppet@production] stewards-onboarder: Add mediawiki_api to the config

https://gerrit.wikimedia.org/r/1023505

gerritbot added a comment.May 14 2024, 8:43 PM

Change #1022193 merged by Dzahn:

[operations/puppet@production] lists: start a class for automating certain subscriptions

https://gerrit.wikimedia.org/r/1022193

gerritbot added a comment.May 14 2024, 9:02 PM

Change #1031565 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] stewards: add rsync server, let lists primary host pull data

https://gerrit.wikimedia.org/r/1031565

gerritbot added a comment.May 17 2024, 4:37 PM

Change #1031565 merged by Dzahn:

[operations/puppet@production] stewards: add rsync server, let lists primary host pull data

https://gerrit.wikimedia.org/r/1031565

Dzahn added a comment.May 17 2024, 4:47 PM

We now have an rsync server running on both steward machines that allows the primary list server to pull data from /srv/exports.

Maintenance_bot removed a project: Patch-For-Review.May 17 2024, 5:30 PM
gerritbot added a comment.May 17 2024, 6:12 PM

Change #1032844 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] stewards: make rsync server listen on IPv6 as well, not just 0.0.0.0

https://gerrit.wikimedia.org/r/1032844

gerritbot added a project: Patch-For-Review.May 17 2024, 6:12 PM
gerritbot added a comment.May 17 2024, 6:25 PM

Change #1032844 merged by Dzahn:

[operations/puppet@production] stewards: make rsync server listen on IPv6 as well, not just 0.0.0.0

https://gerrit.wikimedia.org/r/1032844

Maintenance_bot removed a project: Patch-For-Review.May 17 2024, 6:31 PM
gerritbot added a comment.May 17 2024, 9:18 PM

Change #1032872 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists: add timer to sync data from stewards hosts

https://gerrit.wikimedia.org/r/1032872

gerritbot added a project: Patch-For-Review.May 17 2024, 9:19 PM
gerritbot added a comment.May 20 2024, 5:34 PM

Change #1032872 merged by Dzahn:

[operations/puppet@production] lists: add timer to sync data from stewards hosts

https://gerrit.wikimedia.org/r/1032872

Dzahn added a comment.May 20 2024, 5:44 PM

@Urbanecm lists1001 now syncs (pulls) /srv/exports from the active stewards machine. Next step would be another timer to actually run commands to sync list subscribers using that data.

[lists1001:~] $ sudo systemctl start stewards_subscriber_data_sync
[lists1001:~] $ sudo systemctl status stewards_subscriber_data_sync
● stewards_subscriber_data_sync.service - copy exported subscriber data from steward machines ()
   Loaded: loaded (/lib/systemd/system/stewards_subscriber_data_sync.service; static; vendor preset: enabled)
   Active: inactive (dead) since Mon 2024-05-20 17:41:47 UTC; 1s ago
     Docs: https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
  Process: 912 ExecStart=/usr/bin/rsync --address lists1001.wikimedia.org -ap rsync://stewards1001.eqiad.wmnet/steward-data-export-dir /srv/exports (code=exited, status=0/SUCCESS)
 Main PID: 912 (code=exited, status=0/SUCCESS)

May 20 17:41:47 lists1001 systemd[1]: Starting copy exported subscriber data from steward machines ()...
May 20 17:41:47 lists1001 systemd[1]: stewards_subscriber_data_sync.service: Succeeded.
gerritbot added a comment.May 20 2024, 6:19 PM

Change #1034137 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists/stewards: add timer to run mailman syncmembers for stewards-l

https://gerrit.wikimedia.org/r/1034137

gerritbot added a comment.May 28 2024, 5:31 PM

Change #1034137 merged by Dzahn:

[operations/puppet@production] lists/stewards: add timer to run mailman syncmembers for stewards-l

https://gerrit.wikimedia.org/r/1034137

gerritbot added a comment.May 28 2024, 5:46 PM

Change #1036719 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists::automation: don't try to write to logfile from command

https://gerrit.wikimedia.org/r/1036719

gerritbot added a comment.May 28 2024, 5:53 PM

Change #1036719 merged by Dzahn:

[operations/puppet@production] lists::automation: don't try to write to logfile from command

https://gerrit.wikimedia.org/r/1036719

gerritbot added a comment.May 28 2024, 5:58 PM

Change #1036722 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists::automation: fix heredoc syntax, remove double quotes

https://gerrit.wikimedia.org/r/1036722

gerritbot added a comment.May 28 2024, 6:03 PM

Change #1036722 merged by Dzahn:

[operations/puppet@production] lists::automation: fix heredoc syntax, remove double quotes

https://gerrit.wikimedia.org/r/1036722

gerritbot added a comment.May 28 2024, 6:19 PM

Change #1036727 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists::automation: double quote end text to enable interpolation

https://gerrit.wikimedia.org/r/1036727

gerritbot added a comment.May 28 2024, 6:24 PM

Change #1036727 merged by Dzahn:

[operations/puppet@production] lists::automation: double quote end text to enable interpolation

https://gerrit.wikimedia.org/r/1036727

Maintenance_bot removed a project: Patch-For-Review.May 28 2024, 6:31 PM
gerritbot added a comment.May 28 2024, 6:38 PM

Change #1036731 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists::automation: add missing spaces before line breaks

https://gerrit.wikimedia.org/r/1036731

gerritbot added a project: Patch-For-Review.May 28 2024, 6:38 PM
gerritbot added a comment.May 28 2024, 7:40 PM

Change #1036731 merged by Dzahn:

[operations/puppet@production] lists::automation: add missing spaces before line breaks

https://gerrit.wikimedia.org/r/1036731

Maintenance_bot removed a project: Patch-For-Review.May 28 2024, 8:31 PM
Dzahn added a comment.May 28 2024, 10:11 PM

@Urbanecm We now have another timer on lists1001 that runs the sync command for stewards-l, but as dry-run initially.

[lists1001:~] $ sudo systemctl status stewards_subscriber_list_sync
● stewards_subscriber_list_sync.service - sync stewards lists members with imported subscriber data
   Loaded: loaded (/lib/systemd/system/stewards_subscriber_list_sync.service; static; vendor preset: enabled)
   Active: inactive (dead) since Tue 2024-05-28 22:07:23 UTC; 3s ago
     Docs: https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
  Process: 1450 ExecStart=/usr/bin/mailman-wrapper syncmembers -n /srv/exports/mailman_list/lists.wikimedia.org/stewards-l stewards-l@lists.wikimedia.org (code=exited, status=0/SUCCESS)
 Main PID: 1450 (code=exited, status=0/SUCCESS)

The export file is rsynced from the stewards* machine(s) and it has the same subscribers already on stewards-l, so it says "Nothing to do" in the simulated run:

May 28 22:07:23 lists1001 mailman-wrapper[1450]: Nothing to do
May 28 22:07:23 lists1001 systemd[1]: stewards_subscriber_list_sync.service: Succeeded.
May 28 22:07:23 lists1001 systemd[1]: Started sync stewards lists members with imported subscriber data.

Are the subscribers for checkuser-l, global-renamers and stewards-usergroup different from the subscribers of stewards-l or should they all have the same members?

Dzahn moved this task from Backlog to Shell/site on the Wikimedia-Mailing-lists board.Jun 6 2024, 10:50 PM
LSobanski lowered the priority of this task from Medium to Low.Jun 24 2024, 3:35 PM
Dzahn reassigned this task from Dzahn to Urbanecm.Jun 26 2024, 10:24 PM

Let's chat about the next steps. Also see the question about the subscribers above. Cheers!

Restricted Application added a project: User-Urbanecm. · View Herald TranscriptJun 26 2024, 10:24 PM
Dzahn changed the task status from Open to Stalled.Jul 1 2024, 5:58 PM

Per IRC chat: currently this is stalled on T368836 which should be resolved first.

gerritbot added a comment.Jul 4 2024, 10:56 PM

Change #1052188 had a related patch set uploaded (by Urbanecm; author: Urbanecm):

[operations/puppet@production] lists::automation: Update stewards-l in real mode

https://gerrit.wikimedia.org/r/1052188

gerritbot added a project: Patch-For-Review.Jul 4 2024, 10:57 PM
Urbanecm changed the task status from Stalled to Open.EditedJul 4 2024, 11:06 PM

Unstalling, as the repo has been created.

@Dzahn Let's move this forward in a bit – sorry for the delay & silence on my end. Would it be possible to:

  1. disable dry-run for stewards-l, and run it for real (hopefully, https://gerrit.wikimedia.org/r/1052188 should do that, but feel free to abandon that patch if it doesn't do the trick) let's hold on that for a couple of days, there is a last minute procedural question to resolve,
  2. get a dry-run for global-sysops, global-renamers and stewards-usergroup (private Phabricator paste should be fine for the results)?

Once we get the dry runs, we should be able to review them on the stewards end, and then we can hopefully move forward with managing more lists. I'm still working on getting all of the members for checkuser-l, as that includes users from all Wikimedia wikis, but hopefully I will be able to do that by the end of the week.

On a related note: I'm curious how logging could/should work – I can use mailman UI access to see what is the current membership, but it is challenging to see what was done by the system and what by a human. But, since the actual changes happen on another server, I figure logging can be difficult (although possibly Logstash might be an option?). Can be definitely left for another task if too complex for now, just wondering.

Urbanecm added a comment.Jul 6 2024, 4:23 PM

@Dzahn: I populated the users db with checkusers as well, so checkuser-l should now be ready for a dry run as well.

Urbanecm reassigned this task from Urbanecm to Dzahn.Jul 6 2024, 5:34 PM

Reassigning to @Dzahn. Once the dry runs are available, happy to take over to review the diffs.

LSobanski moved this task from Work in Progress to Consultation on the collaboration-services board.Jul 8 2024, 3:46 PM
Dzahn added a comment.Jul 10 2024, 6:00 PM
In T351202#9955320, @Urbanecm wrote:
  1. get a dry-run for global-sysops, global-renamers and stewards-usergroup (private Phabricator paste should be fine for the results)?

{P66165}

gerritbot added a comment.Jul 12 2024, 8:16 PM

Change #1053399 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] mailman3: add defined type to sync list members (WIP)

https://gerrit.wikimedia.org/r/1053399

Dzahn added a comment.EditedJul 12 2024, 11:19 PM

@Urbanecm https://gerrit.wikimedia.org/r/c/operations/puppet/+/1053399 creates a defined type to sync the members of any list.

Then it uses it to create a timer for each of the lists above, with an "each"-loop over an array.

The default would be first to dry-run.

gerritbot added a comment.Jul 15 2024, 5:08 PM

Change #1052188 abandoned by Urbanecm:

[operations/puppet@production] lists::automation: Update stewards-l in real mode

Reason:

this will be done differently once I526e77bdb7ceaee9b0054a3b02d18d4c89775cc8 gets merged, no point in keeping

https://gerrit.wikimedia.org/r/1052188

gerritbot added a comment.Jul 15 2024, 5:58 PM

Change #1053399 merged by Dzahn:

[operations/puppet@production] mailman3: defined type to sync list members, create timers for each list

https://gerrit.wikimedia.org/r/1053399

gerritbot added a comment.Jul 15 2024, 6:42 PM

Change #1054388 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] mailman3: add missing whitespace in sync_list_members

https://gerrit.wikimedia.org/r/1054388

gerritbot added a comment.Jul 15 2024, 6:54 PM

Change #1054388 merged by Dzahn:

[operations/puppet@production] mailman3: add missing whitespace in sync_list_members

https://gerrit.wikimedia.org/r/1054388

CodeReviewBot added a comment.Jul 15 2024, 10:37 PM

jjmc89 updated https://gitlab.wikimedia.org/repos/stewards/onboarding-system/-/merge_requests/1

roles: remove stewards-usergroup@lists.wikimedia.org from the steward role

JJMC89 subscribed.Jul 15 2024, 10:53 PM

https://gitlab.wikimedia.org/repos/stewards/users/-/merge_requests/1 starts to address the differences in the dry run. See comments in P66165 and users.yaml.

gerritbot added a comment.Jul 16 2024, 4:05 PM

Change #1054610 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists: ensure list member sync only happens on the active server

https://gerrit.wikimedia.org/r/1054610

gerritbot added a comment.Jul 16 2024, 4:53 PM

Change #1054610 merged by Dzahn:

[operations/puppet@production] lists: ensure list member sync only happens on the active server

https://gerrit.wikimedia.org/r/1054610

CodeReviewBot added a comment.Aug 4 2024, 7:41 PM

urbanecm merged https://gitlab.wikimedia.org/repos/stewards/users/-/merge_requests/1

address issues found in P66165

Urbanecm added a comment.Aug 4 2024, 7:47 PM
In T351202#9983583, @JJMC89 wrote:

https://gitlab.wikimedia.org/repos/stewards/users/-/merge_requests/1 starts to address the differences in the dry run. See comments in P66165 and users.yaml.

Thanks! I merged the req, it all looks good.

Urbanecm added a comment.Aug 4 2024, 8:07 PM

@Dzahn @JJMC89's update to users.yaml above should fix a lot of differences reported in P66165. Would you mind running the dry run for global-sysops, global-renamers, stewards-usergroup and checkuser-l again, and pasting it as a new paste, so that we can go through the remaining differences?

It'd be great if the paste can be left visible to acl*stewards (where all stewards are), but I can adjust the visibility as needed once it is pasted.

Thanks for your help here!

Dzahn added a comment.Aug 5 2024, 6:30 PM

@Urbanecm No problem. See {P67224}. This paste has a custom policy so only acl*stewards can read it and only I can edit it.

Urbanecm added a comment.Aug 5 2024, 7:41 PM

Thanks! We'll review again and let you know :).

CodeReviewBot added a comment.Aug 5 2024, 8:37 PM

jjmc89 opened https://gitlab.wikimedia.org/repos/stewards/users/-/merge_requests/4

update Mormegil's email address

CodeReviewBot added a comment.Aug 5 2024, 9:59 PM

urbanecm merged https://gitlab.wikimedia.org/repos/stewards/users/-/merge_requests/4

update Mormegil's email address

CodeReviewBot added a comment.Aug 5 2024, 10:01 PM

urbanecm merged https://gitlab.wikimedia.org/repos/stewards/onboarding-system/-/merge_requests/1

roles: remove stewards-usergroup@lists.wikimedia.org from the steward role

Stashbot added a comment.Oct 9 2024, 3:23 PM

Mentioned in SAL (#wikimedia-operations) [2024-10-09T15:23:34Z] <mutante> stewards* - rebooting machines - T351202

Dzahn changed the task status from Open to Stalled.Jan 29 2025, 8:18 PM

@Urbanecm What's the latest here? Anything waiting for me or my team here? Would you consider this stalled for now?

Urbanecm added a comment.Feb 6 2025, 2:40 PM
In T351202#10506235, @Dzahn wrote:

@Urbanecm What's the latest here? Anything waiting for me or my team here? Would you consider this stalled for now?

Hey! Thanks for the question. The problem I'm running into is limited visibility into what the actual changes are. Unless the sync runs at the lists servers, I do not know what action I am making, and whether I am accidentally removing/adding someone or not. While people should be using the yaml file instead of manual additions, there is always a chance for mistakes, and there should be a way to notice them.

However, I am unsure on how to deal with that. An ideal solution would probably be directly manipulating the list membership via an API or something (similar to GitLab or Phabricator), but that doesn't appear to be easily possible. If you have any thoughts on this, that would be really appreciated.

Dzahn added a comment.EditedFeb 6 2025, 5:45 PM

Would it be useful to run dry-run syncs that don't actually modify things but show what _would_ happen and then email those out to you (a group)?

Urbanecm added a comment.Feb 14 2025, 11:26 AM
In T351202#10529743, @Dzahn wrote:

Would it be useful to run dry-run syncs that don't actually modify things but show what _would_ happen and then email those out to you (a group)?

Would definitely be an improvement, but it would be good to have it more in real time. However, I recognise that might be challenging.

Urbanecm added a subtask: T388354: Move stewards-l synchronization to the Onboarding System.Mar 9 2025, 10:58 PM
Urbanecm added a comment.Mar 9 2025, 11:17 PM

A general note on this: The biggest remaining problem to solve is the "it is very hard to see what you just done" problem. When running the sync, the onboarder tool doesn't tell you what changes are being made (as compared to the current maillist membership), mostly because it does not have a way how. Here is how the Gitlab integration currently behaves (for comparison and a "ideal end result" description):

== Updating gitlab_group
ERROR:root:Failed to add derhexer to repos/stewards, GitLab account does not exist.
ERROR:root:Failed to add j89 to repos/stewards, GitLab account does not exist.
ERROR:root:Failed to add stryn to repos/stewards, GitLab account does not exist.
ERROR:root:Failed to add xxblackburnxx to repos/stewards, GitLab account does not exist.
ERROR:root:Failed to add sotiale to repos/stewards, GitLab account does not exist.
ERROR:root:Failed to add adrianr to repos/stewards, GitLab account does not exist.
INFO:root:Skipping urbanecm, their access level is not managed.
INFO:root:Skipping group_2915_bot_b704c4ff5e79a1e0504714318bb1f542, their access level is not managed.
INFO:root:Skipping group_2915_bot_0336196b03d5a24b195837d1f1ee4635, their access level is not managed.
INFO:root:Removing urbanecmtest from repos/stewards, no longer authorised

I'm seeing what changes the tool is making, and if I see something that definitely shouldn't happen, I can intervene pretty much immediately. This is a bit complicated by the failures (as the tool cannot _create_ GitLab accounts for people), but that is another problem. For comparison, here is how the Mailman integration behaves:

== Updating mailman_list

I do not see anything at all, and the only way how I can audit my own actions is by manually downloading the list membership (assuming I'm a list admin on Mailman's side) before I do anything, and then compare it with the export. This is a lot of work. Moreover, it requires people to actually be Mailman list admins, which increases the probability someone would accidentally make an update on the Mailman's side, further contributing to this problem.

In theory, one might argue anyone with this level of admin access should (somehow) know of the Onboarding system's existence, and use that instead of manual actions. While that might be true in principle, it is challenging to achieve, especially in the initial period, when the Onboarding system is a very novel way of managing Mailman lists membership. I fully expect people would think of the old way (manual change on Mailman's side first) initially, and since there is nothing at all on the Mailman's side that would tell them "No", mistakes can happen very easily.

Since I happen to be the sole list admin for stewards-l (all other list admins ceased to be stewards), I decided it is a good enough time to start with that list, and I filled T351202 for now. However, this is going to be a blocker for pretty much any other list, especially big lists like checkuser-l.

In addition to what I wrote above, note that even for stewards-l, there is a non-trivial risk of someone accidentally making a change in Mailman, even though there is no other list owner. This is because Mailman3 has administrators too, and while the Trust and Safety team (one of the admins) probably wouldn't remove someone from stewards-l, it can still happen (and if it does, the T&S team should fully expect their change to stay). I decided the risk is low enough for stewards-l, as T&S would probably alert the stewards before making changes (and/or route the change request through us), but the risk is present regardless.

For all other lists, we need a solution for this problem. Unfortunately, the only one I can see is to create a intermediate service that would sit between the actual API on Mailman's side and stewards1001, authenticating updates using its own credentials (so that stewards1001 would have access only to lists it is supposed to manage, rather than all of them). This is something I can start writing if we decide that is the right solution, but I would presumably need access to Mailman itself for that (which I currently do not have).

@Dzahn, I would appreciate your thoughts on this, so that we can unblock this and put forward.

Urbanecm mentioned this in T388354: Move stewards-l synchronization to the Onboarding System.Mar 11 2025, 9:14 AM
Dzahn added a comment.Mar 11 2025, 10:15 PM

@Urbanecm What I could realistically do here is to automate sending emails to you (or any address or list of addresses) with the output of the dry-run on the lists server. And/or the actual run, the output of the mailman-wrapper command. Would that be a fix for now so you know what would happen or has happened?

gerritbot added a comment.Mar 17 2025, 11:09 PM

Change #1128551 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists::automation: explain how this can sync mailman list members

https://gerrit.wikimedia.org/r/1128551

gerritbot added a comment.Mar 17 2025, 11:13 PM

Change #1128551 merged by Dzahn:

[operations/puppet@production] lists::automation: explain how this can sync mailman list members

https://gerrit.wikimedia.org/r/1128551

Dzahn closed subtask T388354: Move stewards-l synchronization to the Onboarding System as Resolved.Mar 17 2025, 11:31 PM
gerritbot added a comment.Mar 18 2025, 12:15 AM

Change #1128564 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] mailman: list sync, add option to mail changes to an admin

https://gerrit.wikimedia.org/r/1128564

gerritbot added a comment.Apr 2 2025, 8:16 PM

Change #1128564 merged by Dzahn:

[operations/puppet@production] mailman: list sync, add option to mail changes to an admin

https://gerrit.wikimedia.org/r/1128564

gerritbot added a comment.Apr 3 2025, 6:20 PM

Change #1134000 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] lists: send email to meta admin when steward list members are synced

https://gerrit.wikimedia.org/r/1134000

gerritbot added a comment.Apr 3 2025, 6:30 PM

Change #1134001 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] mailman3: fix quoting in mail_cmd for sync_list_members

https://gerrit.wikimedia.org/r/1134001

gerritbot added a comment.Apr 3 2025, 6:31 PM

Change #1134001 merged by Dzahn:

[operations/puppet@production] mailman3: fix quoting in mail_cmd for sync_list_members

https://gerrit.wikimedia.org/r/1134001

gerritbot added a comment.Apr 3 2025, 6:35 PM

Change #1134000 merged by Dzahn:

[operations/puppet@production] lists: send email to meta admin when steward list members are synced

https://gerrit.wikimedia.org/r/1134000

gerritbot added a comment.Apr 3 2025, 6:53 PM

Change #1134013 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] mailman3: remove superfluous double quotes in sync_list_members

https://gerrit.wikimedia.org/r/1134013

gerritbot added a comment.Apr 3 2025, 6:54 PM

Change #1134013 merged by Dzahn:

[operations/puppet@production] mailman3: remove superfluous double quotes in sync_list_members

https://gerrit.wikimedia.org/r/1134013

Dzahn moved this task from Consultation to Work in Progress on the collaboration-services board.Apr 7 2025, 5:07 PM
Dzahn moved this task from Work in Progress to Backlog on the collaboration-services board.Nov 18 2025, 6:53 PM
Dzahn removed Dzahn as the assignee of this task.Dec 11 2025, 5:18 PM
Dzahn added a subscriber: Urbanecm_WMF.

@Urbanecm_WMF T351202#10626638 was still an open question. Let me or my team know when/if you want to go back to this.

EPIC subscribed.EditedMar 1 2026, 2:10 PM

@Dzahn I have added the email addresses of the new stewards to the users.yaml document, but they are not being subscribed. I have attempted doing some stuff in the SSH to load the changes, which hasn't seemed to work - have I done something wrong here or missed something? Cc @Urbanecm; I did try to contact them privately as well but they appear to be unavailable for now, and I am unable to add them manually as Urbanec is currently the only list admin.

Urbanecm added a comment.Mar 1 2026, 4:18 PM
In T351202#11661302, @EPIC wrote:

@Dzahn I have added the email addresses of the new stewards to the users.yaml document, but they are not being subscribed. I have attempted doing some stuff in the SSH to load the changes, which hasn't seemed to work - have I done something wrong here or missed something? Cc @Urbanecm; I did try to contact them privately as well but they appear to be unavailable for now, and I am unable to add them manually as Urbanec is currently the only list admin.

It seems like the userdb (profile::stewards::userdb_gitlab_token) token expired. I put a new one at /home/urbanecm/userdb_token.secret and pulled it using it. @Dzahn, can you update it, please?

Dzahn added a comment.Mar 2 2026, 7:34 PM

@Urbanecm I have updated the userdb_gitlab_token with the value provided, as requested.

on next puppet run:

Notice: /Stage[main]/Profile::Stewards/Git::Clone[repos/stewards/users]/Exec[git_set_origin_repos/stewards/users]/returns: executed successfully (corrective)

@EPIC It's all supposed to be handled by configuration management (puppet). Manual changes will mostly be overridden after a few minutes.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits