Commit Graph

121 Commits

Author SHA1 Message Date
Zev Benjamin 7af4b92b98 puppet: Rename app to prod0 in nagios
(imported from commit c2d1c2c06276a816ef33e057d3f859c755490cb3)
2013-11-25 11:43:16 -05:00
Zev Benjamin 9f2af6fd0d puppet: Fix postgres_primary alias
(imported from commit 1cd199224e45700fac03e68c99f9d4f7d9212b45)
2013-11-25 11:43:16 -05:00
Zev Benjamin 847d4dfbca puppet: Specify hosts for the postgres autovac_freeze check via a hostgroup
(imported from commit d0afc1b78015740fa9638563a5672d3400dd5002)
2013-11-23 12:08:49 -05:00
Zev Benjamin 139518ccbe puppet: Remove postgres0 from nagios and munin configs
(imported from commit 6a4eb208b2a344d65d684cf904ba882a5400056d)
2013-11-23 12:06:27 -05:00
Zev Benjamin dacf97db48 puppet: Use peer authentication for Postgres nagios checks
(imported from commit d8f02d5320d6f8b97fd82cd3f0ca65f6e5c42b03)
2013-11-23 10:01:15 -05:00
Zev Benjamin 3454680e4b puppet: Add VPC subnets to pg_hba.conf
(imported from commit 633bf08bfe2f3695bd6c9ed8584b78971ebe065f)
2013-11-23 08:23:49 -05:00
Zev Benjamin bf8fb3c0df puppet: Add postgres2 to nagios monitoring
(imported from commit 799b1304eebe49cf6d8153fb2bfd0b11a3bcab00)
2013-11-23 08:10:44 -05:00
Zev Benjamin 658972dda3 [manual] puppet: Add postgres2 to munin monitoring
You must run
autossh -2 -fN -M 20018 -L 5009:localhost:4949 nagios@postgres2.zulip.net
as nagios on nagios.zulip.net after deploying this commit.

(imported from commit bd8a61f99555ccf0a0010d79dbd89017aaafbb8f)
2013-11-23 08:10:44 -05:00
Zev Benjamin d7d98aaacc puppet: Move /etc/iptables/rules to /etc/iptables/rules.v4
The /etc/init.d/iptables-persistent initfile changed to expect there to be two
files in /etc/iptables (rules.v4 and rules.v6) instead of a single rules file.
Several of our machines are currently running without iptables rules as a
result.

(imported from commit 266c2ff26b77f7c9ae793690b0d544ee4cfa5020)
2013-11-23 08:10:44 -05:00
Zev Benjamin c3f4ab6c94 puppet: Add replicator access from postgres2 to pg_hba.conf
(imported from commit 2a4f150c67d3136a5e97cb673cc7f14256ffae01)
2013-11-22 17:38:52 -05:00
Luke Faraone af02e45a17 [manual] Support authentication and profile prefilling via LDAP
The latter doesn't depend on the former; we can still fill in your full
name even if you didn't authenticate via LDAP.

This commit requires django_auth_ldap to be installed. On Debian
systems, you can do so via APT:
    sudo apt-get install python-django-auth-ldap

On OS X, use your favourite package manager. For pip, I believe this
will work:
    pip install django_auth_ldap

django_auth_ldap depends on the "ldap" Python package, which should be
installed automatically on your system.

(imported from commit 43967754285990b06b5a920abe95b8bce44e2053)
2013-11-22 16:51:26 -05:00
Tim Abbott 8919ebe6b2 puppet: Make sure prod0's future external IP has access to postgres.
(imported from commit 91523dc92fd15dc0cf19b7bca70513250c4da983)
2013-11-22 16:43:10 -05:00
Zev Benjamin 18fc8c2059 puppet: Do peer authentication for user zulip on the DB servers
(imported from commit dceed53990db64b3c345726b02bf0c25815c2b25)
2013-11-22 15:58:09 -05:00
Tim Abbott c0e951f843 Add user_activity_test worker that does nothing.
This should help us debug the source of our memory leak problems.

(imported from commit 1bdc7ee2f72bdebb1cdc94601247834a434614d6)
2013-11-22 11:24:48 -05:00
Tim Abbott c31dbba9cc [puppet] Update pg_hba.conf to include staging's public IP.
This is for the interval while staging is running in VPC and postgres
is not; we can clean up these changes once that's no longer the case.

This also updates test1's IP, which apparently someone forgot to
commit previously.

We're currently running this on prod.

(imported from commit 3feced750f643bb218d4240e9a3d5cd7116963ee)
2013-11-21 11:27:16 -05:00
Tim Abbott 8bfbaab1d5 Fix typo in puppet directories for zulip_internal.
(imported from commit 52627a9e71dfc28bedd6c955069da46d3ef56e83)
2013-11-21 10:06:40 -05:00
Leo Franchi c6b862d26d Add desktop sso puppet folder dependencies
(imported from commit 63d8cad722cf015a5925a28ab860431be31175be)
2013-11-20 19:12:53 -05:00
Tim Abbott f0c6b63526 [puppet] Add cron job to restart our workers daily.
This is to ensure that if we have an interval where we're not doing
prod deploys, we don't have to worry about worker memory leaks killing
us.

(imported from commit 0b0180b0751f6c618d877b9c9ffc2b8287254e4d)
2013-11-20 18:34:16 -05:00
Tim Abbott 630cfd72f1 Deregister event queues when done in our Nagios scripts.
(imported from commit a1f73403163323e1dd9eda2f5269e94c60abdd1a)
2013-11-20 18:34:16 -05:00
Tim Abbott ca8225cf47 [manual] Add endpoint to cleanup a finished events queue.
This requires a puppet apply on each of staging and prod0 to update
the nginx configuration to support the new URL when it is deployed.

(imported from commit a35a71a563fd1daca0d3ea4ec6874c5719a8564f)
2013-11-20 18:34:15 -05:00
Tim Abbott 8806ec698a puppet: Increase nginx worker connections limit to match open files.
I want these limits to be at least 40x our current scale.

(imported from commit f22fc40d45292788666e5079ca79bcae683de510)
2013-11-20 10:13:07 -05:00
Tim Abbott ec23996538 puppet: Increase our nginx open file limit.
(imported from commit a002e1df484dcdab8cdbfb2f37ca2281d6f4eecd)
2013-11-20 10:13:07 -05:00
Tim Abbott b50db26a18 puppet: Add monitoring for camo.
(imported from commit b3cf29b02de285cf860fc173183cb6f4f3a17c74)
2013-11-19 15:25:14 -05:00
Tim Abbott 1bcf37664f zulip-sso: Make our Apache service use SSL.
(imported from commit ebf8c9b01cd16f38203c9585514c0d0be108b729)
2013-11-19 15:25:14 -05:00
Kevin Mehall 3a4b576135 Add a directory for enterprise admins to add static files.
For things like custom default avatars that shouldn't be overwritten
on update.

(imported from commit 2487d2532a5255b91bff956fdfb0d885cb786701)
2013-11-18 11:48:53 -05:00
Tim Abbott 259dca9508 puppet: Merge the ports.conf into zulip-sso.example.
This makes us not blow away a customer's ports.conf configuration on
upgrade if they needed to change it while setting up their SSO.

Also we change the NameVirtualHost line to better match the
VirtualHost line.

(imported from commit fd52e00c35afa8982e0377859ad794085ec2af80)
2013-11-15 18:13:09 -05:00
Tim Abbott 1b009c47fc Clean up our nginx configuraiton to make better use of app.d.
Now app.d is something that any app frontend will read, and we just
have secondary manifests add additional files to the app.d directory
for custom stuff.

This fixes the issue that we were incorrectly including the
lb0-related app configuration in the enterprise version.

(imported from commit dec8dcdf2506b82e51186ff936c26dc1cd6cf61b)
2013-11-15 15:04:13 -05:00
Tim Abbott 6826ef4e9a puppet: Switch from nginx to nginx-full.
(imported from commit 38dd5966d75946842b39e4e619d82ebbb0fb041c)
2013-11-15 15:04:13 -05:00
Kevin Mehall fe0dcd4313 Disable camo on enterprise.
CUSTOMER13 doesn't want it, and there's currently no nginx config
or configurable Camo URI, so it wouldn't work if image preview
were enabled.

(imported from commit 615d4a32acbc4d4d590f88cf4e7d45d8f49db1d3)
2013-11-15 14:27:16 -05:00
Tim Abbott ccae6ef5ce Remove unpublished work comment about our SSO example.
(imported from commit 20585c5caa2e7019e3817d40ea2ab90c13b582e2)
2013-11-14 11:16:15 -05:00
Leo Franchi be3257de62 Add sso sparkle paths and files
(imported from commit f8a953f4262b170931792ed223f1ddc29c5fe5ed)
2013-11-14 10:22:35 -05:00
Tim Abbott f9ab464c82 puppet: Fix owner/group for our puppet.conf file.
(imported from commit c91dcd07646482d380cd36df1a0002a5d8d76241)
2013-11-13 21:47:22 -05:00
Tim Abbott 498cce8ef9 puppet-apt: Fix missing owner/group for created files.
(imported from commit a435f90593788034421d4817386215bc14e83d01)
2013-11-13 21:47:14 -05:00
acrefoot 0175440afc [manual] fixup nagios postmaster configuration
(imported from commit e3c00b31bbb0ced38e62d31ae80b58e8c6374c7f)
2013-11-13 17:37:54 -05:00
acrefoot 6d38285a2e fixup supervisor oops related to postmaster config
(imported from commit 8b5c39f0d13abb5e1def9f88a2ab82cfa67b42f6)
2013-11-13 17:15:55 -05:00
acrefoot eab6a1d190 [manual] add nagios checks for email_deliver
manual step: puppet apply, make sure that these nagios checks are working properly

(imported from commit abc75b8a5b153510243c14035b820fbc864b7776)
2013-11-13 16:41:36 -05:00
acrefoot 08069bf34e [manual] Add the new deliver_email management command to the supervisor config.
You will have to puppet apply on both staging and prod to get this worker running.

(imported from commit 92969371220f08142f510d3415e8611dcfecd91f)
2013-11-13 16:41:36 -05:00
Zev Benjamin 8aa307f438 enterprise: Restart all Zulip processes every week
(imported from commit e44167023e0ad49eaf14c314a7731b93289900e6)
2013-11-13 16:26:03 -05:00
Kevin Mehall f7f2ec0aca [puppet] Report enterprise and prod errors to staging.
Errors are sent to a queue processor that posts them to staging,
just like the feedback bot.

(imported from commit 4a8d099672a1b3e48a8bc94148d8b53db73d2c64)
2013-11-13 16:22:21 -05:00
Jessica McKellar 1cb339a23d Expose password-protected /enterprise/download through nginx.
(imported from commit 8fba915bf0d0c718138ac62bd4333aef4e845d55)
2013-11-13 16:20:43 -05:00
Tim Abbott a16a7a028c Fix internal postgres_common.pp.
We didn't remove python-argparse from the requirements when that was
removed, and we also still need python-pip to install wal-e :(.

(imported from commit b82d3b429cffe0a3993819358511e11268ee2fef)
2013-11-13 15:35:45 -05:00
Tim Abbott 4cb50d8f3b Fix class name for apache_sso.pp.
(imported from commit 25daa2d98a88866824203f2e7016a12b9f91a32b)
2013-11-13 12:07:15 -05:00
Tim Abbott 47682d47c9 Move our apache2site library into the public manifest.
(imported from commit 8cb6d0a01fc286ad1a98a7e2d27a80293667e9b8)
2013-11-13 12:07:15 -05:00
Tim Abbott e877536de5 process_fts_updates: Use peer authentication.
(imported from commit 329ec3c07c9cfb648c706e01aec7e8826c3f7737)
2013-11-13 12:02:50 -05:00
Tim Abbott a6af391125 Remove dependency on python-argparse -- it isn't need with Python 2.7.
(imported from commit 388f6a5b7ff2b20364d22fad0d9e7d992791a18b)
2013-11-13 12:02:50 -05:00
Tim Abbott e986f1e988 puppet: Don't create /home/zulip/deployments/current symlink.
This is now managed on enterprise systems via the unpack-tarball
system.

(imported from commit 8cc4ac0b47990ed1d5a02113a27bd126f4e3f011)
2013-11-13 12:02:50 -05:00
Tim Abbott f4a9e99498 puppet: Move the postgres dictionary symlink creation to puppet.
(imported from commit 823f6683e3d8f3604da68e55dd6761ecb38d4b63)
2013-11-13 12:02:50 -05:00
Tim Abbott 9b9c43fd50 Fix paths to nginx configuration for zulip-enterprise.
(imported from commit 4c0ec7ac752d2f4810fe089b85f733c7c21a1676)
2013-11-13 12:02:49 -05:00
Tim Abbott 5e0433009f Add enterprise apt repository to puppet.
(imported from commit e68964089adbd81580cdee6dfc2ee61e31835ce7)
2013-11-13 12:02:49 -05:00
Tim Abbott 4bf9594750 puppet: Fix dependency on postgres in enterprise.pp.
(imported from commit 09baae1a0d6adc86124a1518b14ff28ef71db6ca)
2013-11-13 12:02:49 -05:00