/home/zuul/src/opendev.org/opendev/system-config/playbooks/letsencrypt.yaml
Execution
Date
08 Apr 2026 21:36:49 +0000
Duration
00:00:25.05
Controller
bridge99.opendev.org
User
root
Versions
Ansible
2.15.13
ara
1.7.5 / 1.7.5
Python
3.10.12
Summary
2
Hosts
43
Tasks
43
Results
5
Plays
32
Files
0
Records
File: /home/zuul/src/opendev.org/opendev/system-config/inventory/service/group_vars/mailman3.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 | # System Configs iptables_extra_public_tcp_ports: - 25 - 80 - 443 - 465 letsencrypt_certs: lists-opendev-org-main: - "{{ inventory_hostname }}" - lists.opendev.org - lists.airshipit.org - lists.katacontainers.io - lists.openinfra.dev - lists.openinfra.org - lists.openstack.org - lists.starlingx.io - lists.zuul-ci.org borg_backup_excludes_extra: # db is backed up in dumps, don't capture live files - /var/lib/mailman/database # backed up by streaming backup - /var/backups/mailman-mariadb # Can regenerate indexes from source email files - /var/lib/mailman/web-data/fulltext_index # Django will rebuild its caches as requests are made - /var/lib/mailman/web-data/diskcache/ # Exim Configs exim_queue_interval: '1m' exim_queue_run_max: '50' exim_smtp_accept_max: '100' exim_smtp_accept_max_per_host: '10' # This should be set to more than mailman's mta.max_recipients value. exim_smtp_accept_queue_per_connection: '50' exim_routers: - mailman_verp_router: | {% raw -%} driver = dnslookup condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\ {eq{$sender_host_address}{::1}}}{yes}{no}} {% endraw %} domains = !+local_domains ignore_target_hosts = <; 0.0.0.0; \ 127.0.0.0/8; \ ::1/128;fe80::/10;fe \ c0::/10;ff00::/8 senders = "*-bounces@*" transport = mailman_verp_smtp - dnslookup: '{{ exim_dnslookup_router }}' - system_aliases: '{{ exim_system_aliases_router }}' - domain_aliases: | driver = redirect allow_fail allow_defer data = ${lookup{$local_part@$domain}lsearch{/etc/aliases.domain}} file_transport = address_file pipe_transport = address_pipe - localuser: '{{ exim_localuser_router }}' - mailman_router: | driver = accept domains = {{ mm_domains }} local_part_suffix = -admin : \ -bounces : -bounces+* : \ -confirm : -confirm+* : \ -join : -leave : \ -owner : -request : \ -subscribe : -unsubscribe local_part_suffix_optional require_files = /var/lib/mailman/core/var/lists/${local_part}.${domain} transport = mailman_transport exim_transports: - mailman_transport: | debug_print = "Email for mailman" driver = smtp protocol = lmtp allow_localhost hosts = localhost port = 8024 rcpt_include_affixes = true - mailman_verp_smtp: | driver = smtp headers_add = Errors-To: ${return_path} headers_remove = Errors-To max_rcpt = 1 return_path = ${local_part:$return_path}+$local_part=$domain@${domain:$return_path} # Mailman Configs mailman_multihost: true mm_domains: 'lists.openstack.org:lists.zuul-ci.org:lists.airshipit.org:lists.starlingx.io:lists.opendev.org:lists.openinfra.dev:lists.openinfra.org:lists.katacontainers.io' exim_local_domains: "@:{{ mm_domains }}" exim_enable_spf: true exim_aliases: root: "{{ ','.join(listadmins|default([])) }}" interop-wg: openstack-discuss openstack: openstack-discuss openstack-dev: openstack-discuss openstack-infra: openstack-discuss openstack-operators: openstack-discuss openstack-security: openstack-discuss openstack-sigs: openstack-discuss openstack-tc: openstack-discuss user-committee: openstack-discuss airship-discuss-owner: spam community-owner: spam foundation-board-confidential-owner: spam foundation-board-owner: spam foundation-owner: spam legal-discuss-owner: spam mailman-owner: spam marketing-owner: spam openstack-announce-owner: spam openstack-docs-owner: spam openstack-fr-owner: spam openstack-i18n-owner: spam openstack-infra-owner: spam openstack-ko-owner: spam openstack-qa-owner: spam product-wg-owner: spam user-committee-owner: spam spam: ':fail: delivery temporarily disabled due to ongoing spam flood' # This is the local username for mailman processes, but it does not send nor # need to receive messages. mailman: ':blackhole: this address does not accept email' # TODO It would be better to bypass verification for postorius@listdomain # and set a :fail: rule for anyone trying to send email to this addr. # But that requires updating our main exim config so that needs more thought. postorius: ':blackhole: outgoing email only from this address' exim_domain_aliases: asia-advisory-board@lists.openinfra.dev: asia-advisory-board@lists.openinfra.org community@lists.openinfra.dev: community@lists.openinfra.org community@lists.openstack.org: community@lists.openinfra.org edge-computing@lists.openstack.org: edge-computing@lists.opendev.org europe-advisory-board@lists.openinfra.dev: europe-advisory-board@lists.openinfra.org foundation@lists.openinfra.dev: foundation@lists.openinfra.org foundation@lists.openstack.org: foundation@lists.openinfra.org foundation-board@lists.openinfra.dev: foundation-board@lists.openinfra.org foundation-board@lists.openstack.org: foundation-board@lists.openinfra.org foundation-board-confidential@lists.openinfra.dev: foundation-board-confidential@lists.openinfra.org foundation-board-confidential@lists.openstack.org: foundation-board-confidential@lists.openinfra.org goldmembers@lists.openinfra.dev: goldmembers@lists.openinfra.org goldmembers@lists.openstack.org: goldmembers@lists.openinfra.org marketing@lists.openinfra.dev: marketing@lists.openinfra.org marketing@lists.openstack.org: marketing@lists.openinfra.org nordix@lists.openinfra.dev: nordix@lists.openinfra.org openinfra-asia@lists.openinfra.dev: openinfra-asia@lists.openinfra.org openinfra-europe@lists.openinfra.dev: openinfra-europe@lists.openinfra.org staff@lists.openinfra.dev: staff@lists.openinfra.org staff@lists.openstack.org: staff@lists.openinfra.org summit-track-chairs@lists.openinfra.dev: summit-track-chairs@lists.openinfra.org summit-programming-committee@lists.openinfra.dev: summit-track-chairs@lists.openinfra.org summitsponsors@lists.openinfra.dev: summitsponsors@lists.openinfra.org summitsponsors@lists.openstack.org: summitsponsors@lists.openinfra.org vmware-migration-wg@lists.openinfra.dev: vmware-migration-wg@lists.openinfra.org openinfralabs@lists.opendev.org: ':fail: this mailing list is not in use' mailman_sites: # First entry in this list is the primary web domain - listdomain: lists.opendev.org install_languages: ['en'] lists: - name: computing-force-network description: 'Organizing efforts around Computing Force Network related area' owner: 'niujie@outlook.com' - name: edge-computing description: 'Organizing efforts around the edge-computing focus area.' owner: 'ildiko@openinfra.dev' - name: floss-mooc description: 'Discussions & Coordination around the FLOSS MOOC being collaboratively developed here: https://gitlab.com/mooc-floss/mooc-floss' owner: 'knelson@openinfra.dev' - name: floss-mentoring description: 'Discussions focused on building and maintaining OSS mentorship programs at academic institutions.' owner: 'knelson@openinfra.dev' - name: nbmp-discuss description: 'Collaborating on Network Based Media Processing related platform and infrastructure systems usage and development.' owner: 'ildiko@openstack.org' - name: openinfralabs description: 'No longer active' owner: 'mnaser@vexxhost.com' - name: rust-vmm description: 'Collaborating on Rust-based virtual machine monitors.' owner: 'claire@openstack.org' - name: rustyk8s description: 'Collaborating on Rust-based Kubernetes API.' owner: 'allison@lohutok.net' - name: service-announce description: 'Announcement list for OpenDev services.' owner: 'cboylan@sapwetik.org' - name: service-discuss description: 'Discussion list for OpenDev services.' owner: 'cboylan@sapwetik.org' - name: service-incident description: 'Private list for OpenDev incident coordination.' owner: 'cboylan@sapwetik.org' private: true - listdomain: lists.zuul-ci.org install_languages: ['en'] lists: - name: zuul-announce description: 'Announcements of Zuul releases and other important information.' owner: 'corvus@inaugust.com' - name: zuul-discuss description: 'Discussion of Zuul usage and development.' owner: 'corvus@inaugust.com' - name: zuul-jobs-failures description: 'Gets notifications about zuul-jobs periodic job failures.' owner: 'corvus@inaugust.com' - listdomain: lists.airshipit.org install_languages: ['en'] lists: - name: airship-announce description: 'Announcements of Airship releases and other important information.' owner: 'jonathan@openstack.org' - name: airship-discuss description: 'Discussion of Airship usage and development.' owner: 'jonathan@openstack.org' - name: airship-embargo-notice description: 'Embargoed security vulnerability announcements for Airship consumers.' owner: 'andrew.walters@att.com' private: true - name: airship-job-failures description: 'Notification messages for failures from CICD jobs.' owner: 'roman.gorshunov@att.com' - name: airship-security description: 'Public Airship security advisories.' owner: 'andrew.walters@att.com' - listdomain: lists.katacontainers.io install_languages: ['en'] lists: - name: embargo-notice description: 'Announcements of embargoed notices for the Kata Containers project' owner: 'jonathan@openstack.org' private: true - name: kata-dev description: 'Kata Containers Development Mailing List (not for usage questions)' owner: 'jonathan@openstack.org' - name: kata-hypervisor description: 'Discussion of security and virtualization targeted at container use cases' owner: 'jonathan@openstack.org' - listdomain: lists.openinfra.org install_languages: ['en'] lists: - name: ai-openstack-wg description: 'Discussion related to OpenStack AI working group efforts' owner: 'jimmy@openinfra.dev' private: true - name: asia-advisory-board description: 'Private coordination within the OpenInfra Asia Advisory Board.' owner: 'wes@openinfra.dev' private: true - name: community description: 'The OpenInfra Community team is the main contact point for anybody running a local OpenInfra Group.' owner: 'allison@openinfra.dev' - name: europe-advisory-board description: 'Private coordination within the OpenInfra EU Advisory Board.' owner: 'wes@openinfra.dev' private: true - name: foundation description: 'General discussion list for activities of the OpenInfra Foundation' owner: 'jonathan@openinfra.dev' - name: foundation-board description: 'OpenInfra Foundation Board of Directors' owner: 'jonathan@openinfra.dev' - name: foundation-board-confidential description: 'OpenInfra Foundation Board of Directors' owner: 'jonathan@openinfra.dev' private: true - name: goldmembers description: 'The discussion list for Gold Members of the OpenInfra Foundation' owner: 'jonathan@openinfra.dev' private: true - name: marketing description: 'The OpenInfra Marketing list is the meant to facilitate discussion and best practice sharing among marketers and event organizers in the OpenInfra community.' owner: 'allison@openinfra.dev' - name: nordix description: 'Discussion and coordination of Nordix environment' owner: 'robert.tomczyk@est.tech' - name: openinfra-asia description: 'Discussion related to the OpenInfra Asia hub.' owner: 'wes@openinfra.dev' - name: openinfra-europe description: 'Discussion related to the OpenInfra EU hub.' owner: 'wes@openinfra.dev' - name: staff description: 'Private list for OpenInfra Foundation staff members' owner: 'mark@openinfra.dev' private: true - name: summit-track-chairs description: 'OpenInfra Summit track chair communications' owner: 'erin@openinfra.dev' private: true - name: summitspeakers description: 'OpenInfra Summit speakers mailing list' owner: 'helena@openinfra.dev' private: true - name: summitsponsors description: 'Coordination among OpenInfra Summit event sponsors' owner: 'erin@openinfra.dev' private: true - name: vmware-migration-wg description: 'Discussion related to VMWare migration efforts' owner: 'jimmy@openinfra.dev' private: true - listdomain: lists.starlingx.io install_languages: ['en'] lists: - name: starlingx-announce description: 'Announcements of StarlingX releases and other important information.' owner: 'jonathan@openstack.org' - name: starlingx-discuss description: 'Discussion of StarlingX usage and development.' owner: 'jonathan@openstack.org' - listdomain: lists.openstack.org install_languages: ['de', 'fr', 'it', 'ko', 'ru', 'vi', 'zh_TW'] lists: - name: embargo-notice description: 'Announcements to stakeholders for embargoed security vulnerabilities.' owner: 'fungi@yuggoth.org' private: true - name: legal-discuss description: 'Discussions on legal matters related to the project' owner: 'thierry@openinfra.dev' - name: openstack-announce description: 'Key announcements about OpenStack & Security advisories' owner: 'fungi@yuggoth.org' - name: openstack-discuss description: 'Discussion of OpenStack usage and development.' owner: 'fungi@yuggoth.org' - name: openstack-es description: 'Lista de correo acerca de OpenStack en español' owner: 'flavio@redhat.com' - name: openstack-fr description: 'List of the OpenStack french user group' owner: 'erwan@erwan.com' - name: openstack-hpc description: 'High-Performance Computing OpenStack List' owner: 'brian.schott@nimbisservices.com' - name: openstack-i18n description: 'List of the OpenStack Internationalization team.' owner: 'guoyingc@cn.ibm.com' - name: openstack-it description: 'Discussioni su OpenStack in italiano' owner: 'stefano@openstack.org' - name: openstack-ko description: 'OpenStack Korea Community Discussions in Korean (오픈스택 한국 커뮤니티 메일링리스트)' owner: 'ianyrchoi@gmail.com' - name: openstack-mentoring description: 'List to coordinate interactions between mentors and mentees of the OpenStack mentoring program. Also for questions about the mentoring program (i.e. how to get involved, how it works, etc.' owner: 'amy@demarco.com' - name: openstack-stable-maint description: 'A mailing list for the OpenStack Stable Branch test reports.' owner: 'tony@bakeyournoodle.com' - name: openstack-zh description: 'OpenStack社区中文讨论群组' owner: 'yeluaiesec@gmail.com' - name: release-announce description: 'Announcement of official OpenStack releases.' owner: 'thierry@openstack.org' - name: release-job-failures description: 'Notification messages for failures from release-related build jobs.' owner: 'doug@doughellmann.com' |