Commit Graph

161 Commits

Author SHA1 Message Date
Luke Faraone 104c2a06ae Set iptables rules for each IP, not just each interface
(imported from commit c24d2123489dc384bf50e379d245807af3488ebf)
2013-12-13 18:07:08 -05:00
Kevin Mehall f929e51776 puppet: Make Camo Nagios check waste less bandwidth
Use http://www.google.com/favicon.ico instead of a 1.7MB animated gif from
imgur.

(imported from commit 94993af35bf87b0f22e6e743a9ba1cc1c5c9a78f)
2013-12-13 17:27:01 -05:00
Tim Abbott 950e4c800b puppet: Declare upstreams properly in app nginx config.
(imported from commit 859eeed0d5b92c1b5b2b0764aba06aebcde8e2e2)
2013-12-12 16:48:52 -05:00
Tim Abbott ae4d214c49 Fix longpolling treatment for api.zulip.com/v1/events.
(imported from commit 78029972938ad7c9aa862330e38965b4b032c935)
2013-12-12 16:03:45 -05:00
Tim Abbott 73f04b21e9 Add zulip.customer29.invalid host.
(imported from commit ea3e7bb465c920b8ec21b7471cd261868f5059e7)
2013-12-12 16:03:45 -05:00
Tim Abbott c21e85e569 Remove staging.humbughq.com loadbalancer config.
The DNS has been disabled for some time.

(imported from commit e054c0fb0b37077d8303eab4d4ffec6ff53e8990)
2013-12-12 16:03:45 -05:00
Kevin Mehall 662edc2558 [manual] Backend support for Android GCM push notifications
This adds a dependency on gcmclient:
http://gcm-client.readthedocs.org/en/latest/gcmclient.html

pip install gcm-client

or

apt-get install python-gcm-client

(imported from commit 9f1fbf1f793e4a27baed85c6f1aa7a7b03106a10)
2013-12-11 15:37:48 -05:00
Luke Faraone b0a0853bd2 Specify full fingerprint rather than short key ID
(imported from commit fc4e9d51c440000e469f8e3882739215a3bcb022)
2013-12-11 10:54:30 -05:00
Luke Faraone 510b3349a7 Switch to downloading keys via SSL in puppet
(imported from commit 05d2b0626338f09370614e916050cfcee7f14829)
2013-12-11 10:54:30 -05:00
Luke Faraone 1b5c1ac021 Update style of client strings.
(imported from commit 1516461cf53b2715de68e01f16bb8a8cc33c48ad)
2013-12-09 11:47:52 -05:00
Leo Franchi e39cc5324b [puppet] Aggregate narrow timing stats
(imported from commit 4eff25635a3cb7687e995ad1127cff68da51329a)
2013-12-07 10:44:54 -05:00
Leo Franchi f70878e6c5 Fix aggregation rules for endtoend time
(imported from commit 29165b09e2d8904ee502cc04610a951d87ef896f)
2013-12-07 10:44:54 -05:00
Tim Abbott abeb29c226 Fix incorrect proxy_pass location for staging longpolling.
(imported from commit a4ac2c5c3416a8d8f748237411df6235f237e893)
2013-12-07 08:02:55 -05:00
Tim Abbott 09a61e8128 nginx: Enable keepalive for communication between lbs and frontends.
(imported from commit a7c8d9dfefbb6e5d01c8050688d831787b31bbd4)
2013-12-07 07:41:45 -05:00
Tim Abbott a337638f7f nginx config: Enable some popular performance-improving features.
(imported from commit 50193d071d091cc864867c9f7d5c9c9fb74b9d92)
2013-12-07 07:41:45 -05:00
Tim Abbott 6663247e22 Set nginx worker_processes automatically based on CPU count.
(imported from commit e48143c1410439d0574bc78bfd64c22a3063d558)
2013-12-07 07:41:45 -05:00
Tim Abbott 1843262672 puppet: Mark all Nagios plugins as executable.
They were being installed as executable anyway, but this will make
running them manually a bit easier.

(imported from commit a1181d2c90770af5aa44b0f65a47a460efdcf2d7)
2013-12-05 15:25:25 -05:00
Tim Abbott 64807c0628 nginx: Ensure zulip-include files are distributed to the right systems.
There were a few recently introduced bugs, and this also cuts down on
our having to review diffs that don't actually affect the relevant
server when doing updates.

(imported from commit 43f3cff9a414bc1632f45a8222012846353e8501)
2013-12-05 15:25:25 -05:00
Tim Abbott 676e9d90ff nginx: Get rid of trailing / in loadbalancer proxy_pass directives.
The trailing "/" actually means "replace the location with /", which
is either useless or actively harmful, depending on the location.

(imported from commit 58b9c4c9e55e3a162ffce49c954bc2182ec57dde)
2013-12-05 15:25:25 -05:00
Tim Abbott cc00ed6d7e nginx: Clean up now-empty 'loadbalancer' include file.
(imported from commit d13b5d91f6b85ba3e0bef7728985d0eba1cae084)
2013-12-05 15:25:25 -05:00
Tim Abbott afaff0c2cf nginx: Set X-Forwarded-For in common proxy configuration.
Previously we sometimes set it to $proxy_add_x_forwarded_for and other
times to $remote_addr, but according to

http://wiki.nginx.org/HttpProxyModule#.24proxy_add_x_forwarded_for

$proxy_add_x_forwarded_for handles this for us -- it will be
$remote_addr if there was no X-Forwarded-For header anyway.

(imported from commit 67dc52250e3e7751b1bf375d1a71d0272475435c)
2013-12-05 15:25:25 -05:00
Tim Abbott afe167ea58 nginx: Use the longpolling proxy configuration on load balancers.
(imported from commit f590e6b1eec2856b5128e310797f8ba58846417a)
2013-12-05 15:25:25 -05:00
Tim Abbott 21a69f2188 nginx: Move common longpolling proxy configuration into include file.
(imported from commit 4ace82824c32cec8c6da8a1a6b8a527dae105a89)
2013-12-05 15:25:24 -05:00
Tim Abbott 9e24558092 nginx: Move common proxy configuration into an include file.
(imported from commit 2ee5afc74fe146f8ee98f18f846342351c61c7f0)
2013-12-05 15:25:24 -05:00
Tim Abbott 3760609f3f Enable /sockjs handling on api.zulip.com (not used yet).
(imported from commit c2581e3243b2129c980fd3dd318eb3d99f3eb593)
2013-12-05 15:25:24 -05:00
Tim Abbott 953c3578dc external-sso.conf: Fix missing proxy_set_header.
(imported from commit 64bcb06cf65f15908ee74d637ab3868916b1dfd7)
2013-12-05 15:25:24 -05:00
Tim Abbott 79910fa2b3 Disable proxy_next_upstream for sockjs in remaining proxy_pass lines.
(imported from commit f14c7962253b34040ed9ab077a58c8b200df5d9d)
2013-12-05 15:25:24 -05:00
Tim Abbott e5be713103 Clean up EXTERNAL_API_HOST usage and defaults.
We now have 2 variablse:
EXTERNAL_API_PATH: e.g. staging.zulip.com/api
EXTERNAL_API_URI: e.g. https://staging.zulip.com/api

The former is primarily needed for certain integrations.

(imported from commit 3878b99a4d835c5fcc2a2c6001bc7eeeaf4c9363)
2013-12-04 15:10:54 -05:00
Tim Abbott b8a151ca4e Revert "[puppet] Add cron job to restart our workers daily."
This reverts commit 0b0180b0751f6c618d877b9c9ffc2b8287254e4d.

(imported from commit a81c552100345d369ffcaf69f28a86dea0893128)
2013-12-04 10:27:45 -05:00
Tim Abbott f7ac58bab5 Revert "Add user_activity_test worker that does nothing."
Now that we've debugged the memory leak, I don't think we need this
anymore.

This reverts commit 1bdc7ee2f72bdebb1cdc94601247834a434614d6.

Conflicts:

	puppet/zulip/files/cron.d/rabbitmq-numconsumers
	puppet/zulip/files/supervisor/conf.d/zulip.conf

(imported from commit ff87f2aebcbc71013fa7a05aedb24e2dcad82ae6)
2013-12-04 10:27:45 -05:00
Tim Abbott 606d8a4f9b Add Nagios check for queue worker memory usage.
This is detect future memory leaks.

(imported from commit 75fd4c2ad41ea71e87a53fb33e2106c5773909d5)
2013-12-04 10:27:44 -05:00
Tim Abbott 850eae3e8e puppet: Disable proxy_next_upstream feature in nginx config.
(imported from commit 84cad76701f9ee40fa9601ae06b3f804948b96d4)
2013-12-03 15:20:45 -05:00
Tim Abbott 5007d4d87a [puppet] Update set_real_ip_from to use lb0's internal IP address.
This is something we forgot to do in the VPC migration, so our IPs
have all been the lb0 IP in our logs :(.

(imported from commit 9d3fc69cf72a84f7bd7c54e50fb1e776a67d971f)
2013-12-03 14:29:34 -05:00
Luke Faraone dc5c410257 Remove django-jstemplate, unused per trac #1973
(imported from commit 97b2e75766e3576f17b7dab0f1a4a00c34a5c2e5)
2013-12-03 11:36:18 -05:00
Leo Franchi 42e23dc82e [manual] Release desktop app 0.4.1 for OS X
This requires a puppet apply on prod0, and an update of the
Zulip-latest.dmg and Humbug-latest.dmg symlinks in
/src/www/dist/apps/mac and /srv/www/dist/apps/sso/mac

(imported from commit e83170a19ac2de6458a0fd43140068fab4135483)
2013-12-02 15:24:32 -05:00
Zev Benjamin 9fa9f81a0a puppet: Add ptop to postgres-common packages
(imported from commit 085bf7d0ef33f8287bea9152e328908a89144b8f)
2013-12-02 14:54:53 -05:00
Zev Benjamin 20cf06013e Add missing newline to crontab
(imported from commit fe14ff383ff6915f0e60d3e6904ecdedc5ff5bf7)
2013-11-28 02:17:07 -05:00
acrefoot eb7be522ac [manual] add supervisor and numconsumer entries for push notifications queue
requires puppet-apply on both staging and prod

(imported from commit 6fc25041b40145d7c62a8bb959a8d25d0dbcb44e)
2013-11-27 18:00:33 -05:00
Leo Franchi d36510e4c3 [manual] Release Zulip Desktop 0.4.0
This requires a puppet apply, and also a manual update of
the Zulip-latest.* symlinks in /srv/www/dist/apps

(imported from commit 991dd6924ba33d81f486e914bcbadfec5b350660)
2013-11-26 17:41:25 -05:00
Tim Abbott 3971f18de8 loadbalancer: Fix missing location-sockjs config.
(imported from commit 27b168e73014d7b7c71fb00ce5b75271393fc491)
2013-11-26 12:22:17 -05:00
Zev Benjamin 7af4b92b98 puppet: Rename app to prod0 in nagios
(imported from commit c2d1c2c06276a816ef33e057d3f859c755490cb3)
2013-11-25 11:43:16 -05:00
Zev Benjamin 9f2af6fd0d puppet: Fix postgres_primary alias
(imported from commit 1cd199224e45700fac03e68c99f9d4f7d9212b45)
2013-11-25 11:43:16 -05:00
Zev Benjamin 847d4dfbca puppet: Specify hosts for the postgres autovac_freeze check via a hostgroup
(imported from commit d0afc1b78015740fa9638563a5672d3400dd5002)
2013-11-23 12:08:49 -05:00
Zev Benjamin 139518ccbe puppet: Remove postgres0 from nagios and munin configs
(imported from commit 6a4eb208b2a344d65d684cf904ba882a5400056d)
2013-11-23 12:06:27 -05:00
Zev Benjamin dacf97db48 puppet: Use peer authentication for Postgres nagios checks
(imported from commit d8f02d5320d6f8b97fd82cd3f0ca65f6e5c42b03)
2013-11-23 10:01:15 -05:00
Zev Benjamin 3454680e4b puppet: Add VPC subnets to pg_hba.conf
(imported from commit 633bf08bfe2f3695bd6c9ed8584b78971ebe065f)
2013-11-23 08:23:49 -05:00
Zev Benjamin bf8fb3c0df puppet: Add postgres2 to nagios monitoring
(imported from commit 799b1304eebe49cf6d8153fb2bfd0b11a3bcab00)
2013-11-23 08:10:44 -05:00
Zev Benjamin 658972dda3 [manual] puppet: Add postgres2 to munin monitoring
You must run
autossh -2 -fN -M 20018 -L 5009:localhost:4949 nagios@postgres2.zulip.net
as nagios on nagios.zulip.net after deploying this commit.

(imported from commit bd8a61f99555ccf0a0010d79dbd89017aaafbb8f)
2013-11-23 08:10:44 -05:00
Zev Benjamin d7d98aaacc puppet: Move /etc/iptables/rules to /etc/iptables/rules.v4
The /etc/init.d/iptables-persistent initfile changed to expect there to be two
files in /etc/iptables (rules.v4 and rules.v6) instead of a single rules file.
Several of our machines are currently running without iptables rules as a
result.

(imported from commit 266c2ff26b77f7c9ae793690b0d544ee4cfa5020)
2013-11-23 08:10:44 -05:00
Zev Benjamin c3f4ab6c94 puppet: Add replicator access from postgres2 to pg_hba.conf
(imported from commit 2a4f150c67d3136a5e97cb673cc7f14256ffae01)
2013-11-22 17:38:52 -05:00