Commit Graph

1755 Commits

Author SHA1 Message Date
Alex Vandiver 0c7d83f7da kandra: Use vector to plumb SES logs into S3. 2024-09-26 11:19:45 -07:00
Alex Vandiver 60759ab5fb kandra: Use generic "vector" process, not dedicated "akamai" process.
This makes the Vector configuration extensible, to allow it to be used
not just for ingesting Akamai logs.
2024-09-26 11:19:45 -07:00
Alex Vandiver b0ca32c955 nginx: Fix missing word in comment. 2024-09-25 11:15:03 -07:00
Alex Vandiver 77a121082b kandra: Add localhost access to internal APIs on port 80.
This parallels 02d3fb7666.
2024-09-25 10:08:27 -07:00
Alex Vandiver 24d110f063 settings: Increase default max file upload size to 100MB.
This also _lowers_ the default nginx client_max_body_size, since that
no longer caps the upload file size.
2024-09-19 11:37:29 -07:00
Alex Vandiver 818c30372f upload: Use tusd for resumable, larger uploads.
Currently, it handles two hook types: 'pre-create' (to verify that the
user is authenticated and the file size is within the limit) and
'pre-finish' (which creates an attachment row).

No secret is shared between Django and tusd for authentication of the
hooks endpoints, because none is necessary -- tusd forwards the
end-user's credentials, and the hook checks them like it would any
end-user request.  An end-user gaining access to the endpoint would be
able to do no more harm than via tusd or the normal file upload API.

Regardless, the previous commit has restricted access to the endpoint
at the nginx layer.

Co-authored-by: Brijmohan Siyag <brijsiyag@gmail.com>
2024-09-19 11:37:29 -07:00
Alex Vandiver 02d3fb7666 nginx: Allow HTTP access to internal endpoints from localhost. 2024-09-19 11:37:29 -07:00
Alex Vandiver c34913b4d7 nginx: Limit access to internal endpoints, to localhost. 2024-09-17 12:51:30 -07:00
Alex Vandiver 64a16dd9b4 kandra: We do not serve staging from staging.zulip.com:80.
It is not configured in the ALB's rules, nor does the ALB ever forward
to port 80.
2024-09-09 15:17:19 -07:00
Alex Vandiver 9497f23307 puppet: Make restart-server cron use standard day-of-week.
Using 7 makes this fail when run under the Sentry cron wrapper.
2024-08-30 13:13:05 -07:00
Alex Vandiver 6cc480e2b5 kandra: Ensure that we do not error out creating standby.signal.
Force us to have restored the `/var/lib/postgresql/14/main` directory
before we try to create `standby.signal` in it.
2024-08-20 14:03:51 -07:00
Alex Vandiver 49e5722a9f kandra: Match the logic in zulip::profile::postgresql. 2024-08-20 14:03:51 -07:00
Alex Vandiver 9e58780d46 puppet: Fix indentation. 2024-08-20 14:03:51 -07:00
Alex Vandiver 47ebef057e puppet: Switch to an included limits.d file. 2024-08-20 10:04:40 -07:00
Alex Vandiver c0237e3d58 kandra: Correct group ownership and permissions to match package's.
This reverts b000328ba5 and re-applies
a759d26a32.  It is likely that the
upstream packages are simply inconsistent.
2024-08-20 10:04:40 -07:00
Alex Vandiver fe0a7b3b77 kandra: Drop support for 20.04 hosts. 2024-08-20 10:03:59 -07:00
Alex Vandiver dd5b03ea12 wal-g: Support setting the compression method. 2024-08-16 13:57:58 -07:00
Alex Vandiver 2840e68548 static: Pre-compress with zopfli, for better compression.
Zopfli[^1] performs very good, but time-intensive, zlib compression.
It is hence only suitable for pre-compressing objects, not on-the-fly
compression.

Use a webpack plugin to write pre-compressed versions of JS and CSS
assets using Zopfli, and configure nginx to serve those assets when
`Accept-Encoding: gzip` is provided.

This reduces the size of the JS and CSS assets on initial pageload
from 1422872 bytes to 1108267 bytes, or about a 22% savings.

[^1]: https://github.com/google/zopfli
2024-08-13 09:01:06 -07:00
Alex Vandiver 97afd713e0 nagios: Clean up after ourselves.
This prevents building up a large number of messages in the database.
2024-08-12 12:02:04 -07:00
Alex Vandiver 163863c0d1 nginx: Adjust default gzip level.
The default compression level is 1; increasing this to 3 takes a small
amount more CPU time (single-digit ms on multi-MB transfers), but
results in a small but noticeable (4-7%) percentage better
compression in JSON content.

Assuming a 25 megabit connection (the current average data rate for
cell phones in the U.S.), a 2MB file which is shrunk an additional 4%
saves approximately 25 milliseconds of transfer time; thus the
additional few milliseconds of CPU-time is well worth the cost.  For
faster connections (e.g. 100 megabit), the tradeoff is more or less a
wash.
2024-08-01 09:54:41 -07:00
Mateusz Mandera aaca394813 presence: Remove the queue worker. 2024-07-31 16:46:42 -07:00
Alex Vandiver 59cf3379c7 puppet: Factor out nagios plugins installation. 2024-07-30 09:46:24 -07:00
Alex Vandiver bf807eabd7 nagios: Make zephyr mirroring not page.
It is often flaky for reasons we cannot affect, and this is no longer
an important part of the Zulip Cloud service.
2024-07-26 14:24:50 -07:00
Alex Vandiver d88f98c46b puppet: Upgrade dependencies. 2024-07-24 13:02:04 -07:00
Tim Abbott 54c2c02011 thumbnail: Add support for multiple queue workers.
There's no need for sharding, but this allows one to spend a bit of
extra memory to reduce image-processing latency when bursts of images
are uploaded at once.
2024-07-21 19:15:43 -07:00
Anders Kaseorg f3c67103cf memcached_exporter: Explicitly close memcached connection.
Fixes warnings like “ResourceWarning: unclosed <socket.socket fd=5,
family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0,
laddr=('127.0.0.1', 39702), raddr=('127.0.0.1', 11211)>” with warnings
enabled.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-16 14:50:09 -07:00
Alex Vandiver 2e38f426f4 upload: Generate thumbnails when images are uploaded.
A new table is created to track which path_id attachments are images,
and for those their metadata, and which thumbnails have been created.
Using path_id as the effective primary key lets us ignore if the
attachment is archived or not, saving some foreign key messes.

A new worker is added to observe events when rows are added to this
table, and to generate and store thumbnails for those images in
differing sizes and formats.
2024-07-16 13:22:15 -07:00
Alex Vandiver bf9539386a katex: Default the server on.
The memory costs are low (~60MB), and likely worth the stability.
2024-07-15 13:16:31 -07:00
Anders Kaseorg a73b8a34d9 supervisor: Fix katex_server.js path for tarball deployments.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-15 13:16:31 -07:00
Anders Kaseorg 0fa5e7f629 ruff: Fix UP035 Import from `collections.abc`, `typing` instead.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-13 22:28:22 -07:00
Anders Kaseorg 531b34cb4c ruff: Fix UP007 Use `X | Y` for type annotations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-13 22:28:22 -07:00
Anders Kaseorg e08a24e47f ruff: Fix UP006 Use `list` instead of `List` for type annotation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-13 22:28:22 -07:00
Lauryn Menard 80b86c7b16 documentation: Fix "you you" typos in docs/comments/logs. 2024-07-02 11:57:44 -07:00
Alex Vandiver 6a811cb306 process_exporter: Use -recheck-with-time-limit to catch process renames. 2024-05-30 22:24:53 -07:00
Alex Vandiver 2e6504cab7 puppet: Upgrade dependencies. 2024-05-30 22:24:53 -07:00
Alex Vandiver a6d2112453 kandra: Run rabbitmq cron jobs as root.
This is a regression introduced in
f246b82f67.
2024-05-28 15:15:53 -07:00
Alex Vandiver d2516607bb puppet: Silence "needrestart" nags about kernel upgrades.
Ksplice keeps the kernel updated without restarts.
2024-05-28 14:34:26 -07:00
Laura Hausmann 5edcc209c3 nginx: Send SNI for proxied S3 requests.
Some S3 backends (e.g. garage or minio behind caddy) are unable to
respond to TLS requests that only have the Host header set. This makes
sure those configurations are supported going forward.
2024-05-28 16:30:44 -04:00
Alex Vandiver 549f4fe00b nginx: Strip off request headers which might affect S3's behaviour.
Clients making requests to Zulip with a `Authorization: Basic ...` for
an upload in S3 pass along all of their request headers to the S3
backend -- causing errors of the form:

```xml
<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>InvalidArgument</Code>
  <Message>Only one auth mechanism allowed; only the X-Amz-Algorithm
  query parameter, Signature query string parameter or the
  Authorization header should be specified</Message>
  <ArgumentName>Authorization</ArgumentName>
  <ArgumentValue>Basic ...</ArgumentValue>
  <RequestId>...</RequestId>
  <HostId>...</HostId>
</Error>
```

Strip off all request headers which AWS reports that S3 may read[^1].

Fixes: #30180.

[^1]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html
2024-05-28 12:04:19 -07:00
Alex Vandiver c98bf184bb postfix: Increase the max message size to 25MB.
The default is 10MB[^1]; increasing this to 25MB aligns it with the
email mirror's internal limit.

[^1]: https://www.postfix.org/postconf.5.html#message_size_limit
2024-05-24 14:54:29 -07:00
Alex Vandiver c7f42de8ba cron: Monitor "command"s with sentry, now that they are one command.
These no longer involve any shell, so are safe to prepend with the
sentry wrapper.
2024-05-24 11:31:25 -07:00
Alex Vandiver f246b82f67 puppet: Factor out pattern of writing a nagios state file atomically. 2024-05-24 11:31:25 -07:00
Alex Vandiver 230040caa9 puppet: Remove check_postgresql_backup.
We have replaced this monitoring with the black-box wal-g monitoring,
which is more accurate.
2024-05-24 11:27:59 -07:00
Alex Vandiver 2218de0399 management: Disable Sentry for management commands run interactively.
This adds `--automated` and `--no-automated` flags to all Zulip
management commands, whose default is based on if STDIN is a TTY.
This enables cron jobs and supervisor commands to continue to report
to Sentry, and manually-run commands (when reporting to Sentry does
not provide value, since the user can see them) to not.

Note that this only applies to Zulip commands -- core Django
commands (e.g. `./manage.py`) do not grow support for `--automated`
and will always report exceptions to Sentry.

`manage.py` subcommands in the `upgrade` and `restart-server` paths
are marked as `--automated`, since those may be run semi-unattended,
and they are useful to log to Sentry.
2024-05-24 10:30:16 -07:00
Alex Vandiver cf24d2c25e check_send_receive_time: Use time.perf_counter() for duration timing. 2024-05-08 15:51:20 -07:00
Alex Vandiver f42153f670 check_send_receive_time: Use machine.deploy_type to check "staging".
This brings it in line with other locations (e.g. Sentry) and is less
likely to have accidental false-positives.
2024-05-08 15:51:20 -07:00
Alex Vandiver 8bdf1e4a10 check_send_receive_time: Move "states" to inside where they are used. 2024-05-08 15:51:20 -07:00
Alex Vandiver 04e21044b9 check_send_receive_time: Default --site usefully.
This saves us the time of shelling out to a new python process,
loading all of Django, and printing one value we could just have read
in-process.  It is unclear why we ever did it this way.
2024-05-08 15:51:20 -07:00
Alex Vandiver cbc9065ed2 check_send_receive_time: Remove no-longer-used "config" option.
This become unused in 927660a7b6.
2024-05-08 15:51:20 -07:00
Alex Vandiver 2bd60e8562 check_send_receive_time: Print no output on success. 2024-05-08 15:51:20 -07:00