Commit Graph

132 Commits

Author SHA1 Message Date
Tim Abbott 9e2d17ff9e puppet: Add uid/gid for Nagios user.
It turns out that having a UID for one user that's 1000, and not
setting them for other users, is a disaster: puppet might create them
in the wrong order, using UID 1000, and thus breaking creating the
'humbug' user later on.  The same issue applies to groups.

(imported from commit 02b4700278e5c495bd514802f41ae238e6b051ac)
2013-06-17 13:48:05 -04:00
Tim Abbott 5e41bab681 puppet: Fix iptables-persistent always being restarted.
(imported from commit 5246be11dbbba3b9fee4be0477eb08525575577e)
2013-06-17 13:48:03 -04:00
Zev Benjamin a9e4441bee [manual] Serve static files from the same location across prod deploys
This only affects DEPLOYED installations.

This does not take care of removing old versions of static files from
that directory.  The problem is that staticfiles is clever and
doesn't copy files that are already there, so we can't depend on
mtime for detecting which files we no longer need.  Hopefully that
won't be too much of a problem for now.

(imported from commit 4341460dd5bc6544086fd445014ebdac58192910)
2013-06-12 17:46:38 -04:00
Tim Abbott 19d8cfd657 puppet: Properly configure nginx service and disable default site.
(imported from commit 4c526c9333445e2575a85d1e90ccc134717f19f6)
2013-06-12 17:19:33 -04:00
Tim Abbott b762067144 Puppetize Nagios user and ssh configuration for client systems.
(imported from commit 21a350979dc5d0e30b83e33fbc54cc5898755fdc)
2013-06-12 17:19:33 -04:00
Tim Abbott 164c4d2c1b puppet: Fix memcached configuration to not require manual restart.
(imported from commit 869050668cd69e8d76e39a6864f35a1cba45449d)
2013-06-06 11:02:52 -04:00
Tim Abbott 7f8e5324af Avoid restarting server on every deploy in puppet configuration.
(imported from commit 0e40f19ac5d81a2016fedf42d851f270eea07e28)
2013-06-06 11:01:17 -04:00
Leo Franchi 113180b7b7 nagios: Don't page about load/disk/ levels on non-critical servers.
Add a pageable_servers and not_pageable_servers hostgroup, and only page for
app/postgres/zmirror.

(imported from commit 15c286324e942bd38e2a600a3b9091044f117e28)
2013-06-05 10:20:56 -04:00
Tim Abbott c609d347b7 puppet: Move python-requests to base.pp.
It's needed to use the Humbug API, which most of our machines end up
using anyway.

(imported from commit 95a3317ab25632007deaadf74da5bec175641d27)
2013-06-04 19:48:40 -04:00
Tim Abbott d3ad2cd1d4 puppet: Deploy Nagios configuration via Puppet.
(imported from commit ef4c2fb9188bab406b7e677cbe3d0c2b1527a4c4)
2013-06-04 19:48:13 -04:00
Tim Abbott efcf88a707 puppet: Fix paths in feedback-bot configuration.
(imported from commit e9407af884dc75490de5168e067453e77aa612d7)
2013-06-04 19:48:13 -04:00
Tim Abbott b64af68d6a puppet: Fix key name for the Humbug ops key.
(imported from commit 9647603e4b0ec91411be029dc08c558dfd7ed8f4)
2013-06-04 19:48:13 -04:00
Tim Abbott cd65aea287 Add our trac configuration to puppet.
(imported from commit 8a9cf825344cdf83e8233f15ba66bbf050c920e4)
2013-06-04 19:48:13 -04:00
Zev Benjamin 1af0d5b942 [manual] Add Diff Match Patch dependency
(imported from commit 808a83f4326ed88a09321e0f7ca647c956a5af32)
2013-06-04 18:18:33 -04:00
Zev Benjamin 3325554c03 Fix app_frontend.pp whitespace
(imported from commit ecbdd52b00d67569fc907b05ccd2c903e65141c4)
2013-06-04 18:17:44 -04:00
Leo Franchi 8cc0a9b4f9 [manual] Require redis-server to be installed on our servers
This requires `redis-server` to be installed. Check it is installed before
deploying this commit. It also requires 'python-redis' to be installed.

(imported from commit e3434a04456e596f6c84c1a3c289a00aa7cbb2ed)
2013-06-04 09:43:09 -04:00
Leo Franchi f9a99192df Add supervisor conf file for stats
(imported from commit e9104676e714dc36050fef50cabe8386b6c52e4d)
2013-06-03 16:16:22 -04:00
Zev Benjamin 1004178fe1 puppet: Only restart supervisor when the config file has been updated
(imported from commit ad318e2d7a1350235a62585a45a6b3673d783393)
2013-05-30 14:36:31 -04:00
Keegan McAllister 3e19afc95f Puppet: Install moreutils on servers
So we can use the 'sponge' command in update-prod-static.

I've already installed it on app and staging.

(imported from commit 1527b1c0108d7a95b471dea82e8dedc88f944f70)
2013-05-30 13:51:47 -04:00
Tim Abbott 8f90f4ed6c Fix permissions on Nagios plugins.
(imported from commit 7d1feb1430ca897a478c376fb5fe623e10040261)
2013-05-30 10:59:50 -04:00
Luke Faraone b159373153 Depend on nagios-plugins-basic, not nagios.
(imported from commit 6508bc1ff5d89f4724aa3e627aec51c851bc84c4)
2013-05-29 17:57:33 -04:00
Luke Faraone 290ae183e2 Remove duplicate nagios plugins entry.
(imported from commit e95db03152e76cc87b00324ae51c57934f0eb168)
2013-05-29 17:57:33 -04:00
Luke Faraone 02de2cf260 Fix two puppet syntax errors.
Note to the future: run this command to validate configs before deploying:

puppet parser validate servers/puppet/modules/*/manifests/*.pp

Maybe we want to add this to check-all...

(imported from commit e0eb6502380ff361b783830d45e8422bc0f76c02)
2013-05-29 16:25:25 -04:00
Luke Faraone 20841f83eb Remove comments no longer applicable to current config
(imported from commit 53ebfb22c4fd8943b7153350a0141ee251a6f6b5)
2013-05-29 15:36:48 -04:00
Luke Faraone b4b728dd6f We already install pipeline as a package, no need to pip it too.
(imported from commit 82deec580c9d460fae667a437cdb558ca2bf9694)
2013-05-29 15:36:48 -04:00
Luke Faraone 711b1eeeac Deploy naigos plugins with puppet.
(imported from commit ddc4db430ed2b9b7512f28d3f54dd6dfe7f5b264)
2013-05-29 15:36:47 -04:00
Luke Faraone 742d3bb511 Move check_send_receive.py to the naigos plugins directory, renaming it.
For consistency, and because nobody could think of a reason to have it live
in bots/ with a symlink.

(imported from commit def372653fcdde2805729134fec9d4bc3ce294ec)
2013-05-29 15:36:47 -04:00
Luke Faraone 8570f5fe55 [manual] Configure prod to use our wildcard cert.
These changes can be applied with "puppet apply".

(imported from commit 999611539e81f452dd605bb98f70436737747c29)
2013-05-29 15:36:47 -04:00
Luke Faraone eb8cb4d108 [manual] Include postgres and checkrestart as requirements for the default install
These changes can be applied with "puppet apply"; no pre- or post-
action is required.

(imported from commit 95448c53313b48337b084ca92174622c6ef67417)
2013-05-29 15:36:47 -04:00
Luke Faraone b8a4aa9ef3 Break out prod and staging configs.
(imported from commit fa1ca155422031906bed4b50ac21bb41102ab960)
2013-05-29 15:36:47 -04:00
Luke Faraone c13ac407e2 remove block to prevent py2.5 packages from being installed
No longer relevant on wheezy.

(imported from commit 77885bc78b3583a6eda277868318002f58d1d2f8)
2013-05-29 15:36:47 -04:00
Zev Benjamin d92d62412f [manual] Use humbug-deployments/current as the CWD for supervisor processes
Some of our code uses the CWD, so we have to set it.

The config file needs to be copied over.

(imported from commit cec991ccbffddf7ea4d1ec8471377221ddd7c669)
2013-05-29 14:13:39 -04:00
Zev Benjamin 6824c94b7e [manual] Remove dependence on /home/humbug/humbug git checkout on app frontends
Modified files need to be copied into the right place.  The checkout
on git.humbughq.com also needs to be updated.

(imported from commit dbe9e05a0512e1f59c7819dd8d44c2c4e9c83bcf)
2013-05-29 12:00:03 -04:00
Luke Faraone 80d6e7222a Remove usage of pip.
(imported from commit f4309385b922c521cf41645dcf05a2727ca75f54)
2013-05-28 18:39:09 -04:00
Luke Faraone ee227a5ee4 Chown authorized_keys explicitly to root.
Previously the files ended up owned by "admin" for some reason.

(imported from commit b4489e5d7f3a69c389ef91a78fb125c79c22ef74)
2013-05-28 18:39:09 -04:00
Luke Faraone d81ab70644 Include our apt repository on our servers.
(imported from commit def8028201e2aebc031b557001180acbb8e6f27f)
2013-05-28 18:39:09 -04:00
Luke Faraone f911cf1a0b Symlink to enable "humbug" site.
(imported from commit 610792925ecb4599f8de0d5694b7caef64b73658)
2013-05-28 18:39:09 -04:00
Luke Faraone ef6c32cdb9 Correct path for supervisord config.
(imported from commit b2b61cacd5c44ccf089cd89ac524887fc3d0cb51)
2013-05-28 18:39:09 -04:00
Luke Faraone c07fa80eea Include additional required dependencies.
(imported from commit b6d2fea32ddf5b6125fc41994f8bc962bb3bfbd7)
2013-05-28 18:39:08 -04:00
Luke Faraone a4cc99b441 We no longer use backports, remove references from puppet.
(imported from commit deb8f27ceebf920f8702f1cb0da9f5502f03de9c)
2013-05-28 18:39:08 -04:00
Luke Faraone 08ad49184a Switch memcached user to "nobody" to match production.
(imported from commit 849ac9c1d7d6f06447b22e1c1ed2495f8c59943c)
2013-05-28 18:39:08 -04:00
Michael McCanna 0e77082873 [manual] Bump Nginx buffers, don't use fastcgi temp files
Nginx's fastcgi buffers default to 8 pages (32KB). I've bumped it to 4MB,
as queries like get_old_messages take something like 130KB, and was
being ferried off to disk. In case this change to the buffers parameters isn't
enough, we explicitly set the maximum temporary file size to 0; if the fastcgi
request goes over the buffers allocated, the request will be handled synchronously,
and never go out to disk on nginx's fastcgi requests.

The manual step that must be done is to apply changes to /etc/nginx/humbug-include/app
from servers/puppet/modules/humbug/files/nginx/humbug-include/app.
The nginx process can be reloaded with `/etc/init.d/nginx restart`.
This must be done for both staging and prod.

(imported from commit 99c1bd6989c54b7e230b7c04f2fdf09be7423352)
2013-05-28 18:13:45 -04:00
acrefoot 3370d2cae5 Puppet configuration for ~humbug/tornado directory
This directory is needed for the event_queues.pickle file
that gets created as part of dumping the tornado queues.

(imported from commit 7c1bde0ecae59d2174327a981582b55a199c5b57)
2013-05-28 11:19:44 -04:00
Zev Benjamin cce8dfab84 [manual] Use the same socket across server restarts
We let supervisor create the socket for us by making humbug-django a
fcig-program.  Unfortunately, supevisor doesn't support putting
fcgi-programs in groups (see
https://github.com/Supervisor/supervisor/issues/148), so we have to
restart tornado and django separately.

To deploy, copy the config files over and restart nginx and
supervisor (via stopping and then starting it because restart is
broken).  I believe the automated restart as part of
update-deployment will fail because of the way supervisor treats
programs in groups.  If so, after restarting supervisor, you will
also need to run restart-server manually to fill the caches and then
delete the lock directory in humbug-deployments.

(imported from commit bfb5db7dd42dcbc4bfefa2944355b3cbb2ef9104)
2013-05-23 00:19:17 -04:00
Zev Benjamin 8fd72a09bc Restart Django and Tornado separately from the other worker processes
The amount of process downtime during a supervisord-mediated restart
appears to be linear in the number of processes that are being
restarted.  Therefore, restarting just Django and Tornado causes less
downtime than doing them at the same time as the other worker
processes.

(imported from commit 1fa9ef547bcd88caeec49800664e37d5f2fcb7a8)
2013-05-21 16:13:39 -04:00
Zev Benjamin de3ba5a038 puppet: Replace postgres2 with postgres1 in pg_hba.conf
(imported from commit 2d8654f9382df7473ec12caf2067ef0af5fef791)
2013-05-20 23:55:03 -04:00
Leo Franchi 2fcc7c0c5c Fix aggregation rules to sum at correct frequency
(imported from commit a8a27c417ae6e9cc8a6c383313da27ff6d2e875f)
2013-05-20 23:55:03 -04:00
acrefoot 9d8f847fed [manual] Run server using supervisord
This change will make it so that processes related to the app.humbughq.com
server are run under supervisord, which uses a state machine model to ensure
that programs are running. It also ensure process startup order.

We will need to manually switch the old way of running server (in screen) into
this new way of doing things, on both staging and prod (app_frontend.pp has been
updated appropriately). This means:
1) cp servers/puppet/modules/humbug/files/supervisord/conf.d/humbug.conf /etc/supervisord/conf.d
2) installing the supervisor package.
3) killing those while loops in that screen session
4) mkdir /var/log/humbug (as root)
5) /etc/init.d/supervisord start
6) check that nothing broke

(imported from commit 055269a70973db89acd69049e01b185fabdc8f90)
2013-05-20 23:42:28 -04:00
Leo Franchi 25b915fa6a Enable rabbitmq consumser checks on app
(imported from commit e3df8bc849dc0e1ae2e7782c0c9be5c08d4818c2)
2013-05-20 23:29:54 -04:00
Leo Franchi 3d4e239247 Check rabbitmq consumers for all important queues
(imported from commit 1279d33e3e1c36ee8da01859875d24b54e14e2e6)
2013-05-17 01:02:35 -04:00