Defend against connection errors
On mailman-developers, Mark describes several problems in deploy MM3 in production. One of those problems involved trying to protect HK with SSL:
In the process of working through some other issues, I enabled SSL in
Django with certificates I got from Let's Encrypt. That has led to a
current issue which is if a list's archiving is on, I can't post. The
post gets shunted in archiving because somewhere in the process the
runner tries to make an SSL connection to 127.0.0.1 and the certificate
is only valid for lists.mailman3.org, mirror.list.org and
mirror.mailman3.org[2]. I'm sure there must be a way to change the
connect to use lists.mailman3.org, but I don't know it.
The relevant traceback is here:
Traceback (most recent call last):
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/mailman/core/runner.py", line 165, in _one_iteration
self._process_one_file(msg, msgdata)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/mailman/core/runner.py", line 258, in _process_one_file
keepqueued = self._dispose(mlist, msg, msgdata)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/mailman/runners/pipeline.py", line 41, in _dispose
process(mlist, msg, msgdata, pipeline)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/mailman/core/pipelines.py", line 62, in process
handler.process(mlist, msg, msgdata)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/mailman/handlers/rfc_2369.py", line 124, in process
process(mlist, msg, msgdata)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/mailman/handlers/rfc_2369.py", line 88, in process
archiver_url = archiver.system_archiver.list_url(mlist)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/mailman_hyperkitty/__init__.py", line 101, in list_url
return self._get_url({"mlist": mlist.fqdn_listname})
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/mailman_hyperkitty/__init__.py", line 82, in _get_url
result = requests.get(url, params=params)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/requests/api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/requests/api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/requests/sessions.py", line 597, in send
history = [resp for resp in gen] if allow_redirects else []
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/requests/sessions.py", line 597, in <listcomp>
history = [resp for resp in gen] if allow_redirects else []
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/requests/sessions.py", line 195, in resolve_redirects
**adapter_kwargs
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/opt/mailman/mailman-bundler/venv-3.4/lib/python3.4/site-packages/requests/adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: hostname '127.0.0.1' doesn't match either of 'lists.mailman3.org', 'mirror.list.org', 'mirror.mailman3.org'
Mar 16 02:28:27 2016 (2964) SHUNTING: 1458095307.2480416+8c7a3c9ebd560baabdf44fd725d514de4be263f2
So one problem is that the hyperkitty archiver's get_url()
(and possibly other methods) needs to handle the case where the connection itself fails. I will also be creating an issue for the core to be more defensive against failures in IArchiver plugins.