[Gluster-infra] Switching mailman to https only

Michael Scherer mscherer at redhat.com
Wed Jul 4 10:15:23 UTC 2018


Le mercredi 04 juillet 2018 à 12:05 +0200, Michael Scherer a écrit :
> Le mardi 03 juillet 2018 à 14:20 +0200, Michael Scherer a écrit :
> > Le lundi 02 juillet 2018 à 19:16 +0200, Niels de Vos a écrit :
> > > On Mon, Jul 02, 2018 at 05:32:42PM +0200, Michael Scherer wrote:
> > > > Le lundi 02 juillet 2018 à 17:13 +0200, Niels de Vos a écrit :
> > > > > On Mon, Jul 02, 2018 at 04:55:22PM +0200, Michael Scherer
> > > > > wrote:
> > > > > > Hi,
> > > > > > 
> > > > > > as part of a long due cleanup on our playbook, I moved
> > > > > > mailman
> > > > > > to
> > > > > > be
> > > > > > https only, and removed some hack due to supercolony being
> > > > > > EL6
> > > > > > (so
> > > > > > not
> > > > > > certbot, etc, etc). I will continue to do clean that server
> > > > > > so
> > > > > > we
> > > > > > can
> > > > > > one day hope to switch a more modern stack and finally get
> > > > > > ride
> > > > > > of
> > > > > > all
> > > > > > exceptions we have around EL6 in our playbooks.
> > > > > > 
> > > > > > So if you see anything weird wrt the web interface of
> > > > > > mailman,
> > > > > > please
> > > > > > open a bug against infra component so we can take a look.
> > > > > 
> > > > > When I moderate some messages, I get the following warning
> > > > > from
> > > > > Firefox:
> > > > > 
> > > > >     The information you have entered on this page will be
> > > > > sent
> > > > > over
> > > > > an
> > > > >     insecure connection and could be read by a third party.
> > > > >     
> > > > >     Are you sure you want to send this information?
> > > > > 
> > > > > There might be a mailman config option that makes the forms
> > > > > post
> > > > > to
> > > > > https?
> > > > 
> > > > Yup, I have seen the bug that you opened (and seen that bug
> > > > too),
> > > > and I
> > > > didn't found the option :/ 
> > > > 
> > > > That is what prompted me to dig a bit on the current setup, and
> > > > well,
> > > > it was a bit more rusty than I would have liked...
> > > > 
> > > > I will dig mailman source code to understand what is going on.
> > > 
> > > Ok, thanks!
> > 
> > So, seems I had the solution right under my nose the whole time.
> > There
> > is a setting for the web interface url, but all example gave it
> > without
> > the protocol. But after reading the code, I figured that I could
> > just
> > force https here and be fine.
> 
> And no.
> 
> So mailman has a setting, but it also copy the variable in the
> configuration per list. And that this is not exposed in the CLI tool.
> 
> So I have to shutdown mailman, switch the web_page_url in the pickle
> dump, and restart.
> 
> I remember it already took time 2 years ago for the vhost change to
> figure that :/

And so, I found my old script in ~misc:
# cat  ~misc/fix_gluster.py 
#!/usr/bin/python
import sys
sys.path.append('/usr/lib/mailman/')
import os
import shutil
import pickle
for i in os.listdir('/var/lib/mailman/lists/'):
    filename = '/var/lib/mailman/lists/%s/config.pck' % i
    a=pickle.load(open(filename))
    print a['web_page_url']
    a['web_page_url'] = 'https://lists.gluster.org/mailman/'
    shutil.copyfile(filename, filename + '.bak_2')
    pickle.dump(a, open(filename,'wb'))
 


-- 
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20180704/0da034ab/attachment.sig>


More information about the Gluster-infra mailing list