Ansible role to install Mailman3
Hi,
Before installing the Mailman Suite, I searched on https://galaxy.ansible.com/ for Ansible roles that might automate the whole process. https://github.com/galaxyproject/ansible-mailman3 turned out to be quite good. However, it was slightly out-of-date. I cloned it, made a few bug fixes, and corrected linting errors. Then, going further, added optional basic installations of Nginx, Postfix, PostgreSQL into the role. If anyone is installing Mailman they are welcome to try it out.
https://github.com/cppalliance/ansible-mailman3
Now, I see there was a discussion on this very list about
https://github.com/rivimey/ansible-mailman3
which was also a fork of natefoo's repo.
What are the differences? As Stephen Turnbull wrote: "her (rivimey's) setup may be more complicated than most folks need (IIRC, she has a multi-homed setup with Mailman core, Postorius, and HyperKitty on three separate IPs on a separate subnet in the DMZ, while Mailman was really designed for three Mailman applications running on the same host, along with the database server and MTA)."
My version of the role didn't follow the tactic of "three separate IPs on a separate subnet in the DMZ". Mainly, it adds postfix and postgres. Fixes small errors. Also, in a git branch of the repository named mailman3-core, I removed all the web code, so there is a version of the role that only installs core. We will use that while bundling the web components into another Django app, already deployed with docker.
There is an open question about maintenance. Among the three roles mentioned here, which is being actively kept up-to-date? Perhaps there are no guarantees from any of them. At this instant in time, https://github.com/cppalliance/ansible-mailman3 is the most recent. Would it make sense to mention these roles in the official documentation? Not sure. Installing mailman3 is complicated and because of that, is a good fit for Ansible.
Hi,
Yes, my (rivimey/ansible-mailman3) version is more complex, although a lot of things have sane defaults.
The split allows for a two-way split, with email on one IP and web (both P and H) on another. This is because the email and web servers that would be interacting with mailman are already on different IPs and I felt it was inappropriate to merge them. I also enabled a lot more options for configuration, though with equivalent defaults defined. I recall a lot of hassle with the config merge stuff but can't really remember what that was about.
My installer code installs all the code of mailman on both servers, because this was easier than trying to work out which parts were needed and which weren't and then maintain the split. However, only the needed processes on each server are run.
My install uses exim4 and mysqld, exim is installed with another of my ansible roles while mysql is using geerlingguy's. I use nginx as a reverse proxy to access postorius. I don't think I made any changes which disfavour postgres or postfix, but haven't tried to do an install with them.
There is one patch needed for mailman code, for me: I add a new parameter to the django webserver so it can listen on ::0/0, without this it will only listen on one specific IP. FWIW I've attached it to this mail.
If you have a play and get confused or stuck, let me know!
As regards to maintenance, the role gets tweaked every so often and somewhat less often I push the current state to github. If someone reaches out to contact me I may well be able to help. I use it on a currently active mailing list...
Ruth
On 03/08/2023 22:52, samuel.d.darwin@gmail.com wrote:
Hi, Before installing the Mailman Suite, I searched on https://galaxy.ansible.com/ for Ansible roles that might automate the whole process. https://github.com/galaxyproject/ansible-mailman3 turned out to be quite good. However, it was slightly out-of-date. I cloned it, made a few bug fixes, and corrected linting errors. Then, going further, added optional basic installations of Nginx, Postfix, PostgreSQL into the role. If anyone is installing Mailman they are welcome to try it out.
https://github.com/cppalliance/ansible-mailman3
Now, I see there was a discussion on this very list about
https://github.com/rivimey/ansible-mailman3
which was also a fork of natefoo's repo.
What are the differences? As Stephen Turnbull wrote: "her (rivimey's) setup may be more complicated than most folks need (IIRC, she has a multi-homed setup with Mailman core, Postorius, and HyperKitty on three separate IPs on a separate subnet in the DMZ, while Mailman was really designed for three Mailman applications running on the same host, along with the database server and MTA)."
My version of the role didn't follow the tactic of "three separate IPs on a separate subnet in the DMZ". Mainly, it adds postfix and postgres. Fixes small errors. Also, in a git branch of the repository named mailman3-core, I removed all the web code, so there is a version of the role that only installs core. We will use that while bundling the web components into another Django app, already deployed with docker.
There is an open question about maintenance. Among the three roles mentioned here, which is being actively kept up-to-date? Perhaps there are no guarantees from any of them. At this instant in time, https://github.com/cppalliance/ansible-mailman3 is the most recent. Would it make sense to mention these roles in the official documentation? Not sure. Installing mailman3 is complicated and because of that, is a good fit for Ansible.
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to ruth@ivimey.org
-- Software Manager & Engineer Tel: 01223 414180 Blog: http://www.ivimey.org/blog LinkedIn: http://uk.linkedin.com/in/ruthivimeycook/
samuel.d.darwin@gmail.com writes:
Would it make sense to mention these roles in the official documentation? Not sure.
I'm not sure either. Maybe a "contrib" section in the docs that we don't promise to maintain proactively. Of course we would respond to 3rd party information that URLs 404 or for some reason don't work in recent environments etc.
You didn't request this, but as long as I'm here, I would resist trying to maintain an "official" set of roles for the Mailman suite and supporting packages. I've been in projects that try to do that[1] and it always ends in pain. The project just can't keep up with all the environments that want a piece of it, and then there would Chef users etc....
Installing mailman3 is complicated and because of that, is a good fit for Ansible.
Agreed. It's just that my impression is that the technology is really better suited to meeting the needs of particular downstream users who know the configuration they want, than to the needs of the upstream project whose users demand flexibility.
It would be an interesting test if people who prefer Postfix and Postgresql would try Ruth's roles and see if they can be slotted in as easily as she suspects.
Thenk you for your input, and thanks to Ruth for her information.
Steve
participants (3)
-
Ruth Ivimey-Cook -
samuel.d.darwin@gmail.com -
Stephen J. Turnbull