Commit Graph

1349 Commits

Author SHA1 Message Date
Alex Vandiver f4683de742 puppet: Switch the `rolling_restart` setting to use the bool values.
2c5fc1827c standardized which values are "true"; use them.
2023-05-11 15:54:15 -07:00
Alex Vandiver 530980cf31 zulip_tools: Add a get_config_bool to match Puppet logic.
Unfortunately, the existing use of this logic in `process_fts_updates`
cannot switch to using this code, as that code cannot import
zulip_tools.
2023-05-11 15:54:15 -07:00
Alex Vandiver f11350f789 puppet: Add PostgreSQL 15 support.
Instead of copying over a mostly-unchanged `postgresql.conf`, we
transition to deploying a `conf.d/zulip.conf` which contains the
only material changes we made to the file, which were previously
appended to the end.

While shipping separate while `postgresql.conf` files for each
supported version is useful if there is large variety in supported
options between versions, there is not no such variation at current,
and the burden of overriding the entire default configuration is that
it must be keep up to date wit the package's version.
2023-05-10 14:06:02 -07:00
Anders Kaseorg 3bc1acba4a install: Use set -x when installing node, shellcheck, shfmt, tx.
This makes it clearer which step failed if there’s an error.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-10 12:15:34 -07:00
Alex Vandiver 94495bef18 log-search: Filter out /error_tracing endpoints. 2023-05-05 14:45:46 -07:00
Alex Vandiver 7e637786b3 upgrade-postgresql: Only try to start new cluster if it is stopped.
pg_upgradecluster will start the cluster if the old cluster was
started before it ran, or if there are post-upgrade scripts to run.
Because neither of those are fully under our control, only attempt to
start the new cluster if it isn't already.
2023-05-05 13:35:32 -07:00
Alex Vandiver 40e5a12e3c upgrade-postgresql: Use jq rather than grep to check cluster status. 2023-05-05 13:35:32 -07:00
Alex Vandiver e5ae55637e install: Remove PostgreSQL 11 support.
Django 4.2 removes this support, so Zulip has not installed with
PostgreSQL 11 since 2c20028aa4.
2023-05-05 13:35:32 -07:00
Anders Kaseorg a31ff01211 node_cache: Disable pnpm update check.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-02 12:29:38 -07:00
Anders Kaseorg 6c4705a4ef install-node: Upgrade Node.js from 18.15.0 to 18.16.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-04-25 22:18:48 -07:00
Alex Vandiver 63e31a6de4 upgrade-zulip-from-git: CWD will be the cache directory.
96e42b8e81 broke this when it split out the steps to reset the
upstream.
2023-04-24 17:19:27 -07:00
Alex Vandiver c815dba368 install: Write out a zulip-git-version upon install. 2023-04-19 16:56:14 -07:00
Alex Vandiver 8ae167dc05 upgrade-zulip-from-git: We may need to fill in a zulip-git-version file.
Installs which are upgrading to current `main`, and are upgrading for
the very first time from an install which was originally from git,
have a `/home/zulip/deployments/current` which, unlike all later
upgrades, is not a `git worktree` of `/srv/zulip.git`, but rather a
direct `git clone` of some arbitrary URL.  As such, it does not have
an `upstream` remote, nor a cached `zulip-git-version` file.

This makes later attempts to determine the pre-upgrade revision of
git (for pre-deploy hooks) fail, as without a `zulip-git-version`
file, `ZULIP_VERSION` is insufficiently-specific (e.g. `6.1+git`), and
there is no guarantee the necessary tags exist either.

While we can make fresh git installs set up an `upstream` and run
`./tools/cache-zulip-git-version` going forward (see subsequent
commit), that does not address the issue for deploys which already
exist.  For those, we must configure and fetch a `remote` in the old
checkout, followed by re-generating a cached `zulip-git-version`.

Fixes: #25076.
2023-04-19 16:56:14 -07:00
Alex Vandiver 96e42b8e81 upgrade-zulip-from-git: Extract code to set zulip upstream remote. 2023-04-19 16:56:14 -07:00
Alex Vandiver 7dc7962c04 zulip-puppet-apply: Any resources failing to apply should exit 2.
The existing `except subprocess.CalledProcessError` only catches if
there are syntax errors which prevent the `lastrun` file from being
written; it does not handle if there are properly-defined resources
which fail to evaluate (e.g. due to a missing dependency or file).

Check the `failed` resource count, and exit 2 if there are any such
resources.  This will cause `zulip-puppet-apply --force --noop` (which
is used as a pre-flight check during upgrades) to properly detect and
signal on more types of invalid puppet configurations.  In turn, this
will cause `upgrade-zulip` to not attempt to power through upgrades it
knows are destined to fail.
2023-04-19 09:35:19 -07:00
Alex Vandiver 7c023042cf puppet: Rotate access log files every day, not at 500M.
Since logrotate runs in a daily cron, this practically means "daily,
but only if it's larger than 500M."  For large installs with large
traffic, this is effectively daily for 10 days; for small installs, it
is an unknown amount of time.

Switch to daily logfiles, defaulting to 14 days to match nginx; this
can be overridden using a zulip.conf setting.  This makes it easier to
ensure that access logs are only kept for a bounded period of time.
2023-04-06 14:31:16 -04:00
Alex Vandiver f4d70a2e37 hooks: Resolve version strings to commit SHAs, and pass in via the env. 2023-04-05 18:51:55 -04:00
Alex Vandiver ecfb12404a hooks: Switch to passing values through the environment. 2023-04-05 18:51:55 -04:00
Daniil Fadeev 2f203f4de1 emails: Inline CSS in emails in build_email.
Previously, we had an architecture where CSS inlining for emails was
done at provision time in inline_email_css.py. This was necessary
because the library we were using for this, Premailer, was extremely
slow, and doing the inlining for every outgoing email would have been
prohibitively expensive.

Now that we've migrated to a more modern library that inlines the
small amount of CSS we have into emails nearly instantly, we are able
to remove the complex architecture built to work around Premailer
being slow and just do the CSS inlining as the final step in sending
each individual email.

This has several significant benefits:

* Removes a fiddly provisioning step that made the edit/refresh cycle
  for modifying email templates confusing; there's no longer a CSS
  inlining step that, if you forget to do it, results in your testing a
  stale variant of the email templates.
* Fixes internationalization problems related to translators working
  with pre-CSS-inlined emails, and then Django trying to apply the
  translators to the post-CSS-inlined version.
* Makes the send_custom_email pipeline simpler and easier to improve.

Signed-off-by: Daniil Fadeev <fadeevd@zulip.com>
2023-04-05 12:22:29 -07:00
Anders Kaseorg 54b08ee30b setup-apt-repo: Fix GPG check of groonga-apt-source-*.deb.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-04-05 12:19:06 -07:00
Alex Vandiver dd5dbcabcb start-server: More gracefully handle only starting part of the server.
While the previous commit handles the common case of all of the server
being started already, it still produces ERROR output lines from
supervisorctl when most of the server is already running.  Take the
case where one worker is stopped:

```
$ supervisorctl stop zulip-workers:zulip_events_deferred_work
zulip-workers:zulip_events_deferred_work: stopped
$ ./scripts/start-server
2023-04-04 15:50:28,505 start-server: Running syntax and database checks
System check identified no issues (15 silenced).
2023-04-04 15:50:31,977 start-server: Starting Tornado process on port 9800
zulip-tornado:zulip-tornado-port-9800: ERROR (already started)
2023-04-04 15:50:32,283 start-server: Starting Tornado process on port 9801
zulip-tornado:zulip-tornado-port-9801: ERROR (already started)
2023-04-04 15:50:32,592 start-server: Starting django server
zulip-django: ERROR (already started)
2023-04-04 15:50:33,340 start-server: Starting workers
zulip-workers:zulip_events_deferred_work: started
zulip_deliver_scheduled_emails: ERROR (already started)
zulip_deliver_scheduled_messages: ERROR (already started)
process-fts-updates: ERROR (already started)
2023-04-04 15:50:34,659 start-server: Done!
Zulip started successfully!
```

More gracefully handle these cases:
```
$ ./scripts/start-server
2023-04-04 15:52:39,815 start-server: Running syntax and database checks
System check identified no issues (15 silenced).
2023-04-04 15:52:43,270 start-server: Starting Tornado process on port 9800
2023-04-04 15:52:43,287 start-server: zulip-tornado:zulip-tornado-port-9800 already started!
2023-04-04 15:52:43,287 start-server: Starting Tornado process on port 9801
2023-04-04 15:52:43,300 start-server: zulip-tornado:zulip-tornado-port-9801 already started!
2023-04-04 15:52:43,300 start-server: Starting django server
2023-04-04 15:52:43,316 start-server: zulip-django already started!
2023-04-04 15:52:43,793 start-server: Starting workers
zulip-workers:zulip_events_deferred_work: started
2023-04-04 15:52:45,111 start-server: Done!
Zulip started successfully!
```
2023-04-04 10:58:56 -07:00
Alex Vandiver cb097760b9 start-server: Make start-server a clean explicit no-op if already running.
Currently, the output from `start-server` if the server is already
running is potentially confusing, since it says ERROR several times:

```
$ ./scripts/start-server
2023-04-04 15:35:12,737 start-server: Running syntax and database checks
System check identified no issues (15 silenced).
2023-04-04 15:35:16,211 start-server: Starting Tornado process on port 9800
zulip-tornado:zulip-tornado-port-9800: ERROR (already started)
2023-04-04 15:35:16,528 start-server: Starting Tornado process on port 9801
zulip-tornado:zulip-tornado-port-9801: ERROR (already started)
2023-04-04 15:35:16,844 start-server: Starting django server
zulip-django: ERROR (already started)
2023-04-04 15:35:17,605 start-server: Starting workers
zulip_deliver_scheduled_emails: ERROR (already started)
zulip_deliver_scheduled_messages: ERROR (already started)
process-fts-updates: ERROR (already started)
2023-04-04 15:35:18,923 start-server: Done!
```

Catch the simple common case where all of the services are already
running, and output a clearer success message:

```
$ ./scripts/start-server
2023-04-04 15:39:52,367 start-server: Running syntax and database checks
System check identified no issues (15 silenced).
2023-04-04 15:39:55,857 start-server: Zulip is already started; nothing to do!
```
2023-04-04 10:58:56 -07:00
Daniil Fadeev 5c6f842b28 emails: Replace Premailer with CSS-inline.
Primary goal of library replacement is improving execution speed.
This commit should not affect the functionality of the system
or make any changes to it.
2023-04-03 15:15:05 -07:00
Alex Vandiver 790e4854dd hooks: Run hooks as the zulip user, not as root. 2023-03-30 16:16:37 -07:00
Anders Kaseorg 99ab700c1b Revert "node_cache: Work around pnpm install issue in Docker for Mac."
This reverts commit 126f3b5f47.

Testing showed that it was ineffective for many users.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-30 16:15:31 -07:00
Alex Vandiver f66d952c57 log-search: Support HTTP method limits. 2023-03-22 11:20:47 -07:00
Alex Vandiver b2666bf054 log-search: Compare lowered terms to lowered log line.
This allows us to search for upper-case things.
2023-03-22 11:20:47 -07:00
Anders Kaseorg 126f3b5f47 node_cache: Work around pnpm install issue in Docker for Mac.
On Docker for Mac with the gRPC FUSE or VirtioFS file sharing
implementations, we nondeterministically get errors like this from
pnpm install:

    pnpm: ENOENT: no such file or directory, copyfile '/srv/zulip/.pnpm-store/v3/files/7d/6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0' -> '/srv/zulip/node_modules/.pnpm/regexpu-core@5.3.2/node_modules/_tmp_3227_7f867a9c510832f5f82601784e21e7be/LICENSE-MIT.txt'

    Subcommand of ./lib/provision.py failed with exit status 1: /usr/local/bin/pnpm install --frozen-lockfile
    Actual error output for the subcommand is just above this.

Work around this using --package-import-method=copy.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-21 19:52:17 -07:00
Anders Kaseorg 3a27b12a7d dependencies: Switch to pnpm.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-20 15:48:29 -07:00
Anders Kaseorg 96e657a954 install-node: Upgrade Node.js from 18.14.1 to 18.15.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-16 12:32:28 -07:00
Anders Kaseorg f66136fcc2 zulip_tools: Improve error for `run` subprocess killed by signal.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-08 22:10:25 -08:00
Anders Kaseorg 5a79ca251b check-database-compatibility: Drop .py from script name.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-03 18:02:37 -08:00
Alex Vandiver e7fabb45f2 puppet: Pin with sha256sum verification. 2023-02-28 00:04:39 -05:00
Anders Kaseorg c1675913a2 web: Move web app to ‘web’ directory.
Ever since we started bundling the app with webpack, there’s been less
and less overlap between our ‘static’ directory (files belonging to
the frontend app) and Django’s interpretation of the ‘static’
directory (files served directly to the web).

Split the app out to its own ‘web’ directory outside of ‘static’, and
remove all the custom collectstatic --ignore rules.  This makes it
much clearer what’s actually being served to the web, and what’s being
bundled by webpack.  It also shrinks the release tarball by 3%.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-23 16:04:17 -08:00
Alex Vandiver 95abcffb75 log-search: Fix precedence in no-color case. 2023-02-22 11:43:13 -08:00
Alex Vandiver 38b7ecff68 log-search: Add a --timeline option to show gaps and overlaps. 2023-02-21 11:10:24 -08:00
Alex Vandiver cfd9e56d1a log-search: Do no use color codes if output is not a TTY. 2023-02-21 11:10:24 -08:00
Anders Kaseorg 64f0dcecb0 install-node: Upgrade Node.js to 18.14.1 security release.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-20 12:16:28 -08:00
Alex Vandiver 5db55c38dc puppet: Add a sha256_file_to. 2023-02-10 15:53:10 -08:00
Alex Vandiver 840884ec89 upgrade-zulip: Provide directories to run hooks before/after upgrade.
These hooks are run immediately around the critical section of the
upgrade.  If the upgrade fails for preparatory reasons, the pre-deploy
hook may not be run; if it fails during the upgrade, the post-deploy
hook will not be run.  Hooks are called from the CWD of the new
deploy, with arguments of the old version and the new version.  If
they exit with non-0 exit code, the deploy aborts.
2023-02-10 15:53:10 -08:00
Alex Vandiver 74067f071f upgrade-zulip: Print the old and new versions during upgrades.
Fixes: #23620
2023-02-10 15:53:10 -08:00
Alex Vandiver 418e51cc5b zulip_tools: Shell out to python to get true ZULIP_VERSION.
Parsing veryion.py will not get extended version information from git.
2023-02-10 15:53:10 -08:00
Anders Kaseorg ec58b6790d install-node: Upgrade Node.js to 18.14.0; manage Yarn with Corepack.
Corepack manages multiple per-project version of Yarn and PNPM, which
means we have to maintain less installation code, and could help us
switch away from Yarn 1 without making the system unusable for
development of other Yarn 1 projects.

https://nodejs.org/api/corepack.html

The Unicode spaces in the timerender test resulted from an ICU
upgrade: https://github.com/nodejs/node/pull/45068.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-09 15:50:47 -08:00
Anders Kaseorg 81a7c7502f requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-03 16:36:54 -08:00
Anders Kaseorg df001db1a9 black: Reformat with Black 23.
Black 23 enforces some slightly more specific rules about empty line
counts and redundant parenthesis removal, but the result is still
compatible with Black 22.

(This does not actually upgrade our Python environment to Black 23
yet.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-02 10:40:13 -08:00
Alex Vandiver 26696aaa53 upgrade-postgresql: Also upgrade postgresql-client.
The `pg_upgrade` tool uses `pg_dump` as an internal step, and verifies
that the version of `pg_upgrade` is the same exactly the same as the
version of the PostgreSQL server it is upgrading to.  A mismatch (even
in packaging versions) leads to it aborting:

```
/usr/lib/postgresql/14/bin/pg_upgrade -b /usr/lib/postgresql/13/bin -B /usr/lib/postgresql/14/bin -p 5432 -P 5435 -d /etc/postgresql/13/main -D /etc/postgresql/14/main --link
Finding the real data directory for the source cluster      ok
Finding the real data directory for the target cluster      ok

check for "/usr/lib/postgresql/14/bin/pg_dump" failed: incorrect version: found "pg_dump (PostgreSQL) 14.6 (Ubuntu 14.6-0ubuntu0.22.04.1)", expected "pg_dump (PostgreSQL) 14.6 (Ubuntu 14.6-1.pgdg22.04+1)"
Failure, exiting
```

Explicitly upgrade `postgresql-client` at the same time we upgrade
`postgresql` itself, so their versions match.

Fixes: #24192
2023-02-01 14:44:34 -08:00
Alex Vandiver 20841d9b65 upgrade-zulip-stage-2: Abort upgrade if puppet will not run cleanly. 2023-01-31 14:20:00 -08:00
Alex Vandiver fd47f6296e zulip-puppet-apply: Exit status code 2 on puppet failure.
This allows us, when run with `--noop -f`, to differentiate between
"there are unapplied changes" and "there were puppet errors."
2023-01-31 14:20:00 -08:00
Alex Vandiver 372bba4a8e puppet: Stop creating a /home/zulip/logs.
This was last really used in d7a3570c7e, in 2013, when it was
`/home/humbug/logs`.

Repoint the one obscure piece of tooling that writes there, and remove
the places that created it.
2023-01-26 15:06:01 -08:00
Anders Kaseorg 4eda29bd86 ruff: Fix RUF005 Consider spread instead of concatenation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-26 10:16:30 -08:00