domtool-public: workaround mailman plugin deficiencies The mailman plugin only generates mailman_domains.cfg on the server that also runs the mailman web interface, so there's no way for a secondary mail server to know which addresses need to be relayed to the exim server that runs mailman. Reworking the mailman plugin would be a bit involved, and it's fairly low priority so work around for now by setting /var/domtool/mailman_domains.cfg immutable on the affected servers, and ignoring if the touch during redo_exim() fails. If/when the plugin is updated, there is a secondary issue of copying the mailmandb to all nodes since it is generated locally on the mailman server. Lists could be managed by domtool, or even just a new command to trigger an rsync of the mailmandb to afs and then to all mail nodes when lists are changed should work (IIRC, it is only changed when lists are added or removed).
apache: remove php5-cgi support, always generate php config Only fastcgi php is supported going forward since suphp has long been deprecated. Config.Apache.defaultPhpVersion has been removed; since PhpVersion will always be specified, there is no reason for domtool not to explicitly generate config instead of relying on the ambient apache config to set default handlers for php. The kerberos/afs fastcgi wrapper is suppressed on non-waklog systems, but ONLY when php is configured from PhpVersion in the vhost as a whole; the phpVersion and fastScriptAlias actions don't have access to the node they are being generated on, and can't detect that waklog is not supported. Will need to be fixed eventually...
fwtool: initial ipv6 support and puppet integration Not the prettiest, but it works. Just duplicates the firewall between ipv4 and ipv6, making sure to filter out any hostnames that aren't resolvable in each domain. ProxiedServer doesn't work over IPv6 yet due to nodes not having that information, will need to be fixed for proxied web services to work. domtool-publish has a new action, firewallpuppet, that will reload the firewall for our new setup (and fall back to just reloading ferm on the current one). Further work is required for puppet; we are purging unmanaged chains and will need to move all rules into a single chain instead of jumping to a different chain per user.
Disentangle vmail from the mail node, Prepare for dovecot support * Use new Slave.run and Connect.commandWorker where possible * Always reload vmail db in worker, never in dispatcher * Move non-courier-specific configuration variables to Config.Vmail. The master userdb is still managed using courier-authlib-userdb. * Manage vmail db in afs, syncing as needed.