install: Run generate_secrets.py before zulip-puppet-apply.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>

puppet/zulip/manifests/camo.pp

@@ -14,5 +14,9 @@ class zulip::camo {
     group   => 'root',
     mode    => '0644',
     content => template('zulip/camo_defaults.template.erb'),
+    notify  => Service[camo],
+  }
+  service { 'camo':
+    ensure => running,
   }
 }

scripts/lib/install

@@ -259,11 +259,16 @@ EOF
     fi
 ) > /etc/zulip/zulip.conf
 
+case ",$PUPPET_CLASSES," in
+    *,zulip::voyager,* | *,zulip::dockervoyager,* | *,zulip::app_frontend,*)
+        "$ZULIP_PATH"/scripts/setup/generate_secrets.py --production
+        ;;
+esac
+
 "$ZULIP_PATH"/scripts/zulip-puppet-apply -f
 
 # Detect which features were selected for the below
 set +e
-[ -e "/etc/init.d/camo" ]; has_camo=$?
 [ -e "/etc/init.d/nginx" ]; has_nginx=$?
 [ -e "/etc/supervisor/conf.d/zulip.conf" ]; has_appserver=$?
 [ -e "/etc/cron.d/rabbitmq-numconsumers" ]; has_rabbit=$?
@@ -272,7 +277,6 @@ set -e
 
 # Docker service setup is done in the docker config, not here
 if [ "$DEPLOYMENT_TYPE" = "dockervoyager" ]; then
-    has_camo=1
     has_nginx=1
     has_appserver=0
     has_rabbit=1
@@ -311,7 +315,6 @@ EOF
 fi
 
 if [ "$has_appserver" = 0 ]; then
-    "$ZULIP_PATH"/scripts/setup/generate_secrets.py --production
     if [ -z "$NO_OVERWRITE_SETTINGS" ] || ! [ -e "/etc/zulip/settings.py" ]; then
         cp -a "$ZULIP_PATH"/zproject/prod_settings_template.py /etc/zulip/settings.py
         if [ -n "$EXTERNAL_HOST" ]; then
@@ -324,15 +327,6 @@ if [ "$has_appserver" = 0 ]; then
     ln -nsf /etc/zulip/settings.py "$ZULIP_PATH"/zproject/prod_settings.py
 fi
 
-# Restart camo since generate_secrets.py likely replaced its secret key
-if [ "$has_camo" = 0 ]; then
-    # Cut off stdin because a bug in the Debian packaging for camo
-    # causes our stdin to leak to the daemon, which can cause tools
-    # invoking the installer to hang.
-    # TODO: fix in Debian too.
-    service camo restart </dev/null
-fi
-
 if [ "$has_rabbit" = 0 ]; then
     if ! rabbitmqctl status >/dev/null; then
         set +x

scripts/setup/generate_secrets.py

@@ -20,8 +20,6 @@ from zerver.lib.utils import generate_random_token
 
 os.chdir(os.path.join(os.path.dirname(__file__), '..', '..'))
 
-CAMO_CONFIG_FILENAME = '/etc/default/camo'
-
 # Standard, 64-bit tokens
 AUTOGENERATED_SETTINGS = [
     'avatar_salt',
@@ -30,18 +28,6 @@ AUTOGENERATED_SETTINGS = [
     'thumbor_key',
 ]
 
-# TODO: We can eliminate this function if we refactor the install
-# script to run generate_secrets before zulip-puppet-apply.
-def generate_camo_config_file(camo_key):
-    # type: (str) -> None
-    camo_config = """ENABLED=yes
-PORT=9292
-CAMO_KEY=%s
-""" % (camo_key,)
-    with open(CAMO_CONFIG_FILENAME, 'w') as camo_file:
-        camo_file.write(camo_config)
-    print("Generated Camo config file %s" % (CAMO_CONFIG_FILENAME,))
-
 def generate_django_secretkey():
     # type: () -> str
     """Secret key generation taken from Django's startproject.py"""
@@ -102,10 +88,6 @@ def generate_secrets(development=False):
     if need_secret('zulip_org_id'):
         add_secret('zulip_org_id', str(uuid.uuid4()))
 
-    if not development:
-        # Write the Camo config file directly
-        generate_camo_config_file(current_conf['camo_key'])
-
     if len(lines) == 0:
         print("generate_secrets: No new secrets to generate.")
         return