Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/tools/ci/production-install

127 lines
5.6 KiB
Plaintext
Raw Normal View History

Use #!/usr/bin/env for bash shebangs. /bin/sh and /usr/bin/env are the only two binaries that NixOS provides at a fixed path (outside a buildFHSUserEnv sandbox). This discussion was split from #11004. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-12-18 02:08:53 +01:00
#!/usr/bin/env bash
docs: Add a bunch of documentation on Travis CI.
2017-06-06 03:15:17 +02:00
# This test installs a Zulip production environment (from the release
ci: Rename production builder script file.
2020-04-28 16:17:12 +02:00
# tarball from production-build), and then runs some Nagios checks and
docs: Add a bunch of documentation on Travis CI.
2017-06-06 03:15:17 +02:00
# other tools to verify that everything is working properly.
Expand testing done via Travis CI to cover production pipeline. With this change, we are now testing the production static asset pipeline and installation process in a new testing job (and also run the frontend/backend tests separately). This means that changes that break the Zulip static asset pipeline or production installation process are more likely to fail tests. The testing is imperfect in that it does not have proper isolation -- we build a complete Zulip development environment and then install a Zulip production environment on top of it, so e.g. any apt dependencies installed for Zulip development will still be available for the Zulip production environment. But, it's better than nothing! A good v2 of this would be to have the production setup process just install the minimum stuff needed to run `build-release-tarball` and then uninstall it / clean it up so that we can do a more clear production installation, but that's more work.
2015-10-15 01:47:42 +02:00
set -e
set -x
ci: Use absolute path to zulip folder. Strangely focal resolves `~/zulip` as `/root/zulip`, this makes sure we are in the correct folder.
2020-04-29 11:55:32 +02:00
ZULIP_PATH=/home/circleci/zulip
Expand testing done via Travis CI to cover production pipeline. With this change, we are now testing the production static asset pipeline and installation process in a new testing job (and also run the frontend/backend tests separately). This means that changes that break the Zulip static asset pipeline or production installation process are more likely to fail tests. The testing is imperfect in that it does not have proper isolation -- we build a complete Zulip development environment and then install a Zulip production environment on top of it, so e.g. any apt dependencies installed for Zulip development will still be available for the Zulip production environment. But, it's better than nothing! A good v2 of this would be to have the production setup process just install the minimum stuff needed to run `build-release-tarball` and then uninstall it / clean it up so that we can do a more clear production installation, but that's more work.
2015-10-15 01:47:42 +02:00
Fix postgres errors in Travis CI again. Travis CI's model of installing every version of postgres on the test VM and then shutting all the versions other than the one requested down seems to not work very well with doing apt upgrades. It seems the best way to resolve this is to just uninstall the versions we don't need.
2016-01-19 20:44:21 +01:00
# Do an apt upgrade to start with an up-to-date machine
production-helper: Fix shellcheck warnings. In tools/travis/production-helper line 24: if ! apt-get dist-upgrade -y $APT_OPTIONS; then ^-- SC2086: Double quote to prevent globbing and word splitting. In tools/travis/production-helper line 26: apt-get dist-upgrade -y $APT_OPTIONS ^-- SC2086: Double quote to prevent globbing and word splitting. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 02:14:51 +02:00
APT_OPTIONS=(-o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold')
travis: Do an apt-get update before the apt upgrade. This should save several minutes off the Travis CI `production` suite's runtime, since previously we were doing the full apt upgrade process twice, resulting in things like multiple expensive rebuilds of the initramfs.
2016-05-02 23:34:49 +02:00
apt-get update
production-helper: Hold tons of packages. This saves almost a minute doing apt upgrades in the production test suite.
2016-06-22 17:59:34 +02:00
ci: Setup production job for Focal. Run production suites on Ubuntu Focal. Added separate success-http-headers files for Focal and Bionic. Also excluded them from whitespace rules in lint. memcached 1.5.22 in Ubuntu 20.04 has a bug where it looks for its SASL configuration at /etc/sasl2/memcached.conf/memcached.conf instead of /etc/sasl2/memcached.conf. We already use a workaround for this while applying puppet configurations in 99e71f378624361fe47be555fa4785dd17482eb2 but for docker builds we used do memcached hack since we can not use systemd in docker containers.
2020-05-25 20:54:15 +02:00
if [ -f /etc/os-release ]; then
os_info="$(. /etc/os-release; printf '%s\n' "$VERSION_CODENAME")"
{ read -r os_version_codename || true; } <<< "$os_info"
fi
production-helper: Fix shellcheck warnings. In tools/travis/production-helper line 24: if ! apt-get dist-upgrade -y $APT_OPTIONS; then ^-- SC2086: Double quote to prevent globbing and word splitting. In tools/travis/production-helper line 26: apt-get dist-upgrade -y $APT_OPTIONS ^-- SC2086: Double quote to prevent globbing and word splitting. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 02:14:51 +02:00
if ! apt-get dist-upgrade -y "${APT_OPTIONS[@]}"; then
text: Fix some typos (most of them found and fixed by codespell). Signed-off-by: Stefan Weil <sw@weilnetz.de>
2020-03-28 01:25:56 +01:00
echo "\`apt-get dist-upgrade\`: Failure occurred while trying to perform distribution upgrade, Retrying..."
production-helper: Fix shellcheck warnings. In tools/travis/production-helper line 24: if ! apt-get dist-upgrade -y $APT_OPTIONS; then ^-- SC2086: Double quote to prevent globbing and word splitting. In tools/travis/production-helper line 26: apt-get dist-upgrade -y $APT_OPTIONS ^-- SC2086: Double quote to prevent globbing and word splitting. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 02:14:51 +02:00
apt-get dist-upgrade -y "${APT_OPTIONS[@]}"
production-helper: Add wrapper to retry apt-get dist-upgrade. In this commit we add a conditional inside production helper to just re run apt-get dist-upgrade in case it fails the first time.
2017-06-13 19:04:46 +02:00
fi
travis: Remove rabbitmq nodename dependency on hostname. Because rabbitmq doesn't support changing the nodename of a running rabbitmq node, Zulip installations suffered a plague of issues where e.g. a Zulip server would reboot, the hostname would change, and suddenly the local rabbitmq instance being used by Zulip would stop working. We address this problem by using, by default, a fixed rabbitmq nodename, but providing server administrators the option to set the rabbitmq nodename used by Zulip however they choose. To upgrade an existing server to use this new configuration, one will need to add something like the following to /etc/zulip/zulip.conf: [rabbitmq] nodename = zulip@localhost However, I don't believe we have the puppet code in place to make this work correctly at initial installation without rabbitmq-server being already installed (but off), as we can easily setup in Travis CI but I haven't been willing to do for the installer. So for now, this just fixes our Travis CI problems. Fixes: #1579.
2016-08-10 03:40:07 +02:00
travis: Workaround postgres 9.1 conflict issues on trusty. We ran into a bug with the Travis CI infrastructure where it postgres 9.1 is installed on the system, and so when we'd do an apt upgrade with a new version of 9.1, the 9.1 daemon would end up getting started and conflict with the 9.3 daemon we were trying to run.
2016-01-10 00:13:12 +01:00
# Install Zulip
ci: Remove the need of using TRAVIS in env. Since now we want to use production suites on Circle CI so there is no need to set TRAVIS in env while running scripts. CIRCLECI is set default in the enviroment of Circle CI builds so we can use it directly. Also Travis CI had rabbitmq-server installed so we had to add workaround in install script to avoid the error. That workaround is removed.
2020-04-21 22:51:04 +02:00
"$ZULIP_PATH"/scripts/setup/install --self-signed-cert --hostname 127.0.0.1 --email circleci@example.com
Expand testing done via Travis CI to cover production pipeline. With this change, we are now testing the production static asset pipeline and installation process in a new testing job (and also run the frontend/backend tests separately). This means that changes that break the Zulip static asset pipeline or production installation process are more likely to fail tests. The testing is imperfect in that it does not have proper isolation -- we build a complete Zulip development environment and then install a Zulip production environment on top of it, so e.g. any apt dependencies installed for Zulip development will still be available for the Zulip production environment. But, it's better than nothing! A good v2 of this would be to have the production setup process just install the minimum stuff needed to run `build-release-tarball` and then uninstall it / clean it up so that we can do a more clear production installation, but that's more work.
2015-10-15 01:47:42 +02:00
cat >>/etc/zulip/settings.py <<EOF
docs: Use consistent spelling of CircleCI.
2020-04-28 20:26:58 +02:00
# CircleCI override settings above
Expand testing done via Travis CI to cover production pipeline. With this change, we are now testing the production static asset pipeline and installation process in a new testing job (and also run the frontend/backend tests separately). This means that changes that break the Zulip static asset pipeline or production installation process are more likely to fail tests. The testing is imperfect in that it does not have proper isolation -- we build a complete Zulip development environment and then install a Zulip production environment on top of it, so e.g. any apt dependencies installed for Zulip development will still be available for the Zulip production environment. But, it's better than nothing! A good v2 of this would be to have the production setup process just install the minimum stuff needed to run `build-release-tarball` and then uninstall it / clean it up so that we can do a more clear production installation, but that's more work.
2015-10-15 01:47:42 +02:00
AUTHENTICATION_BACKENDS = ( 'zproject.backends.EmailAuthBackend', )
ci: Replaced travis with test suite while setting production setup on ci.
2020-04-20 16:54:20 +02:00
NOREPLY_EMAIL_ADDRESS = 'noreply@circleci.example.com'
settings: Improve ALLOWED_HOSTS defaults logic and docs. This removes the requirement for the user to put localhost/127.0.0.1 in their ALLOWED_HOSTS list, since it is now added automatically. Fixes: #1358.
2016-07-13 07:32:21 +02:00
ALLOWED_HOSTS = []
Expand testing done via Travis CI to cover production pipeline. With this change, we are now testing the production static asset pipeline and installation process in a new testing job (and also run the frontend/backend tests separately). This means that changes that break the Zulip static asset pipeline or production installation process are more likely to fail tests. The testing is imperfect in that it does not have proper isolation -- we build a complete Zulip development environment and then install a Zulip production environment on top of it, so e.g. any apt dependencies installed for Zulip development will still be available for the Zulip production environment. But, it's better than nothing! A good v2 of this would be to have the production setup process just install the minimum stuff needed to run `build-release-tarball` and then uninstall it / clean it up so that we can do a more clear production installation, but that's more work.
2015-10-15 01:47:42 +02:00
EOF
travis: Verify all supervisord jobs are running in production test. This requires a bit of complexity since supervisord automatically restarts failing jobs.
2016-05-08 03:49:43 +02:00
echo; echo "Now testing that the supervisord jobs are running properly"; echo
travis: Increase the supervisor sleep to 15s for now. The hope is this will help us investigate failures like https://travis-ci.org/zulip/zulip/jobs/203335213.
2017-02-20 08:41:26 +01:00
sleep 15 # Guaranteed to have a working supervisord process get an extra digit
travis: Verify all supervisord jobs are running in production test. This requires a bit of complexity since supervisord automatically restarts failing jobs.
2016-05-08 03:49:43 +02:00
if supervisorctl status | grep -vq RUNNING || supervisorctl status | sed 's/^.*uptime //' | grep -q 0:00:0; then
set +x
echo
echo "FAILURE: Supervisor output shows daemons are crashing:"
echo
supervisorctl status
echo
echo "DEBUG: printing Zulip server's error log:"
cat /var/log/zulip/errors.log
echo
echo "DEBUG: printing Zulip server's workers log:"
cat /var/log/zulip/workers.log
echo
echo "DEBUG: printing Zulip server's tornado log:"
cat /var/log/zulip/tornado.log
exit 1
fi
travis: Fix production suite flakiness. Previously, we were doing this request to the production server before waiting for all the supervisord processes to start; it's possible this could cause failures where we hit the server before the Django uwsgi processes are up. Hopefully fixes #2723.
2016-12-16 06:03:33 +01:00
# TODO: Ideally this would test actually logging in, but this is a start.
echo; echo "Now testing that the newly installed server's homepage loads"; echo
wget https://localhost -O /tmp/index.html --no-check-certificate -S 2> /tmp/wget-output || true # || true so we see errors.log if this 500s
grep -vi '\(Vary\|Content-Language\|expires\|issued by\|modified\|saved\|[.][.][.]\|Date\|[-][-]\)' /tmp/wget-output > /tmp/http-headers-processed
travis: Improve production test for HTTP success to not check length. This will make life a lot easier when iterating on the login page.
2017-08-15 17:57:05 +02:00
CSS: Move portico styles to webpack compilation. static/styles/scss/portico.scss is now compiled by webpack and supports SCSS syntax. Changed the server-side templates to render the portico-styles bundle instead of directly requiring the portico stylesheet. This allows webpack to handle stylesheet compilation and minification. We use the mini-css-extract-plugin to extract out css from the includes in webpack and let webpacks production mode handle minification. Currently we're not able to use it for dev mode because it does not support HMR so we use style-loader instead. Once the plugin supports HMR we can go on to use it for both dev and prod. The downside of this is that when reloading pages in the development environment, there's an annoying flash of unstyled content :(. It is now possible to make a change in any of the styles included by static/styles/scss/portico.scss and see the code reload live in the browser. This is because style-loader which we currently use has the module.accept code built-in.
2018-04-25 22:09:48 +02:00
# Simplify the diff by getting replacing 4-5 digit length numbers with <Length>.
sed -i 's|Length: [0-9]\+\( [(][0-9]\+[.][0-9]K[)]\)\?|Length: <Length>|' /tmp/http-headers-processed
ci: Setup production job for Focal. Run production suites on Ubuntu Focal. Added separate success-http-headers files for Focal and Bionic. Also excluded them from whitespace rules in lint. memcached 1.5.22 in Ubuntu 20.04 has a bug where it looks for its SASL configuration at /etc/sasl2/memcached.conf/memcached.conf instead of /etc/sasl2/memcached.conf. We already use a workaround for this while applying puppet configurations in 99e71f378624361fe47be555fa4785dd17482eb2 but for docker builds we used do memcached hack since we can not use systemd in docker containers.
2020-05-25 20:54:15 +02:00
sed -i 's|Length: [0-9]\+\( [(][0-9]\+[.][0-9]K[)]\)\?|Length: <Length>|' /tmp/success-http-headers-"$os_version_codename".txt
if ! diff -ur /tmp/http-headers-processed /tmp/success-http-headers-"$os_version_codename".txt; then
travis: Fix production suite flakiness. Previously, we were doing this request to the production server before waiting for all the supervisord processes to start; it's possible this could cause failures where we hit the server before the Django uwsgi processes are up. Hopefully fixes #2723.
2016-12-16 06:03:33 +01:00
set +x
echo
tools: Rename tools/travis directory to tools/ci.
2018-12-10 08:05:16 +01:00
echo "FAILURE: The HTTP Headers returned from loading the homepage on the server do not match the contents of tools/ci/success-http-headers.txt. Typically, this means that the server threw a 500 when trying to load the homepage."
travis: Fix production suite flakiness. Previously, we were doing this request to the production server before waiting for all the supervisord processes to start; it's possible this could cause failures where we hit the server before the Django uwsgi processes are up. Hopefully fixes #2723.
2016-12-16 06:03:33 +01:00
echo "Displaying the contents of the server's error log:"
echo
cat /var/log/zulip/errors.log
echo
echo "Displaying the contents of the main server log:"
echo
cat /var/log/zulip/server.log
exit 1
fi
travis: Add special check for queue processor lists matching.
2017-02-19 22:41:43 +01:00
# Start the RabbitMQ queue worker related section
echo; echo "Now confirming all the RabbitMQ queue processors are correctly registered!"; echo
# These hacky shell scripts just extract the sorted list of queue processors, running and expected
supervisorctl status | cut -f1 -dR | cut -f2- -d: | grep events | cut -f1 -d" " | cut -f3- -d_ | cut -f1 -d- | sort -u > /tmp/running_queue_processors.txt
production-helper: Fix sorting queue workers by name. - Shell command `sort` depends on system locale and symbol `_` (underscore) is located after letters in the default locale of Travis instances. Otherwise, python sorting uses its own symbols ordering and underscore is located before letters. Changing the locale for `sort` shell command with adding environment variable doesn' t work on Travis instances. That's why It was decided to apply the same sorting command to both comparing lists.
2017-03-06 08:51:10 +01:00
su zulip -c /home/zulip/deployments/current/scripts/lib/queue_workers.py | grep -v ^test$ | sort -u > /tmp/expected_queue_processors.txt
travis: Fix various bugs in new queue worker test. * Now queue_workers.py sorts queue names and prints them on their own line. Previously it's output was nondeterministic. * Simplified grep strategy for removing the "test" worker.
2017-02-20 04:34:15 +01:00
if ! diff /tmp/expected_queue_processors.txt /tmp/running_queue_processors.txt >/dev/null; then
set +x
travis: Add special check for queue processor lists matching.
2017-02-19 22:41:43 +01:00
echo "FAILURE: Runnable queue processors declared in zerver/worker/queue_processors.py "
echo "do not match those in puppet/manifests/zulip/base.pp"
docs: Update links from codebase to point to ReadTheDocs.
2017-11-16 19:51:44 +01:00
echo "See https://zulip.readthedocs.io/en/latest/subsystems/queuing.html for details."
travis: Add special check for queue processor lists matching.
2017-02-19 22:41:43 +01:00
echo
diff -ur /tmp/expected_queue_processors.txt /tmp/running_queue_processors.txt
exit 1
fi
travis: Run various Nagios checks in production tests.
2016-05-08 03:49:56 +02:00
echo; echo "Now running RabbitMQ consumer Nagios tests"; echo
Fix excessive CPU usage by rabbitmq-numconsumers Nagios checks. The previous model for these Nagios checks was kinda crazy -- every minute, we'd run a full `rabbitmctl list_consumers` for each of the dozen+ consumers that we have, and then do the exact same parsing logic for each to determine whether the target queue has a running consumer to write out a state file. Because `rabbitmctl list_consumers` takes a small amount of resources, on systems where CPU is very limited (e.g. t2 style AWS instances), this minor CPU wastage could be problematic. Now we just do that `rabbitmqctl list_consumers` once per minute, and output all the state files from a single command. Further TODO items on this front include removing the hardcoded list of queues.
2016-08-12 23:09:36 +02:00
# First run the check that usually runs in cron and populates the state files
/home/zulip/deployments/current/scripts/nagios/check-rabbitmq-consumers
travis: Automate updates to production-helper Nagios test. This list was likely to end up out of date quickly, since it wasn't documented that you need to update it when adding a queue. The best solution is to just not require it to be updated.
2017-02-19 22:18:18 +01:00
# Then, compute the list of all Django queue workers to run Nagios checks against
queue_workers: Fix confusing --queue_type argument name.
2017-02-22 09:23:07 +01:00
consumer_list=$(/home/zulip/deployments/current/scripts/lib/queue_workers.py --queue-type=consumer)
travis: Automate updates to production-helper Nagios test. This list was likely to end up out of date quickly, since it wasn't documented that you need to update it when adding a queue. The best solution is to just not require it to be updated.
2017-02-19 22:18:18 +01:00
for consumer in $consumer_list; do
travis: Run various Nagios checks in production tests.
2016-05-08 03:49:56 +02:00
if ! /usr/lib/nagios/plugins/zulip_app_frontend/check_rabbitmq_consumers "$consumer"; then
set +x
echo
echo "FAILURE: Missing Nagios consumer for $consumer; displaying full consumer output:"
production-helper: Clarify log output on check_rabbitmq_consumers failure. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2019-08-29 06:16:52 +02:00
set -x
travis: Run various Nagios checks in production tests.
2016-05-08 03:49:56 +02:00
rabbitmqctl list_consumers
travis: Improve debuggability of rabbitmq errors.
2017-02-20 08:44:40 +01:00
supervisorctl status
production-helper: Clarify log output on check_rabbitmq_consumers failure. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2019-08-29 06:16:52 +02:00
tail -n +1 /var/log/zulip/events*.log
travis: Run various Nagios checks in production tests.
2016-05-08 03:49:56 +02:00
exit 1
fi
done
travis: Temporarily disable failing Nagios tests. Apparently Travis CI has a very strange issue today that causes our Nagios/E2E tests to have Tornado failing to connect to RabbitMQ. Causes unknown, but I've spent a day trying to debug this without luck, and we need our test suites passing in the meantime.
2017-03-16 05:34:24 +01:00
# Some of the Nagios tests have been temporarily disabled to work
# around a Travis CI infrastructure issue.
travis: Run various Nagios checks in production tests.
2016-05-08 03:49:56 +02:00
echo; echo "Now running additional Nagios tests"; echo
if ! /usr/lib/nagios/plugins/zulip_app_frontend/check_queue_worker_errors || \
travis: Temporarily disable failing Nagios tests. Apparently Travis CI has a very strange issue today that causes our Nagios/E2E tests to have Tornado failing to connect to RabbitMQ. Causes unknown, but I've spent a day trying to debug this without luck, and we need our test suites passing in the meantime.
2017-03-16 05:34:24 +01:00
! su zulip -c /usr/lib/nagios/plugins/zulip_postgres_appdb/check_fts_update_log; then # || \
dependencies: Remove WebSockets system for sending messages. Zulip has had a small use of WebSockets (specifically, for the code path of sending messages, via the webapp only) since ~2013. We originally added this use of WebSockets in the hope that the latency benefits of doing so would allow us to avoid implementing a markdown local echo; they were not. Further, HTTP/2 may have eliminated the latency difference we hoped to exploit by using WebSockets in any case. While we’d originally imagined using WebSockets for other endpoints, there was never a good justification for moving more components to the WebSockets system. This WebSockets code path had a lot of downsides/complexity, including: * The messy hack involving constructing an emulated request object to hook into doing Django requests. * The `message_senders` queue processor system, which increases RAM needs and must be provisioned independently from the rest of the server). * A duplicate check_send_receive_time Nagios test specific to WebSockets. * The requirement for users to have their firewalls/NATs allow WebSocket connections, and a setting to disable them for networks where WebSockets don’t work. * Dependencies on the SockJS family of libraries, which has at times been poorly maintained, and periodically throws random JavaScript exceptions in our production environments without a deep enough traceback to effectively investigate. * A total of about 1600 lines of our code related to the feature. * Increased load on the Tornado system, especially around a Zulip server restart, and especially for large installations like zulipchat.com, resulting in extra delay before messages can be sent again. As detailed in https://github.com/zulip/zulip/pull/12862#issuecomment-536152397, it appears that removing WebSockets moderately increases the time it takes for the `send_message` API query to return from the server, but does not significantly change the time between when a message is sent and when it is received by clients. We don’t understand the reason for that change (suggesting the possibility of a measurement error), and even if it is a real change, we consider that potential small latency regression to be acceptable. If we later want WebSockets, we’ll likely want to just use Django Channels. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-07-23 01:43:40 +02:00
# ! su zulip -c "/usr/lib/nagios/plugins/zulip_app_frontend/check_send_receive_time --site=https://127.0.0.1/api --nagios --insecure"; then
travis: Run various Nagios checks in production tests.
2016-05-08 03:49:56 +02:00
set +x
echo
echo "FAILURE: Nagios checks don't pass:"
echo
echo "DEBUG: printing Zulip server's error log:"
cat /var/log/zulip/errors.log
exit 1
fi
travis: Verify all supervisord jobs are running in production test. This requires a bit of complexity since supervisord automatically restarts failing jobs.
2016-05-08 03:49:43 +02:00
echo "Production installation test successful!"
exit 0