Commit Graph

858 Commits

Author SHA1 Message Date
Vishnu Ks 6e52779ed5 install: Include no-dist-upgrade in args list.
This was missed out in 2e51ac8c49
2019-06-14 14:24:08 -07:00
Tim Abbott 8a53686f41 install: Add --no-overwrite-settings option.
This commit needs more work to make this option reasonable.
2019-06-13 14:39:25 -07:00
ppreethi 86840adda5 version: Show number of commits and commit sha in ZULIP_VERSION.
We use `git describe --tags` to get information about the number of commit since
the last major version, and the sha of the current HEAD. This is added to the
ZULIP_VERSION when a deploy is done from `git`.

Modified heavily by punchagan to:
* to use git describe instead of `git log` and `wc`
* use a separate script to run the git describe command
* write the file with version info to var/ and remove it from the repo

Fixes #4685.
2019-06-07 13:39:12 -07:00
Tim Abbott 5748bae71d restore-backup: Run configure-rabbitmq to update RABBITMQ_PASSWORD.
Previously, if you restored onto a different production system from
the one where you took the backup, backup restoration would fail
because the generated rabbitmq passwords for the two systems would be
different, and we didn't update the restored system to use the
password from the original system.

Fixes #12114.
2019-06-06 16:38:27 -07:00
Tim Abbott 3c4030a421 restore-backup: Run zulip-puppet-apply before pg_restore.
This should ensure that we apply any special configuration for the
database system (e.g. installing `pgroonga`) before we try to restore
the database contents from the archive.

For pgroonga in particular, this is important so that we can preserve
the configuration of the extension in the `pg_restore` process.

Fixes #12345.
2019-06-06 16:34:28 -07:00
Tim Abbott 13a20a1ab5 restore-backup: Fix error on systems using S3 upload backend.
With the S3 file upload backend, we don't store uploads locally, so
the `uploads` directory in the backup will be empty, and more
importantly, LOCAL_UPLOADS_DIR will be None, which the previous code
crashed on.
2019-06-06 15:08:18 -07:00
Thomas Ip c6cdcd082e dependencies: Upgrade node to 12.3.1.
API changes:
* The behaviour of Date.toLocaleTimeString() reverts to pre 8.0.0,
  this only affects automated tests. Lots of other API changes but
  we didn't use any of those.
* The internal sorting algorithm changed which causes one of our own
  compare function to miss coverage.
2019-06-05 17:15:52 -07:00
Vishnu Ks 14ed0e283d install: Add option to skip dist-upgrade. 2019-06-05 15:50:02 -07:00
Thomas Ip 9a84a60029 dependencies: Upgrade yarn to 1.16.0. 2019-06-03 12:24:00 -07:00
Anders Kaseorg 90a9dfa7f5 setup-apt-repo: Try to download pre-setup deps before skipping update.
Simulate isn’t enough in some cases.  The error message when this
fails looks sufficiently non-alarming.

LXC:

    default: + apt-get -dy install lsb-release apt-transport-https gnupg
    default: Reading package lists...
    default: Building dependency tree...
    default:
    default: Reading state information...
    default: lsb-release is already the newest version.
    default: gnupg is already the newest version.
    default: The following NEW packages will be installed:
    default:   apt-transport-https
    default: 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
    default: Need to get 25.1 kB of archives.
    default: After this operation, 238 kB of additional disk space will be used.
    default: Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main apt-transport-https amd64 1.0.1ubuntu2.3
    default:   404  Not Found [IP: 91.189.88.161 80]
    default: Err http://security.ubuntu.com/ubuntu/ trusty-security/main apt-transport-https amd64 1.0.1ubuntu2.3
    default:   404  Not Found [IP: 91.189.88.161 80]
    default: E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt-transport-https_1.0.1ubuntu2.3_amd64.deb  404  Not Found [IP: 91.189.88.161 80]
    default:
    default: E: Some files failed to download
    default: + apt-get update
    […]
    default: Fetched 4,504 kB in 7s (611 kB/s)
    default: Reading package lists...
    default: + apt-get -y install lsb-release apt-transport-https gnupg
    default: Reading package lists...

Docker:

    default: + apt-get -dy install lsb-release apt-transport-https gnupg
    default: Reading package lists...
    default: Building dependency tree...
    default:
    default: Reading state information...
    default: Package gnupg is not available, but is referred to by another package.
    default: This may mean that the package is missing, has been obsoleted, or
    default: is only available from another source
    default: E: Package 'gnupg' has no installation candidate
    default: + apt-get update
    […]
    default: Fetched 16.2 MB in 5s (3,326 kB/s)
    default: Reading package lists...
    default: + apt-get -y install lsb-release apt-transport-https gnupg
    default: Reading package lists...

(All in green.)

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-05-27 15:25:00 -07:00
Anders Kaseorg 407564086d provision: Move apt-get update from retry handler to setup-apt-repo.
This avoids unnecessarily alarming error messages if the apt cache is
missing.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-05-24 17:07:38 -07:00
Anders Kaseorg ae524b677d ci: Move backend and production tests to Ubuntu 16.04 (xenial).
This is preparation for dropping support for Trusty in CI.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-05-24 17:07:15 -07:00
Anders Kaseorg d267884cc1 node_cache: Run yarn install with --frozen-lockfile.
This way a yarn.lock inconsistent with package.json can’t slip through
unnoticed.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-05-20 19:23:37 -07:00
Puneeth Chaganti 0884764421 url preview: Add python-magic dependency for content-type sniffing. 2019-05-06 12:37:32 -07:00
Mayank Madan 99414e2d96 provision: Add support for Debian 10 Buster. 2019-05-05 17:57:19 -07:00
Mayank Madan a86eccb2b6 pgroonga: Upgrade from 2.1.6 to 2.1.8.
This is necessary to support postgres 11 in Debian Buster.
2019-05-05 17:52:32 -07:00
Anders Kaseorg 9937734e50 terminate-psql-sessions: Only terminate if we have permissions.
We have been semi-accidentally relying on the fact that terminate-psql-sessions 
fails silently when there are PIDs we don't have permission to terminate.

This actually happens somewhat often, generally when we're doing a series of
operations in quick succession by different users, because postgres processes
live a little longer than the `psql` shell that started them.

As part of adding ON_STOP_ERROR to all of our postgres commands, it makes
sense to enforce we don't fail here, but that means we need to actually filter
the target PIDs to only ones we can actually kill.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-23 14:41:42 -07:00
Tim Abbott 74143a0801 scripts: Disable terminate-psql-sessions ON_ERROR_STOP for now.
This appears to fail nondeterministically in CI; there's likely a
better fix but this should let us get CI happy again.
2019-04-22 15:49:48 -07:00
Anders Kaseorg 5290519a62 scripts: Always use ON_ERROR_STOP=1 when running psql.
Also use psql -e (--echo-queries) in scripts that use ‘set -x’, so
errors can be traced to a specific query from the output.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-22 14:54:19 -07:00
Tim Abbott 18146ed947 script: Add static asset pipeline option to support OS upgrades.
The comment explains this in more detail, but basically one previously
needed the `--from-git` option to `upgrade-zulip-stage-2` if one had
last installed/upgraded from Git, and not that option otherwise, which
would have forced us to make the OS upgrade documentation much more
complicated than it needed to be.
2019-04-17 12:58:42 -07:00
Anders Kaseorg ed100d694f restore-backup: Open backup tarball as root.
Fixes permission errors when running restore-backup on a tarball
inaccessible to the zulip user.

Fixes #12125.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-17 12:26:03 -07:00
Anders Kaseorg 206741117c restore-backup: Reset cwd when switching to postgres user.
Fixes permission errors when running restore-backup from a cwd
inaccessible to the postgres user.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-17 12:26:03 -07:00
Anders Kaseorg 9fc0aa7ffa scripts: Fix exec invocation for in-process virtualenv activation.
activate_this.py has always documented that it should be exec()ed with
locals = globals, and in virtualenv 16.0.0 it raises a NameError
otherwise.

As a simplified demonstration of the weird things that can go wrong
when locals ≠ globals:

    >>> exec('a = 1; print([a])', {}, {})
    [1]
    >>> exec('a = 1; print([a for b in [1]])', {}, {})
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "<string>", line 1, in <module>
      File "<string>", line 1, in <listcomp>
    NameError: name 'a' is not defined
    >>> exec('a = 1; print([a for b in [1]])', {})
    [1]

Top-level assignments go into locals, but from inside a new scope like
a list comprehension, they’re read out of globals, which doesn’t work.

Fixes #12030.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-16 17:42:44 -07:00
Wyatt Hoodes d67dc2eb94 install-node: Upgrade yarn to 1.15.2.
In addition to upgrading dependencies being generally useful, this may
fix situations where yarn fails but returns a success status code in the 
presence of an HTTP proxy.
2019-04-14 22:36:14 -07:00
Tim Abbott ad81f700a1 scripts: Remove nagios overrides for missedmessage_emails.
Since 5cec566cb9, the
missedmessage_emails queue no longer is expected to grow a backlog
over time.
2019-04-13 20:43:07 -07:00
Puneeth Chaganti 9876f1b14e check_rabbitmq_queue: Fix the time period when we ignore long queues.
The commit 87d1809657 changed the time when
digests are sent by 3 hours to account for moving from the US East Coast to the
West Coast, but didn't change the time period exception in the
`check-rabbitmq-queue` script.

Closes #5415
2019-04-13 20:43:07 -07:00
Anders Kaseorg 460abe82df terminate-psql-sessions: Allow running as postgres user.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-12 17:27:23 -07:00
Anders Kaseorg 53879c4673 scripts: Rename DEFAULT_USER to POSTGRES_USER.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-12 17:27:23 -07:00
Anders Kaseorg d03b8308a5 backup: Use tar --transform to arrange the tarball instead of symlinks.
This allows tar to print the real paths in error messages if something
goes wrong.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-04-12 16:48:34 -07:00
Rohitt Vashishtha 22a3b4230c Revert "install: Ensure that sudo is installed."
Now that we have the run_as_root helper function, we don't need to
install sudo to run Zulip in production

This reverts commit a7d7d181ea.

Fixes #10036.
2019-04-04 16:52:20 -07:00
Rohitt Vashishtha 327b70cb19 terminate-psql-sessions: Allow running without sudo. 2019-04-04 16:52:20 -07:00
Tim Abbott 042893a448 configure-rabbitmq: Allow running as root.
This makes it possible to run this in production without access to
sudo.
2019-04-04 16:52:20 -07:00
Anders Kaseorg f78970c679 restore-backup: Set the recreated database owner to zulip.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-04 11:50:13 -07:00
Mayank Madan 264c2e9803 provision: Add provision support for Ubuntu 18.10.
Note that this is only support for Ubuntu 18.10 in the development
environment.
2019-03-09 16:01:46 -08:00
Tim Abbott 0ab8cd9ca3 provision: Refactor handling of dependencies for building pgroonga.
This lets us leave build-pgroonga platform-agnostic.
2019-03-08 15:12:56 -08:00
Tim Abbott 5c20ee998c build-tsearch-extras: Add support for Debian/Ubuntu. 2019-03-08 15:12:56 -08:00
Tim Abbott 8469c7774f scripts: Remove create-zulip-admin.
This was used only by ancient versions of the Docker project.
2019-03-04 15:33:51 -08:00
Tim Abbott 0e7a5d82b4 setup_venv: Remove virtualenv-clone legacy upgrade code.
Few folks will be upgrading from versions of Zulip old enough to not
have virtualenv-clone, and those who are won't be able to use it due
to older dependencies having been removed.
2019-03-04 15:32:15 -08:00
Tim Abbott 4157d15ff1 setup_venv: Fix check for whether virtualenv-clone is unavailable.
We don't need a bare except here.
2019-03-04 15:32:15 -08:00
Tim Abbott 478e215acd setup_venv: Use run_as_root helper.
Also, don't use split() to break up strings to pass into run().
2019-03-04 15:32:15 -08:00
Anders Kaseorg d9adc9d7bc get_dev_uuid_var_path: Fix theoretical shell quoting problem.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-03-04 15:20:07 -08:00
Tim Abbott b3444354aa su_to_zulip: Fix detection of zulip user ID.
Apparently, while upgrade-zulip-from-git always ensures that zulip
deployment directories are owned by the Zulip user, unpack-zulip (aka
the tarball code path) has them owned by root.

The user ID detection logic in su_to_zulip's helper get_zulip_uid was
intended to support both development environments (where the user ID
might vary) and production environments.  For development
environments, the existing code is fine, but given this unpack-zulip
permissions issue, we need to have code to fallback to 'zulip' if the
detection logic detects the "zulip" user has having UID 0.
2019-03-04 14:27:39 -08:00
Rohitt Vashishtha 3d427d02cc scripts/zulip_tools: Use run_as_root instead of subprocess.check_call. 2019-03-01 11:21:16 -08:00
Rohitt Vashishtha ac48925977 scripts: Use run_as_root instead of run([sudo, ...]). 2019-03-01 11:21:16 -08:00
Anders Kaseorg 1e2bd553fb setup-certbot: Remove --force-renewal. (#11652)
There’s no reason to do this unless you’re, like, trying to trip the
Let’s Encrypt rate limits (or perhaps trying to manually test this code).

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-22 15:50:38 -08:00
Tim Abbott 57e1307a3a provision: Fix virtualenv-clone handling of success-stamp.
Apparently, virtualenv-clone ends up copying the success-stamp file
that we use to track whether a virtualenv was successfully
provisioned, which results in problems if we get a network error in
the pip install stage afterwards.

The comment explains our fix, but basically we just delete
success-stamp after the clone.

Fixes #11301.
2019-02-16 11:24:10 -08:00
Anders Kaseorg e0a51948d9 script: Add ready-to-run tooling for doing backups.
Based on an initial version by Tim Abbott (#11204).

Fixes #552.
2019-02-11 17:30:37 -08:00
Anders Kaseorg ebad0b7cbf zulip_tools: Get the zulip uid from the owner of DEPLOY_ROOT.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-11 17:00:37 -08:00
Anders Kaseorg e4832cc9da setup_path_on_import: Don’t re-add BASE_DIR to sys.path.
BASE_DIR must already be in sys.path if we got as far as importing
this.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-07 17:17:31 -08:00
Anders Kaseorg 70bfcd3402 zulip_tools: Extract get_deploy_root function.
Modified by tabbott from the original to preserve the implementation;
see https://github.com/zulip/zulip/pull/11295#discussion_r254925032
for why this is correct.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-07 17:09:29 -08:00
Anders Kaseorg e984107966 scripts: Remove unused imports.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 17:02:58 -08:00
Anders Kaseorg 4fef10f4e6 install: Improve error handling.
On usage errors (except --help), write usage message to stderr and
exit with nonzero status.

Forbid setting the hostname and email to the example values.  Those
are specifically checked for and would fail later.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 11:18:42 -08:00
Anders Kaseorg 893e1475bb setup_virtualenv: Do not activate the virtualenv on creation.
Instead, manually activate it in the one place where this
functionality was used (tools/lib/provision.py).  This way we avoid
trying to activate the Python 2 thumbor virtualenv from Python 3.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-01-31 17:55:04 -08:00
Tim Abbott df436a55b4 scripts: Recommend apt update after enabling universe.
One needs to manually do an apt update after add-apt-repository, or it
won't actually work.
2019-01-26 12:29:05 -08:00
Anders Kaseorg 5ba84d75ce create-zulip-admin: Fix shell quoting.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-01-16 08:46:50 -08:00
Anders Kaseorg 981f09d950 terminate-psql-sessions: Fix shell and SQL quoting.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-01-16 08:46:50 -08:00
Harshit Bansal 50ef91bb08 scripts: Add argparse option to `restart-zerver` for `--fill-cache`.
Nowm unless you specify `--fill-cache`, memcached caches will not be
pre-filled after a server restart. This will be helpful when someone
is in a hurry (e.g. if the server is down right now, or if he/she
testing a configuration change in a newly setup server), it's best to
just restart without pre-filling the cache.

Fixes: #10900.
2019-01-14 15:20:01 -08:00
Anders Kaseorg b9f7b08af2 setup_path_on_import: Check that the virtualenv is compatible.
The site_packages variable points to (e.g.)
zulip-py3-venv/lib/python3.4/site-packages.  If that doesn’t exist,
we’re probably running the wrong Python version.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-01-09 17:32:09 -08:00
Anders Kaseorg 7a58f574bf setup_path_on_import: Skip activate_this if already activated.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-01-09 17:32:07 -08:00
Anders Kaseorg 2ad1a27b28 create-production-venv: Remove Python 2 support.
We still create a Python 2 virtualenv for thumbor but that’s
separate (/srv/zulip-thumbor-venv from
scripts/lib/create-thumbor-venv).

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-01-09 17:32:05 -08:00
rht 91348a6aee create-thumbor-venv: Generalize to CentOS, Fedora, RHEL. 2019-01-07 18:52:27 -08:00
rht 68c20c610e create-production-venv: Generalize to CentOS, Fedora, RHEL. 2019-01-07 18:52:27 -08:00
rht 15763f8545 provision: Include DISTRIB_FAMILY in parse_lsb_release output. 2019-01-07 18:52:09 -08:00
rht d8a081b94c setup-yum-repo: Add prod flag for doing IUS install on CentOS. 2019-01-05 15:49:02 -08:00
rht a55f5b59f6 generate-self-signed-cert: Generalize to CentOS, Fedora, RHEL. 2019-01-05 15:49:02 -08:00
rht 105732ab1f parse_lsb_release: Fix vendor name matching for CentOS. 2019-01-04 14:09:48 -08:00
rht d3139266c8 setup_venv: Uninstall typing on Python >3.4.
Otherwise this causes an error
```
AttributeError: type object 'Callable' has no attribute '_abc_registry'
```
on 3.7. While the error is specific to 3.7, it is safer to uninstall
typing for all the versions that don't require a pip-provided typing
library.
2019-01-01 19:34:48 -08:00
rht c190959b58 provision: Move CentOS & Fedora venv deps construction to setup_venv.py.
They will be reused in production setup.
2019-01-01 19:34:46 -08:00
rht 17ffbdabe2 provision: Use virtualenv instead of python-virtualenv on Fedora.
The package name changed at some point.
2019-01-01 19:34:24 -08:00
rht 75134ef614 provision: Use generic python3 on Fedora dependencies.
It might be cleaner to add new variables in setup_venv.py, but we can
do that later.
2019-01-01 19:34:11 -08:00
rht acbb174100 provision: Add RHEL 7 support. 2018-12-18 17:13:56 -08:00
Anders Kaseorg 392175d6e8 Use #!/usr/bin/env for bash shebangs.
/bin/sh and /usr/bin/env are the only two binaries that NixOS provides
at a fixed path (outside a buildFHSUserEnv sandbox).

This discussion was split from #11004.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-12-17 17:21:08 -08:00
rht 295cbe7b9c provision: Add build-pgroonga and use it for Fedora. 2018-12-17 16:23:57 -08:00
rht b732fe819e provision: Add Fedora support. 2018-12-17 16:23:44 -08:00
rht 888388cf89 setup-yum-repo: Add -y flag to `yum update`. 2018-12-17 11:49:43 -08:00
Tim Abbott 2558f101af docs: Add documentation for `if False` mypy pattern in scripts.
This should help make it clear what's going on with these scripts.
2018-12-17 11:12:53 -08:00
Tim Abbott bce90a3340 lint: Add lint rule for scripts importing typing improperly.
This is a common bug that users might be tempated to introduce.

And also fix two instances of this bug that were present in our
codebase, including an important one in our upgrade code path.
2018-12-17 10:46:37 -08:00
Tim Abbott 47c4a2d21a upgrade-zulip-from-git: Remove buggy typing import.
This broke running this on Python 3.4, where typing isn't in stdlib.
2018-12-17 10:33:52 -08:00
rht 30834b7dd8 build-tsearch-extras: Abstract out postgres version. 2018-12-16 13:26:29 -08:00
rht 3afb299aec setup-yum-repo: Abstract out postgres version. 2018-12-16 13:21:55 -08:00
rht 903bce9bdd provision: Install pycurl manually on CentOS.
This works around a pycurl bug on EL7 where the fix hasn't been
released yet.
2018-12-16 10:09:07 -08:00
rht 25a8dbef11 provision: Build tsearch_extras from source for CentOS support. 2018-12-16 10:04:27 -08:00
rht 448303b3f0 provision: Initialize setup-yum-repo. 2018-12-16 10:04:27 -08:00
shubham-padia 3231306736 upgrade-zulip: Use deploy_options specified in zulip.conf.
Fixes #10534.
upgrade-zulip can now also accept the same deploy options as
upgrade-zulip-from-git and pass it as arguments to
upgrade-zulip-stage-2.
2018-12-16 07:52:47 -08:00
shubham-padia 29dce7c9b9 upgrade-zulip-from-git: Refactor deploy_options logic to zulip_tools.py.
This a preparatory commit moving the deploy_options logic to
zulip_tools.py so it can be imported and used in upgrade-zulip.
2018-12-16 07:52:47 -08:00
rht d54fb5f40d
provision: Add venv dependencies for Centos 7. 2018-12-14 04:59:46 +00:00
Sumanth V Rao 76c6cf8c3a upgrade-zulip-stage-2: Added argument to skip purging old deployments.
This makes it possible to add --skip-purge-old-deployments in the
deploy_options section of /etc/zulip/zulip.conf, and control whether
old deployments are purged automatically on a system.

We still need to do https://github.com/zulip/zulip/issues/10534 and
probably also to add these arguments to be directly passed into
upgrade-zulip, but that can wait for future work.

Fixes #10946.
2018-12-13 10:10:43 -08:00
Anders Kaseorg 149132348f lint: Update ShellCheck to 0.6.0.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-12-12 08:24:01 -08:00
rht e0ec288928 parse_lsb_release: Add CentOS support. 2018-12-11 13:08:26 -08:00
rht c9d54f7854 puppet: Remove vendored puppetlabs apt and stdlibs dependencies.
This commit works by vendoring the couple functions we still use from
puppetlabs stdlib (join and range), but removing the rest of the
puppetlabs codebase, and of course cleaning up our linter rules in the
process.

Fixes #7423.
2018-12-11 13:03:26 -08:00
rht 711b0fda8b scripts: Initialize setup-apt-repo-debathena. 2018-12-11 13:01:26 -08:00
Tim Abbott 0d48f47eba scripts: Make setup-apt-repo a no-op if nothing has changed.
This performance optimization is important for being able to run this
from puppet in our production environment.
2018-12-10 17:36:28 -08:00
Tim Abbott 9423f8e31c node cache: Don't shell out to yarn to get the version.
This can easily be done by just reading the package.json file and
extracting the version value, just like we now do in install-node.
2018-12-07 14:44:52 -08:00
Tim Abbott 630968b632 provision: Use a more efficient approach for getting yarn version.
Since yarn has a package.json conveniently available, we can parse
that with jq, saving the expensive operation of starting up yarn.

This saves ~300ms in a no-op provision.
2018-12-07 14:36:54 -08:00
rht a1ca8c262a setup-apt-repo: Add `set -e` and ensure the sources file exists. 2018-12-07 14:00:59 -08:00
Tim Abbott b3a4b78c6d puppet: Pass zulip scripts path as a FACTER to puppet.
This makes it possible for the Puppet codebase to access the path to
the relevant /home/zulip/deployments type directory that puppet was
run from, which in turn makes it possible to safely call scripts from
here.

Based on work by Rein Zustand.
2018-12-06 11:38:55 -08:00
Tim Abbott e13de3e629 scripts: Fix incorrect garbage-collection of emoji/node caches.
Apparently, we were incorrectly expressing the paths in the
caches_in_use data structures for these two cache-cleaning algorithms,
resulting in the default threshhold_days algorithm controlling which
caches could be garbage-collected.  While the emoji one was just a
performance optimization for upgrade-zulip-from-git, it was possible
for the main `node_modules` cache in use in production to be GCed,
resulting in LaTeX rendering being broken.
2018-12-03 11:59:08 -08:00
Tim Abbott 1303f8df20 docs: Fix missing quotes in `su zulip -c` documentation.
This fixes an actual user-facing issue in our mobile push
notifications documentation (where we were incorrectly failing to
quote the argument to `./manage.py register_server` making it not
work), as well as preventing future similar issues from occurring
again via a linter rule.
2018-11-30 12:12:27 -08:00
Tim Abbott 31556e45d8 setup-apt-repo: Install gnupg as part of installation.
Apparently, on Debian stretch, the gnupg package isn't installed by
default, which means that our `apt-key add` commands were failing with
these errors on an ultra-minimal Debian installation:

+ apt-key add ./scripts/setup/packagecloud.asc
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation
+ apt-key add ./scripts/setup/pgroonga-debian.asc
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation

Fixes #10480.
2018-11-30 10:45:04 -08:00
Anders Kaseorg ed0292629b zulip_tools.run: Remove shell=True support.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-28 17:48:23 -08:00
Anders Kaseorg d581ad82ca scripts/upgrade-zulip-from-git: Avoid shelling out for mkdir, ln.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-28 17:48:23 -08:00
Anders Kaseorg a61eebd9e3 scripts/lib/unpack-zulip: Avoid shelling out for rm, mv, mkdir, ln.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-28 17:48:23 -08:00
Anders Kaseorg 9bad4003c6 scripts/lib/upgrade-zulip-stage-2: Avoid shelling out for ln.
The original code was actually broken, in that it checked the wrong
path, but it didn't matter because it used `ln -nsf`.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-28 17:48:23 -08:00
Anders Kaseorg a694c3cafd scripts/restart-server: Avoid shelling out for ln.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-28 17:26:54 -08:00
Anders Kaseorg d60b697cc5 scripts/lib/create-production-venv: Avoid shelling out for ln.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-28 17:25:01 -08:00
Anders Kaseorg 33a4d12101 scripts: Add zulip_tools.overwrite_symlink function to replace ln -nsf.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-28 17:24:59 -08:00
Anders Kaseorg 1597511de0 install: Check whether universe repository is enabled on Ubuntu.
Fixes #10417.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-28 17:18:43 -08:00
Tim Abbott 5a56925495 restart-server: Fix restarting server with multiple tornado processes.
Previously, we unconditionally tried to restart the Tornado process
name corresponding to the historically always-true case of a single
Tornado process.  This resulted in Tornado not being automatically
restarted on a production deployment on servers with more than one
Tornado process configured.
2018-11-27 17:20:05 -08:00
Tim Abbott adf27aae4c python: Remove now-unnecessary str_utils library.
This library was absolutely essential as part of our Python 2->3
migration process, but all of its calls should be either no-ops or
encode/decode operations.

Note also that the library has been wrong since the incorrect
refactoring in 1f9244e060.

Fixes #10807.
2018-11-27 11:57:54 -08:00
Tim Abbott 3e3eb2aa7f scripts: Clarify names of running-as-root assertions.
This should make it more obvious that these functions will exit the
script if the check fails.
2018-11-19 10:58:34 -08:00
Rohitt Vashishtha eae9251cb7 scripts: Make upgrade-zulip-* use root checking from zulip_tools.
This is mostly just a nice code deduplication/cleanup.
2018-11-19 10:58:34 -08:00
Rohitt Vashishtha 0975bbb39e scripts: Make zulip-puppet-apply check if the user is root.
Fixes #10833.
2018-11-19 10:58:34 -08:00
Rohitt Vashishtha 767acfa2ac scripts: Add util functions for checking root to zulip_tools. 2018-11-19 10:58:16 -08:00
Rohitt Vashishtha 95ba947f13 setup-cerbot: Allow issuing certificates for multiple domains.
This commit allows specifying Subject Alternative Names to issue certs
for multiple domains using certbot. The first name passed to certbot-auto
becomes the common name for the certificate; common name and the other
names are then added to the SAN field. All of these arguments are now
positional. Also read the following for the certbot syntax reference:

https://community.letsencrypt.org/t/how-to-specify-subject-name-on-san/

Fixes #10674.
2018-11-13 12:47:31 -08:00
Tim Abbott 453c35d0f7 install: Provide a suggestive error message when missing Universe.
By far the dominant cause of errors when installing apt packages is
not having the Universe repository enabled in Ubuntu bionic (this
seems to have started happening a lot recently; I wonder if Ubuntu
changed the defaults for new server installs or something?).

In any case, providing that suggestion in the error output should help
reduce these a lot.
2018-11-12 10:56:39 -08:00
Tim Abbott e7bb833a37 install: Improve some error output for common errors.
This uses `set +x` to hide the `echo` output, and then sets the font
color to red.
2018-11-12 10:55:06 -08:00
Tim Abbott 60ed41081b scripts: Write to upgrade.log in upgrade-zulip-from-git.
This should simplify debugging when doing Git-based upgrades; this log
has long been useful for the main upgrade-zulip tool.
2018-11-06 17:56:01 -08:00
Tim Abbott 3f03dcdf5e nagios: Support multiple tornado processes.
This allows our Tornado monitoring to correctly report whether
multiple configured Tornado processes are running.

This setup isn't ideal, in that it can't detect cases where the wrong
set of Tornado processes are running, but it's nice and simple and
should catch most actual problems.
2018-11-06 16:50:03 -08:00
Tim Abbott a4f5d825b7 Revert "upgrade-zulip-from-git: Support specifying tag or commit ID for refname."
This reverts commit 5ea7feee7e.

We had to revert this because it didn't work with non-master branch names.
2018-11-06 12:40:45 -08:00
Tim Abbott 0cac7e1cd3 tornado: Extract functions for Tornado queue names.
This moves all control for what queue to use for which realm in our
Tornado system to just the sharding.py file; no actual sharding is
done yet.
2018-11-02 17:00:10 -07:00
Shubham Padia 5ea7feee7e upgrade-zulip-from-git: Support specifying tag or commit ID for refname.
Fixes #10706.
Issue: Before this commit, the `refname` positional argument to
`upgrade-zulip-from-git` script would run successfully for a branch
name on the given remote, but the script would fail if it was
provided with a tag or commit ID.
Solution: 'git clone -q -b refname LOCAL_GIT_CACHE_DIR deploy_path`
would be split into two commands:
1.) `git clone -q LOCAL_GIT_CACHE_DIR deploy_path`
2.) `git checkout -b deploy_timestamp refname` which makes a new
branch with the same name as the timestamp used in make_deploy_path.
2018-10-23 11:11:08 -07:00
Tim Abbott adf918cf5a upgrade-zulip-from-git: Fix linter error from too-long line. 2018-10-22 14:11:40 -07:00
Shubham Padia bdb5f43370 upgrade-zulip-from-git: Support specifying remote on the command line.
Adds an optional argument `--remote-url` to specify the remote URL.
Command line remote URL will be given preference above the one
in /etc/zulip/zulip.conf.

Fixes #6092.
2018-10-22 12:01:05 -07:00
Shubham Padia 094e50753e upgrade-zulip-from-git: Rename git_url variable to remote_url. 2018-10-22 12:00:40 -07:00
Shubham Padia bba01e210b upgrade-zulip-from-git: Refactor to use argparse instead of sys.argv.
This is a preparatory commit to add an optional argument to mention
the git remote url. This does not make any change to the current
behaviour.
2018-10-22 12:00:39 -07:00
Anders Kaseorg c3bd293eaf Add shellcheck as a linter.
Fixes #10162.

Tweaked by tabbott to cover documentation as well.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-10-18 15:32:26 -07:00
Anders Kaseorg d0fb34e8af install: Fix shellcheck warnings.
In scripts/lib/install line 71:
ZULIP_PATH="$(readlink -f $(dirname $0)/../..)"
                          ^-- SC2046: Quote this to prevent word splitting.
                                    ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/lib/install line 105:
mem_kb=$(cat /proc/meminfo | head -n1 | awk '{print $2}')
             ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.

In scripts/lib/install line 141:
apt-get -y dist-upgrade $APT_OPTIONS
                        ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/lib/install line 145:
    $ADDITIONAL_PACKAGES
    ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/lib/install line 254:
    if [ -n "ZULIP_ADMINISTRATOR" ]; then
             ^-- SC2157: Argument to -n is always true due to literal strings.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-10-18 15:26:21 -07:00
Anders Kaseorg 310027f970 terminate-psql-sessions: Fix shellcheck warnings.
In scripts/setup/terminate-psql-sessions line 16:
major=$(echo "$version" | cut -d. -f1,2)
^-- SC2034: major appears unused. Verify use (or export if used externally).

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-10-17 17:48:57 -07:00
Tim Abbott a7d7d181ea install: Ensure that sudo is installed.
We use it to drop privileges from root to other users in the installer
process (which ideally, we would remove, but it will take some
annoying refactoring).

This should generally be safe to do, since the default sudo
permissions only allow root to use it anyway.

See https://github.com/zulip/zulip/issues/10036 for the follow-up
issue of removing the need to do this.
2018-10-16 15:34:04 -07:00
Tim Abbott 1a0e9fe2f9 restart-server: Restart tornado early.
This dramatically reduces the Tornado downtime when restarting a Zulip
server, which is generally the most significant source of user-facing
bad experiences.
2018-10-16 15:04:07 -07:00
Tim Abbott 608173657d upgrade-zulip: Clean up legacy google emoji icons.
Because we renamed the "google" iconset to be the modern Google set,
not what is now called the "googleblob" icon set, we need to make sure
that our usually correct policy of not overwriting image files under
`prod-static/` doesn't apply to files potentially being copied in for
the emoji images.

We fix this by just deleting the `images-google-64` directory on
upgrade if it contains the googleblob version of the "hotdog" emoji.

Fixes #10038.
2018-10-12 16:38:49 -07:00
Tim Abbott 9054ce278f locale: Fix incorrect use of locale-gen to generate locales.
Previously, we were having issues installing on Debian Stretch with
non-English locales, because `locale-gen` actually doesn't take a
locale as an argument (and thus `locale-gen en_US.UTF-8` did nothing).
We should instead be calling localedef directly.

Thanks to Tom Daff for debugging this.

Fixes #10629.
2018-10-11 14:42:24 -07:00
Tim Abbott 24f3419449 postgres-init-db: Throw an error if not run as root.
Fixes part of the dicsussion in #552.
2018-08-21 11:36:50 -07:00
Abhilash Verma 0e2322a322 logging: Show timestamp in UTC in non-django production scripts.
Done in pair programming with @aero31aero.

Fixes #9678.
2018-08-20 12:52:40 -07:00
xificurC 9e053c74cf scripts: Allow configuring a custom CA bundle for build process.
For building Zulip in an environment where a custom CA certificate is
required to access the public Internet, one needs to be able to
specify that CA certificate for all network access done by the Zulip
installer/build process.  This change allows configuring that via the
environment.
2018-08-13 15:45:28 -07:00
Tim Abbott 460ea76d96 terminate-psql-sessions: Remove postgres <9.2 support.
Those older versions of postgres reached end-of-life upstream, and it
makes this shell script easier to read.
2018-08-09 15:24:47 -07:00
Tim Abbott b8b97c98fb upgrade-zulip-stage-2: Remove explicit process_fts_updates start.
Thanks to changes in restart-server, this is now already happening there.

(The restart-server changes were required to ensure that if the
upgrade failes and one just does
/home/zulip/deployments/next/restart-server to recover, the right
thing happens; so this is the correct resolution to the conflict).
2018-08-03 15:21:01 -07:00
xificurC 76d6e27d04 install-node: Fail (and show error messages) if wget fails to run. 2018-08-03 10:25:59 -07:00
Tim Abbott ede4f52c20 scripts: Remove docker-functions.sh.
We've determined that it makes sense to keep this code separate in the
docker-zulip project.
2018-08-03 09:17:10 -07:00
Anders Kaseorg 26d378fb7d terminate-psql-sessions: Fix shellcheck warnings.
In scripts/setup/terminate-psql-sessions line 5:
    [ "$1" = "`echo -e "$1\n$2" | sort -V | tail -n1`" ]
              ^-- SC2006: Use $(..) instead of legacy `..`.
                          ^-- SC1117: Backslash is literal in "\n". Prefer explicit escaping: "\\n".

In scripts/setup/terminate-psql-sessions line 20:
major=$(echo $version | cut -d. -f1,2)
             ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/setup/terminate-psql-sessions line 24:
tables=$(echo "'$@'" | sed "s/ /','/g")
                ^-- SC2145: Argument mixes string and array. Use * or separate argument.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg 5a5497c6a1 setup-certbot: Fix shellcheck warnings.
In scripts/setup/setup-certbot line 64:
if [ -z "$DOMAIN" -o -z "$EMAIL" ]; then
                  ^-- SC2166: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.

In scripts/setup/setup-certbot line 73:
        method_args=(--webroot --webroot-path=/var/lib/zulip/certbot-webroot/)
                               ^-- SC2191: The = here is literal. To assign by index, use ( [index]=value ) with no spaces. To keep as literal, quote it.

In scripts/setup/setup-certbot line 112:
if [ -z "$deploy_hook" ]; then
         ^-- SC2128: Expanding an array without an index only gives the first element.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg e495eaa339 postgres-init-db: Fix shellcheck warnings.
In scripts/setup/postgres-init-db line 12:
records=`su "$POSTGRES_USER" -c "psql -Atc 'SELECT COUNT(*) FROM zulip.zerver_message;' zulip" | cat`
        ^-- SC2006: Use $(..) instead of legacy `..`.

In scripts/setup/postgres-init-db line 35:
source "$(dirname "$0")/terminate-psql-sessions" postgres zulip zulip_base
^-- SC1090: Can't follow non-constant source. Use a directive to specify location.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg edc5a7bdd0 install: Fix shellcheck warnings.
In scripts/setup/install line 18:
if [ $failed = 1 ]; then
     ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/setup/install line 19:
    echo -e "\033[0;31m"
             ^-- SC1117: Backslash is literal in "\0". Prefer explicit escaping: "\\0".

In scripts/setup/install line 25:
    echo -e "\033[0m"
             ^-- SC1117: Backslash is literal in "\0". Prefer explicit escaping: "\\0".

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg bb19fed5a7 initialize-database: Fix shellcheck warnings.
In scripts/setup/initialize-database line 38:
    echo -e "\033[32mPopulating default database failed."
             ^-- SC1117: Backslash is literal in "\0". Prefer explicit escaping: "\\0".

In scripts/setup/initialize-database line 42:
    echo -e "\033[0m"
             ^-- SC1117: Backslash is literal in "\0". Prefer explicit escaping: "\\0".

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg 68261c7e29 generate-self-signed-cert: Fix shellcheck warnings.
In scripts/setup/generate-self-signed-cert line 36:
if [ -n "$EXISTS_OK" ] && [ -e "$KEYFILE" -a -e "$CERTFILE" ]; then
                                          ^-- SC2166: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.

In scripts/setup/generate-self-signed-cert line 40:
if [ -z "$FORCE" ] && [ -e "$KEYFILE" -o -e "$CERTFILE" ]; then
                                      ^-- SC2166: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg 78225e4d04 configure-rabbitmq: Fix shellcheck warnings.
In scripts/setup/configure-rabbitmq line 13:
sudo rabbitmqctl $RABBITMQ_FLAGS delete_user "$RABBITMQ_USERNAME" || true
                 ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/setup/configure-rabbitmq line 14:
sudo rabbitmqctl $RABBITMQ_FLAGS delete_user zulip || true
                 ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/setup/configure-rabbitmq line 15:
sudo rabbitmqctl $RABBITMQ_FLAGS delete_user guest || true
                 ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/setup/configure-rabbitmq line 16:
sudo rabbitmqctl $RABBITMQ_FLAGS add_user "$RABBITMQ_USERNAME" "$RABBITMQ_PASSWORD"
                 ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/setup/configure-rabbitmq line 17:
sudo rabbitmqctl $RABBITMQ_FLAGS set_user_tags "$RABBITMQ_USERNAME" administrator
                 ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/setup/configure-rabbitmq line 18:
sudo rabbitmqctl $RABBITMQ_FLAGS set_permissions -p / "$RABBITMQ_USERNAME" '.*' '.*' '.*'
                 ^-- SC2086: Double quote to prevent globbing and word splitting.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg 21c60bf6d4 setup-apt-repo: Fix shellcheck warnings.
In scripts/lib/setup-apt-repo line 6:
zulip_source_hash=`sha1sum $SOURCES_FILE`
                  ^-- SC2006: Use $(..) instead of legacy `..`.

In scripts/lib/setup-apt-repo line 10:
SCRIPTS_PATH="$(dirname $(dirname $0))"
                        ^-- SC2046: Quote this to prevent word splitting.
                                  ^-- SC2086: Double quote to prevent globbing and word splitting.

In scripts/lib/setup-apt-repo line 36:
if [ "$zulip_source_hash" = "`sha1sum $SOURCES_FILE`" ] && ! [ -e "$STAMP_FILE" ]; then
                             ^-- SC2006: Use $(..) instead of legacy `..`.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg 942bb49c29 install-node: Fix shellcheck warnings.
In scripts/lib/install-node line 34:
    source "$NVM_DIR/nvm.sh"
    ^-- SC1090: Can't follow non-constant source. Use a directive to specify location.

In scripts/lib/install-node line 36:
    export NODE_BIN="$(nvm which default)"
           ^-- SC2155: Declare and assign separately to avoid masking return values.

In scripts/lib/install-node line 39:
    n=$(which node)
        ^-- SC2230: which is non-standard. Use builtin 'command -v' instead.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg 7162ac43a6 create-zulip-admin: Fix shellcheck warnings.
In scripts/lib/create-zulip-admin line 3:
if ([ "$ZULIP_USER_CREATION_ENABLED" == "True" ] || [ "$ZULIP_USER_CREATION_ENABLED" == "true" ]) && \
   ^-- SC2235: Use { ..; } instead of (..) to avoid subshell overhead.

In scripts/lib/create-zulip-admin line 4:
   ([ -z "$ZULIP_USER_DOMAIN" ]   || \
   ^-- SC2235: Use { ..; } instead of (..) to avoid subshell overhead.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Anders Kaseorg 5b4d30abab certbot-maybe-renew: Fix shellcheck warnings.
In scripts/lib/certbot-maybe-renew line 8:
    case "$(echo "$value" | tr A-Z a-z)" in
                               ^-- SC2019: Use '[:upper:]' to support accents and foreign alphabets.
                                   ^-- SC2018: Use '[:lower:]' to support accents and foreign alphabets.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-08-03 09:15:26 -07:00
Tim Abbott 35cb7528f9 models: Add new UserMessage flag active_mobile_push_notification.
This flag is used to track which user/message pairs correspond to an
active mobile push notification, that should potentially be cleared
when the user reads the message.

This flag should never appear on a message that is also marked as
read; eventually we may want a cron job to check for that condition.

We include a partial index on UserMessage for this flag.
2018-08-01 16:51:56 -07:00
Tim Abbott b564976ce4 upgrade-zulip: Fix unicode issues with detecting early migrations.
Apparently, our Python 3 conversion for the early-migrations logic
here was incorrect, and as a result we never set
need_create_large_indexes to True (because we were checking whether a
`bytes` was inside a list of `str`s).

The simplest fix would be to just add a `.decode()` in one place, but
this refactor to just decode at the beginning is a lot more readable.
2018-07-31 13:46:06 -07:00
Anders Kaseorg 510c97d861 scripts: Use shell quoting when displaying commands to be run.
This way, commands with arguments containing whitespace or
metacharacters are unambiguously readable.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-30 22:39:08 -07:00
Tim Abbott a8e5551395 restart-server: Ensure we restart process-fts-updates.
This is mostly important in that if you're running this as part of a
follow-up to a failed upgrade, and you don't do this,
process-fts-updates will be left not running, resulting in full-text
search not updating.
2018-07-30 16:27:53 -07:00
Shubham Padia bf6dc4472b models: Add is_private flag to UserMessage and add index for it.
The is_private flag is intended to be set if recipient type is
'private'(1) or 'huddle'(3), otherwise i.e if it is 'stream'(2), it
should be unset.

This commit adds a database index for the is_private flag (which we'll
need to use it). That index is used to reset the flag if it was
already set. The already set flags were due to a previous removal of
is_me_message flag for which the values were not cleared out.

For now, the is_private flag is always 0 since the really hard part of
this migration is clearing the unspecified previous state; future
commits will fully implement it actually doing something.

History: Migration rewritten significantly by tabbott to ensure it
runs in only 3 minutes on chat.zulip.org.  A key detail in making that
work was to ensure that we use the new index for the queries to find
rows to update (which currently requires the `order_by` and `limit`
clauses).
2018-07-30 15:43:55 -07:00
Tim Abbott 30a3c48ff3 thumbor: Fix missing virtualenv-clone package in dependencies.
This package is important in order to avoid scary-looking errors
whenever we upgrade the dependencies in thumbor.txt (where
virtualenv-clone isn't installed in the venv, and then gets installed
by the code we just added a TODO comment to.
2018-07-30 11:55:16 -07:00
Anders Kaseorg a5407e1c7d scripts: Replace node-wrapper with a symlink.
Commit 00e057bf44 (#4727) simplified
node-wrapper to a one-line wrapper script for performance.  Copying
the binary was proposed and rejected because node finds some of its
modules relative to its own path.  But a symlink doesn’t have that
issue, as you can verify with

    node -e 'console.log(require.resolve.paths("foo"))'

(To find its own path, node uses `process.execPath`, which resolves
symlinks, and there’s no plausible reason for that behavior to change.
https://github.com/nodejs/node/blob/v8.11.1/lib/module.js#L708-L717
https://github.com/nodejs/node/blob/v10.7.0/lib/internal/modules/cjs/loader.js#L761-L770)

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-30 11:48:10 -07:00
Anders Kaseorg fdc3b62d5f scripts/zulip-puppet-apply: Avoid shelling out for touch.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-25 16:54:46 -07:00
Anders Kaseorg 09c64f260b scripts/lib/zulip_tools.py: Avoid shelling out for touch.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-25 16:54:46 -07:00
Anders Kaseorg fe76b97e28 scripts/lib/setup_venv.py: Avoid shelling out for cp, touch.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-25 16:54:46 -07:00
Tim Abbott ee0f4ca330 locale: Set LANG/LANGUAGE to match LC_ALL.
Apparently, perl at least expects LANG, LANGUAGE, and LC_ALL to be
consistent, and thus apt spits out a bunch of warnings if these are
different.  So if we're forcing LC_ALL in these installer/upgrade
script blocks, we should force the rest too.

I believe this fixes the remaining locale part of #9946.
2018-07-23 23:01:10 -07:00
jeaye 4999474cce install: Add a couple Docker-specific options to the certbot scripts.
--agree-tos is useful for the Docker environment, where we won't have
an interactive shell present for agreeing to the ToS.

--deploy-hook is also useful for the Docker environment; it makes it
possible to customize what deploy hook (if any) we pass into the
underlying cerbot command.
2018-07-23 17:45:59 -07:00
Anders Kaseorg 09b8ccd510 scripts/nagios/check-rabbitmq-consumers: Avoid shelling out for mv.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-19 10:43:37 -07:00
Tim Abbott f228eabd90 install: Make sure the en_US.UTF-8 locale is available.
We need to make sure the en_US.UTF-8 locale has been generated before
setting the locale via the environment.

Fixes part of #9946.
2018-07-18 15:05:27 -07:00
Harshit Bansal f636882e04 build_emoji: Migrate to use `emoji_names.py` file.
This migrates Zulip to use a dramatically better set of names and
aliases for our emoji set, defined in emoji_names.py (which is in turn
manually generated from our hand-curated CSV file).

This should significantly improve the experience of using Zulip's
emoji picker and emoji typeahead for finding what one is looking for.
2018-07-13 21:18:02 +05:30
Tim Abbott 3cc93fd721 setup_venv: Fix missing libssl-dev dependency.
We were already correctly including libssl-dev in Zulip's dependencies
in development environment provisioning, but (at least now) it's
needed to build certain Python packages like pycurl when building a
Zulip virtualenv in production.  I haven't investigated why we didn't
need this on Ubuntu, but one possible reason would be that some other
library in our dependencies list happens to depend on it on Ubuntu.

We fix this by moving the dependency over to the shared
VENV_DEPENDENCIES list.

Fixes part of #9946.
2018-07-13 18:00:38 +05:30
Tim Abbott 8f9b5633b8 zulip_tools: Fix accessing LSB data on Debian stretch.
Apparently, at least some Debian stretch systems don't have an
/etc/lsb-release, so the optimization that we did in
5d39a0f0fc broke our installer on
Debian.

We fix this, by falling back to calling the lsb_release command on
systems that don't have a faster way to do it.

Fixes part of #9946.
2018-07-13 18:00:38 +05:30
Joshua Schmidlkofer b1a57d144f thumbor: Add production installer/puppet support.
This commits adds the necessary puppet configuration and
installer/upgrade code for installing and managing the thumbor service
in production.  This configuration is gated by the 'thumbor.pp'
manifest being enabled (which is not yet the default), and so this
commit should have no effect in a default Zulip production environment
(or in the long term, in any Zulip production server that isn't using
thumbor).

Credit for this effort is shared by @TigorC (who initiated the work on
this project), @joshland (who did a great deal of work on this and got
it working during PyCon 2017) and @adnrs96, who completed the work.
2018-07-12 20:37:34 +05:30
Anders Kaseorg 037f696d26 Enable pycodestyle W605 (invalid escape sequence).
The only changes visible at the AST level, checked using
https://github.com/asottile/astpretty, are

zerver/lib/test_fixtures.py:
'\x1b\\[(1|0)m' ↦ '\\x1b\\[(1|0)m'
'\\[[X| ]\\] (\\d+_.+)\n' ↦ '\\[[X| ]\\] (\\d+_.+)\\n'

which is fine because re treats '\\x1b' and '\\n' the same way as
'\x1b' and '\n'.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-03 16:54:46 +02:00
Vishnu Ks 109fa85614 provision: Rename file_hash_updated to file_or_package_hash_updated.
Check for changes in package version as well along
with the files.
2018-06-22 23:40:31 +05:30
Tim Abbott 9d9d59d4b2 clean-unused-caches: Optimize performance.
This saves about 400ms when running clean-unused-caches, basically by
calling its sub-rountines by import (rather than
`subprocess.check_call()`).  The performance optimization seems well worth it.

Fixes #9766.
2018-06-18 07:31:33 -07:00
Vishnu Ks 7b8e79ae48 provision: Refactor hashing of compilemessages into a function.
This allows it to be reused for other tools.

Edited by tabbott to remove the use of "compilemessages" in variable
names.
2018-06-18 06:55:36 -07:00
Greg Price 25c46e3abb tx: Clarify role of the script `process-mobile-i18n`.
This file looks like it's producing some kind of compilation of the
mobile strings, that the mobile app will somehow end up using --
especially as it refers to its output as a "resource file".  In
reality, it compiles statistics to be included in the language-picker
UI in the web app.  Give appropriate names to the identifiers so it's
less confusing.
2018-06-17 17:37:29 -07:00
Raymond Akornor 8f7af5fde5 install-node: Upgrade to yarn 1.7.0. 2018-06-05 08:52:55 -07:00
Tim Abbott 0fabff6dda setup_venv: Clean up VENV_DEPENDENCIES using parsed lsb_release.
This is mostly a cleanup, but it should also save 50ms in the runtime
of create-production-venv.
2018-05-29 10:57:36 -07:00
Raymond Akornor 5d39a0f0fc scripts: Replace calls to lsb release with our own parsing.
This improves the performance of these operations, by saving a ~50ms
Python process startup.  While not a major performance improvement, it
seems worth it, given how often these commands get run.

Fixes #9571.
2018-05-29 10:57:36 -07:00
Tim Abbott 999f264ad3 check_rabbitmq_queue: Exclude slow_queries queue from alerting.
Structurally, this queue has the same property as the missed_message
one, namely that it accumulates things and processes them only every
few minutes.

This should stop Zulip from paging in response to slow queries
accumulating when a server restart happens.
2018-05-25 13:06:50 -07:00
Tim Abbott 61ee01359e install: Update list of supported distros for installation.
This only changes the install script, not the docs, so it's pretty
low-profile; we'll update the docs after a bit more testing.
2018-05-24 10:44:29 -07:00
Tim Abbott 37335960a0 puppet: Stop automatically creating hiera.yaml on newer distros.
This fixes some unnecessary warnings on systems running Ubuntu bionic.
2018-05-24 10:39:39 -07:00
Sampriti Panda 8bf80f699f docker: Add PGroonga support to Postgresql Dockerfile.
Fixes #9466.
2018-05-23 11:53:32 -07:00
Tim Abbott 2655ece96f create-production-venv: Fix missing virtualenv dependency.
On newer distros like Xenial, Stretch, etc., we were incorrectly not
installing the Python 3 version of the virtualenv package.  This was
accidentally working because most base images with Python already have
this package too, but this was failing to install the right
dependencies in our Docker builds, requiring unnecessary manual code.

We fixed this some time ago for provision.py, but not for production.
2018-05-18 16:53:35 -07:00
Jason Michalski 24fbd7205d docker: Add postgres docker build with full text search.
This is multi-stage build which first builds tsearch-extras with the
current version of postgres and then configs postgres for zulip. The
zulip config installs the hunspell dictionaries, stop words file,
tsearch-extras, and creates the initial database.

**Testing Plan:**
1) `docker-compose up` the existing config.
2) Build the new image
3) Edit docker-compose.yml to use the new image id
4) `docker-compose up` and verify full text search is still working.
2018-05-16 13:14:24 -07:00
Tim Abbott 8a66b0b9a9 docker: Set has_appserver=0 correctly.
The docker installer configuration incorrectly had has_appserver set
to 0; this meant that (A) the docker-zulip code needed to copy the
block of code in the installer for the `has_appserver` case into the
Dockerfile (unnecessarily), and (B) one couldn't use `install` from a
Git ref (because the static asset compiler didn't end up in the right
place).

It appears that docker-zulip tried to set this flag in their `install`
command line, but the construction inside `install` meant that didn't
work.
2018-05-15 10:13:44 -07:00
Aditya Bansal cb9d8f6d48 scripts: Change use of typing.Text to str. 2018-05-14 05:16:22 +05:30
Aditya Bansal e14974ff2c scripts: Change use of typing.Text to str. 2018-05-10 14:19:49 -07:00
Tim Abbott b3e4c702d1 generate_secrets: Fix handling of an empty secrets file.
This is now a condition that happens during installation, because we
now create an empty file for this in puppet.
2018-05-06 22:12:32 -07:00
Tim Abbott 41841221ee scripts: Remove obsolete zesty configuration.
Zesty already reached end-of-life, so we'll never support it.

And in one place, we add support for bionic.
2018-05-05 11:41:57 -07:00
Tim Abbott 1b3b298fa8 install: Allow installing with Debian 9.
For now we just change the script, not the documentation.
2018-05-05 10:49:09 -07:00
Tim Abbott 76fa29085a setup-apt-repo: Clean up setup code for apt repo.
This fixes adding the Ubuntu repositories for Debian, as well as makes
sure that we install the debian-archive-keyring package on Debian,
which is only priority important (and thus might be missing).
2018-05-05 10:03:39 -07:00
Tim Abbott 4ee762a52c apt: Add packagecloud repository for Debian. 2018-05-05 10:03:03 -07:00
Tim Abbott 06cfc591fe setup-apt-repo: Require apt-transport-https be installed.
Doing our apt operations over HTTPS has better security properties.
2018-05-05 10:02:50 -07:00
Greg Price e8be968250 install: Expand error message for missing SSL cert slightly.
It wasn't obvious reading this message that you can perfectly well
bring your own SSL/TLS certificate; unless you read quite a bit
between the lines where we say "could not find", or followed the link
to the detailed docs, the message sounded like you had to either use
--certbot or --self-signed-cert.

So, explicitly mention the BYO option.  Because the "complete chain"
requirement is a bit tricky, don't try to give instructions for it
in this message; just refer the reader to the docs.

Also, drop the logic to identify which of the files is missing; it
certainly makes the code more complex, and I think even the error
message is actually clearer when it just gives the complete list of
required files -- it's much more likely that the reader doesn't know
what's required than that they do and have missed one, and even then
it's easy for them to look for themselves.
2018-04-19 11:08:22 -07:00
Tim Abbott 105eed049e install-node: Fix leaking of $HOME.
This fixes a bug where provision was failing since our most recent
upgrade to yarn/nvm/node.

It turns out my original fix was the correct fix, but to the wrong
third-party tool: nvm, not yarn, was the offender.
2018-04-12 14:32:36 -07:00
Tim Abbott 041fd802b7 Revert "yarn: Revert back to v0.27.5."
This reverts commit d4b88e86cc.
2018-04-12 11:37:00 -07:00
Tim Abbott f6ae57fa70 install-node: Correctly fix yarn installation.
Apparently, new versions of yarn use the HOME environment variable to
figure out where to access their configuration, and sudo apparently
doesn't clear that variable, so install-node was being run with HOME
set to something under /home/vagrant (e.g.).

Fix this by just setting that environment variable correctly.

This replaces 250a036ff8, which
misdiagnosed the issue.
2018-04-12 11:37:00 -07:00
Tim Abbott 250a036ff8 install-node: Fix yarn installation.
It appears that some change in yarn's versioning system means that
installing yarn itself ends up chowning its config directory
incorrectly to be owned by root, preventing `yarn install` from
working later.
2018-04-12 10:42:27 -07:00
Priyank d4b88e86cc yarn: Revert back to v0.27.5.
Revert yarn version back due to some issue with new version that causes
permission issues in ~/.config/yarn directory.

Related discussion: https://chat.zulip.org/#narrow/stream/21-provision-help/topic/EACCES.3A.20permission.20denied.2C.20scandir.20'.2Fhome.2Fvagrant.2F.2Econfig.2Fya
2018-04-12 10:18:59 -07:00
Rhea Parekh ccefaf7b26 scripts: Remove the depreciated script 'postgres-reset-sequences'. 2018-04-10 13:07:14 -07:00
Tim Abbott 9b8dd4f125 install-yarn: Fix buggy status check for the signature.
Apparently, they added a new signing key instance, and so checking
whether the old key exists doesn't work anymore.
2018-04-09 15:09:37 -07:00
Priyank ee078c372f install-node: Upgrade node, yarn, and nvm.
node -> v8.9.4
yarn -> 1.5.1
nvm -> 0.33.8

Also updates a test in timerender.js which depends on time
provided by node which is now changed in newer release.

Some changes have been made in circeci script, we just create ~/.config
directory and chown it to circleci user so installing new version of yarn
does not cause any ci failure on circleci during provision.
2018-04-09 13:56:48 -07:00