Commit Graph

1078 Commits

Author SHA1 Message Date
Leo Franchi 91c54754fb [puppet] Add the apns-token crontab file to puppet
(imported from commit f12001453c9ca924c801a6000927e3ee2696a392)
2014-01-10 21:38:57 -05:00
Zev Benjamin c045644097 puppet: Run check_ntp_time against an NTP pool instead of time.mit.edu
MIT implemented NTP rate-limiting to defend against on-going reflection attacks,
which was causing our nagios checks to fail intermittently.  When the attacks
die down or when external sites fix their NTP configurations, checking against
time.mit.edu will stop failing.  However, there also isn't much of a reason to
stick with checking against a single server.

(imported from commit 2c2a1a04646b880b010cbb4b6d94016b1eccd1a0)
2014-01-06 17:30:09 -05:00
Jessica McKellar 61d660f9f3 [manual] digest: move cron job from staging to all app frontends.
Manual instructions:

This commit requires a puppet apply after deployment on both staging
and prod.

(imported from commit 2d10e33c6db2f5e9cc1204cdd5f2c91833da2a8e)
2013-12-20 12:50:23 -05:00
Tim Abbott bdcc2e5c52 nagios: Set max_check_attempts to 3 for batched queue processors.
(imported from commit ec0ac86726cd6ff3d0fdfcfcb161d3329fca02ac)
2013-12-19 17:31:41 -05:00
Tim Abbott b2d01e2da0 [manual] restart-server: Minimize downtime for message sender worker.
The manual step here is that we need to do the `puppet apply` before
pushing this commit, or `restart-server` will crash.

Previously we shut down everything in one group, which performed
poorly with supervisor's bad performance on restarting many daemons at
once.  Now we shut down the unimportant stuff, then the important
stuff, bring back the important stuff, and then bring back the
unimportant stuff.

This new model has a little over 5s of downtime for the core
user-facing daemons -- which is still far more than would be ideal,
but a lot less than the 13s or so that we had before.

Here's some logs with the current setup for the tornado/django downtime:
2013-12-19 20:16:51,995 restart-server: Stopping daemons
2013-12-19 20:16:53,461 restart-server: Starting daemons
2013-12-19 20:16:57,146 restart-server: Starting workers

Compare with the behavior on master today:
2013-12-19 20:21:45,281 restart-server: Stopping daemons
2013-12-19 20:21:49,225 restart-server: Starting daemons
2013-12-19 20:21:58,463 restart-server: Done!

(imported from commit b2c1ba77f3dc989551d0939779208465a8410435)
2013-12-19 17:21:23 -05:00
Luke Faraone a5775d94ef Install uploads.types in puppet
We also move uploads.types to zulip-include-frontend since its only
needed on the frontends.

(imported from commit cfdf15c0c537f7ea4c239b0f882aeaa561929777)
2013-12-18 16:25:10 -05:00
Leo Franchi 9c82e869c2 [manual] Release OS X desktop app 0.4.2
This reqires a puppet apply as well as a manual move of the installed
files and symlink switch. Leo will do it when it hits master.

(imported from commit e58e52087ad38f1cb8e0e606b82266a93cf91e53)
2013-12-18 16:14:51 -05:00
Jessica McKellar 5e217a1079 Use correct time zone in digest email cron job.
(imported from commit fd470af4b44ffb9696ff3a97372aaf2524a4806b)
2013-12-18 14:31:03 -05:00
Tim Abbott d62ca820db puppet: Fix permissions on /etc/cron.d/log2zulip.
(imported from commit 33ee5ae97b09b3925849940262ecd0bcbce38a3f)
2013-12-17 16:22:14 -05:00
Tim Abbott ae6c17a87d puppet: Stop using /var/log/nginx/zulip.*.log.
It's confusing to have our log data on different files on different
systems (e.g. loadbalancer vs. app).

(imported from commit be701072ee05e2659f146b226a39f33cb4707180)
2013-12-17 16:22:08 -05:00
Tim Abbott 6ccf19bed6 Run log2zulip on load balancers too.
(imported from commit 74c8be20d2d03aa524f05b7681febe9a9be9cdff)
2013-12-17 13:46:00 -05:00
Tim Abbott 8dcf7d4cc3 [puppet] Add log2zulip tool for sending log files to Zulip.
This tool is a little crude; it runs out of a cron job and will
forward to staging a notice about any new lines in the declared log
files, truncating if there are more than 10 lines.

(imported from commit 6748ddff1def0907b061dc278a3a848bd2e933f1)
2013-12-17 11:02:55 -05:00
Jessica McKellar 8bb1caec8f [manual] digest: add the cron job that will trigger digest emails.
Manual deployment instructions:

On staging, do a puppet apply.

No action needs to be taken for the prod deploy.

(imported from commit 0f6e5ab22aaeacfcc69d57de12f2bb6fac6f0635)
2013-12-17 10:47:16 -05:00
Tim Abbott b6acbe040c Fix missing nginx service notifications on configuration changes.
(imported from commit 0bfce276bab3704e508f6c8a58c9434e9fc224cd)
2013-12-16 13:44:50 -05:00
Tim Abbott c872866289 puppet: Fix nginx upstreams for staging.
(imported from commit eb1e6e3b2d35533af4a24015a91201e2414f8e28)
2013-12-16 11:32:05 -05:00
Tim Abbott f8fe9d1dd4 Fix check_worker_memory process list computation.
(imported from commit 9ac58b894ecfd84da6ac8509c0dc2ceb60eedfce)
2013-12-16 10:09:59 -05:00
Luke Faraone 1370c014a5 Clean up logging and documentation in ec2 interfaces script
(imported from commit e55247931cdeb61563f2348ca09f3d7b9fc85f0c)
2013-12-13 18:07:08 -05:00
Luke Faraone 104c2a06ae Set iptables rules for each IP, not just each interface
(imported from commit c24d2123489dc384bf50e379d245807af3488ebf)
2013-12-13 18:07:08 -05:00
Kevin Mehall f929e51776 puppet: Make Camo Nagios check waste less bandwidth
Use http://www.google.com/favicon.ico instead of a 1.7MB animated gif from
imgur.

(imported from commit 94993af35bf87b0f22e6e743a9ba1cc1c5c9a78f)
2013-12-13 17:27:01 -05:00
Tim Abbott 950e4c800b puppet: Declare upstreams properly in app nginx config.
(imported from commit 859eeed0d5b92c1b5b2b0764aba06aebcde8e2e2)
2013-12-12 16:48:52 -05:00
Tim Abbott ae4d214c49 Fix longpolling treatment for api.zulip.com/v1/events.
(imported from commit 78029972938ad7c9aa862330e38965b4b032c935)
2013-12-12 16:03:45 -05:00
Tim Abbott 73f04b21e9 Add zulip.customer29.invalid host.
(imported from commit ea3e7bb465c920b8ec21b7471cd261868f5059e7)
2013-12-12 16:03:45 -05:00
Tim Abbott c21e85e569 Remove staging.humbughq.com loadbalancer config.
The DNS has been disabled for some time.

(imported from commit e054c0fb0b37077d8303eab4d4ffec6ff53e8990)
2013-12-12 16:03:45 -05:00
Kevin Mehall 662edc2558 [manual] Backend support for Android GCM push notifications
This adds a dependency on gcmclient:
http://gcm-client.readthedocs.org/en/latest/gcmclient.html

pip install gcm-client

or

apt-get install python-gcm-client

(imported from commit 9f1fbf1f793e4a27baed85c6f1aa7a7b03106a10)
2013-12-11 15:37:48 -05:00
Luke Faraone b0a0853bd2 Specify full fingerprint rather than short key ID
(imported from commit fc4e9d51c440000e469f8e3882739215a3bcb022)
2013-12-11 10:54:30 -05:00
Luke Faraone 510b3349a7 Switch to downloading keys via SSL in puppet
(imported from commit 05d2b0626338f09370614e916050cfcee7f14829)
2013-12-11 10:54:30 -05:00
Luke Faraone 1b5c1ac021 Update style of client strings.
(imported from commit 1516461cf53b2715de68e01f16bb8a8cc33c48ad)
2013-12-09 11:47:52 -05:00
Leo Franchi e39cc5324b [puppet] Aggregate narrow timing stats
(imported from commit 4eff25635a3cb7687e995ad1127cff68da51329a)
2013-12-07 10:44:54 -05:00
Leo Franchi f70878e6c5 Fix aggregation rules for endtoend time
(imported from commit 29165b09e2d8904ee502cc04610a951d87ef896f)
2013-12-07 10:44:54 -05:00
Tim Abbott abeb29c226 Fix incorrect proxy_pass location for staging longpolling.
(imported from commit a4ac2c5c3416a8d8f748237411df6235f237e893)
2013-12-07 08:02:55 -05:00
Tim Abbott 09a61e8128 nginx: Enable keepalive for communication between lbs and frontends.
(imported from commit a7c8d9dfefbb6e5d01c8050688d831787b31bbd4)
2013-12-07 07:41:45 -05:00
Tim Abbott a337638f7f nginx config: Enable some popular performance-improving features.
(imported from commit 50193d071d091cc864867c9f7d5c9c9fb74b9d92)
2013-12-07 07:41:45 -05:00
Tim Abbott 6663247e22 Set nginx worker_processes automatically based on CPU count.
(imported from commit e48143c1410439d0574bc78bfd64c22a3063d558)
2013-12-07 07:41:45 -05:00
Tim Abbott 1843262672 puppet: Mark all Nagios plugins as executable.
They were being installed as executable anyway, but this will make
running them manually a bit easier.

(imported from commit a1181d2c90770af5aa44b0f65a47a460efdcf2d7)
2013-12-05 15:25:25 -05:00
Tim Abbott 64807c0628 nginx: Ensure zulip-include files are distributed to the right systems.
There were a few recently introduced bugs, and this also cuts down on
our having to review diffs that don't actually affect the relevant
server when doing updates.

(imported from commit 43f3cff9a414bc1632f45a8222012846353e8501)
2013-12-05 15:25:25 -05:00
Tim Abbott 676e9d90ff nginx: Get rid of trailing / in loadbalancer proxy_pass directives.
The trailing "/" actually means "replace the location with /", which
is either useless or actively harmful, depending on the location.

(imported from commit 58b9c4c9e55e3a162ffce49c954bc2182ec57dde)
2013-12-05 15:25:25 -05:00
Tim Abbott cc00ed6d7e nginx: Clean up now-empty 'loadbalancer' include file.
(imported from commit d13b5d91f6b85ba3e0bef7728985d0eba1cae084)
2013-12-05 15:25:25 -05:00
Tim Abbott afaff0c2cf nginx: Set X-Forwarded-For in common proxy configuration.
Previously we sometimes set it to $proxy_add_x_forwarded_for and other
times to $remote_addr, but according to

http://wiki.nginx.org/HttpProxyModule#.24proxy_add_x_forwarded_for

$proxy_add_x_forwarded_for handles this for us -- it will be
$remote_addr if there was no X-Forwarded-For header anyway.

(imported from commit 67dc52250e3e7751b1bf375d1a71d0272475435c)
2013-12-05 15:25:25 -05:00
Tim Abbott afe167ea58 nginx: Use the longpolling proxy configuration on load balancers.
(imported from commit f590e6b1eec2856b5128e310797f8ba58846417a)
2013-12-05 15:25:25 -05:00
Tim Abbott 21a69f2188 nginx: Move common longpolling proxy configuration into include file.
(imported from commit 4ace82824c32cec8c6da8a1a6b8a527dae105a89)
2013-12-05 15:25:24 -05:00
Tim Abbott 9e24558092 nginx: Move common proxy configuration into an include file.
(imported from commit 2ee5afc74fe146f8ee98f18f846342351c61c7f0)
2013-12-05 15:25:24 -05:00
Tim Abbott 3760609f3f Enable /sockjs handling on api.zulip.com (not used yet).
(imported from commit c2581e3243b2129c980fd3dd318eb3d99f3eb593)
2013-12-05 15:25:24 -05:00
Tim Abbott 953c3578dc external-sso.conf: Fix missing proxy_set_header.
(imported from commit 64bcb06cf65f15908ee74d637ab3868916b1dfd7)
2013-12-05 15:25:24 -05:00
Tim Abbott 79910fa2b3 Disable proxy_next_upstream for sockjs in remaining proxy_pass lines.
(imported from commit f14c7962253b34040ed9ab077a58c8b200df5d9d)
2013-12-05 15:25:24 -05:00
Tim Abbott e5be713103 Clean up EXTERNAL_API_HOST usage and defaults.
We now have 2 variablse:
EXTERNAL_API_PATH: e.g. staging.zulip.com/api
EXTERNAL_API_URI: e.g. https://staging.zulip.com/api

The former is primarily needed for certain integrations.

(imported from commit 3878b99a4d835c5fcc2a2c6001bc7eeeaf4c9363)
2013-12-04 15:10:54 -05:00
Tim Abbott b8a151ca4e Revert "[puppet] Add cron job to restart our workers daily."
This reverts commit 0b0180b0751f6c618d877b9c9ffc2b8287254e4d.

(imported from commit a81c552100345d369ffcaf69f28a86dea0893128)
2013-12-04 10:27:45 -05:00
Tim Abbott f7ac58bab5 Revert "Add user_activity_test worker that does nothing."
Now that we've debugged the memory leak, I don't think we need this
anymore.

This reverts commit 1bdc7ee2f72bdebb1cdc94601247834a434614d6.

Conflicts:

	puppet/zulip/files/cron.d/rabbitmq-numconsumers
	puppet/zulip/files/supervisor/conf.d/zulip.conf

(imported from commit ff87f2aebcbc71013fa7a05aedb24e2dcad82ae6)
2013-12-04 10:27:45 -05:00
Tim Abbott 606d8a4f9b Add Nagios check for queue worker memory usage.
This is detect future memory leaks.

(imported from commit 75fd4c2ad41ea71e87a53fb33e2106c5773909d5)
2013-12-04 10:27:44 -05:00
Tim Abbott 850eae3e8e puppet: Disable proxy_next_upstream feature in nginx config.
(imported from commit 84cad76701f9ee40fa9601ae06b3f804948b96d4)
2013-12-03 15:20:45 -05:00
Tim Abbott 5007d4d87a [puppet] Update set_real_ip_from to use lb0's internal IP address.
This is something we forgot to do in the VPC migration, so our IPs
have all been the lb0 IP in our logs :(.

(imported from commit 9d3fc69cf72a84f7bd7c54e50fb1e776a67d971f)
2013-12-03 14:29:34 -05:00
Luke Faraone dc5c410257 Remove django-jstemplate, unused per trac #1973
(imported from commit 97b2e75766e3576f17b7dab0f1a4a00c34a5c2e5)
2013-12-03 11:36:18 -05:00
Leo Franchi 42e23dc82e [manual] Release desktop app 0.4.1 for OS X
This requires a puppet apply on prod0, and an update of the
Zulip-latest.dmg and Humbug-latest.dmg symlinks in
/src/www/dist/apps/mac and /srv/www/dist/apps/sso/mac

(imported from commit e83170a19ac2de6458a0fd43140068fab4135483)
2013-12-02 15:24:32 -05:00
Zev Benjamin 9fa9f81a0a puppet: Add ptop to postgres-common packages
(imported from commit 085bf7d0ef33f8287bea9152e328908a89144b8f)
2013-12-02 14:54:53 -05:00
Zev Benjamin 20cf06013e Add missing newline to crontab
(imported from commit fe14ff383ff6915f0e60d3e6904ecdedc5ff5bf7)
2013-11-28 02:17:07 -05:00
acrefoot eb7be522ac [manual] add supervisor and numconsumer entries for push notifications queue
requires puppet-apply on both staging and prod

(imported from commit 6fc25041b40145d7c62a8bb959a8d25d0dbcb44e)
2013-11-27 18:00:33 -05:00
Leo Franchi d36510e4c3 [manual] Release Zulip Desktop 0.4.0
This requires a puppet apply, and also a manual update of
the Zulip-latest.* symlinks in /srv/www/dist/apps

(imported from commit 991dd6924ba33d81f486e914bcbadfec5b350660)
2013-11-26 17:41:25 -05:00
Tim Abbott 3971f18de8 loadbalancer: Fix missing location-sockjs config.
(imported from commit 27b168e73014d7b7c71fb00ce5b75271393fc491)
2013-11-26 12:22:17 -05:00
Zev Benjamin 7af4b92b98 puppet: Rename app to prod0 in nagios
(imported from commit c2d1c2c06276a816ef33e057d3f859c755490cb3)
2013-11-25 11:43:16 -05:00
Zev Benjamin 9f2af6fd0d puppet: Fix postgres_primary alias
(imported from commit 1cd199224e45700fac03e68c99f9d4f7d9212b45)
2013-11-25 11:43:16 -05:00
Zev Benjamin 847d4dfbca puppet: Specify hosts for the postgres autovac_freeze check via a hostgroup
(imported from commit d0afc1b78015740fa9638563a5672d3400dd5002)
2013-11-23 12:08:49 -05:00
Zev Benjamin 139518ccbe puppet: Remove postgres0 from nagios and munin configs
(imported from commit 6a4eb208b2a344d65d684cf904ba882a5400056d)
2013-11-23 12:06:27 -05:00
Zev Benjamin dacf97db48 puppet: Use peer authentication for Postgres nagios checks
(imported from commit d8f02d5320d6f8b97fd82cd3f0ca65f6e5c42b03)
2013-11-23 10:01:15 -05:00
Zev Benjamin 3454680e4b puppet: Add VPC subnets to pg_hba.conf
(imported from commit 633bf08bfe2f3695bd6c9ed8584b78971ebe065f)
2013-11-23 08:23:49 -05:00
Zev Benjamin bf8fb3c0df puppet: Add postgres2 to nagios monitoring
(imported from commit 799b1304eebe49cf6d8153fb2bfd0b11a3bcab00)
2013-11-23 08:10:44 -05:00
Zev Benjamin 658972dda3 [manual] puppet: Add postgres2 to munin monitoring
You must run
autossh -2 -fN -M 20018 -L 5009:localhost:4949 nagios@postgres2.zulip.net
as nagios on nagios.zulip.net after deploying this commit.

(imported from commit bd8a61f99555ccf0a0010d79dbd89017aaafbb8f)
2013-11-23 08:10:44 -05:00
Zev Benjamin d7d98aaacc puppet: Move /etc/iptables/rules to /etc/iptables/rules.v4
The /etc/init.d/iptables-persistent initfile changed to expect there to be two
files in /etc/iptables (rules.v4 and rules.v6) instead of a single rules file.
Several of our machines are currently running without iptables rules as a
result.

(imported from commit 266c2ff26b77f7c9ae793690b0d544ee4cfa5020)
2013-11-23 08:10:44 -05:00
Zev Benjamin c3f4ab6c94 puppet: Add replicator access from postgres2 to pg_hba.conf
(imported from commit 2a4f150c67d3136a5e97cb673cc7f14256ffae01)
2013-11-22 17:38:52 -05:00
Luke Faraone af02e45a17 [manual] Support authentication and profile prefilling via LDAP
The latter doesn't depend on the former; we can still fill in your full
name even if you didn't authenticate via LDAP.

This commit requires django_auth_ldap to be installed. On Debian
systems, you can do so via APT:
    sudo apt-get install python-django-auth-ldap

On OS X, use your favourite package manager. For pip, I believe this
will work:
    pip install django_auth_ldap

django_auth_ldap depends on the "ldap" Python package, which should be
installed automatically on your system.

(imported from commit 43967754285990b06b5a920abe95b8bce44e2053)
2013-11-22 16:51:26 -05:00
Tim Abbott 8919ebe6b2 puppet: Make sure prod0's future external IP has access to postgres.
(imported from commit 91523dc92fd15dc0cf19b7bca70513250c4da983)
2013-11-22 16:43:10 -05:00
Zev Benjamin 18fc8c2059 puppet: Do peer authentication for user zulip on the DB servers
(imported from commit dceed53990db64b3c345726b02bf0c25815c2b25)
2013-11-22 15:58:09 -05:00
Tim Abbott c0e951f843 Add user_activity_test worker that does nothing.
This should help us debug the source of our memory leak problems.

(imported from commit 1bdc7ee2f72bdebb1cdc94601247834a434614d6)
2013-11-22 11:24:48 -05:00
Tim Abbott c31dbba9cc [puppet] Update pg_hba.conf to include staging's public IP.
This is for the interval while staging is running in VPC and postgres
is not; we can clean up these changes once that's no longer the case.

This also updates test1's IP, which apparently someone forgot to
commit previously.

We're currently running this on prod.

(imported from commit 3feced750f643bb218d4240e9a3d5cd7116963ee)
2013-11-21 11:27:16 -05:00
Tim Abbott 8bfbaab1d5 Fix typo in puppet directories for zulip_internal.
(imported from commit 52627a9e71dfc28bedd6c955069da46d3ef56e83)
2013-11-21 10:06:40 -05:00
Leo Franchi c6b862d26d Add desktop sso puppet folder dependencies
(imported from commit 63d8cad722cf015a5925a28ab860431be31175be)
2013-11-20 19:12:53 -05:00
Tim Abbott f0c6b63526 [puppet] Add cron job to restart our workers daily.
This is to ensure that if we have an interval where we're not doing
prod deploys, we don't have to worry about worker memory leaks killing
us.

(imported from commit 0b0180b0751f6c618d877b9c9ffc2b8287254e4d)
2013-11-20 18:34:16 -05:00
Tim Abbott 630cfd72f1 Deregister event queues when done in our Nagios scripts.
(imported from commit a1f73403163323e1dd9eda2f5269e94c60abdd1a)
2013-11-20 18:34:16 -05:00
Tim Abbott ca8225cf47 [manual] Add endpoint to cleanup a finished events queue.
This requires a puppet apply on each of staging and prod0 to update
the nginx configuration to support the new URL when it is deployed.

(imported from commit a35a71a563fd1daca0d3ea4ec6874c5719a8564f)
2013-11-20 18:34:15 -05:00
Tim Abbott 8806ec698a puppet: Increase nginx worker connections limit to match open files.
I want these limits to be at least 40x our current scale.

(imported from commit f22fc40d45292788666e5079ca79bcae683de510)
2013-11-20 10:13:07 -05:00
Tim Abbott ec23996538 puppet: Increase our nginx open file limit.
(imported from commit a002e1df484dcdab8cdbfb2f37ca2281d6f4eecd)
2013-11-20 10:13:07 -05:00
Tim Abbott b50db26a18 puppet: Add monitoring for camo.
(imported from commit b3cf29b02de285cf860fc173183cb6f4f3a17c74)
2013-11-19 15:25:14 -05:00
Tim Abbott 1bcf37664f zulip-sso: Make our Apache service use SSL.
(imported from commit ebf8c9b01cd16f38203c9585514c0d0be108b729)
2013-11-19 15:25:14 -05:00
Kevin Mehall 3a4b576135 Add a directory for enterprise admins to add static files.
For things like custom default avatars that shouldn't be overwritten
on update.

(imported from commit 2487d2532a5255b91bff956fdfb0d885cb786701)
2013-11-18 11:48:53 -05:00
Tim Abbott 259dca9508 puppet: Merge the ports.conf into zulip-sso.example.
This makes us not blow away a customer's ports.conf configuration on
upgrade if they needed to change it while setting up their SSO.

Also we change the NameVirtualHost line to better match the
VirtualHost line.

(imported from commit fd52e00c35afa8982e0377859ad794085ec2af80)
2013-11-15 18:13:09 -05:00
Tim Abbott 1b009c47fc Clean up our nginx configuraiton to make better use of app.d.
Now app.d is something that any app frontend will read, and we just
have secondary manifests add additional files to the app.d directory
for custom stuff.

This fixes the issue that we were incorrectly including the
lb0-related app configuration in the enterprise version.

(imported from commit dec8dcdf2506b82e51186ff936c26dc1cd6cf61b)
2013-11-15 15:04:13 -05:00
Tim Abbott 6826ef4e9a puppet: Switch from nginx to nginx-full.
(imported from commit 38dd5966d75946842b39e4e619d82ebbb0fb041c)
2013-11-15 15:04:13 -05:00
Kevin Mehall fe0dcd4313 Disable camo on enterprise.
CUSTOMER13 doesn't want it, and there's currently no nginx config
or configurable Camo URI, so it wouldn't work if image preview
were enabled.

(imported from commit 615d4a32acbc4d4d590f88cf4e7d45d8f49db1d3)
2013-11-15 14:27:16 -05:00
Tim Abbott ccae6ef5ce Remove unpublished work comment about our SSO example.
(imported from commit 20585c5caa2e7019e3817d40ea2ab90c13b582e2)
2013-11-14 11:16:15 -05:00
Leo Franchi be3257de62 Add sso sparkle paths and files
(imported from commit f8a953f4262b170931792ed223f1ddc29c5fe5ed)
2013-11-14 10:22:35 -05:00
Tim Abbott f9ab464c82 puppet: Fix owner/group for our puppet.conf file.
(imported from commit c91dcd07646482d380cd36df1a0002a5d8d76241)
2013-11-13 21:47:22 -05:00
Tim Abbott 498cce8ef9 puppet-apt: Fix missing owner/group for created files.
(imported from commit a435f90593788034421d4817386215bc14e83d01)
2013-11-13 21:47:14 -05:00
acrefoot 0175440afc [manual] fixup nagios postmaster configuration
(imported from commit e3c00b31bbb0ced38e62d31ae80b58e8c6374c7f)
2013-11-13 17:37:54 -05:00
acrefoot 6d38285a2e fixup supervisor oops related to postmaster config
(imported from commit 8b5c39f0d13abb5e1def9f88a2ab82cfa67b42f6)
2013-11-13 17:15:55 -05:00
acrefoot eab6a1d190 [manual] add nagios checks for email_deliver
manual step: puppet apply, make sure that these nagios checks are working properly

(imported from commit abc75b8a5b153510243c14035b820fbc864b7776)
2013-11-13 16:41:36 -05:00
acrefoot 08069bf34e [manual] Add the new deliver_email management command to the supervisor config.
You will have to puppet apply on both staging and prod to get this worker running.

(imported from commit 92969371220f08142f510d3415e8611dcfecd91f)
2013-11-13 16:41:36 -05:00
Zev Benjamin 8aa307f438 enterprise: Restart all Zulip processes every week
(imported from commit e44167023e0ad49eaf14c314a7731b93289900e6)
2013-11-13 16:26:03 -05:00
Kevin Mehall f7f2ec0aca [puppet] Report enterprise and prod errors to staging.
Errors are sent to a queue processor that posts them to staging,
just like the feedback bot.

(imported from commit 4a8d099672a1b3e48a8bc94148d8b53db73d2c64)
2013-11-13 16:22:21 -05:00
Jessica McKellar 1cb339a23d Expose password-protected /enterprise/download through nginx.
(imported from commit 8fba915bf0d0c718138ac62bd4333aef4e845d55)
2013-11-13 16:20:43 -05:00
Tim Abbott a16a7a028c Fix internal postgres_common.pp.
We didn't remove python-argparse from the requirements when that was
removed, and we also still need python-pip to install wal-e :(.

(imported from commit b82d3b429cffe0a3993819358511e11268ee2fef)
2013-11-13 15:35:45 -05:00
Tim Abbott 4cb50d8f3b Fix class name for apache_sso.pp.
(imported from commit 25daa2d98a88866824203f2e7016a12b9f91a32b)
2013-11-13 12:07:15 -05:00
Tim Abbott 47682d47c9 Move our apache2site library into the public manifest.
(imported from commit 8cb6d0a01fc286ad1a98a7e2d27a80293667e9b8)
2013-11-13 12:07:15 -05:00
Tim Abbott e877536de5 process_fts_updates: Use peer authentication.
(imported from commit 329ec3c07c9cfb648c706e01aec7e8826c3f7737)
2013-11-13 12:02:50 -05:00
Tim Abbott a6af391125 Remove dependency on python-argparse -- it isn't need with Python 2.7.
(imported from commit 388f6a5b7ff2b20364d22fad0d9e7d992791a18b)
2013-11-13 12:02:50 -05:00
Tim Abbott e986f1e988 puppet: Don't create /home/zulip/deployments/current symlink.
This is now managed on enterprise systems via the unpack-tarball
system.

(imported from commit 8cc4ac0b47990ed1d5a02113a27bd126f4e3f011)
2013-11-13 12:02:50 -05:00
Tim Abbott f4a9e99498 puppet: Move the postgres dictionary symlink creation to puppet.
(imported from commit 823f6683e3d8f3604da68e55dd6761ecb38d4b63)
2013-11-13 12:02:50 -05:00
Tim Abbott 9b9c43fd50 Fix paths to nginx configuration for zulip-enterprise.
(imported from commit 4c0ec7ac752d2f4810fe089b85f733c7c21a1676)
2013-11-13 12:02:49 -05:00
Tim Abbott 5e0433009f Add enterprise apt repository to puppet.
(imported from commit e68964089adbd81580cdee6dfc2ee61e31835ce7)
2013-11-13 12:02:49 -05:00
Tim Abbott 4bf9594750 puppet: Fix dependency on postgres in enterprise.pp.
(imported from commit 09baae1a0d6adc86124a1518b14ff28ef71db6ca)
2013-11-13 12:02:49 -05:00
Tim Abbott 155d50f0cb Apply sysctls before restarting postgres.
(imported from commit bc1f1ce1b880962640b8ed5f516139eaf91cb1db)
2013-11-13 12:02:02 -05:00
Zev Benjamin b4403fda43 enterprise: Generate a 40-postgresql.conf sysctl file
(imported from commit ec64d283f88d1b2f4b13e3405d39cfbe8400adc7)
2013-11-13 12:02:02 -05:00
Zev Benjamin c1bdb0c7a8 puppet: Move the removal of 30-postgresql-shm.conf into zulip::postgres_appdb
(imported from commit 6a4d089fd47a8ba6ea92eeac321e3077fa0d8cc4)
2013-11-13 12:02:01 -05:00
Zev Benjamin cf7c468e74 enterprise: Specify half the system memory for pgtune
(imported from commit 287acb1eb7b03dddd60045c43e04af1fe61f354b)
2013-11-13 12:02:01 -05:00
Tim Abbott 317a6f308f Fix missing dependency on python-mock.
(imported from commit e82be819a7dd0f7c8683e7efc0a5095b9844b159)
2013-11-12 23:21:52 -05:00
Luke Faraone aac6ee308d puppet: apache configuration for an example SSO instance.
(imported from commit 0aa6c80e206a70efd481d710aa2a6c2431c662f3)
2013-11-12 19:18:35 -05:00
Luke Faraone dcb4487c56 puppet: generic localhost SSO manifest
(imported from commit 9398800ba7e26390d1bd6f691f39a45d2740870f)
2013-11-12 19:18:35 -05:00
Luke Faraone 61ce8ccd95 puppet: Add app.d configuration for a separate authentication server
(imported from commit 9f564bb513292e446ee4f7498ebeca5d167e5037)
2013-11-12 19:18:35 -05:00
Luke Faraone 950300d20f puppet: Include /etc/nginx/zulip-include/app.d/ configuration if defined
Some sites may want to have small modifications to the base app config.  This
directory helps support that, but does not need to exist if it is unused.

(imported from commit d23b19dc59bb56d00e69ff03af3279b66af9466d)
2013-11-12 19:18:35 -05:00
Tim Abbott c7d9bf41bc Rename SSL certificates for Zulip Enterprise.
(imported from commit 4f15f2aee2bcc7450953488c94e8b88734aeaff7)
2013-11-12 15:57:42 -05:00
Tim Abbott 966fde261a puppet: Rename local_server => enterprise.
(imported from commit 5faa269df5937f6db99098e44aaea7d0a4f2c14a)
2013-11-12 15:57:02 -05:00
Tim Abbott 1354d522cc puppet: Require postgres being installed before installing our config.
(imported from commit c871792d78de368f922586124725edfa6725246e)
2013-11-12 15:57:01 -05:00
Kevin Mehall 9b6c99c7af Copy localserver prod-static instead of linking so old files are retained.
(imported from commit 728cce9f1b3a47d62f2856a509ed65a3ac6bd451)
2013-11-12 15:50:08 -05:00
Tim Abbott 17a98b3afd puppet: Move embedly to the internal puppet configuration.
(imported from commit 9b5c2f2726f2cac5bba5619ee9b7371dada0ea35)
2013-11-12 09:34:25 -05:00
Tim Abbott 5de6b879b7 puppet: Move minify-js and statsd dependencies to internal manifest.
(imported from commit 3363fb962a4fde575591b42db888b92bb6edd0f5)
2013-11-12 09:34:25 -05:00
Tim Abbott bf0fda7426 Use the enterprise apt key when installing local server.
(imported from commit 24fa7474a77cac7b1d033c6732de6873d4aa9880)
2013-11-12 09:34:25 -05:00
Tim Abbott bbf8424b3e puppet: Move our ops repository apt configuration to internal module.
(imported from commit 2aca8e8c2edbd87a77fd5f00b3ae250484721fb4)
2013-11-12 09:34:25 -05:00
Tim Abbott 2b7e4d186a Document why we need python-dns.
(imported from commit 15f1ab77232db9d6667b98079b9a65436884dedf)
2013-11-12 09:34:25 -05:00
Tim Abbott 138d7053b7 puppet: Move the wal-e dependencies to the internal postgres config.
(imported from commit 67251263ec98e5b141f4c7587042b4db7aed36f2)
2013-11-09 07:28:19 -05:00
Tim Abbott 43e1c5e47d puppet: Move our camo installation setup to its own manifest.
(imported from commit 401018c3ff49fea485c3c8b4adb42574bb0b54b0)
2013-11-09 07:28:19 -05:00
Tim Abbott b902cc6eb1 puppet: Fix loadbalancer dependencies to include nodejs.
(imported from commit 9962e8ee774b13abdb95028d44cd687cee63aa13)
2013-11-09 07:28:19 -05:00
Tim Abbott a3b813e7af puppet: Comment the dependency lists for some service manifests.
(imported from commit 49817eb7daeab7cb83799d116ac829c7cd8e84e7)
2013-11-09 07:28:19 -05:00
Tim Abbott f552149772 puppet: Organize the puppet configuration for various internal services.
(imported from commit ad3525f608dbc5ceb04e6829fb1da0b3baba3258)
2013-11-09 07:28:19 -05:00
Tim Abbott 709850ab9e puppet: Organize the puppet configuration for zmirror.
(imported from commit 4e9d1771fd5198b1f47f8fac187b915287568510)
2013-11-09 07:28:18 -05:00
Tim Abbott 399d28777a puppet: Move python-html2text to the app frontend dependencies.
Otherwise, the email mirror won't work on local server.

(imported from commit ddd388eeb8943f1ce84cf3d113525c1fc7b7b826)
2013-11-09 07:28:18 -05:00
Tim Abbott 180107588f puppet: Organize the zulip_internal package list.
(imported from commit 53b4d28316e41d59f75bf070acfd776267682141)
2013-11-09 07:28:18 -05:00
Tim Abbott 237968a3d4 puppet: organize the postgres_common dependencies and add python-boto.
python-boto was improperly missing from the dependencies for end-wal-e.

(imported from commit b2e53641e7fc45b60318c6ac81c81f39923f48c2)
2013-11-09 07:28:18 -05:00
Tim Abbott 097aef454b puppet: We don't need hunspell-en-us on the frontends.
(imported from commit 120649c8b8bad0ba66a06790b38ca31bd1084154)
2013-11-09 07:28:18 -05:00
Tim Abbott ef09a5c9d9 puppet: We don't need compiler tools on our app servers.
(imported from commit e4065fdb2214583eed214dac5aa17ae61cbf70e5)
2013-11-09 07:28:18 -05:00
Tim Abbott e527bfbef5 puppet: Organize app_frontend.pp.
(imported from commit 669021be2b8a017b99d8c48b42ac7d1f718d5943)
2013-11-09 07:28:18 -05:00
Tim Abbott dc6de94ec6 puppet: Organize base.pp and migrate out a few packages.
(imported from commit dd07ee9b74a06dc86e077d0cebdabb9127e08aa3)
2013-11-09 07:28:18 -05:00
Tim Abbott 657756b7e1 puppet: Move python-netifaces to zulip_internal (only used there).
(imported from commit 303f32f20b5d2f6962a04134eb569c69ab216c7c)
2013-11-09 07:28:18 -05:00
Tim Abbott 685cd64849 puppet: We don't need pip installed on our servers.
(imported from commit 540d2f561e3876b0d8f849943a157b26e0c5e942)
2013-11-09 07:28:18 -05:00
Tim Abbott 17db94e728 puppet: Move various dependencies to zulip_internal.
These are things that don't make sense to require on our local server
appliance systems.

(imported from commit 66a3ab750b0d27fa011b55c8f7ef9b22511de56c)
2013-11-09 07:28:18 -05:00
Tim Abbott ada9e3b6d3 puppet: We don't require sqlite3 on our servers.
(imported from commit c8731fea9e9dda0f5d8387159a7475702053c706)
2013-11-09 07:28:18 -05:00
Tim Abbott 71e1f00fc6 puppet: Move our iptables config to zulip_internal.
(imported from commit f177b3989092f4fa7f00ae5bfb833ea23fe35489)
2013-11-09 07:28:18 -05:00
Tim Abbott e957c8adb2 puppet: Move our SSHD config to zulip_internal.
(imported from commit 0c6314963ebe9246d8136dc6db3176d226dc2049)
2013-11-09 07:27:19 -05:00
Leo Franchi 312e3013af Release desktop app v. 0.3.10
(imported from commit 0114d0b631ad027d6e57a5a264a8c8efd3438fa7)
2013-11-06 14:13:57 -05:00
Leo Franchi 82ef17207a Aggregate receive and displayed times as well
(imported from commit e7789a627e4f1396d2c11c5a4b448135197324ab)
2013-11-06 13:37:15 -05:00
Leo Franchi c9c26a9ecb Remove 0.3.9 update while we prepare 0.3.10
(imported from commit f8f469dc93601d69f6974ed11efff259040d8ef2)
2013-11-06 12:58:09 -05:00
Leo Franchi 8dd4bf8f00 [puppet] Log endtoend send time on a per-realm basis as well as aggregate
(imported from commit 07226b20081d203af1f52776475228d9b6783869)
2013-11-06 11:25:00 -05:00
Tim Abbott b2ea2dca81 puppet: Add the stats1 cert (was missing from git).
(imported from commit 909c70089f95a08cf62656432e09df170b322aaa)
2013-11-05 17:06:33 -05:00
Tim Abbott 41fcfcb11c puppet: Require pgtune for pgtune rule.
(imported from commit 824bd42e9262b47eb2235c379be661a2d77a3b76)
2013-11-05 17:06:33 -05:00
Tim Abbott f8cc8388ec puppet: Move nodejs into app_frontend.pp.
It's needed for camo and update-prod-static.

(imported from commit ae121f168f735abef002c6143b57c961e5d20429)
2013-11-05 17:06:32 -05:00
Tim Abbott b5979a3fed [manual]: Rename zulip-internal puppet module to zulip_internal.
(imported from commit 64ac7ec0f3495b1fe7810da3d4d41263c52b9b3b)
2013-11-05 17:06:32 -05:00
Tim Abbott 9089cda01c puppet: Move some directory declarations into app_frontend.pp
(imported from commit c54f758a5aa7d7d788728c90789b9714d7fa665d)
2013-11-05 17:06:32 -05:00
Tim Abbott 9ec4de2e8c puppet: Fix path to postgres configuration template.
(imported from commit 3a2e677366fb872884635c4ce3e95402196641cc)
2013-11-05 17:06:32 -05:00
Tim Abbott dd12f51ea2 puppet: Use safepackage hack to avoid conflicting package declarations.
(imported from commit 2ea597a209ea5b2acaf61184ae9bf62a8507018e)
2013-11-05 17:06:32 -05:00
Tim Abbott b10f387558 Rename puppet modules for _/- consistency.
(imported from commit 16f139f59af3313a5868c0a7b6d9911b59e40266)
2013-11-05 17:06:32 -05:00
Luke Faraone 547442bd9e puppet: Build an unstable chroot on build0
(imported from commit ee3751379efe473aecdd8907d4ed02a98a77813b)
2013-11-05 15:56:10 -05:00
Tim Abbott e06722657a [manual] Remove /messages/latest API and related legacy code.
This requires doing a puppet apply on our servers to take effect
properly.

(imported from commit 19dc56f071f07a5d2571eef49dd835121b2e82b6)
2013-11-05 14:19:40 -05:00
Zev Benjamin ae8648b07f puppet: Fix misc puppet bugs
(imported from commit b8bff5de95e8310d19e1b176c88f79b4f22afe6a)
2013-11-05 14:15:22 -05:00
Zev Benjamin 042ab1a68d puppet: Add postgresql.conf for local servers and tune it during puppet apply
(imported from commit 0c29da5c6340f80ae425468c2207c49ed8278479)
2013-11-05 14:15:22 -05:00
Zev Benjamin 6c8884dbb9 puppet: Make zulip::local_server use zuilp::postgres_appdb
(imported from commit 23eac4233996d3515b48e972a1e98e43e1dd4bf0)
2013-11-05 14:14:53 -05:00
Zev Benjamin 2afdb4b11e puppet: Move public portions of Postgres puppet config to the zulip module
(imported from commit 25cb2e386e16b5c12f8efa26aa029215e29099f2)
2013-11-05 14:14:19 -05:00
Zev Benjamin b3e6d49d2f puppet: Switch puppet to using include-style class declarations
This allows us to declare classes more than once, which we need as
we're making our class dependency graph more complicated.  See
http://docs.puppetlabs.com/puppet/2.7/reference/lang_classes.html#aside-history-the-future-and-best-practices

(imported from commit d4199b0df0d92d166fbc3559957f67ee9cf2ecdc)
2013-11-05 14:14:19 -05:00
Zev Benjamin 787215d743 [manual] Switch over to new /etc/zulip/zulip.conf config file
Run the following commands as root before deploying this branch:
 # /root/zulip/tools/migrate-server-config
 # rm /etc/zulip/machinetype /etc/zulip/server /etc/zulip/local /etc/humbug-machinetype /etc/humbug-server /etc/humbug-local

(imported from commit aa7dcc50d2f4792ce33834f14761e76512fca252)
2013-11-05 14:14:19 -05:00
Leo Franchi 7a9e3ac90f [puppet] Fix OS X 0.3.9 desktop app release
(imported from commit 2980b7df5e37a6bc6df8d816b0a4e43ce17aea0a)
2013-11-04 15:24:51 -05:00
Leo Franchi c0450d4da4 [puppet] Update os x desktop app 0.3.9 signature in sparkle
(imported from commit 88075fdba0241d5f87f7b8138baf7b6dfd203b27)
2013-11-04 14:38:38 -05:00
Kevin Mehall 78b45b61fb Minify JS in the localserver upgrade tarball.
This moves the list of removed files from .gitattributes to
tools/build-local-server-tarball because static/ and tools/ are
necessary for update-prod-static, and it seemed best to keep the
entire list in one place.

(imported from commit 2a447cbde29e90d776da43bb333650a40d4d363c)
2013-11-04 13:40:43 -05:00
Tim Abbott 83fd197ffc [puppet] Add missing consumer monitoring for recent queues.
(imported from commit 3c97bc8f964d38bf8b05fedca5dfc816798b1895)
2013-11-04 13:22:36 -05:00
Leo Franchi 9b4491db6a Don't use hardcoded bots in nagios' check_send_receive
(imported from commit 82add135bf5b819bcc992af8420eec14cf829ccc)
2013-11-01 14:13:05 -04:00
Leo Franchi 422e8b2da6 [puppet] Release Desktop App v. 0.3.9 via sparkle
(imported from commit 1739c02b6493beb697e6eb30a0733fccf2c1a5cd)
2013-11-01 12:53:29 -04:00
Tim Abbott 105380fcf1 puppet: Move certs/ into the zulip-internal puppet module.
(imported from commit 919edc305b2be42341ec58d4ad5c4f76779eb0f9)
2013-11-01 10:30:17 -04:00
Tim Abbott 7a48103763 Delete obsolete humbug-self-signed certificate.
(imported from commit c0ba128e121a266212a47d10de93d4987f36f7f6)
2013-11-01 10:30:17 -04:00
Tim Abbott 4a15d135c1 Update unused puppet server name in puppet config.
(imported from commit b6fc02e4a6c55acb78ed3f4a3d91d526b9b7514d)
2013-10-31 15:29:49 -04:00
Tim Abbott 0e35424a7c Rename humbug => zulip in some log file names.
(imported from commit 0bb5284566861e5a2f260cc66dcb53ebac0d7b97)
2013-10-31 15:29:49 -04:00
Zev Benjamin 2731a4cb80 puppet: Fix incorrect include
(imported from commit d8277992f27e526550267dd6079711dbd22288b1)
2013-10-31 11:06:21 -04:00
Tim Abbott 8dd59c98a5 puppet: Increase worker_processes to optimize for prod0.
(imported from commit 35c7443c6ac3f8286ada4a7baf3655559176536e)
2013-10-30 20:39:39 -04:00
Tim Abbott 0792f2ba40 puppet: Raise worker_connections limit.
(imported from commit e120451e9386a9152baacce9f67779c53e40c5cc)
2013-10-30 20:39:39 -04:00
Zev Benjamin dd678465ae [manual] Move puppet modules to the top level
The new puppet.conf file has to be moved into place manually.

(imported from commit 253d9a95386dae8c803a998ce2dc7e8be40c880a)
2013-10-30 15:42:26 -04:00