infra/ansible
23
2
Fork 44
Code Pull requests 13 Activity Actions

[postfix] Migrate to lmdb #3120

Merged
zlopez merged 5 commits from zlopez/ansible:13035 into main 2026-03-11 13:27:23 +00:00
Conversation 10 Commits 5 Files changed 23 +853 -65
zlopez commented 2026-02-18 15:00:13 +00:00
Owner
Copy link

This change will migrate postfix from bdb to lmdb.
See infra/tickets#13035 for more
details.

Signed-off-by: Michal Konecny mkonecny@redhat.com

This change will migrate postfix from bdb to lmdb. See https://forge.fedoraproject.org/infra/tickets/issues/13035 for more details. Signed-off-by: Michal Konecny <mkonecny@redhat.com>
kevin requested changes 2026-02-19 22:34:13 +00:00
kevin left a comment
Owner
Copy link

This is pretty invasive, so I think it will have to wait for after freeze?
Or do you want to try and land it before then?

For the rhel10 moving, we could just do a much smaller change to use lmdb for only rhel10 hosts?
Or just do it manually until after freeze.

This is pretty invasive, so I think it will have to wait for after freeze? Or do you want to try and land it before then? For the rhel10 moving, we could just do a much smaller change to use lmdb for only rhel10 hosts? Or just do it manually until after freeze.
roles/base/tasks/postfix.yml Outdated
@ -9,1 +9,4 @@
- name: Make sure postfix-lmdb is installed
ansible.builtin.package:
state: presend
kevin commented 2026-02-19 22:28:37 +00:00
Owner
Copy link

Should be 'present' ?

Should be 'present' ?
zlopez commented 2026-02-23 09:08:55 +00:00
Author
Owner
Copy link

Oops, will fix

Oops, will fix
zlopez marked this conversation as resolved
roles/base/tasks/postfix.yml Outdated
@ -10,0 +10,4 @@
- name: Make sure postfix-lmdb is installed
ansible.builtin.package:
state: presend
name: postfix-lmdb
kevin commented 2026-02-19 22:31:16 +00:00
Owner
Copy link

Sadly, there's no postfix-lmdb package in rhel/epel8... so we will need to exclude pagure from these changes.

Sadly, there's no postfix-lmdb package in rhel/epel8... so we will need to exclude pagure from these changes.
zlopez commented 2026-02-23 09:09:42 +00:00
Author
Owner
Copy link

Didn't checked that out, I'm also not sure if this will be needed on RHEL 10, maybe it will be part of postfix.

Didn't checked that out, I'm also not sure if this will be needed on RHEL 10, maybe it will be part of postfix.
zlopez commented 2026-02-26 09:19:59 +00:00
Author
Owner
Copy link

I added a when that will skip this for RHEL 8 and older.

I added a when that will skip this for RHEL 8 and older.
zlopez marked this conversation as resolved
roles/base/tasks/postfix.yml Outdated
@ -25,6 +33,57 @@
- base
- smtp_auth_relay
- name: Read the config file
kevin commented 2026-02-19 22:32:59 +00:00
Owner
Copy link

I assume this section is just to migrate things in place, and can be removed after run?

Perhaps it would be better as just a stand alone playbook we run once after landing this?

I assume this section is just to migrate things in place, and can be removed after run? Perhaps it would be better as just a stand alone playbook we run once after landing this?
zlopez commented 2026-02-23 09:08:35 +00:00
Author
Owner
Copy link

Yeah, this should be run only once. I can prepare separate manual playbook for that. When I wrote it I wasn't sure what will be the best option, but separate manually run playbook makes sense.

Yeah, this should be run only once. I can prepare separate manual playbook for that. When I wrote it I wasn't sure what will be the best option, but separate manually run playbook makes sense.
zlopez marked this conversation as resolved
zlopez commented 2026-02-23 09:12:02 +00:00
Author
Owner
Copy link

@kevin wrote in #3120 (comment):

This is pretty invasive, so I think it will have to wait for after freeze? Or do you want to try and land it before then?

For the rhel10 moving, we could just do a much smaller change to use lmdb for only rhel10 hosts? Or just do it manually until after freeze.

I marked the PR as post-freeze as it's an invasive change. As this needs changes in main.cf file I wasn't sure how to specify it only for rhel10, as it's not really clear which template will be used.

@kevin wrote in https://forge.fedoraproject.org/infra/ansible/pulls/3120#issuecomment-537259: > This is pretty invasive, so I think it will have to wait for after freeze? Or do you want to try and land it before then? > > For the rhel10 moving, we could just do a much smaller change to use lmdb for only rhel10 hosts? Or just do it manually until after freeze. I marked the PR as post-freeze as it's an invasive change. As this needs changes in `main.cf` file I wasn't sure how to specify it only for rhel10, as it's not really clear which template will be used.
zlopez commented 2026-02-23 13:02:05 +00:00
Author
Owner
Copy link

So I'm thinking what is best approach here. I have few options in mind

  1. We change the main.cf files to use lmdb in role, we will need to have specific one for pagure or any other machine that doesn't support lmdb. We will move all the other changes to manual playbook, which will need to be run once for each machine.
    There is another problem with manual playbook that the first restart of postfix will fail as the *.lmdb file will not be in place. So it will be to execute postfix role, manual role and postfix role again, this will be needed during migration or when the machine will be installed again from scratch.
  2. We will do all the changes in manual playbook, which will also change all the btree/bhash entries in main.cf file to lmdb when executed, but that means every time the postfix playbook is executed, it will replace those changes
  3. Leave it as part of the postfix role as it is now, but skip the lmdb steps for machines that don't support it.

I think the third approach is best option. What do you think @kevin?

So I'm thinking what is best approach here. I have few options in mind 1) We change the `main.cf` files to use lmdb in role, we will need to have specific one for pagure or any other machine that doesn't support lmdb. We will move all the other changes to manual playbook, which will need to be run once for each machine. There is another problem with manual playbook that the first restart of postfix will fail as the `*.lmdb` file will not be in place. So it will be to execute postfix role, manual role and postfix role again, this will be needed during migration or when the machine will be installed again from scratch. 2) We will do all the changes in manual playbook, which will also change all the `btree/bhash` entries in `main.cf` file to `lmdb` when executed, but that means every time the postfix playbook is executed, it will replace those changes 3) Leave it as part of the postfix role as it is now, but skip the lmdb steps for machines that don't support it. I think the third approach is best option. What do you think @kevin?
kevin commented 2026-02-23 18:01:54 +00:00
Owner
Copy link

I think 3 sounds fine, but also... instead of a manual playbook, how about we setup a handler and notify it when the postfix.cf changes to run the commands to generate the lmdb databases, but before we restart postfix?

Then it could all be in the playbook, but it's a lot simpler ?

I think 3 sounds fine, but also... instead of a manual playbook, how about we setup a handler and notify it when the postfix.cf changes to run the commands to generate the lmdb databases, but before we restart postfix? Then it could all be in the playbook, but it's a lot simpler ?
zlopez force-pushed 13035 from 94b8759b10 to c9fb38000f
Some checks failed
Linter / yamllint (pull_request) Successful in 43s
Details
Linter / ansible-lint (pull_request) Failing after 47s
Details
2026-02-25 11:28:10 +00:00 Compare
zlopez force-pushed 13035 from 103a51fcd7
Some checks failed
Linter / yamllint (pull_request) Failing after 25s
Details
Linter / ansible-lint (pull_request) Failing after 49s
Details
to 7fdfb301dc
Some checks failed
Linter / yamllint (pull_request) Successful in 25s
Details
Linter / ansible-lint (pull_request) Failing after 51s
Details
2026-02-25 12:02:08 +00:00 Compare
zlopez commented 2026-02-25 12:03:36 +00:00
Author
Owner
Copy link

@kevin wrote in #3120 (comment):

I think 3 sounds fine, but also... instead of a manual playbook, how about we setup a handler and notify it when the postfix.cf changes to run the commands to generate the lmdb databases, but before we restart postfix?

Then it could all be in the playbook, but it's a lot simpler ?

I think I addressed the RHEL8 machines and the handler approach in latest commit. Feel free to check it out.

@kevin wrote in https://forge.fedoraproject.org/infra/ansible/pulls/3120#issuecomment-544222: > I think 3 sounds fine, but also... instead of a manual playbook, how about we setup a handler and notify it when the postfix.cf changes to run the commands to generate the lmdb databases, but before we restart postfix? > > Then it could all be in the playbook, but it's a lot simpler ? I think I addressed the RHEL8 machines and the handler approach in latest commit. Feel free to check it out.
zlopez force-pushed 13035 from f7dd1203b7
Some checks failed
Linter / yamllint (pull_request) Successful in 26s
Details
Linter / ansible-lint (pull_request) Failing after 49s
Details
to 3ea4c13f57
Some checks failed
Linter / yamllint (pull_request) Successful in 27s
Details
Linter / ansible-lint (pull_request) Failing after 47s
Details
2026-02-25 12:13:51 +00:00 Compare
zlopez force-pushed 13035 from 3ea4c13f57
Some checks failed
Linter / yamllint (pull_request) Successful in 27s
Details
Linter / ansible-lint (pull_request) Failing after 47s
Details
to 251a7a1a17
Some checks failed
Linter / yamllint (pull_request) Successful in 24s
Details
Linter / ansible-lint (pull_request) Failing after 46s
Details
2026-02-25 12:17:11 +00:00 Compare
zlopez commented 2026-02-25 12:23:36 +00:00
Author
Owner
Copy link

I addressed the last ansible-lint error in #3172

I addressed the last ansible-lint error in https://forge.fedoraproject.org/infra/ansible/pulls/3172
kevin requested changes 2026-02-25 22:48:26 +00:00
kevin left a comment
Owner
Copy link

I guess this handler will work. It seems pretty unelegant, but I cant think of a more clean way to do it.

I guess this handler will work. It seems pretty unelegant, but I cant think of a more clean way to do it.
inventory/group_vars/pkgs_stg Outdated
@ -43,3 +43,4 @@ wsgi_procs: 4
wsgi_threads: 4
zabbix_macros:
'VFS.FS.FSTYPE.MATCHES': '^(btrfs|ext2|ext3|ext4|reiser|xfs|ffs|ufs|jfs|jfs2|vxfs|hfs|apfs|refs|ntfs|fat32|zfs|nfs)$'
postfix_group:pkgs
kevin commented 2026-02-25 22:42:48 +00:00
Owner
Copy link

missing space after : ?

missing space after : ?
zlopez commented 2026-02-26 09:03:47 +00:00
Author
Owner
Copy link

You are right, let me fix that.

You are right, let me fix that.
zlopez marked this conversation as resolved
roles/base/files/postfix/main.cf/main.cf.vpn.pagure Outdated
@ -387,3 +387,3 @@
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
alias_maps = btree:/etc/aliases
kevin commented 2026-02-25 22:46:56 +00:00
Owner
Copy link

why not just leave these as hash? shouldn't change until they go eol...

why not just leave these as hash? shouldn't change until they go eol...
zlopez commented 2026-02-26 09:04:21 +00:00
Author
Owner
Copy link

I didn't checked what was there before, will put it back to hash, no need to change it.

I didn't checked what was there before, will put it back to hash, no need to change it.
zlopez marked this conversation as resolved
zlopez commented 2026-02-26 09:05:47 +00:00
Author
Owner
Copy link

@kevin wrote in #3120 (comment):

I guess this handler will work. It seems pretty unelegant, but I cant think of a more clean way to do it.

I agree, it's not elegant, but I couldn't think of any better way as well. I still don't understand why there are different commands for conversion of /etc/aliases and everything else.

@kevin wrote in https://forge.fedoraproject.org/infra/ansible/pulls/3120#issuecomment-558311: > I guess this handler will work. It seems pretty unelegant, but I cant think of a more clean way to do it. I agree, it's not elegant, but I couldn't think of any better way as well. I still don't understand why there are different commands for conversion of `/etc/aliases` and everything else.
zlopez force-pushed 13035 from 251a7a1a17
Some checks failed
Linter / yamllint (pull_request) Successful in 24s
Details
Linter / ansible-lint (pull_request) Failing after 46s
Details
to cfef783390
Some checks failed
Linter / yamllint (pull_request) Successful in 27s
Details
Linter / ansible-lint (pull_request) Failing after 49s
Details
2026-02-26 09:12:28 +00:00 Compare
zlopez force-pushed 13035 from b356c2ed41
Some checks failed
Linter / yamllint (pull_request) Successful in 28s
Details
Linter / ansible-lint (pull_request) Failing after 46s
Details
to 5cb507cbcc
Some checks failed
Linter / yamllint (pull_request) Successful in 28s
Details
Linter / ansible-lint (pull_request) Failing after 49s
Details
2026-02-26 09:21:46 +00:00 Compare
zlopez force-pushed 13035 from 5cb507cbcc
Some checks failed
Linter / yamllint (pull_request) Successful in 28s
Details
Linter / ansible-lint (pull_request) Failing after 49s
Details
to ee60b1003b
Some checks failed
Linter / yamllint (pull_request) Successful in 25s
Details
Linter / ansible-lint (pull_request) Failing after 46s
Details
2026-03-02 09:10:44 +00:00 Compare
zlopez force-pushed 13035 from ee60b1003b
Some checks failed
Linter / yamllint (pull_request) Successful in 25s
Details
Linter / ansible-lint (pull_request) Failing after 46s
Details
to d4b957a92e
All checks were successful
Linter / yamllint (pull_request) Successful in 25s
Details
Linter / ansible-lint (pull_request) Successful in 1m3s
Details
2026-03-02 16:18:53 +00:00 Compare
zlopez commented 2026-03-02 16:21:53 +00:00
Author
Owner
Copy link

I fixed the ansible-lint errors in #3184

I fixed the ansible-lint errors in https://forge.fedoraproject.org/infra/ansible/pulls/3184
zlopez commented 2026-03-11 13:26:37 +00:00
Author
Owner
Copy link

Let me merge this and test it out on staging first.

Let me merge this and test it out on staging first.
zlopez merged commit f40260df77 into main 2026-03-11 13:27:23 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
kevin
Labels
Clear labels   
ai-review-please

label for requesting AI code review

  
freeze-break-request

   
post-freeze
  
Backlog Status
Needs Review
Work items that have been created or updated but need review, refinement, or approval before they can be considered ready for sprint planning.

  
Backlog Status
Ready
Work items that have been reviewed, refined, and are ready to be committed to a sprint. These items have clear requirements and can be worked on immediately when capacity is available.

  
chore

Work that needs to be done but doesn't add new functionality or fix bugs. Maintenance tasks that keep the system running smoothly and the codebase clean.

  
documentation

Work focused on creating, updating, or improving documentation for users, developers, or system administrators.

  
points
01
A task that is simple, small, and has very little uncertainty. It should be easy enough for any team member to pick up and complete quickly, without a lot of discussion or research.

  
points
02
This is a task that is slightly more complex or larger than a "1." It might involve two or three simple steps, but the outcome is still very clear and there's little uncertainty.

  
points
03
Medium-sized task with some noticeable complexity. It might require a bit more thought or collaboration. The steps are well-defined, but it's not a trivial change.

  
points
05
A significant piece of work. It has more complexity and a higher degree of uncertainty than smaller tasks. It might require some research, a design discussion, or collaboration across multiple teams.

  
points
08
Complex task with a lot of uncertainty. It's often the largest size that a team will consider for a single sprint. It likely requires a detailed breakdown and multiple team members to complete.

  
points
13
Any task that feels like it's a "13" or more is considered an Epic. These are too large and uncertain to be worked on in a single sprint and should be broken down.

  
Priority
High
This is for work that is critical and needs to be addressed in the next sprint. It's often for urgent bugs, important features, or a major piece of technical debt that is blocking other work.

  
Priority
Low
This is for work that is good to do but not urgent. It's a candidate for being worked on when there's extra time or when it rises in importance. It can stay in the backlog for a longer period.

  
Priority
Medium
This is for important work that should be done soon, but isn't as urgent as a high-priority item. It will likely be considered for the next 1-2 sprints.

  
Sprint Status
Blocked
Work items that cannot progress due to external dependencies, blockers, or issues that need resolution.

  
Sprint Status
Done
Work items that have been completed, reviewed, and integrated. No further work is needed within the current sprint.

  
Sprint Status
In Progress
Work items currently being worked on by a team member. Active development, research, or implementation is happening.

  
Sprint Status
Review
Work items that are complete but need review, testing, or approval before being marked as done.

  
Sprint Status
To Do
Work items that are committed to the sprint but haven't been started yet. These items are ready to be picked up by team members.

  
Technical Debt

Work that addresses shortcuts, workarounds, or suboptimal implementations that were done previously to meet deadlines. These items improve code quality, maintainability, or performance without adding new features.

  
Work Item
Bug
Issues where the system is not working as intended or designed. Bugs represent deviations from expected behavior.

  
Work Item
Epic
Large initiatives that are broken down into multiple smaller work items (user stories, tasks, bugs). Epics represent significant features or projects that span multiple sprints.

  
Work Item
Spike
Time-boxed research, investigation, or proof-of-concept work to reduce uncertainty or explore solutions. Spikes help inform future development decisions.

  
Work Item
Task
Used to break down larger user stories into smaller, manageable implementation pieces. They focus on the specific technical steps needed to deliver the user story's value.

  
Work Item
User Story
User-facing features or functionality that can be framed from a user perspective, describing what someone wants to accomplish and why.

No labels
ai-review-please
freeze-break-request
post-freeze
Backlog Status
Needs Review
Backlog Status
Ready
chore
documentation
points
01
points
02
points
03
points
05
points
08
points
13
Priority
High
Priority
Low
Priority
Medium
Sprint Status
Blocked
Sprint Status
Done
Sprint Status
In Progress
Sprint Status
Review
Sprint Status
To Do
Technical Debt
Work Item
Bug
Work Item
Epic
Work Item
Spike
Work Item
Task
Work Item
User Story
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
infra/ansible!3120
No description provided.