Commit Graph

876 Commits

Author SHA1 Message Date
Wyatt Hoodes e331a758c3 python: Migrate open statements to use with.
This is low priority, but it's nice to be consistently using the best
practice pattern.

Fixes: #12419.
2019-07-20 15:48:52 -07:00
Anders Kaseorg c97ca677c9 nginx: Update TLS settings based on Mozilla recommendations 5.0.
Disable TLS 1.0 and TLS 1.1.  (We no longer need to support IE8 on
Windows XP.)

Prefer client-selected cipher order.  (Now that all enabled ciphers
provide good security, this allows mobile clients lacking AES hardware
acceleration to pick ChaCha20 for better performance.)

Disable session tickets.  (Mozilla discourages them based on
https://www.imperialviolet.org/2013/06/27/botchingpfs.html.)

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-07-08 15:51:02 -07:00
Anders Kaseorg 079ddae4c8 minify-js: Remove; everything has been migrated to Webpack.
min/sockjs-0.3.4.min.js is not used.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-07-03 13:58:21 -07:00
Tim Abbott aea1279e8c puppet: Remove trusty configuration for static_asset_compiler.
Trusty is desupported.
2019-06-26 11:32:06 -07:00
Tim Abbott 8fbd965ab5 puppet: Remove legacy pgtune related configuration for trusty.
Since we no longer support Ubuntu Trusty, we no longer need this
backwards-compatibility cruft (which we only kept around to avoid
randomizing configuration for existing systems).
2019-06-26 11:32:06 -07:00
Anders Kaseorg 33c941407b puppet: Remove legacy unauthenticated local uploads backend.
This was only used in Ubuntu 14.04 Trusty.

Removing this also finally lets us simplify our security model
discussion of uploaded files.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-06-26 11:31:46 -07:00
Tim Abbott 271319fb13 puppet: Fix hacky release test for whether we're in EC2.
The result is still a bit hacky, but guaranteed to be correct if we
adjust the OS version of our systems, which we of course will do over
time.
2019-06-25 22:19:04 -07:00
Tim Abbott 8d8cfb314b puppet: Remove zulip_ops configuration for trusty.
There are no longer any zulip_ops systems using trusty.
2019-06-25 22:09:06 -07:00
Tim Abbott 88b77af54f puppet: Add support for changing the nginx port directly.
This provides a clean process for changing Zulip's nginx port.
2019-06-17 12:24:22 -07:00
Fabian Stanke 51ba9ddd89 postfix: Inserted compulsory setting for postfix ≥ 2.10.
One of smtpd_relay_restrictions or smtpd_recipient_restrictions is
required by postfix ≥ 2.10 (see
http://www.postfix.org/SMTPD_ACCESS_README.html).

This is important for using the email mirror on Ubuntu Bionic.
2019-06-16 18:48:39 -07:00
Tim Abbott b41c2d93d1 puppet: Exclude squashfs filesystems from nagios disk checks.
These generally aren't being written to.
2019-06-16 16:22:23 -07:00
Tim Abbott 0ec1b4e82c puppet: Move check_send_receive_time to the _once ruleset.
We don't actually want to run this bundle of message-sending Nagios
checks to run on every single server.
2019-06-16 15:48:35 -07:00
Tim Abbott df83979c76 zulip_ops: Extract a prod_app_frontend_once ruleset. 2019-06-16 15:48:35 -07:00
Tim Abbott 738cfe54c3 puppet: Move app_frontend_once out of prod configuration.
That logic made it inconvenient to run multiple prod servers with the
same top-level puppet configuration.
2019-06-16 15:24:20 -07:00
Tim Abbott e85250941d puppet: Fix quoting of commented-out python3-boto.
This will avoid a linter error if/when we uncomment it.
2019-06-13 14:39:24 -07:00
Tim Abbott 337efe0fb7 puppet: Remove puppet-el, which no longer exists.
This package was only every available on Ubuntu Xenial.
2019-06-13 14:39:24 -07:00
Tim Abbott afb0d1ccce Revert "puppet: Use nice to deprioritize various processes."
This reverts commit d959de7a89.

This broken our Travis CI, so I'm pulling it off while we investigate.
2019-06-05 12:55:56 -07:00
Tim Abbott d959de7a89 puppet: Use nice to deprioritize various processes.
Our priority hierarchy is:
(1) Tornado and base services like memcached, redis, etc.
(2) Django and message sender queue workers.
(3) Everything else.

Ideally, we'd have something a bit more fine-grained (e.g. some queue
workers are potentially in the sending path, while others aren't), but
this should have a big impact on ensuring Tornado gets the resources
it needs during load spikes.

I think this has a good chance of causing some load spikes that would
previously have resulted in a user-facing delivery delays no longer
having any significant user-facing impact.
2019-06-05 11:56:48 -07:00
Tim Abbott cd1ec37404 puppet: Make uwsgi listen backlog limit configurable.
This can be useful for busy servers to limit the risk of bursts of
traffic causing them to reject requests.
2019-05-17 12:38:56 -07:00
Tim Abbott ca48b4ec9f puppet: Set postgres max_connections to 1000.
There isn't much legitimate reason to have a limit as low as 100,
given how few resources a connection consumes.
2019-05-13 17:19:31 -07:00
Tim Abbott b7d50190b7 process_fts_updates: Batch updates when catching up.
Previously, if process_fts_updates ended up very far behind
(e.g. 100,000s of messages), it was unable to recover without doing
some very expensive databsae operations to fetch and then delete the
list of message IDs needing updates.  This change fixes that issue by
doing the catch-up work in batches.
2019-05-09 22:44:07 -07:00
Vishnu Ks ecdd3bea43 billing: Add cron job to run invoice_plans once a day.
Fixes #11960
2019-04-29 11:23:17 -07:00
Anders Kaseorg 643bd18b9f lint: Fix code that evaded our lint checks for string % non-tuple.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-23 15:21:37 -07:00
Anders Kaseorg 5290519a62 scripts: Always use ON_ERROR_STOP=1 when running psql.
Also use psql -e (--echo-queries) in scripts that use ‘set -x’, so
errors can be traced to a specific query from the output.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-22 14:54:19 -07:00
Puneeth Chaganti 9876f1b14e check_rabbitmq_queue: Fix the time period when we ignore long queues.
The commit 87d1809657 changed the time when
digests are sent by 3 hours to account for moving from the US East Coast to the
West Coast, but didn't change the time period exception in the
`check-rabbitmq-queue` script.

Closes #5415
2019-04-13 20:43:07 -07:00
Anders Kaseorg 9f7c0b7e65 postgres_master.pp: Fix wacky su command line.
The construction `su postgres -c -- bash -c 'psql …'` didn’t behave the
way it reads, and only worked by accident:

1. `-c --` sets the command to `--`.
2. `bash` sets the first argument to `bash`.
3. `-c 'psql …'` replaces the command with `psql …`.

Thus, `su` ended up executing `<shell> -c 'psql …' bash`, where
`<shell>` is the `postgres` user’s login shell, usually also `bash`,
which then executed 'psql …' and ignored the extra `bash`.

Unconfuse this construction.

Note from tabbott: The old code didn't even work by accident, it was
just broken.  The right fix is to move the quoting around properly.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-12 17:27:23 -07:00
Tim Abbott b1da797955 puppet: Make uwsgi buffer size configurable. 2019-03-18 22:43:59 -07:00
Anders Kaseorg fd6f18f7cf nginx: Improve TLS settings based on Mozilla config generator.
Lengthen the session timeout and enlarge the session cache.  Upgrade
Diffie-Hellman parameters from fixed 1024-bit to custom 2048-bit.
Enable OCSP stapling.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-03-11 23:40:34 -07:00
Tim Abbott e0c6136ce1 puppet: Fix nginx configuration logic for S3 backend.
Apparently, our testing environment for this configuration was broken
and didn't test the code we thought it did; as a result, a variable
redefinition bug slipped through.

Fixes #11786.
2019-03-06 13:17:11 -08:00
Tim Abbott 5614d51afc nginx: Restructure how we manage uploaded file routes.
The overall goal of this change is to fix an issue where on Ubuntu
Trusty, we were accidentally overriding the configuration to serve
uploads from disk with the regular expressions for adding access
control headers.

However, while investigating this, it became clear that we could
considerably simplify the mental energy required to understand this
system by making the uploads-route file be unconditionally available
and included from `zulip-include/app` (which means the zulip_ops code
can share behavior here).

We also move the Access-Control-Allow-* headers to a separate include
file, to avoid duplicating it in 5 places.  Fixing this duplication
discovered a potential bug in the settings used for Tornado, where
DELETE was not allowed on a route that definitely expects DELETE.

Fixes #11758.
2019-03-02 12:14:28 -08:00
Anders Kaseorg 649235cfec python: Remove unused imports.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-22 16:54:36 -08:00
Tim Abbott a0add8f651 puppet: Add IPv6 support to standard nginx listen directives.
This should save some setup work for anyone wanting to setup nginx on
their Zulip server.
2019-02-13 15:00:21 -08:00
Tim Abbott ab18dbfde5 uwsgi: Increase buffer-size to 8192.
For users putting Zulip behind certain proxies (and potentially some
third-party API clients), buffer sizes can exceed the uwsgi default of
4096.  Since we aren't doing such high-throughput APIs that a small
buffer size is valuable, we should just raise this for everyone.
2019-02-13 11:17:55 -08:00
Anders Kaseorg c109690cf8 puppet: Remove unused Python imports.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 17:02:12 -08:00
Tim Abbott 68552c31cb Revert "puppet: Increase process listening count for uwsgi."
This reverts commit ccce83d0f0.

This needs sysctl changes as well.
2019-01-23 11:02:14 -08:00
Tim Abbott ccce83d0f0 puppet: Increase process listening count for uwsgi.
The default limit is too low for situations right around a server
restart when there might be a large burst of connections.
2019-01-23 10:34:01 -08:00
Harshit Bansal 50ef91bb08 scripts: Add argparse option to `restart-zerver` for `--fill-cache`.
Nowm unless you specify `--fill-cache`, memcached caches will not be
pre-filled after a server restart. This will be helpful when someone
is in a hurry (e.g. if the server is down right now, or if he/she
testing a configuration change in a newly setup server), it's best to
just restart without pre-filling the cache.

Fixes: #10900.
2019-01-14 15:20:01 -08:00
Tom Daff fbffbf8ef0 puppet/nginx: Update to recommended SSL ciphers.
Update the list of ciphers that nginx will use to the current
Mozilla recommended ones.

These are Intermediate compatibility ones suitable for clients
running anything newer than Firefox 1, Chrome 1, IE 7, Opera 5
and Safari 1. Modern compatibility is not suitable as it excludes
Andriod 4 which is still seen on ~1% of traffic.

More info: https://wiki.mozilla.org/Security/Server_Side_TLS
2019-01-08 14:19:49 -08:00
rht 3f0bae8c38 puppet: Disable camo when not on Debian. 2019-01-07 18:52:45 -08:00
rht bf65f86a0b puppet: Abstract out ssl certs and private keys dirs. 2019-01-07 18:52:45 -08:00
rht d9ef3fd505 puppet: Manually create ssl-cert group on CentOS to acess ssl private key. 2019-01-07 18:51:39 -08:00
rht 6c3bb507b0 puppet: Ensure nginx sites-available & sites-enabled dirs exist on CentOS.
These are automatically created on Debian.
2019-01-07 17:09:42 -08:00
rht f2b6a2c68a puppet: Add CentOS version of the command to start supervisor. 2019-01-05 15:57:53 -08:00
rht 39f28a0d0f puppet: Abstract out supervisor service name. 2019-01-05 15:57:53 -08:00
rht d2069f7720 puppet: Include yum repository for CentOS voyager. 2019-01-05 15:57:45 -08:00
rht 1da17be52a puppet: Ensure supervisord conf.d directory is created on CentOS. 2019-01-05 15:55:43 -08:00
rht 902bb7a80c puppet: Add CentOS version of supervisor conf.d path. 2019-01-05 15:54:21 -08:00
rht 6b0bf828f7 puppet: Add CentOS version of supervisord.conf path. 2019-01-05 15:49:03 -08:00
rht 9ee2ee046a puppet: Use systemctl instead of pg_ctlcluster on CentOS. 2019-01-05 15:49:03 -08:00
rht 2bcf83d940 puppet: Add CentOS packages to static_asset_compiler.pp. 2019-01-05 15:49:03 -08:00
rht 071e32985c puppet: Generalize redis.conf path to CentOS. 2019-01-05 15:49:03 -08:00
rht acaf001cdd puppet: Group commonly reused variables into zulip::common. 2019-01-05 15:49:03 -08:00
rht 766ff38586 puppet: Abstract out nagios plugins directory. 2019-01-05 15:49:03 -08:00
rht b22f6c6a99 puppet: Abstract out postgresql package. 2019-01-05 15:49:03 -08:00
rht 43fdb00fc7 puppet: Abstract out nginx package. 2019-01-05 15:49:03 -08:00
rht 5424fca168 puppet: Add CentOS packages to postgres_appdb_base.pp. 2019-01-05 15:49:03 -08:00
rht 21c71a0c52 puppet: Use generic erlang package variable for all dependencies. 2019-01-05 15:49:02 -08:00
Tim Abbott 047817b6b0 puppet: Disable log2zulip cron job.
It hasn't been working for years, but more importantly, it spams up
root's mail queue so that one can't find important things in there
(e.g. the fact that the long-term-idle cron job was failing).
2019-01-05 10:56:44 -08:00
rht 801b04c057 puppet: Abstract out nagios-plugins package. 2019-01-04 15:27:03 -08:00
rht 04372e3300 puppet: Add CentOS packages to postgres_common.pp. 2019-01-04 15:24:42 -08:00
rht bdf36bdc3d puppet: Use pip to install python dependencies on CentOS. 2019-01-04 15:23:45 -08:00
rht 008879eb22 puppet: Add postgresql.conf path for CentOS. 2019-01-03 14:36:43 -08:00
rht dce43e1a0e puppet: Add CentOS-version of pg data path at pg_backup_and_purge. 2019-01-03 14:36:43 -08:00
rht 59993aea80 puppet: Abstract out path to postgresql.conf. 2019-01-03 14:36:43 -08:00
rht c189409ffd puppet: Initialize yum_repository.pp to wrap setup-yum-repo. 2019-01-03 14:36:43 -08:00
rht 1b02fb6d6d puppet: Add CentOS packages to rabbit.pp. 2019-01-03 14:36:43 -08:00
rht a3d67e52fe puppet: Add CentOS packages to redis.pp. 2019-01-03 14:36:43 -08:00
rht 788128f05c puppet: Add CentOS packages to nginx.pp. 2019-01-03 14:36:43 -08:00
rht 1965cc1491 puppet: Add CentOS packages to base.pp. 2019-01-03 14:36:42 -08:00
rht 0caaed4e1f puppet: Add CentOS packages to apache_sso.pp. 2019-01-03 14:36:41 -08:00
rht 9fd18a2c7f puppet: Detect CentOS for release_name. 2019-01-03 14:35:09 -08:00
Fabian Tribrunner 013b169469 check_email_deliverer_backlog: Switch down from root if required.
This now checks if the user is zulip, and if not, switches to the
zulip user, making it possible to run it as root.

Significantly modified by tabbott to not break existing behavior.
2019-01-02 10:16:56 -08:00
Fabian Tribrunner 4612a84a67 check_email_deliverer_process: Fix typo in process name.
This nagios check has never worked, since it had the wrong process
name from the beginning.
2018-12-30 09:41:42 -08:00
Anders Kaseorg 392175d6e8 Use #!/usr/bin/env for bash shebangs.
/bin/sh and /usr/bin/env are the only two binaries that NixOS provides
at a fixed path (outside a buildFHSUserEnv sandbox).

This discussion was split from #11004.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-12-17 17:21:08 -08:00
Tim Abbott 2558f101af docs: Add documentation for `if False` mypy pattern in scripts.
This should help make it clear what's going on with these scripts.
2018-12-17 11:12:53 -08:00
Tim Abbott bce90a3340 lint: Add lint rule for scripts importing typing improperly.
This is a common bug that users might be tempated to introduce.

And also fix two instances of this bug that were present in our
codebase, including an important one in our upgrade code path.
2018-12-17 10:46:37 -08:00
rht 43bedc0909 provision: Use vendored pg_hba.conf on CentOS. 2018-12-16 13:21:54 -08:00
rht c9d54f7854 puppet: Remove vendored puppetlabs apt and stdlibs dependencies.
This commit works by vendoring the couple functions we still use from
puppetlabs stdlib (join and range), but removing the rest of the
puppetlabs codebase, and of course cleaning up our linter rules in the
process.

Fixes #7423.
2018-12-11 13:03:26 -08:00
rht d2aa81858c puppet/zulip_ops: Replace apt::source with setup-apt-repo-debathena.
Tweaked by tabbott to use a clearer name.
2018-12-11 13:02:56 -08:00
rht 97766102df puppet/zulip: Replace apt::source and apt::ppa with setup-apt-repo. 2018-12-11 13:01:26 -08:00
Tim Abbott b218c2a70e loadbalancer: Use same certbot cert for zulipstaging.com.
This is a simple configuration improvement.
2018-12-07 13:43:21 -08:00
Tim Abbott 467694c1fa nginx: Enable http2 in external nginx configuration.
This should be a nice performance improvement for browsers that
support it.

We can't yet enabled this in the Zulip on-premise nginx configuration,
because that still has to support Trusty.
2018-12-07 13:43:02 -08:00
Tim Abbott e609e10229 puppet: Fix missing dependency of tsearch-extras on apt repository.
This isn't super required, in that we add these repositories via
`setup-apt-repo` in any case, but the previous code was wrong and
worth fixing in any case.
2018-11-30 10:45:04 -08:00
Tim Abbott ededdc512b nginx: Fix missing API authentication configuration.
This fixes a bug where our API routes for uploaded files (where we
need to use a consistent URL between session auth and API auth) were
not properly configured to pass through the API authentication headers
(and otherwise provide REST endpoint settings).

In particular, this prevented the Zulip mobile apps from being able to
access authenticated image files using these URLs.
2018-11-16 11:25:54 -08:00
Tim Abbott f62050212b tornado: Fix supervisord configuration for multiple processes.
Apparently, we can use the process group naming style of having dashes
in the names without using the explicit nun_procs feature of
supervisord configuration.

The new configuration is perfectly satisfactory, so there's no real
reason to prefer the old approach.
2018-11-06 17:56:06 -08:00
Tim Abbott 5abf4dee92 nagios: Add new host groups for Tornado processes.
We also move all the existing Tornado monitoring rules to the
singletornado_frontends rule.
2018-11-06 16:33:18 -08:00
Tim Abbott 5f3b79c9e7 nagios: Fix tab-based whitespace. 2018-11-06 16:30:29 -08:00
Tim Abbott 5e7aa27c29 puppet: Add supervisord support for multiple tornado processes. 2018-11-02 16:55:33 -07:00
Tim Abbott a5acbd51c3 settings: Add new zulip.conf setting for number of Tornado processes.
This will eventually be used to support Tornado sharding; for now,
it's just used to contain the code intended to support that feature.
2018-11-02 16:47:26 -07:00
Tim Abbott dc7d44a245 puppet: Don't run calculate-first-visible-message-id on most systems.
This should only be run on systems that are running zilencer, because
the cron job is part of the zilencer project.
2018-10-30 11:40:24 -07:00
Tim Abbott a4df001cef check_queue_worker_errors: Add support for running unprivileged.
Previously, this script needed access to Django settings, which in
turn required access to /etc/zulip/zulip-secrets.conf.  Since that
isn't world-readable, this meant that this couldn't run as an
unprivileged `nagios` user.

Fix that by just hardcoding the appropriate path under /var/log/.
2018-10-18 15:03:17 -07:00
Tim Abbott 98d89b676d pg_backup_and_purge: Fix incorrect conversion to use python3 types.
When using the Python 3 typing style, Python scripts can't import from
typing inside an `if False` (in contrast, one needs to import inside
an `if False` to support the Python 3 syntax without needing
python-typing installed).  So this was just incorrectly half-converted
from the Python 2 style to the Python 3 style.
2018-10-16 11:12:52 -07:00
Tim Abbott 2c7f9ce0fc puppet: Fix puppet-lint warnings in various manifests.
Apparently, `puppet-lint` on Ubuntu trusty throws warnings for certain
quoting patterns that are OK in modern `puppet-lint`.  I believe the
old Zulip code was actually correct (i.e. the old `puppet-lint`
implementation was the problem), but it seems worth changing anyway to
suppress the warnings.

We also exclude more of puppet-apt from linting, since it's
third-party code.
2018-08-28 13:46:31 -07:00
Tim Abbott b53a712856 nginx: Update configuration for using certbot certs everywhere. 2018-08-22 11:59:15 -07:00
Abhilash Verma 0e2322a322 logging: Show timestamp in UTC in non-django production scripts.
Done in pair programming with @aero31aero.

Fixes #9678.
2018-08-20 12:52:40 -07:00
Tim Abbott 5021f7b76f puppet: Fix accidental conflict on apache2 package.
Apparently, the work to force installation of the Python 3 version of
mod_wsgi was buggy and tried to force uninstall apache2.

Fixes #10318.
2018-08-16 14:15:35 -07:00
Tim Abbott 90828297e4 puppet-lint: Enforce double_quoted_strings check.
This makes our puppet codebase more consistent by using single-quoted
strings consistently.
2018-08-13 12:31:19 -07:00
Tim Abbott d0b51b70f4 puppet-lint: Enforce 2sp_soft_tables puppet-lint check.
This cleans up the puppet codebase's whitespace formatting to be more
consistent.
2018-08-13 12:31:16 -07:00
Tim Abbott b26e0a957d puppet-lint: Enforce arrow_alignment check.
This fixes all exceptions in our puppet codebase to this lint rule.
2018-08-13 12:30:57 -07:00
Tim Abbott 054c07b585 mypy: Fix run types in pg_backup_and_purge. 2018-08-09 12:57:53 -07:00