Tim Abbott
3e32102016
nagios: Fix various critical issues not tagged as pageable.
2017-01-06 21:49:20 -08:00
Tim Abbott
edebf7619b
puppet: Add PAM common_session disabling systemd-login.
...
This fixes a weird problem with systemd where logging into a server
via ssh frequently has a 15s+ lag.
2017-01-06 21:49:15 -08:00
Tim Abbott
93c2c19775
nagios: Increase process count limits.
2017-01-06 21:49:15 -08:00
Tim Abbott
2c6cb37385
munin: Add default munin configuration template.
2017-01-06 21:44:57 -08:00
Tim Abbott
9ab8e7ba34
nagios: Disable swap checks for servers with no swap.
2017-01-06 21:39:07 -08:00
Tim Abbott
3e01ed1f73
nagios: Increase NTP max_check_attempts.
...
NTP often suffers from brief interruptions of service that lead to
spurious Nagios alerts; it makes sense to suppress these.
2017-01-06 21:32:43 -08:00
Tim Abbott
e4420b08d2
zulip_ops: Disable unattended upgrades of security packages.
...
Since Zulip does not handle e.g. postgres server restarts gracefully,
it's best for a system administrator to manually trigger security
updates.
2017-01-06 21:30:56 -08:00
Tim Abbott
6f9c73d0e5
zmirror: Update Debathena release in configuration.
...
The zulip_ops configuration is now for xenial, not obsolete wheezy.
2017-01-06 21:30:41 -08:00
Tim Abbott
bd9176d1d9
nagios: Remove some default files.
...
Nagios ships with a bunch of default configuration files that one
needs to delete in order to configure it.
2017-01-06 21:25:12 -08:00
Tim Abbott
7083899e77
zulip_ops: Add postgres config for enabling Nagios.
...
The old zulip_ops Nagios configuration depended on Nagios having the
ability to login as the zulip user (with essentially full write
access); this configuration is helpful for limiting nagios to special
"nagios" user with more limited credentials.
2017-01-06 21:24:24 -08:00
Tim Abbott
204edb0f85
zulip_ops: Cleanup pg_hba.conf configuration.
2017-01-06 21:23:51 -08:00
Tim Abbott
30c57eb2ae
zulip_ops: Add basic .emacs for production.
2017-01-06 21:20:21 -08:00
Tim Abbott
eb87d04168
puppet: Remove xxxxx password hardcoding in recovery.conf.
2017-01-06 21:20:21 -08:00
Tim Abbott
6404a1a5ff
zulip_ops: Add nagios-plugins-contrib.
...
This has a number of useful nagios plugins.
2017-01-06 21:19:59 -08:00
Tim Abbott
f7b77008ef
zulip_ops: Add aptitude dependency.
...
This is useful for `aptitude why`.
2017-01-06 21:19:50 -08:00
Tim Abbott
2510a51a8a
zulip_ops: Add letsencrypt dependency.
2017-01-06 21:19:31 -08:00
Tim Abbott
65774e1c4f
zulip_ops: use check_postgres package from apt.
2017-01-06 21:18:55 -08:00
Tim Abbott
165b4d3126
nagios: Fix check_send_receive_time threshholds.
...
Previously, the CRITICAL state would never fire (because x > 6 =>
x > 3). Additionally, 6s is not so unusually high as to deserve being
immediately pageable.
2017-01-06 21:16:37 -08:00
K.Kanakhin
0d8c18a6dd
nagios-plugins: Add websocket checking to nagios message sending test.
...
- Add websocket client to create connection with SockJS websocket server.
It contains callback method to launch after connection setup.
- Add '--websocket' parameter to 'check_send_receive_time' script to
check websocket connection.
- Add testing websocket connection to production installation checking.
- Add cronjob to launch websocket connection nagios test.
This makes it possible for Zulip Nagios monitoring to check for
problems impacting the websockets sending code path, which is what all
web users use.
2016-12-30 15:36:37 -08:00
Umair Khan
336a041ac0
Django 1.10: Use uWSGI.
...
Fixes : #1121
With some tweaks by tabbott to make the number of processes configurable.
2016-12-13 21:40:43 -08:00
Igor Tokarev
c93f1d4eda
Add oembed/Open Graph/Meta tags data retrieval from inline links.
...
This change adds support for displaying inline open graph previews for
links posted into Zulip.
It is designed to interact correctly with message editing.
This adds the new settings.INLINE_URL_EMBED_PREVIEW setting to control
whether this feature is enabled.
By default, this setting is currently disabled, so that we can burn it
in for a bit before it impacts users more broadly.
Eventually, we may want to make this manageable via a (set of?)
per-realm settings. E.g. I can imagine a realm wanting to be able to
enable/disable it for certain URLs.
2016-12-07 17:40:18 -08:00
Jason Le
144d82305d
mypy: Annotate puppet/zulip_ops.
2016-12-03 11:00:25 -08:00
bulat22101
adebc75740
pep8: Fix E502 violations
2016-12-03 10:56:36 -08:00
Sidhant Bhavnani
8c0c12c1d9
pep8: Fix E303 violations.
2016-12-02 15:34:11 -08:00
Rafid Aslam
c5316b4002
lint: Fix E127 pep8 violations.
...
Fix pep8: E127 continuation line over-indented for visual indent
style issue.
2016-12-01 10:23:55 -08:00
Bickio
6b0df43463
pep8: Fix E125.
2016-11-30 20:03:29 -08:00
Tommy Ip
46b7d54b3e
pep8: Fix E701 violations.
2016-11-30 20:45:09 +00:00
Rafid Aslam
7a2282986a
pep8: Fix E225 pep8 violations.
2016-11-28 15:21:15 -08:00
Anders Kaseorg
092fe4fecb
puppet: Write rabbitmq-env.conf before installing rabbitmq-server
...
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-26 18:54:12 -08:00
Anders Kaseorg
207cf6302b
Always start python via shebang lines.
...
This is preparation for supporting using Python 3 in production.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-26 14:46:37 -08:00
Anders Kaseorg
1ea8abe493
Replace python -u with PYTHONUNBUFFERED=1
...
(Why is -u needed at all? I’m not sure, but test-run-dev spins forever
“Polling run-dev...” without it.)
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-26 13:20:22 -08:00
Anders Kaseorg
d1dc2cf30e
Mark scripts executable
...
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-26 13:20:22 -08:00
Anders Kaseorg
18e49bec3a
puppet: Add another missing dependency on postgresql-common
...
The postgres group must exist before we give files to it.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-26 11:23:32 -08:00
Tim Abbott
f78eb9d82d
puppet: Add missing dependency on postgresql-common.
...
postgresql-$(version) depends on postgresql-common depends on ssl-cert,
which creates the ssl-cert group.
2016-11-21 07:38:45 -08:00
Tim Abbott
2e65dc1206
puppet: make check_send_receive_time target host configurable.
2016-11-02 23:40:53 -07:00
Tim Abbott
9578908601
check_send_receive_time: Stop hardcoding EXTERNAL_API_URI.
2016-11-02 23:35:08 -07:00
Tim Abbott
eceaf36001
setup_disks: Fix postgres RAID setup to work correctly on Xenial.
...
Nobody's going to run this on Wheezy again.
2016-10-28 11:04:08 -07:00
Tim Abbott
9b7a3f040c
Remove now-unused /json/get_events endpoint.
2016-10-27 21:34:58 -07:00
Tim Abbott
4fbe201187
puppet: Automate autossh process monitoring maintenance.
...
Previously, the Zulip Nagios configuration effectively hardcoded the
count for how many system should have autossh connections.
2016-10-26 00:49:03 -07:00
Tim Abbott
6bdb10b71b
puppet: Update emacs dependency to emacs-nox metapackage.
...
This way, one doesn't need to keep updating the dependency every time
a new major emacs release comes out.
2016-10-26 00:42:22 -07:00
Tim Abbott
11b5d203f7
sshd_config: Increase MaxStartups.
...
This fixes connection problems when using the full Zulip recommended
Nagios configuration against a given server.
2016-10-26 00:41:03 -07:00
Tim Abbott
73f54dd0cb
sshd_config: Add updates from Xenial upstream.
...
It seems worth updating this to match the Linux distro this
configuration targets.
2016-10-26 00:40:44 -07:00
Tim Abbott
0a5a2c4eda
nagios: Automate authorized users list maintenance.
2016-10-26 00:37:29 -07:00
Tim Abbott
fa4998db59
puppet: Add zulip_zephyr_mirror plugins.
2016-10-26 00:35:57 -07:00
Tim Abbott
ac4f28050c
zmirror: Remove unnecessary krb5-clients dependency.
...
I'm pretty sure krb5-clients isn't needed to run the Zephyr mirroring
service.
2016-10-26 00:35:11 -07:00
Tim Abbott
d490e83645
puppet: Upgrade nagios cgi.cfg with modern defaults.
2016-10-26 00:31:41 -07:00
Tim Abbott
1159ad4857
puppet: Upgrade nagios.cfg with modern defaults.
2016-10-26 00:31:41 -07:00
Tim Abbott
73178e5e5a
puppet: Run check_send_receive_time via a cron job.
...
This allows the actual nagios work involved with
check_send_receive_time nagios checks to be done by an unprivileged
"nagios" user rather than the "zulip" user.
2016-10-26 00:26:52 -07:00
Tim Abbott
96cf330649
puppet: ssh as the nagios user instead of zulip user.
...
This is a follow-up to 4f58fef54b
,
touching services.cfg instead of commands.cfg.
2016-10-26 00:23:47 -07:00
Tim Abbott
a350d43683
puppet: Add recovery.conf configuration to postgres_slave.pp.
...
This file is needed to run a valid postgres slave; it's not clear why
this wasn't installed in the original zulip.com configuration.
2016-10-26 00:22:57 -07:00