Commit Graph

1399 Commits

Author SHA1 Message Date
Alex Vandiver f4683de742 puppet: Switch the `rolling_restart` setting to use the bool values.
2c5fc1827c standardized which values are "true"; use them.
2023-05-11 15:54:15 -07:00
Alex Vandiver 530980cf31 zulip_tools: Add a get_config_bool to match Puppet logic.
Unfortunately, the existing use of this logic in `process_fts_updates`
cannot switch to using this code, as that code cannot import
zulip_tools.
2023-05-11 15:54:15 -07:00
Alex Vandiver f11350f789 puppet: Add PostgreSQL 15 support.
Instead of copying over a mostly-unchanged `postgresql.conf`, we
transition to deploying a `conf.d/zulip.conf` which contains the
only material changes we made to the file, which were previously
appended to the end.

While shipping separate while `postgresql.conf` files for each
supported version is useful if there is large variety in supported
options between versions, there is not no such variation at current,
and the burden of overriding the entire default configuration is that
it must be keep up to date wit the package's version.
2023-05-10 14:06:02 -07:00
Anders Kaseorg 3bc1acba4a install: Use set -x when installing node, shellcheck, shfmt, tx.
This makes it clearer which step failed if there’s an error.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-10 12:15:34 -07:00
Alex Vandiver 94495bef18 log-search: Filter out /error_tracing endpoints. 2023-05-05 14:45:46 -07:00
Alex Vandiver 7e637786b3 upgrade-postgresql: Only try to start new cluster if it is stopped.
pg_upgradecluster will start the cluster if the old cluster was
started before it ran, or if there are post-upgrade scripts to run.
Because neither of those are fully under our control, only attempt to
start the new cluster if it isn't already.
2023-05-05 13:35:32 -07:00
Alex Vandiver 40e5a12e3c upgrade-postgresql: Use jq rather than grep to check cluster status. 2023-05-05 13:35:32 -07:00
Alex Vandiver e5ae55637e install: Remove PostgreSQL 11 support.
Django 4.2 removes this support, so Zulip has not installed with
PostgreSQL 11 since 2c20028aa4.
2023-05-05 13:35:32 -07:00
Anders Kaseorg a31ff01211 node_cache: Disable pnpm update check.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-02 12:29:38 -07:00
Anders Kaseorg 6c4705a4ef install-node: Upgrade Node.js from 18.15.0 to 18.16.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-04-25 22:18:48 -07:00
Alex Vandiver 63e31a6de4 upgrade-zulip-from-git: CWD will be the cache directory.
96e42b8e81 broke this when it split out the steps to reset the
upstream.
2023-04-24 17:19:27 -07:00
Alex Vandiver c815dba368 install: Write out a zulip-git-version upon install. 2023-04-19 16:56:14 -07:00
Alex Vandiver 8ae167dc05 upgrade-zulip-from-git: We may need to fill in a zulip-git-version file.
Installs which are upgrading to current `main`, and are upgrading for
the very first time from an install which was originally from git,
have a `/home/zulip/deployments/current` which, unlike all later
upgrades, is not a `git worktree` of `/srv/zulip.git`, but rather a
direct `git clone` of some arbitrary URL.  As such, it does not have
an `upstream` remote, nor a cached `zulip-git-version` file.

This makes later attempts to determine the pre-upgrade revision of
git (for pre-deploy hooks) fail, as without a `zulip-git-version`
file, `ZULIP_VERSION` is insufficiently-specific (e.g. `6.1+git`), and
there is no guarantee the necessary tags exist either.

While we can make fresh git installs set up an `upstream` and run
`./tools/cache-zulip-git-version` going forward (see subsequent
commit), that does not address the issue for deploys which already
exist.  For those, we must configure and fetch a `remote` in the old
checkout, followed by re-generating a cached `zulip-git-version`.

Fixes: #25076.
2023-04-19 16:56:14 -07:00
Alex Vandiver 96e42b8e81 upgrade-zulip-from-git: Extract code to set zulip upstream remote. 2023-04-19 16:56:14 -07:00
Alex Vandiver 7dc7962c04 zulip-puppet-apply: Any resources failing to apply should exit 2.
The existing `except subprocess.CalledProcessError` only catches if
there are syntax errors which prevent the `lastrun` file from being
written; it does not handle if there are properly-defined resources
which fail to evaluate (e.g. due to a missing dependency or file).

Check the `failed` resource count, and exit 2 if there are any such
resources.  This will cause `zulip-puppet-apply --force --noop` (which
is used as a pre-flight check during upgrades) to properly detect and
signal on more types of invalid puppet configurations.  In turn, this
will cause `upgrade-zulip` to not attempt to power through upgrades it
knows are destined to fail.
2023-04-19 09:35:19 -07:00
Alex Vandiver 7c023042cf puppet: Rotate access log files every day, not at 500M.
Since logrotate runs in a daily cron, this practically means "daily,
but only if it's larger than 500M."  For large installs with large
traffic, this is effectively daily for 10 days; for small installs, it
is an unknown amount of time.

Switch to daily logfiles, defaulting to 14 days to match nginx; this
can be overridden using a zulip.conf setting.  This makes it easier to
ensure that access logs are only kept for a bounded period of time.
2023-04-06 14:31:16 -04:00
Alex Vandiver f4d70a2e37 hooks: Resolve version strings to commit SHAs, and pass in via the env. 2023-04-05 18:51:55 -04:00
Alex Vandiver ecfb12404a hooks: Switch to passing values through the environment. 2023-04-05 18:51:55 -04:00
Daniil Fadeev 2f203f4de1 emails: Inline CSS in emails in build_email.
Previously, we had an architecture where CSS inlining for emails was
done at provision time in inline_email_css.py. This was necessary
because the library we were using for this, Premailer, was extremely
slow, and doing the inlining for every outgoing email would have been
prohibitively expensive.

Now that we've migrated to a more modern library that inlines the
small amount of CSS we have into emails nearly instantly, we are able
to remove the complex architecture built to work around Premailer
being slow and just do the CSS inlining as the final step in sending
each individual email.

This has several significant benefits:

* Removes a fiddly provisioning step that made the edit/refresh cycle
  for modifying email templates confusing; there's no longer a CSS
  inlining step that, if you forget to do it, results in your testing a
  stale variant of the email templates.
* Fixes internationalization problems related to translators working
  with pre-CSS-inlined emails, and then Django trying to apply the
  translators to the post-CSS-inlined version.
* Makes the send_custom_email pipeline simpler and easier to improve.

Signed-off-by: Daniil Fadeev <fadeevd@zulip.com>
2023-04-05 12:22:29 -07:00
Anders Kaseorg 54b08ee30b setup-apt-repo: Fix GPG check of groonga-apt-source-*.deb.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-04-05 12:19:06 -07:00
Alex Vandiver dd5dbcabcb start-server: More gracefully handle only starting part of the server.
While the previous commit handles the common case of all of the server
being started already, it still produces ERROR output lines from
supervisorctl when most of the server is already running.  Take the
case where one worker is stopped:

```
$ supervisorctl stop zulip-workers:zulip_events_deferred_work
zulip-workers:zulip_events_deferred_work: stopped
$ ./scripts/start-server
2023-04-04 15:50:28,505 start-server: Running syntax and database checks
System check identified no issues (15 silenced).
2023-04-04 15:50:31,977 start-server: Starting Tornado process on port 9800
zulip-tornado:zulip-tornado-port-9800: ERROR (already started)
2023-04-04 15:50:32,283 start-server: Starting Tornado process on port 9801
zulip-tornado:zulip-tornado-port-9801: ERROR (already started)
2023-04-04 15:50:32,592 start-server: Starting django server
zulip-django: ERROR (already started)
2023-04-04 15:50:33,340 start-server: Starting workers
zulip-workers:zulip_events_deferred_work: started
zulip_deliver_scheduled_emails: ERROR (already started)
zulip_deliver_scheduled_messages: ERROR (already started)
process-fts-updates: ERROR (already started)
2023-04-04 15:50:34,659 start-server: Done!
Zulip started successfully!
```

More gracefully handle these cases:
```
$ ./scripts/start-server
2023-04-04 15:52:39,815 start-server: Running syntax and database checks
System check identified no issues (15 silenced).
2023-04-04 15:52:43,270 start-server: Starting Tornado process on port 9800
2023-04-04 15:52:43,287 start-server: zulip-tornado:zulip-tornado-port-9800 already started!
2023-04-04 15:52:43,287 start-server: Starting Tornado process on port 9801
2023-04-04 15:52:43,300 start-server: zulip-tornado:zulip-tornado-port-9801 already started!
2023-04-04 15:52:43,300 start-server: Starting django server
2023-04-04 15:52:43,316 start-server: zulip-django already started!
2023-04-04 15:52:43,793 start-server: Starting workers
zulip-workers:zulip_events_deferred_work: started
2023-04-04 15:52:45,111 start-server: Done!
Zulip started successfully!
```
2023-04-04 10:58:56 -07:00
Alex Vandiver cb097760b9 start-server: Make start-server a clean explicit no-op if already running.
Currently, the output from `start-server` if the server is already
running is potentially confusing, since it says ERROR several times:

```
$ ./scripts/start-server
2023-04-04 15:35:12,737 start-server: Running syntax and database checks
System check identified no issues (15 silenced).
2023-04-04 15:35:16,211 start-server: Starting Tornado process on port 9800
zulip-tornado:zulip-tornado-port-9800: ERROR (already started)
2023-04-04 15:35:16,528 start-server: Starting Tornado process on port 9801
zulip-tornado:zulip-tornado-port-9801: ERROR (already started)
2023-04-04 15:35:16,844 start-server: Starting django server
zulip-django: ERROR (already started)
2023-04-04 15:35:17,605 start-server: Starting workers
zulip_deliver_scheduled_emails: ERROR (already started)
zulip_deliver_scheduled_messages: ERROR (already started)
process-fts-updates: ERROR (already started)
2023-04-04 15:35:18,923 start-server: Done!
```

Catch the simple common case where all of the services are already
running, and output a clearer success message:

```
$ ./scripts/start-server
2023-04-04 15:39:52,367 start-server: Running syntax and database checks
System check identified no issues (15 silenced).
2023-04-04 15:39:55,857 start-server: Zulip is already started; nothing to do!
```
2023-04-04 10:58:56 -07:00
Daniil Fadeev 5c6f842b28 emails: Replace Premailer with CSS-inline.
Primary goal of library replacement is improving execution speed.
This commit should not affect the functionality of the system
or make any changes to it.
2023-04-03 15:15:05 -07:00
Alex Vandiver 790e4854dd hooks: Run hooks as the zulip user, not as root. 2023-03-30 16:16:37 -07:00
Anders Kaseorg 99ab700c1b Revert "node_cache: Work around pnpm install issue in Docker for Mac."
This reverts commit 126f3b5f47.

Testing showed that it was ineffective for many users.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-30 16:15:31 -07:00
Alex Vandiver f66d952c57 log-search: Support HTTP method limits. 2023-03-22 11:20:47 -07:00
Alex Vandiver b2666bf054 log-search: Compare lowered terms to lowered log line.
This allows us to search for upper-case things.
2023-03-22 11:20:47 -07:00
Anders Kaseorg 126f3b5f47 node_cache: Work around pnpm install issue in Docker for Mac.
On Docker for Mac with the gRPC FUSE or VirtioFS file sharing
implementations, we nondeterministically get errors like this from
pnpm install:

    pnpm: ENOENT: no such file or directory, copyfile '/srv/zulip/.pnpm-store/v3/files/7d/6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0' -> '/srv/zulip/node_modules/.pnpm/regexpu-core@5.3.2/node_modules/_tmp_3227_7f867a9c510832f5f82601784e21e7be/LICENSE-MIT.txt'

    Subcommand of ./lib/provision.py failed with exit status 1: /usr/local/bin/pnpm install --frozen-lockfile
    Actual error output for the subcommand is just above this.

Work around this using --package-import-method=copy.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-21 19:52:17 -07:00
Anders Kaseorg 3a27b12a7d dependencies: Switch to pnpm.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-20 15:48:29 -07:00
Anders Kaseorg 96e657a954 install-node: Upgrade Node.js from 18.14.1 to 18.15.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-16 12:32:28 -07:00
Anders Kaseorg f66136fcc2 zulip_tools: Improve error for `run` subprocess killed by signal.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-08 22:10:25 -08:00
Anders Kaseorg 5a79ca251b check-database-compatibility: Drop .py from script name.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-03 18:02:37 -08:00
Alex Vandiver e7fabb45f2 puppet: Pin with sha256sum verification. 2023-02-28 00:04:39 -05:00
Anders Kaseorg c1675913a2 web: Move web app to ‘web’ directory.
Ever since we started bundling the app with webpack, there’s been less
and less overlap between our ‘static’ directory (files belonging to
the frontend app) and Django’s interpretation of the ‘static’
directory (files served directly to the web).

Split the app out to its own ‘web’ directory outside of ‘static’, and
remove all the custom collectstatic --ignore rules.  This makes it
much clearer what’s actually being served to the web, and what’s being
bundled by webpack.  It also shrinks the release tarball by 3%.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-23 16:04:17 -08:00
Alex Vandiver 95abcffb75 log-search: Fix precedence in no-color case. 2023-02-22 11:43:13 -08:00
Alex Vandiver 38b7ecff68 log-search: Add a --timeline option to show gaps and overlaps. 2023-02-21 11:10:24 -08:00
Alex Vandiver cfd9e56d1a log-search: Do no use color codes if output is not a TTY. 2023-02-21 11:10:24 -08:00
Anders Kaseorg 64f0dcecb0 install-node: Upgrade Node.js to 18.14.1 security release.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-20 12:16:28 -08:00
Alex Vandiver 5db55c38dc puppet: Add a sha256_file_to. 2023-02-10 15:53:10 -08:00
Alex Vandiver 840884ec89 upgrade-zulip: Provide directories to run hooks before/after upgrade.
These hooks are run immediately around the critical section of the
upgrade.  If the upgrade fails for preparatory reasons, the pre-deploy
hook may not be run; if it fails during the upgrade, the post-deploy
hook will not be run.  Hooks are called from the CWD of the new
deploy, with arguments of the old version and the new version.  If
they exit with non-0 exit code, the deploy aborts.
2023-02-10 15:53:10 -08:00
Alex Vandiver 74067f071f upgrade-zulip: Print the old and new versions during upgrades.
Fixes: #23620
2023-02-10 15:53:10 -08:00
Alex Vandiver 418e51cc5b zulip_tools: Shell out to python to get true ZULIP_VERSION.
Parsing veryion.py will not get extended version information from git.
2023-02-10 15:53:10 -08:00
Anders Kaseorg ec58b6790d install-node: Upgrade Node.js to 18.14.0; manage Yarn with Corepack.
Corepack manages multiple per-project version of Yarn and PNPM, which
means we have to maintain less installation code, and could help us
switch away from Yarn 1 without making the system unusable for
development of other Yarn 1 projects.

https://nodejs.org/api/corepack.html

The Unicode spaces in the timerender test resulted from an ICU
upgrade: https://github.com/nodejs/node/pull/45068.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-09 15:50:47 -08:00
Anders Kaseorg 81a7c7502f requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-03 16:36:54 -08:00
Anders Kaseorg df001db1a9 black: Reformat with Black 23.
Black 23 enforces some slightly more specific rules about empty line
counts and redundant parenthesis removal, but the result is still
compatible with Black 22.

(This does not actually upgrade our Python environment to Black 23
yet.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-02 10:40:13 -08:00
Alex Vandiver 26696aaa53 upgrade-postgresql: Also upgrade postgresql-client.
The `pg_upgrade` tool uses `pg_dump` as an internal step, and verifies
that the version of `pg_upgrade` is the same exactly the same as the
version of the PostgreSQL server it is upgrading to.  A mismatch (even
in packaging versions) leads to it aborting:

```
/usr/lib/postgresql/14/bin/pg_upgrade -b /usr/lib/postgresql/13/bin -B /usr/lib/postgresql/14/bin -p 5432 -P 5435 -d /etc/postgresql/13/main -D /etc/postgresql/14/main --link
Finding the real data directory for the source cluster      ok
Finding the real data directory for the target cluster      ok

check for "/usr/lib/postgresql/14/bin/pg_dump" failed: incorrect version: found "pg_dump (PostgreSQL) 14.6 (Ubuntu 14.6-0ubuntu0.22.04.1)", expected "pg_dump (PostgreSQL) 14.6 (Ubuntu 14.6-1.pgdg22.04+1)"
Failure, exiting
```

Explicitly upgrade `postgresql-client` at the same time we upgrade
`postgresql` itself, so their versions match.

Fixes: #24192
2023-02-01 14:44:34 -08:00
Alex Vandiver 20841d9b65 upgrade-zulip-stage-2: Abort upgrade if puppet will not run cleanly. 2023-01-31 14:20:00 -08:00
Alex Vandiver fd47f6296e zulip-puppet-apply: Exit status code 2 on puppet failure.
This allows us, when run with `--noop -f`, to differentiate between
"there are unapplied changes" and "there were puppet errors."
2023-01-31 14:20:00 -08:00
Alex Vandiver 372bba4a8e puppet: Stop creating a /home/zulip/logs.
This was last really used in d7a3570c7e, in 2013, when it was
`/home/humbug/logs`.

Repoint the one obscure piece of tooling that writes there, and remove
the places that created it.
2023-01-26 15:06:01 -08:00
Anders Kaseorg 4eda29bd86 ruff: Fix RUF005 Consider spread instead of concatenation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-26 10:16:30 -08:00
Anders Kaseorg 91b22cb1af ruff: Fix EXE001 Shebang is present but file is not executable.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-26 10:16:30 -08:00
Anders Kaseorg ff1971f5ad ruff: Fix SIM105 Use `contextlib.suppress` instead of try-except-pass.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-23 11:18:36 -08:00
Lalit 112df91fbd provision: Do not require that no other yarn precedes us in $PATH.
`check_version` in `install-yarn` had the rather careful check that
the yarn it installed into `/usr/bin/yarn` was the yarn which was
first in the user's `$PATH`.  This caused problems when the user had a
pre-existing `/usr/local/bin/yarn`; however, those problems are
limited to the `install-yarn` script itself, since the nearly all
calls to yarn from Zulip's code already hardcode the `/srv/zulip-yarn`
location, and do not depend on what is in `$PATH`.

Remove the checks in `install-yarn` that depend on the local `$PATH`,
and stop installing our `yarn` into it.  We also adjust the two
callsites which did not specify the full path to `yarn`, so use
`/srv/zulip-yarn`.

Fixes: #23993

Co-authored-by: Alex Vandiver <alexmv@zulip.com>
2023-01-19 17:51:52 -05:00
Alex Vandiver a1151aef8b create-database: Hide harmless "non-existant database" warnings.
During installation on a new host, `create-database` attempts to
verify that there isn't a bunch of data already in the database which
is it about to drop and recreate.  In the most common case, this
statement emits a scary-looking warning, since the database does not
exist yet:

```
+ /home/zulip/deployments/current/scripts/setup/create-database
+ POSTGRES_USER=postgres
++ crudini --get /etc/zulip/zulip.conf postgresql database_name
++ echo zulip
+ DATABASE_NAME=zulip
++ crudini --get /etc/zulip/zulip.conf postgresql database_user
++ echo zulip
+ DATABASE_USER=zulip
++ cd /
++ su postgres -c 'psql -v ON_ERROR_STOP=1 -Atc '\''SELECT COUNT(*) FROM zulip.zerver_message;'\'' zulip'
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  database "zulip" does not exist
```

Because we are attempting to gracefully handle the case where the
database does not exist yet, we also continue (and drop the database)
in other, less expected cases -- for instance, if database contains a
schema we do not expect.

Explicitly check for the database existence first, and once we verify
that, allow any further failures in the `SELECT COUNT(*)` to abort
`create-database`.  This serves the dual purpose of hiding the "FATAL"
error for the common case when the database does not exist, as well as
preventing dropping the database if anything else goes awry.
2023-01-05 11:39:23 -08:00
Anders Kaseorg 2afdb46095 ruff: Enable new lints DTZ, ISC, PIE, PLW, Q, S, SIM.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-04 16:25:07 -08:00
Anders Kaseorg e1ed44907b ruff: Fix SIM118 Use `key in dict` instead of `key in dict.keys()`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-04 16:25:07 -08:00
Anders Kaseorg a6442288cf ruff: Fix PLW0120 Else clause on loop without a break statement.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-04 16:25:07 -08:00
Anders Kaseorg 986bad8f90 install-shellcheck: Upgrade ShellCheck to 0.9.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-04 14:01:34 -08:00
Alex Vandiver 62562eedf7 upgrade-postgresql: Ensure the new PostgreSQL is running.
If a previous attempt at an upgrade failed for some reason, the new
PostgreSQL may be installed, and the conversion will succeed, but the
new PostgreSQL daemon will not be running (Puppet does not force it to
start).  This causes the upgrade to fail when analyzing statistics,
since the daemon isn't running.

Explicitly start the new PostgreSQL; this does nothing in most cases,
but will provider better resiliency when recovering from previous
partial upgrades.
2023-01-03 11:10:49 -08:00
Anders Kaseorg bd884c88ed Fix typos caught by typos.
https://github.com/crate-ci/typos

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-03 11:09:50 -08:00
Anders Kaseorg 89e954451b install-node: Upgrade Node.js from 18.10.0 to 18.12.1.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-12-07 09:55:05 -08:00
Alex Vandiver 2bbeef301a upgrade-postgresql: Force a known locale.
Some terminals (e.g. ssh from OS X) set an invalid locale, which
causes the `pg_upgradecluster` call late in the upgrade to fail.

Force a known locale, for consistency.  This mirrors the settings in
upgrade-zulip-stage-2, set in 11ab545f3b, and its subsequent
cleanups in 64c608a51a, ee0f4ca330, and eda9ce2364.
2022-12-06 09:47:30 -08:00
Anders Kaseorg f3f5dfb5aa ruff: Fix RUF004 exit() is only available in the interpreter.
‘exit’ is pulled in for the interactive interpreter as a side effect
of the site module; this can be disabled with python -S and shouldn’t
be relied on.

Also, use the NoReturn type where appropriate.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-12-04 22:11:24 -08:00
Alex Vandiver 89f20140c0 wal-g: Use pre-built aarch64 binary, rather than building from source.
Starting with wal-g 2.0.1, they provide `aarch64` assets[^1].
Effectively revert d7b59c86ce, and use
the pre-built binary for `aarch64` rather than spend a bunch of space
and time having to build it from source.

[^1]: https://github.com/wal-g/wal-g/releases/tag/v2.0.1
2022-11-30 12:13:47 -05:00
Anders Kaseorg 0258fba345 ruff: Fix N811 constant imported as non-constant.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-16 09:29:11 -08:00
Anders Kaseorg e5c26eeb86 tornado: Support sharding by user ID.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-15 17:27:01 -08:00
Anders Kaseorg fc9f23a85f scripts: Pass --retry 3 to curl.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-08 08:07:36 -08:00
Anders Kaseorg 7021852627 install-node: Silence expected “node: command not found” on first run.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:11:08 -07:00
Anders Kaseorg 9d2d6c8eb7 ruff: Fix M001 Unused `noqa` directive.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Alex Vandiver 6662a3bac4 teleport: Switch to the new apt host for Teleport.
The apt.releases.teleport.dev repository is deprecated as of the
release of Teleport 11, and has been replaced with
deb.releases.teleport.dev[1].

[1]: https://goteleport.com/docs/changelog/#deprecated-old-debrpm-repositories
2022-10-28 16:52:54 -07:00
Alex Vandiver f5f6a3789b restart-server: Default to running config and database checks.
If there is a syntax error in `settings.py`, `restart-server` should
provide a reasonable message about this.  It did so prior to
af08bcdb3f, becausde any invocation `./manage.py` without
`--skip-checks` will verify `settings.py`, among several other checks.
After af08bcdb3f, there are no `./manage.py` calls in most restarts,
which fa77be6e6c took further.

Add an explicit `./manage.py check` in the default case.
upgrade-zulip-stage-2 overrides this by passing `--skip-checks`, for
performance.  This also means that `upgrade-zulip-from-git` itself
picks up the same `--skip-checks` flag, since it inherits the same
flag parsing, though that is perhaps of dubious utility.
2022-10-14 13:10:46 -07:00
Anders Kaseorg afccebc1ee install-node: Upgrade Node.js from 16.17.0 to 18.10.0.
Although Node.js 18 is not the active LTS release for another 3 weeks,
the Node.js 16 end-of-life date was moved forward to September 2023,
(https://nodejs.org/en/blog/announcements/nodejs16-eol/), so it seems
prudent to switch now.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-11 10:50:57 -07:00
Anders Kaseorg 11a86ec328 install: Remove PostgreSQL 10 support.
PostgreSQL 10 reaches its upstream end of life in November, and is not
supported by Django 4.1.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:59:07 -07:00
Anders Kaseorg b267b17677 python: Use ‘not in’ for more negated membership tests.
Fixes “E713 Test for membership should be `not in`” found by ruff (now
that I’ve fixed it not to ignore scripts lacking a .py extension).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-26 12:09:46 -07:00
Anders Kaseorg 83bd709562 Revert "zulip-puppet-apply: Work around broken Puppet on Ubuntu 22.04."
This reverts commit 25c87cc7da (#21328).

This upstream Ubuntu bug was fixed.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-22 15:18:15 -07:00
Anders Kaseorg 403837e52d python: Use ‘not in’ for negated membership tests
Fixes “E713 Test for membership should be `not in`” found by
ruff (https://github.com/charliermarsh/ruff).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-17 11:48:33 -07:00
Anders Kaseorg 987ab741f9 sharding: Support Tornado sharding by regexes.
One should now be able to configure a regex by appending _regex to the
port number:

[tornado_sharding]
9802_regex = ^[l-p].*\.zulipchat\.com$

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-15 16:07:50 -07:00
Anders Kaseorg 7666ff603d sharding: Configure Tornado sharding with nginx map.
https://nginx.org/en/docs/http/ngx_http_map_module.html

Since Puppet doesn’t manage the contents of nginx_sharding.conf after
its initial creation, it needs to be renamed so we can give it
different default contents.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-15 16:07:50 -07:00
Anders Kaseorg ea6f18bb46 refresh-sharding-and-restart: Quote to prevent shell glob expansion.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-14 09:35:12 -07:00
Anders Kaseorg 5e4cec56cb install-node: Upgrade Node.js from 16.16.0 to 16.17.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-06 15:02:29 -07:00
Anders Kaseorg 5d77d50423 scripts: Help mypy resolve the psycopg2.connect overload.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-30 17:36:21 -07:00
Zixuan James Li 059d0e7be8 settings: Make SHARED_SECRET mandatory.
This implements get_mandatory_secret that ensures SHARED_SECRET is
set when we hit zerver.decorator.authenticate_notify. To avoid getting
ZulipSettingsError when setting up the secrets, we set an environment
variable DISABLE_MANDATORY_SECRET_CHECK to skip the check and default
its value to an empty string.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-25 12:13:03 -07:00
Anders Kaseorg 7da1586cbf install-node: Upgrade Node.js from 16.15.1 to 16.16.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-04 13:51:51 -07:00
Anders Kaseorg 443b974b3e python: Apply changes from pyupgrade.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-20 22:33:28 -07:00
Alex Vandiver 526a04b4e6 restore-backup: Provide flags to leave settings.py and zulip.conf as-is. 2022-07-20 12:35:51 -07:00
Alex Vandiver d8ae270899 restore-backup: Only extract /etc/zulip once.
This is already handled in the earlier block; there is no need to
extract it twice.
2022-07-19 17:56:40 -07:00
Alex Vandiver 1b57669771 restore-backup: Switch to run() to check exit codes. 2022-07-19 17:56:40 -07:00
Alex Vandiver c71c6187ea restore-backup: Ensure it is run as root. 2022-07-19 17:56:40 -07:00
Anders Kaseorg 81892df176 requirements: Upgrade to Django 4.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-13 16:07:17 -07:00
Anders Kaseorg 463fe515b8 install-yarn: Upgrade Yarn from 1.22.18 to 1.22.19.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 17:23:16 -07:00
Anders Kaseorg d104407531 log-search: Fix re.Match type annotations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-05 12:55:03 -07:00
Alex Vandiver 2b02722d16 log-search: Add a filter to exclude all lines not explicitly wanted. 2022-06-28 15:59:31 -07:00
Alex Vandiver 180565d8d6 log-search: Fix copy/paste-o in filtering for presence. 2022-06-28 15:59:31 -07:00
Anders Kaseorg 3bf8ee2156 python: Unquote some unnecessarily quoted type annotations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-26 17:37:41 -07:00
Alex Vandiver 41deef40cf nagios: Switch to generic check_cron_file for queues and consumers.
These share a common root; 91da4bd59b duplicated the code, but
didn't move the existing uses to the new utility.
2022-06-22 12:07:38 -07:00
Alex Vandiver e01a4242aa nagios: Sort queue consumer checks. 2022-06-22 12:07:38 -07:00
Alex Vandiver 27b63d0baf check-rabbitmq-consumers: Fix a misleading comment. 2022-06-22 12:07:38 -07:00
Alex Vandiver 4e06ee45c7 check-rabbitmq-consumers: Remove unused --min-threshold.
This has never actually been used  -- and does not make sense with the
check-all-queues-at-once model switched to in 88a123d5e0.  The
Tornado processes are the only ones we expect to be non-1, and since
they were added in 3f03dcdf5e the right number has been read from
config, not passed as an argument.
2022-06-22 12:07:38 -07:00
Alex Vandiver 53c01aa299 check-rabbitmq-consumers: Remove --queue argument from help.
This has not been accepted since 88a123d5e0.
2022-06-22 12:07:38 -07:00
Alex Vandiver a35af3f38b install/upgrade: Allow new packages during `apt-get upgrade`.
`postgresql-14.4` is a notable upgrade in the PostgreSQL series, as it
fixes potential database corruption from `CREATE INDEX CONCURRENTLY`
statements which are run while rows are modified[1].  However, it also
requires an upgrade from `libllvm9` to `libllvm10`, which means it is
not installed by a mere `apt-get upgrade`.

Add the `--with-new-pkgs` flag to all of the potentially relevant
`apt-get upgrade` calls, so that this (and similar) packages are
upgraded successfully.

[1]: https://www.postgresql.org/docs/release/14.4/
2022-06-21 11:21:49 -07:00