Commit Graph

165 Commits

Author SHA1 Message Date
EdOverflow 86cfed3e81 Update generate_secrets.py 2017-07-11 12:43:46 -07:00
sinwar 9cab965601 install-node: hardcode the path for npm.
This replaces nvm in npm-wrapper by harcoding the path the way we do
with node.  The main benefit is that this saves a few hundred
milliseconds every time we invoke npm.
2017-07-06 17:44:28 -07:00
Tim Abbott b70986469c generate_secrets: Fix handling of missing trailing newlines.
When we added support for automatically adding new secrets in
generate_secrets.py, we failed to account for the possibility that a
human editor might have let the secrets file without a trailing
newline.

We address this by adding a leading newline before our new secret.

Fixes #5209.
2017-06-03 23:17:04 -07:00
Tim Abbott 11adbf5783 generate_secrets: Fix placement of mypy type: ignore. 2017-05-17 00:05:57 -07:00
Tim Abbott b01ba5f389 generate_secrets: Fix mypy errors.
I'm pretty sure these errors reflect a problem with Typeshed, but
don't have time to investigate.
2017-05-16 23:28:44 -07:00
Tim Abbott 2c6a91e24a scripts: Make generate_secrets.py idempotent.
Now, generate_secrets.py will never overwrite existing secrets.  In
addition to being a safer model in generate, this fixes 2 significant
issues:

(1) It makes it much easier to preserve secrets like Oauth tokens in a
development environment (previously, provision would destroy them).
(2) It makes it possible to automatically add new secrets as part of
the upgrade process.  In particular, this is useful for the
zulip_org_id settings.

Fixes #4797.
2017-05-16 22:15:25 -07:00
Tim Abbott 03b5200d8b generate_secrets: Reformat list of autogenerated secrets. 2017-05-16 22:15:25 -07:00
rht 00e057bf44 install-node: bypass nvm wrapper for faster node startup.
This fixes a significant performance issue with LaTeX rendering (and
other things that invoked node) where starting up node took a few
hundred milliseconds due to nvm initialization.

Tweaked by tabbott to avoid copying the node binary itself, instead
using a tiny wrapper script.

This is important primarily because it's possible a future version of
node will expect to find libraries/dependencies/etc. installed via NVM
at some path related to the path of the node binary itself, and that's
more guaranteed with this new model.

Fixes #4618.
2017-05-09 09:17:54 -07:00
Alexander Trost 889547ff5e configure-rabbitmq: Add support for RABBITMQ_NODE flag.
This can potentially be used by things like a Docker configuration
that runs RabbitMQ on another server.
2017-04-29 15:03:05 -07:00
Tim Abbott 55a9101573 settings: Add support for ZULIP_ORG secrets.
These can be used to authenticate the current Zulip server to
zulip.org.
2017-04-18 23:00:10 -07:00
Feorlen 10ccfcdc8e Set umask 022 before starting prod install.
Fixes #2372.
2017-03-25 23:59:44 -07:00
Rishi Gupta 2bbfdeeb7b Fix more errors caught by mypy 0.501.
Another set of relatively easy to review changes.
2017-03-03 14:15:38 -08:00
Tim Abbott 51d3ab1cb7 initialize-database: Clean up final instructions.
Fixes #3678.
2017-02-21 20:19:16 -08:00
Tim Abbott de99f48ce7 lint: Clean up E401 PEP-8 rule. 2017-01-23 21:36:39 -08:00
anirudhjain75 beaa62cafa mypy: Convert several directories to use typing.Text.
Specifically, these directories are converted: [analytics/, scripts/,
tools/, zerver/management/, zilencer/, zproject/]
2016-12-07 20:51:05 -08:00
Tommy Ip 46b7d54b3e pep8: Fix E701 violations. 2016-11-30 20:45:09 +00:00
Anders Kaseorg 207cf6302b Always start python via shebang lines.
This is preparation for supporting using Python 3 in production.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-26 14:46:37 -08:00
Tim Abbott 8821b269bf flush-memcached: Replace 'set -x' with more clear output.
Similar to `terminate-psql-sessions`, this was just unnecessary spam
output.
2016-10-14 17:10:06 -07:00
Tim Abbott 382c8853f3 terminate-psql-sessions: Remove set -x.
Now that we're no longer actively debugging this tool, there's no need
to have it print everything it's doing.

This will make `test-backend` a lot nicer to use.
2016-10-14 17:08:05 -07:00
Tim Abbott 14f6e4c740 scripts: Stop using apt-add-repository.
Unfortunately, apt-add-repository is highly unreliable and was causing
problems both in Travis CI and with developers provisioning their
environment.
2016-10-11 22:10:36 -07:00
Diptanshu8 d7253b144c generate-secrets: Refactor to make development/production explicit.
generate-secrets.py now requires --development for development environment
setup or --production for production environment setup (and one of these
options is mandatory).

This solves the problem that it was somewhat easy to accidentally run
generate-secrets.py without the `-d` option while doing manual development
environment setup.

Fixes: #1911.
2016-10-06 17:12:49 -07:00
Tim Abbott c819a66e09 postgres-init-db: Use default bash to call flush-memcached. 2016-09-28 20:46:34 -07:00
umkay 798e6faa9e provision: Use NVM to install node and npm.
NVM takes a specific node version and installs the node package and
a corresponding compatible npm package.

We use it in a somewhat hackish way to install node/npm globally with
a pinned version, since that's how we actually want to consume node in
our development environment.

Other details:
- Travis CI now is configured to use the version of node installed by
provision; the easiest way to do this was to sabotage the existing node
installation.
- jsdom is upgraded to a current version, which both requires recent
node and also is required for the tests to pass with recent node.
This fixes running the node tests on Xenial.

Fixes #1498.

[tweaked by tabbott]
2016-09-23 14:34:44 -07:00
Vishnu Ks a7ead9e99d settings: Eliminate ADMIN_DOMAIN for creating initial realm.
We now use `./manage.py generate_realm_creation_link` as the flow flow
for creating one's first realm.
2016-08-25 09:37:33 -07:00
Alexander Trost 8d4896809a Deduplication of configuration: Database Initialization
Comment tweaked slightly by tabbott.
2016-08-05 13:33:22 -07:00
Tim Abbott 3839a25c74 Annotate generate_secrets.py. 2016-08-04 15:53:23 -07:00
Tim Abbott 3b277c3b1f install: Give nice error message on installation failure. 2016-07-31 19:24:45 -07:00
Tim Abbott 8b285ec0ff puppet: Read camo key from zulip-secrets.conf. 2016-07-31 00:23:24 -07:00
Tim Abbott 35339f5117 Rename local_settings_template to prod_settings_template. 2016-07-19 20:59:59 -07:00
Sumana Harihareswara 07afc9d34b Move production health check doc to separate page. 2016-07-12 15:46:10 -07:00
Eklavya Sharma a9835c0ab2 Activate virtualenv in production Python code.
The manage.py change effectively switches the Zulip production server
to use the virtualenv, since all of our supervisord commands for the
various Python services go through manage.py.

Additionally, this migrates the production scripts and Nagios plugins
to use the virtualenv as well.
2016-06-27 19:55:35 -07:00
Tim Abbott f7ce5fc179 generate_secrets: Silence mypy error with configparser.
See https://github.com/python/typeshed/issues/307.
2016-06-20 09:03:09 -07:00
Umair Khan a9a6687b7d Make generate-secrets script use existing values.
Fixes #1035
2016-06-20 17:00:27 +05:00
Michael Cordover b401ec0af7 Warn on postgres-init-db if >200 messages exist.
Closes #548.
2016-06-13 15:57:51 -07:00
acrefoot cf15b0b4e6 Fix hanging nc and 'invalid wait time' error on Trusty.
Apparently, 0 isn't a supported wait time value in some versions of nc.
2016-06-02 18:02:13 -07:00
Eklavya Sharma 94e4b39112 Replace python2.7 by python everywhere. 2016-05-29 05:03:08 -07:00
Eklavya Sharma 149938d468 Change shebangs from python2.7 to python. 2016-05-29 05:03:08 -07:00
Tim Abbott 6e1872987d Move bin/get-django-setting to scripts/. 2016-05-07 19:37:06 -07:00
Tim Abbott 6e1e4aaef6 postgres-init-db: Add POSTGRES_USER argument. 2016-04-26 15:27:35 -07:00
Tim Abbott dc772518e7 Don't chown supervisor socket if it doesn't exist. 2016-04-26 15:27:35 -07:00
Luke Faraone 9d9bfb27ef Correct shell quoting around $DEFAULT_USER in terminate-psql-sessions
Previously, we used shell quoting that would result in the shell variable not
being substituted. Instead, we use `"`s that will allow for variable
substitution.
2016-02-19 02:09:50 +00:00
Vladislav Manchev dfbea01c8f Add support for running OpenBSD in development environment. 2016-01-21 22:33:55 -08:00
Alexander Trost 84f7a1f1ea Make rabbitmq, redis, and memcached configurable via user settings.py.
Previously these were hardcoded in zproject/settings.py to be accessed
on localhost.

[Modified by Tim Abbott to adjust comments and fix configure-rabbitmq]
2016-01-21 22:07:56 -08:00
Reid Barton b2a92877ff Don't print echo commands in initialize-database post-success message. 2015-12-25 10:38:44 -08:00
Reid Barton 64a142f0a2 Fix running postgres-init-db via a relative path.
If the user runs ./scripts/setup/postgres-init-db, then dirname "$0"
would no longer refer to the correct directory after cd /.
2015-12-25 10:06:45 -08:00
Tim Abbott 827babdf29 terminate-psql-sessions: Remove dependency on bc.
Fixes #281.
2015-11-11 21:35:16 -08:00
Tim Abbott 421560af21 postgres-init-db: Stop all services before recreating database. 2015-11-01 18:11:39 -08:00
Tim Abbott 3c31f9a2e3 Drop database users prior to DROP/CREATE database.
This fixes an annoying issue where one tries to rebuild the database,
and it fails due to there being existing connections.

The one thing that is potentially scary about this implementation is
that it means it's now a lot easier to accidentally drop your
production database by running the wrong script; might be worth adding
a "--force" flag controlling this behavior or something.

Thanks to Nemanja Stanarevic and Neeraj Wahi for prototypes of this
implementation!  They did most of the work and testing for this.
2015-11-01 18:11:39 -08:00
Tim Abbott f3783fb4a1 Apply Python 3 futurize transform libfuturize.fixes.fix_print_with_import. 2015-11-01 09:26:16 -08:00
Steven Oud d5435fad1d Consistently use /usr/bin/env python2.7 in shebangs and commands. 2015-10-21 22:58:21 +00:00
Tim Abbott e75ba630fb initialize-database: Make management command errors fatal again.
We accidentally made this non-fatal when we added the nice error
output telling users to run postgres-init-db.
2015-10-15 12:21:46 -04:00
Tim Abbott bf694fa832 Flush memcached whenever we drop the databases.
This fixes some issues that we've had where commands will fail is
confusing ways after the database is rebuilt because data from before
the database was dropped is still in the memcached cache.
2015-10-15 12:18:41 -04:00
Raphael 0608e32eeb Cause install to return 1 on failure.
This fixes issue #123. Namely, the script in scripts/setup/install was
returning 0. Adding `set -e` and `set -o pipeline` causes the install
script to exit and return 1 if any part fails, including piping output
(`set -o pipeline` does this).
2015-10-07 08:46:16 -04:00
Ged Lawrenson 21b7048e54 install: Verify that the script has sufficient privileges. 2015-09-30 10:55:49 -07:00
Tim Abbott 92aebe595b Dramatically extend post-install documentation for production Zulip. 2015-09-30 09:04:14 -07:00
Tim Abbott 5bf66e04fc initialize-database: Print nice instructions for how to redo if fails.
Most of our installation process is idempotent, but this step in
particular is not, so it's important to provide a clear error message
about how to proceed.
2015-09-29 18:27:27 -07:00
Anders Kaseorg 0d12dfd06f Improve shell quoting hygiene
Most of these problems were found by ShellCheck
(http://www.shellcheck.net).

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2015-09-25 23:25:08 -04:00
Tim Abbott 2348a83678 postgres-init-db: Fix running with cwd=/root.
(imported from commit d2ac25fa8c54b89eed80e941b3eacf1a4c2f5546)
2015-09-25 00:22:15 -07:00
Tim Abbott cf17168c9f Move prod README to root of repository.
(imported from commit db108ffa7f88f22610ecee085abdcd6c5a2bb681)
2015-09-22 21:22:11 -07:00
Reid Barton 5be0c2902e Connect to the zulip database correctly in postgres-init-db
(imported from commit b6ab80567ff5d229a00c7d2cf5866bca0ee9c7c5)
2015-08-29 12:07:33 -07:00
Reid Barton 942e97d886 Create directory to write log of initial installation into
(imported from commit fa352a7b4f57379df14249fd5f168249ead64777)
2015-08-28 09:40:30 -07:00
Reid Barton d8b44606a3 Make configure-rabbitmq fail on error
If there's a problem with Django settings then RMQPW would just be
empty, causing more confusing errors downstream.

(imported from commit 5948b1a15eb92fc032ea02e499be58365d8e9ecb)
2015-08-28 09:37:58 -07:00
Reid Barton 4e61c06903 Fix postgres syntax when creating zulip schema in production
(imported from commit 51ba85b995e4b5044f914163dab7f2ae14df908f)
2015-08-28 09:37:46 -07:00
Reid Barton 5768fd7f49 Remove reference to Zulip deployment key from Zulip Voyager README
(imported from commit 74a4f86839fb76eb175016453d91b916b9ce416d)
2015-08-23 21:44:27 -07:00
Reid Barton a3d85f501b Create tsearch_extras in production database setup
(imported from commit e6c699b06f022d923b57ccee7ad778f870bf890d)
2015-08-21 16:54:35 -07:00
Tim Abbott d281fc75fd Rename generate_voyager_secrets.py => generate_secrets.py.
(imported from commit c2f370c3b241601b4f6883d3953ceec1efda71be)
2015-08-21 10:33:36 -07:00
David Roe e3f38acbce Enterprise => Voyager.
(imported from commit 41b9a67301aeaf5fd40bbbb8f34a326ca98431fd)
2015-08-21 10:33:35 -07:00
David Roe 3f7cb34b00 enterprise => voyager
(imported from commit 04be792bb480d5e5db1c91d296d1000cf1682571)
2015-08-21 10:33:35 -07:00
Reid Barton 362f9c6c5f Django 1.7: syncdb and migrate are now synonyms
(imported from commit b8a1b2476892bab2418240b04deea6aa40ff1b03)
2015-08-20 23:01:26 -07:00
Yoyo Zhou ec5ed87ca0 Make get_secret return None instead of an exception if the secret isn't defined.
Remove empty key generation from generate_enterprise_secrets, since get_secret ignores missing keys now.

(imported from commit 32d61e3058f0d41bfb4b17775e581a3c84540fe7)
2015-08-20 21:54:38 -07:00
Tim Abbott 9000d27f12 Update generate_enterprise_secrets to support running in production.
(imported from commit 1051f668ebe684cc60ba4444e815ef60398fad61)
2015-08-20 17:33:16 -07:00
Cat Miller 0a20f168a7 Auto-generate dev-secrets file.
Source LOCAL_DATABASE_PASSWORD and INITIAL_PASSWORD_SALT from the secrets file.
Fix the creation of pgpass file.

Tim's note: This will definitely break the original purpose of the
tool but it should be pretty easy to add that back as an option.

(imported from commit 8ab31ea2b7cbc80a4ad2e843a2529313fad8f5cf)
2015-08-20 00:20:44 -07:00
Tim Abbott 0dae10eab4 Remove unused secret HASH_SALT.
(imported from commit 831c4cb7680b7bf8dadbd930195175e9a4186356)
2015-08-18 20:17:48 -07:00
Luke Faraone cf7ea9bef9 Allow configure-rabbitmq to be run w/o sudo
(imported from commit 98e820d92b42420d6851a967f6675940ee4d8217)
2015-08-16 16:45:07 -07:00
Tim Abbott 9a6f34a807 Make generate_enterprise_secrets.py work regardless of path.
(imported from commit c1ab8231fbe907a32b18c02a00cee51011abbb21)
2013-11-14 09:10:10 -05:00
Tim Abbott 037460b24c Fix permissions on install script.
(imported from commit af71b3a4988059c58e741bf94d0c28383c08f704)
2013-11-14 08:56:06 -05:00
Tim Abbott 486fcfa53f README
(imported from commit c02dfbd15ab6bac5a450d04075b15a7c44e8ddfe)
2013-11-14 08:19:20 -05:00
Zev Benjamin 87a6838e0e enterprise: Log the output of upgrade-zulip and install scripts
We may eventually want to rotate the log files, but this seems good
enough for now.

(imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 08:08:59 -05:00
Zev Benjamin 67ed16a12e enterprise: Make /root/zulip be a symlink to ~zulip/deployments/next
(imported from commit 2a0e7f99fe4517e45ad2794b7fa464df08d40db1)
2013-11-13 16:26:04 -05:00
Tim Abbott c54322f76a install: Move DROP SCHEMA PUBLIC to run in zulip database.
(imported from commit 1eef44e7255b8fe1314f7763ebfc6c04083305e5)
2013-11-13 15:35:45 -05:00
Tim Abbott c842b42b12 postgres-init-db: The zulip user doesn't need CREATE DB on enterprise.
Also clean up the series of similar blocks.

(imported from commit fdb468bd6be3077bdbf2d72289064397ea04f27a)
2013-11-13 15:35:45 -05:00
Tim Abbott b4ace85d3a Make sure everything under /home/zulip is owned by zulip.
(imported from commit f6c8b6c0a6dc8b7ada79cb4951818f06faa873e7)
2013-11-13 12:07:15 -05:00
Tim Abbott 0299964051 Make the Zulip user able to edit settings.py.
(imported from commit c69ff2b2e9f176ae2e78b76a7b022e00d09e7c00)
2013-11-13 12:02:50 -05:00
Tim Abbott 6bcd5a7ffc Update installation instructions to include configuring the app.
(imported from commit 89395815c32416ec0636efcff12eb76f5d890bbd)
2013-11-13 12:02:50 -05:00
Tim Abbott 6aaa2b1a24 Create the zulip database owned by zulip.
(imported from commit cc6e895d9e97bdd9d084c7b1a7204bd5b7ae5cd8)
2013-11-13 12:02:50 -05:00
Tim Abbott 0ec8a7a2f1 install: Make sure we own everything under /var/log/zulip
supervisord may start up during the install process and do a bunch of
incorrect stuff, with the net effect of creating files in there owned
by root.

(imported from commit 28379af9680bf9d3c72da196f329abdf8c82c6be)
2013-11-13 12:02:50 -05:00
Tim Abbott b2d4883165 postgres-init-db: Split into internal and external versions for now.
(imported from commit 3516b1377e5914dac2b504961922ef8d08148d1f)
2013-11-13 12:02:50 -05:00
Tim Abbott f4a9e99498 puppet: Move the postgres dictionary symlink creation to puppet.
(imported from commit 823f6683e3d8f3604da68e55dd6761ecb38d4b63)
2013-11-13 12:02:50 -05:00
Tim Abbott 45f21cbb14 Setup the database after the Zulip user is fully setup.
Otherwise we may run into permissions issues.

(imported from commit a8013c84796d16146336c2809dcd8cd935b43a7b)
2013-11-13 12:02:50 -05:00
Tim Abbott e1a8f511fe configure-rabbittmq: Make it work if you run it a second time.
This is to make it easier to just run the install script again if it
fails.

(imported from commit 65deb9d001e061d58deecd44c4683231de76dc79)
2013-11-13 12:02:50 -05:00
Tim Abbott c7d9bf41bc Rename SSL certificates for Zulip Enterprise.
(imported from commit 4f15f2aee2bcc7450953488c94e8b88734aeaff7)
2013-11-12 15:57:42 -05:00
Tim Abbott 270f5730fa Rename local server => enterprise in some scripts.
(imported from commit 98cdb4c2e1be5a6abb59821eb32f749c058b773b)
2013-11-12 15:57:42 -05:00
Tim Abbott 966fde261a puppet: Rename local_server => enterprise.
(imported from commit 5faa269df5937f6db99098e44aaea7d0a4f2c14a)
2013-11-12 15:57:02 -05:00
Tim Abbott 21f1058fd2 Rename local_server=>enterprise in DB initialization script.
(imported from commit 76e26f43858e3baa6ed1b38d67973ed41acf04f3)
2013-11-12 15:57:02 -05:00
Tim Abbott b461e3c10e Add a README file documenting the installation process for local server.
(imported from commit 4fb149a39acb4dda7ee0d2f038212534f410e064)
2013-11-12 15:57:01 -05:00
Tim Abbott 57b5231063 install: Script the install process more fully.
We can probably later merge the create-database code with that of our
internal do-destroy-rebuild-database.

(imported from commit 323932dbf2eb916545d6ebdda70eb1f5e1abb181)
2013-11-12 15:57:01 -05:00
Tim Abbott 2e41515cc3 localserver: Make the zulip user own supervisor.sock.
We really should fix this in supervisor itself, since in particular we
lose this setting every time the system is rebooted.

(imported from commit a700078b158808340f5f30812235449c74508cde)
2013-11-12 15:57:01 -05:00
Tim Abbott 03bf4ba423 postgres-init-db: Don't hardcode LOCAL_DATABASE_PASSWORD.
(imported from commit e2cf6c6c0abb688c77661e4849e7b574b4222e68)
2013-11-12 09:38:43 -05:00
Tim Abbott 5f7c530285 install: Set puppet deploy type for local server.
(imported from commit c8b7ac3a7741470851f6fa9c27677e1238c1dce7)
2013-11-12 09:34:25 -05:00
Tim Abbott 26d7411bc0 generate_localserver_secrets: Fix path to camo defaults file.
(imported from commit 4456715e038b10978b3ce1e7454d625795f336e7)
2013-11-12 09:34:25 -05:00