edebf7619b
puppet: Add PAM common_session disabling systemd-login.
...
This fixes a weird problem with systemd where logging into a server
via ssh frequently has a 15s+ lag.
2017-01-06 21:49:15 -08:00
93c2c19775
nagios: Increase process count limits.
2017-01-06 21:49:15 -08:00
2c6cb37385
munin: Add default munin configuration template.
2017-01-06 21:44:57 -08:00
9ab8e7ba34
nagios: Disable swap checks for servers with no swap.
2017-01-06 21:39:07 -08:00
3e01ed1f73
nagios: Increase NTP max_check_attempts.
...
NTP often suffers from brief interruptions of service that lead to
spurious Nagios alerts; it makes sense to suppress these.
2017-01-06 21:32:43 -08:00
e4420b08d2
zulip_ops: Disable unattended upgrades of security packages.
...
Since Zulip does not handle e.g. postgres server restarts gracefully,
it's best for a system administrator to manually trigger security
updates.
2017-01-06 21:30:56 -08:00
6f9c73d0e5
zmirror: Update Debathena release in configuration.
...
The zulip_ops configuration is now for xenial, not obsolete wheezy.
2017-01-06 21:30:41 -08:00
bd9176d1d9
nagios: Remove some default files.
...
Nagios ships with a bunch of default configuration files that one
needs to delete in order to configure it.
2017-01-06 21:25:12 -08:00
7083899e77
zulip_ops: Add postgres config for enabling Nagios.
...
The old zulip_ops Nagios configuration depended on Nagios having the
ability to login as the zulip user (with essentially full write
access); this configuration is helpful for limiting nagios to special
"nagios" user with more limited credentials.
2017-01-06 21:24:24 -08:00
204edb0f85
zulip_ops: Cleanup pg_hba.conf configuration.
2017-01-06 21:23:51 -08:00
30c57eb2ae
zulip_ops: Add basic .emacs for production.
2017-01-06 21:20:21 -08:00
eb87d04168
puppet: Remove xxxxx password hardcoding in recovery.conf.
2017-01-06 21:20:21 -08:00
6404a1a5ff
zulip_ops: Add nagios-plugins-contrib.
...
This has a number of useful nagios plugins.
2017-01-06 21:19:59 -08:00
f7b77008ef
zulip_ops: Add aptitude dependency.
...
This is useful for `aptitude why`.
2017-01-06 21:19:50 -08:00
2510a51a8a
zulip_ops: Add letsencrypt dependency.
2017-01-06 21:19:31 -08:00
65774e1c4f
zulip_ops: use check_postgres package from apt.
2017-01-06 21:18:55 -08:00
0d8c18a6dd
nagios-plugins: Add websocket checking to nagios message sending test.
...
- Add websocket client to create connection with SockJS websocket server.
It contains callback method to launch after connection setup.
- Add '--websocket' parameter to 'check_send_receive_time' script to
check websocket connection.
- Add testing websocket connection to production installation checking.
- Add cronjob to launch websocket connection nagios test.
This makes it possible for Zulip Nagios monitoring to check for
problems impacting the websockets sending code path, which is what all
web users use.
2016-12-30 15:36:37 -08:00
144d82305d
mypy: Annotate puppet/zulip_ops.
2016-12-03 11:00:25 -08:00
adebc75740
pep8: Fix E502 violations
2016-12-03 10:56:36 -08:00
8c0c12c1d9
pep8: Fix E303 violations.
2016-12-02 15:34:11 -08:00
c5316b4002
lint: Fix E127 pep8 violations.
...
Fix pep8: E127 continuation line over-indented for visual indent
style issue.
2016-12-01 10:23:55 -08:00
7a2282986a
pep8: Fix E225 pep8 violations.
2016-11-28 15:21:15 -08:00
207cf6302b
Always start python via shebang lines.
...
This is preparation for supporting using Python 3 in production.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-26 14:46:37 -08:00
2e65dc1206
puppet: make check_send_receive_time target host configurable.
2016-11-02 23:40:53 -07:00
eceaf36001
setup_disks: Fix postgres RAID setup to work correctly on Xenial.
...
Nobody's going to run this on Wheezy again.
2016-10-28 11:04:08 -07:00
9b7a3f040c
Remove now-unused /json/get_events endpoint.
2016-10-27 21:34:58 -07:00
4fbe201187
puppet: Automate autossh process monitoring maintenance.
...
Previously, the Zulip Nagios configuration effectively hardcoded the
count for how many system should have autossh connections.
2016-10-26 00:49:03 -07:00
6bdb10b71b
puppet: Update emacs dependency to emacs-nox metapackage.
...
This way, one doesn't need to keep updating the dependency every time
a new major emacs release comes out.
2016-10-26 00:42:22 -07:00
11b5d203f7
sshd_config: Increase MaxStartups.
...
This fixes connection problems when using the full Zulip recommended
Nagios configuration against a given server.
2016-10-26 00:41:03 -07:00
73f54dd0cb
sshd_config: Add updates from Xenial upstream.
...
It seems worth updating this to match the Linux distro this
configuration targets.
2016-10-26 00:40:44 -07:00
0a5a2c4eda
nagios: Automate authorized users list maintenance.
2016-10-26 00:37:29 -07:00
fa4998db59
puppet: Add zulip_zephyr_mirror plugins.
2016-10-26 00:35:57 -07:00
ac4f28050c
zmirror: Remove unnecessary krb5-clients dependency.
...
I'm pretty sure krb5-clients isn't needed to run the Zephyr mirroring
service.
2016-10-26 00:35:11 -07:00
d490e83645
puppet: Upgrade nagios cgi.cfg with modern defaults.
2016-10-26 00:31:41 -07:00
1159ad4857
puppet: Upgrade nagios.cfg with modern defaults.
2016-10-26 00:31:41 -07:00
73178e5e5a
puppet: Run check_send_receive_time via a cron job.
...
This allows the actual nagios work involved with
check_send_receive_time nagios checks to be done by an unprivileged
"nagios" user rather than the "zulip" user.
2016-10-26 00:26:52 -07:00
96cf330649
puppet: ssh as the nagios user instead of zulip user.
...
This is a follow-up to 4f58fef54b
2016-10-26 00:23:47 -07:00
a350d43683
puppet: Add recovery.conf configuration to postgres_slave.pp.
...
This file is needed to run a valid postgres slave; it's not clear why
this wasn't installed in the original zulip.com configuration.
2016-10-26 00:22:57 -07:00
c3727c9886
nagios: Remove old zulip.com trac/git/replica servers.
...
These are unlikely to be relevant to anyone.
2016-10-26 00:21:53 -07:00
383f39b543
nagios: Enable allow_empty_hostgroup_assignment.
...
This fixes the configuration being broken when we remove some of the
old zulip.com hosts that are unlikely to be of interest to anyone.
2016-10-26 00:19:21 -07:00
4f58fef54b
zulip_ops: Use nagios user for all Nagios checks.
...
There's no reason these Nagios checks needs to run as the
semi-priviliged Zulip user.
2016-10-26 00:17:26 -07:00
32d244dbe5
puppet: Add Nagios checks for other consumers.
2016-10-26 00:11:08 -07:00
f1fa4397f3
puppet: Fix package deps for zulip-ec2-configure-interfaces.
2016-10-26 00:11:08 -07:00
3448ab4c7a
zulip-ec2-configure: Fix network IDs for Ubuntu Xenial.
2016-10-26 00:11:08 -07:00
080dd8c987
nagios: Ignore kthreads in check_procs tests.
...
Modern Linux can have a lot of kernel threads not doing anything.
Since this isn't interesting from a monitoring perpsective, we ignore
these.
2016-10-26 00:10:40 -07:00
4c9a283542
puppet: Remove configuration for old builder host.
...
I don't think this configuration was ever even used; it's just
clutter.
2016-10-26 00:01:52 -07:00
f9ad75f58e
puppet: Remove configuration for old zulip.com bots host.
...
This configuration didn't do anything anyway and just clutters the
repo.
2016-10-26 00:01:29 -07:00
9d4f3f1e1b
puppet: Replace zulip_ops postgres configs with postgres_appdb_tuned.
...
There's no longer a reason to have copies of forked postgres
configuration files in our repository, since some time ago we merged
the features of these configuration files into the main
postgres_appdb_tuned.pp.
2016-10-25 23:58:53 -07:00
105ea972f6
puppet: Remove now-unncessary kernel.shm sysctl values.
...
With modern Linux and postgres, these settings are not required.
2016-10-25 23:58:33 -07:00
2227e77cce
puppet: Remove Dropbox usernames from Nagios config.
2016-10-25 23:55:42 -07:00
8584c05d80
zulip_ops: Remove unnecessary loadbalancer stanzas.
2016-10-25 23:52:37 -07:00
624ee3989f
puppet: Remove old Dropbox certificates.
2016-10-25 23:52:30 -07:00
f0bb78ba2d
puppet: Fix iptables-persistent->netfilter-persistent rename.
2016-10-25 23:45:21 -07:00
c4ca7ee6e1
puppet: Move Apache sites files to correct paths.
...
Apache now actually requires its configuration files have names ending
with .conf.
2016-10-25 23:44:28 -07:00
a5a03c2e0b
zulip_ops: Include zulip::apt_repository.
...
This replaces the old wheezy configuration.
2016-10-16 20:13:35 -07:00
8c68c6f09b
zulip_ops: Remove wheezy apt repo.
...
Nobody uses wheezy anymore, and the configuration wasn't even
conditional on the OS version.
2016-10-16 20:13:35 -07:00
5210b0a6a4
zulip_ops: Cleanup old redis configuration.
...
One can now just use the improved configuration we've merged into the
main Zulip repo.
2016-10-16 20:13:35 -07:00
869f0724ce
zulip_ops: Remove humbughq.com nginx configuration.
...
The humbughq.com name hasn't been the product's name since 2013, and
it's nice to finish clearing it out of the repository.
2016-10-16 20:13:29 -07:00
29448fb47b
zulip_ops: Remove old Zulip, Inc. trac configuration.
...
This isn't useful to anyone.
2016-10-16 19:23:47 -07:00
771e03cfa7
zulip_ops: Remove old Zulip, Inc. mediawiki configuration.
...
This isn't useful to anyone.
2016-10-16 19:23:47 -07:00
36e336edc3
puppet: Rename zulip_internal to zulip_ops.
...
The old "zulip_internal" name was from back when Zulip, Inc. had two
distributions of Zulip, the enterprise distribution in puppet/zulip/
and the "internal" SAAS distribution in puppet/zulip_internal. I
think the name is a bit confusing in the new fully open-source Zulip
work, so we're replacing it with "zulip_ops". I don't think the new
name is perfect, but it's better.
In the following commits, we'll delete a bunch of pieces of Zulip,
Inc.'s infrastructure that don't exist anymore and thus are no longer
useful (e.g. the old Trac configuration), with the goal of cleaning
the repository of as much unnecessary content as possible.
2016-10-16 19:23:27 -07:00
Tim Abbott
Tim Abbott
K.Kanakhin
Jason Le
bulat22101
Sidhant Bhavnani
Rafid Aslam
Anders Kaseorg