[Mailman-Developers] Advice needed on Production MM3 install

Wed Mar 16 07:48:18 EDT 2016

On 03/16/2016 06:35 AM, Mark Sapiro wrote:
> Some of you may have seen my posts on mailman-cabal, but I am installing
> a production instance of Mailman 3 on lists.mailman3.org in order to
> support initially a Mailman 3 users list.
> 
> The first question is should it be mailman-users at mailman3.org or
> mailman-users at mailman3.org. The former is more of a recognition that
> Mailman 3 is now Mailman while the latter offers less possibility for
> confusion with mailman-users at python.org. Then, I suppose it could be
> just users at mailman3.org, but we might want to support other 'users'
> lists in the future.
The list names are the same, I guess you misspelled one.
> The next thing is I'm having much more difficulty than I anticipated,
> probably in large part because I haven't followed Postorius and
> HyperKitty development that closely. I have lots of things I think I
> should be able to do in Postorius and I can't and I don't know if the
> issue is Postorius or my installation.
> 
> I initially installed mailman-bundler from gitlab. configured it for
> production, ran buildout and set it up. My initial issue is I couldn't
> log in to Postorius at all. I had set a Django superuser, but I see
> nowhere to authenticate as that. The only logins offered were Google,
> Yahoo and Persona, and they all threw various but similar exceptions.
Postorius enables local logins by default. Hyperkitty needs you to set
USE_INTERNAL_AUTH = True
in the settings file.
Postorius has it's own login templates '/postorius/accounts/login'
where you should always be able to login using a local account.
Postorius only supports local and persona.
Hyperkitty's templates are used by default, which add yahoo and google login,
but will need tweaking the settings for local logins.

About the other login methods. I only have persona enabled and haven't used
the others. At least for google you will need to sign up for a client ID.
I
> With Abhilash's help, I got past some of that and I can now log in with
> Persona, but there are still issues with the others[1].
> 
> In the process of working through that, I cloned the head of the mailman
> branch from github and upgraded to that, but Postorius and HyperKitty
> are still what bundler installed.
Just in case you run into issues, you should probably use the git versions
of Postorius, Hyperkitty and mailmanclient as well.
> I got PostgreSQL, Postfix, openDKIM, nginx and gunicorn all configured
> and that all seems good.
> 
> In the process of working through some other issues, I enabled SSL in
> Django with certificates I got from Let's Encrypt. That has led to a
> current issue which is if a list's archiving is on, I can't post. The
> post gets shunted in archiving because somewhere in the process the
> runner tries to make an SSL connection to 127.0.0.1 and the certificate
> is only valid for lists.mailman3.org, mirror.list.org and
> mirror.mailman3.org[2]. I'm sure there must be a way to change the
> connect to use lists.mailman3.org, but I don't know it.
I ran into this issue as well. I had all of postorius and hyperkitty
secured by ssl. So the link I used in mailman-hyperkitty (archiver plugin)
started with "https"
Hyperkitty a setting MAILMAN_ARCHIVER_FROM that defines which ips are
allowed to use it's api to add to the archives. By default it only contains
localhost addresses. You will need to add your external ip addresses,
as the requests will all have your external ip.
> Then perhaps my biggest issue is I can't do any admin tasks in Postorius
> other than on my own lists. I can't create lists or domains or edit
> domains or anything like that. I even set my user record is_server_owner
> flag True, but that didn't help. I managed to do some of what I needed
> via the mailman create and mailman shell commands, but I'm sure I should
> be able to do that in Postorius, but I can't log in as superuser and it
> doesn't seem to care that I'm a server admin. Maybe I need to upgrade
> Postorius and HyperKitty.
> 
> Which is the next advice I need. I'm thinking of trying to start clean
> and I have questions.
> 
> Is it better to use bundler and then upgrade what it installed or just
> install the separate pieces and try to knit them together or should I
> maybe just upgrade Postorius and HyperKitty in place as I did the core.
> If I start clean will running the bin/mailman-post-update script
> initialize all the data or will there be residue in the PostgreSQL
> database that may cause problems.
Running mailman-post-update multiple times shouldn't cause any issues.
I like deploying things myself, so I know how to fix them if needed,
I have a running production installation using git.
(mainly because the released version of mailman doesn't support python 3.5)
It's really not that hard to setup. It's mostly just python setup.py install
or just using pip.
I have a bunch of pkgbuilds for archlinux that might be helpful if you want
to install it on your own. This one holds everything together:
https://aur.archlinux.org/packages/mailman-suite-git/
Note: I installed mailman systemwide, so my mailman.service won't work
if you use virtualenvs.
For django I opted for uwsgi which supports a virtualenv.
> Sorry for the long post, but I really need advice. I won't be getting
> back to this until Wed Evening US Pacific time, so there's time to
> respond <wink>.
If you need any help, I'm probably also available on irc 'thelinuxguy',
I'm a UTC+1 guy, but usually stay up late :D
> 
> [1][2] Tracebacks in attached file.
About the traceback including add_user_to_mailman:
The method should be defined in lib/mailman.py
The change is associated with this commit:
1755122c (Aurélien Bompard 2015-11-19 19:10:14 +0100

It probably isn't included in the released versions of hyperkitty.
I'm not sure how to fix it in this case. Probably using git is the easiest,
but then the settings need to be adapted. You will want a mix of
hyperkitty_standalone, postorius_standalone and bundlers settings.
In that case I would suggest you start the django server by hand to see if
any errors occur.

The other tracebacks seem to be related to social_auth. You might want to update it,
and check for issues on their github site.

> 
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/simon.hanna%40serve-me.info
> 
> Security Policy: http://wiki.list.org/x/QIA9
> 