Commit Graph

257 Commits

Author SHA1 Message Date
Tim Abbott e4fce10f46 Give root higher nofile limits in limits.conf.
(imported from commit f7fd9ce325449931f8866f6696f8484769c39a14)
2015-08-16 13:39:48 -07:00
Zev Benjamin 8ecb555a98 Update log2zulip bot config
(imported from commit c25802d55cd50c1a81050466d9a59a29501aca87)
2015-02-05 22:46:30 -08:00
Luke Faraone d3ebfbd042 Redirect c.d.n users to google auth
(imported from commit 72d6d486593155e346e7e856149fca3712868d89)
2015-02-05 21:40:23 -08:00
Luke Faraone e241e6e833 [manual] Support chat.dropboxer.net hostname.
This needs to be deployed on both prod and lb0 to be functional

DEPLOY INSTRUCTIONS: restart carefully

(imported from commit d97a450754608357418c80e5b3c7b3bbcd1d09fb)
2015-02-05 17:55:29 -08:00
Luke Faraone acccd2d5be [manual] Cert for chat.dropboxer.net from Tom Cook.
DEPLOY INSTRUCTIONS: Copy the cert over and restart carefully.

(imported from commit e7d96b231a70de89d3d8c5641df70354e7b7319d)
2015-02-05 17:55:23 -08:00
Luke Faraone e8f63e2041 [manual] external-content now shares www IP
This is safe because we have the wildcard-all cert.

DEPLOY INSTRUCTIONS: Change the CNAME in R53 for external-content.zulipcdn.net
to the same as www.zulip.com

(imported from commit 075984943ce3a3b17518b913ea650992e45f705e)
2015-02-05 17:49:35 -08:00
Luke Faraone 8a8356221e puppet: remove dbx.zulip.com -- HW project
(imported from commit 6edc3f1af44969427b2a12bee1983367855b4b88)
2015-02-05 17:48:47 -08:00
Luke Faraone 0f27554423 puppet: TLS cipher changes
This has been live on lb0 for a few months.

(imported from commit 32688aa82a891dd34ca1e7fbcdd84f18b25880c6)
2015-02-05 17:19:51 -08:00
Tim Abbott 87d1809657 Send digest emails 3 hours later now that we're on the west coast.
(imported from commit c7d5d0b30ac21314518132b5cf7dd9d7b2780f99)
2015-01-12 22:18:49 -08:00
Luke Faraone b2688bcf43 Add dbx to nginx config
(imported from commit 48f633eb1f4e949cfdb3ededc78bb774163fde19)
2014-10-06 15:27:55 -07:00
Luke Faraone d515f92d20 CORS headers for hack week API access
This has been live on staging for a while.

(imported from commit bd8b7ef500887fefc10656121fde389dca2aa217)
2014-10-06 15:27:55 -07:00
Jason Michalski 0bc2f43e32 Add a new postfix virtual address for missed message emails
The one time use email addresses are prefixed with mm and need be sent
to the local zulip user to be picked up by the email mirror.

(imported from commit e17cfe6855ab7886f25ded52790b8f31df955ef2)
2014-10-06 15:27:54 -07:00
acrefoot f62b9a199c fix typo in rules.v4 for iptables
(imported from commit 198259fec740c9e025ed56fd6e0b5d42f8d4323c)
2014-06-10 23:29:10 -07:00
Luke Faraone 5507575b7e Switch install scripts to use apt.zulip.net for ops systems
(imported from commit 3ff243459237ac673c5e8ae23077e628fa07a6b9)
2014-06-10 13:16:27 -07:00
Zev Benjamin 23c108a05c nagios: Check HTTPS instead of HTTP
(imported from commit ba0bb76d9bea6661e5396308eb431ff95ef51771)
2014-06-05 17:30:15 -07:00
Luke Faraone b383884019 Change expected autossh processes to 10
(imported from commit 41b06ce3f7cded7a29101a6de2d471bdffab5bcc)
2014-05-15 10:49:54 -07:00
Luke Faraone ef8b6e5a42 New certificates from Dropbox.
Thanks Tom Cook for getting these through Digicert!

We no longer need separate wildcard certificates, etc, because we have SAN star
certs.

(imported from commit 40a8961da51b6a0ae90c68b40b2af6d59cb5cf9f)
2014-05-05 18:24:14 -07:00
Zev Benjamin b190a24f40 puppet: Convert zmirror2 to use apt module for debathena sources
(imported from commit 67c71e15b5e5cbdffaa12953eaa7c0c72e7b107a)
2014-04-17 17:12:36 -07:00
Zev Benjamin 08a6969f48 puppet: Fix zmirror apt source resource
The resource is called "apt::source", not "apt::sources_list"

(imported from commit 5ace3d9a62e361b3c7f0b54bf69ac91c1136bb6d)
2014-04-17 17:12:36 -07:00
Zev Benjamin 50b763b12b puppet: Make iptables rules a puppet template
This allows us to specify different rules for the zmirror machines, which need
ports open for Zephyr.

(imported from commit f3c061e9492cbb99783f156debccf03161347e47)
2014-04-17 17:12:36 -07:00
Tim Abbott 52424cd67a Improve Zephyr personal mirror Nagios check.
(imported from commit 713f8f1ff1463537b46d493ac3571c2727d85379)
2014-04-11 16:44:13 -07:00
Zev Benjamin caef3f8bf3 [puppet] Allow Zulip to be loaded in an iframe on all domains
This removes "X-Frame-Options DENY" from our nginx config.  We need to be able
to load Zulip in an iframe for embedding and we decided that it doesn't actually
provide much protection.

(imported from commit 5bc363693db949010f6163cb3000c12229618a83)
2014-04-07 14:42:02 -07:00
Zev Benjamin bd20b295e1 [manual] Add python-pyjwt dependency
This will be used in the next commit.

(imported from commit 559fedd41fb731575ba7201dfbcef45d03461ef2)
2014-04-04 16:51:32 -07:00
Zev Benjamin 8518801601 Untabify app_frontend.pp
(imported from commit 2555cafa3bf3f9ef3551e4beab7ca2ad17ed05d4)
2014-04-04 16:51:31 -07:00
Zev Benjamin 286bd3005d nagios: Disable idle transaction checks
We apparently still have some process that occationally sits idle in a
transaction for a while, which makes this alert super noisy.

(imported from commit 074b04ad746bac0da1b8714763538d1ce22da64e)
2014-03-17 14:17:43 -04:00
Jessica McKellar 1c06e37245 [puppet] Change digest email send time by 1 hour for daylight savings.
(imported from commit 8ac1747f15e10b850f73ce28ea4579bee62ba1a4)
2014-03-14 20:48:49 -04:00
Zev Benjamin f7b64827e4 nagios: Don't check txn_time on trac
Doing so requires superuser privileges because check_postgres.pl only connects
to one database for that action.  We could theoretically work around this, but I
don't think it's worthwhile for non-production DBs.

(imported from commit 3ab06e4dd6f844c81128b81709cdc3cdfbe37c47)
2014-03-14 20:48:46 -04:00
Zev Benjamin d445386adc nagios: Add Postgres check for disabled triggers
(imported from commit 08ff85aecfc44c9226e637383464fae4d2b8997a)
2014-03-14 20:48:44 -04:00
Zev Benjamin 1653541e83 nagios: Re-enable Postgres transaction time checks
We believe these will generally no longer be disruptive now that we have
autocommit enabled.

(imported from commit c8c1301e0d4b188d6708173cd8c8b16279e3d910)
2014-03-14 20:48:44 -04:00
Tim Abbott 12309c61b6 Remove Nagios monitoring for the old email mirror.
(imported from commit fc4d95b12d5ee29438a2d3e7d8d694e8aa21f202)
2014-03-12 21:15:19 -04:00
Jessica McKellar e7ef654b45 [puppet]: Adjust zmirror Nagios checks to be more tolerant of a bad network.
We get a lot of alerts and sometimes pages due to network blips.

(imported from commit 4766585e71533b8551d49fa61bc4653114a65457)
2014-03-11 13:06:16 -04:00
Jessica McKellar 8a8efdc537 Use /usr/bin/env python for process_fts_updates.
`/usr/bin/env python` is almost always preferred over specifying the
specific python to run (and this script doesn't work for me on OSX
with /usr/bin/python specified).

(imported from commit 531e6062ba0ac1f25e3c681bb5cf83a918d0e3e7)
2014-03-03 16:08:32 -05:00
Luke Faraone e80c4f13b9 Don't include an "@" in mailname(5)
(imported from commit 84486373966c90d5fe2dd4af5966ae614628188f)
2014-02-27 20:25:34 -05:00
Leo Franchi 8ec1d9b552 [manual] Release desktop app 0.4.4
This requires a puppet apply on prod, as well as manually
updating the symlinks of Zulip-latest and Humbug-latest on
prod0

(imported from commit c5ef8cd0e2d156144531b35af9a8c5226f5bf750)
2014-02-27 20:25:26 -05:00
Leo Franchi acec697fe7 Report unnarrow times as well as narrow times
(imported from commit b3a889aa11dc112508c5a1d213f68e5223a879fc)
2014-02-13 14:45:22 -05:00
Zev Benjamin 41e3a89398 [manual] puppet: Puppetize Munin
To deploy this, the zulip_internal::base and zulip_internal::munin classes must
be added to nagios.zulip.net.

(imported from commit 50d6a4ed19fcc9c62c7104977d69043bf5b9bbf9)
2014-02-13 13:26:40 -05:00
Leo Franchi 2efaf75b25 Release desktop app v0.4.3
(imported from commit 13f5b79ce483db22cfa136a1318eadc4d04eb746)
2014-02-12 16:18:34 -05:00
Zev Benjamin 32d66d6f73 [manual] Monitor the new redis servers with nagios and munin
We have to start the tunnels up manually and add them to the wiki

(imported from commit aa5f80630a651c3fb33bba321e9d4444b5c498a2)
2014-02-10 13:23:28 -05:00
Zev Benjamin 631783f3cd [manual] Use dedicated Redis server for staging
Before we deploy this commit, we must migrate the data from the staging redis
server to the new, dedicated redis server.  The steps for doing so are the
following:

* Remove the zulip::redis puppet class from staging's zulip.conf
* ssh once from staging to redis-staging.zulip.net so that the host key is known
* Create a tunnel from redis0.zulip.net to staging.zulip.net
  * zulip@redis0:~$ ssh -N -L 127.0.0.1:6380:127.0.0.1:6379 -o ServerAliveInterval=30 -o ServerAliveCountMax=3 staging.zulip.net
* Set the redis instance on redis0.zulip.net to replicate the one on staging.zulip.net
  * redis 127.0.0.1:6379> slaveof 127.0.0.1 6380
* Stop the app on staging
* Stop redis-server on staging
* Promote the redis server on redis0.zulip.net to a master
  * redis 127.0.0.1:6379> slaveof no one
* Do a puppet apply at this commit on staging (this will bring up the tunnel to redis0)
* Deploy this commit to staging (start the app on staging)
* Kill the tunnel from redis0.zulip.net to staging.zulip.net
* Uninstall redis-server on staging

The steps for migrating prod will be the same modulo s/staging/prod0/.

(imported from commit 546d258883ac299d65e896710edd0974b6bd60f8)
2014-02-10 13:23:28 -05:00
Zev Benjamin 1d7976d332 puppet: Add manifest for dedicated Redis server
(imported from commit 894ad5ca005de0fb9a64bfb58da374f72734eb8d)
2014-02-10 13:23:28 -05:00
Zev Benjamin 4d91bb39d3 [manual] puppet: Split out redis server configuration from app_frontend
The zulip::redis puppet class should be added to all our frontends' zulip.conf
after this is deployed.  No puppet apply is required.

(imported from commit ccea89f4779c6c49c0cbe837adcb5be21bfe55ab)
2014-02-10 13:23:28 -05:00
Luke Faraone c7565222f0 Fail fast if fqdn is not defined on Enterprise with Postfix
Otherwise, we won't be able to generate valid configuration files.

(imported from commit 5ec1a43fed5991dc609c470b596926a5febcd4c5)
2014-02-07 01:02:06 -05:00
Luke Faraone 602f7f96e5 Move postfix inclusion from public app_frontend to internal manifest
Otherwise, we will enable the postfix config on all frontends,
regardless of whether Enterprise deployments requested it.

(imported from commit 9592be3706adcee7547f6795f32fe7b8d85e71ee)
2014-02-07 01:01:33 -05:00
Luke Faraone 60cfd3cfb0 Accept SMTP connections on hosts.
(imported from commit 524ae3f4362ffea12ff96498ae554322f7fe8a3c)
2014-02-06 12:14:21 -05:00
Luke Faraone 24f8492236 [manual] Enable local email mirror on all frontends.
This removed the cronjob from all app_frontend servers and enables the
local Postfix mail server on the same.

This is a no-op on staging if the parent commit has already been
applied.

To deploy this commit, run a puppet-apply on prod.

(imported from commit 6d3977fd12088abcd33418279e9fa28f9b2a2006)
2014-02-06 10:26:56 -05:00
Luke Faraone 30a6fd3bd7 [manual] Enable postfix email mirror on staging
This will cause us to recieve messages sent to streams.staging.zulip.com
via the local Postfix daemon running on staging.

This commit does not impact prod. To deploy, a puppet-apply is needed on
staging.

(imported from commit 9eaedc28359f55a65b672a2e078c57362897c0de)
2014-02-04 10:38:17 -05:00
Luke Faraone 882047515c [manual] Move polling email mirror to prod from staging
This will allow us to roll out the Postfix-based mirror on staging in
the future without impacting production mirroring.

This branch should be puppet-deployed first on prod, then staging.

(imported from commit eceaa6c02a06f7074cacc19c6439e5928eef3ae4)
2014-02-04 10:38:17 -05:00
Luke Faraone 374acb7f24 [puppet] Move email mirror cron to public module
This way we can reference it in the documentation.

(imported from commit 37d5cbfcfb745e2b44768674f53d7ba450518cd0)
2014-02-04 10:38:17 -05:00
Luke Faraone de56b947d4 Remove unused postfix aliases file.
(imported from commit f40cb5b532aaf6421b9dd55a197644ecf65021a4)
2014-02-04 10:38:17 -05:00
Luke Faraone 38636d5125 Puppet configuration for postfix
(imported from commit 230325f6233c6d32ecab5f9fa3fc102373b22039)
2014-01-31 15:33:15 -05:00