diff --git a/Dockerfile b/Dockerfile index e135e76..fcb3f00 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,6 @@ RUN apt-get -qq update -q && \ wget -q -O /root/zulip-ppa.asc https://zulip.com/dist/keys/zulip-ppa.asc && \ apt-key add /root/zulip-ppa.asc && \ echo "deb http://ppa.launchpad.net/tabbott/zulip/ubuntu trusty main" > /etc/apt/sources.list.d/zulip.list && \ - echo "deb-src http://ppa.launchpad.net/tabbott/zulip/ubuntu trusty main" >> /etc/apt/sources.list.d/zulip.list && \ apt-get -qq update && \ apt-get -qq dist-upgrade -y && \ mkdir -p "/root/zulip" "/etc/zulip" "$DATA_DIR" && \ diff --git a/zulip-puppet/files/cron.d/rabbitmq-queuesize b/zulip-puppet/files/cron.d/rabbitmq-queuesize deleted file mode 100644 index 8d37135..0000000 --- a/zulip-puppet/files/cron.d/rabbitmq-queuesize +++ /dev/null @@ -1,25 +0,0 @@ -# Edit this file to introduce tasks to be run by cron. -# -# Each task to run has to be defined through a single line -# indicating with different fields when the task will be run -# and what command to run for the task -# -# To define the time you can provide concrete values for -# minute (m), hour (h), day of month (dom), month (mon), -# and day of week (dow) or use '*' in these fields (for 'any').# -# Notice that tasks will be started based on the cron's system -# daemon's notion of time and timezones. -# -# Output of the crontab jobs (including errors) is sent through -# email to the user the crontab file belongs to (unless redirected). -# -# For example, you can run a backup of all your user accounts -# at 5 a.m every week with: -# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ -# -# For more information see the manual pages of crontab(5) and cron(8) -# -# m h dom mon dow command -SHELL=/bin/bash - -* * * * * root /home/zulip/deployments/current/bots/check-rabbitmq-queue &> /var/lib/nagios_state/check-rabbitmq-results-tmp; mv /var/lib/nagios_state/check-rabbitmq-results-tmp /var/lib/nagios_state/check-rabbitmq-results diff --git a/zulip-puppet/files/cron.d/restart-zulip b/zulip-puppet/files/cron.d/restart-zulip deleted file mode 100644 index f21147e..0000000 --- a/zulip-puppet/files/cron.d/restart-zulip +++ /dev/null @@ -1,5 +0,0 @@ -SHELL=/bin/bash -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -USER=zulip - -0 6 * * 7 zulip supervisorctl restart all diff --git a/zulip-puppet/manifests/app_frontend.pp b/zulip-puppet/manifests/app_frontend.pp index 8d8f71d..34e3725 100644 --- a/zulip-puppet/manifests/app_frontend.pp +++ b/zulip-puppet/manifests/app_frontend.pp @@ -3,94 +3,95 @@ class zulip::app_frontend { include zulip::nginx include zulip::supervisor - $web_packages = [ # Needed for memcached usage - "python-pylibmc", - # Fast JSON parser - "python-ujson", - # Django dependencies - "python-django", - "python-django-guardian", - "python-django-pipeline", - "python-django-bitfield", - # Needed for mock objects in decorators - "python-mock", - # Tornado dependencies - "python-tornado", - "python-sockjs-tornado", - # Needed for our fastcgi setup - "python-flup", - # Needed for markdown processing - "python-markdown", - "python-pygments", - # Used for Hesiod lookups, etc. - "python-dns", - # Needed to access our database - "postgresql-client-9.3", - "python-psycopg2", - # Needed for building complex DB queries - "python-sqlalchemy", - # Needed for integrations - "python-twitter", - "python-defusedxml", - # Needed for the email mirror - "python-twisted", - "python-html2text", - # Needed to access rabbitmq - "python-pika", - # Needed for timezone work - "python-tz", - # Needed to parse source maps for error reporting - "python-sourcemap", - # Needed for redis - "python-redis", - # Needed for S3 file uploads - "python-boto", - # Needed to send email - "python-mandrill", - # Needed to generate diffs for edits - "python-diff-match-patch", - # Needed for iOS - "python-apns-client", - # Needed for Android push - "python-gcm-client", - # Needed for avatar image resizing - "python-imaging", - # Needed for LDAP support - "python-django-auth-ldap", - # Needed for Google Apps mobile auth - "python-googleapi", - # Needed for JWT-based auth - "python-pyjwt", - # Needed for update prod-static - "closure-compiler", - ] + $web_packages = [ + # Needed for memcached usage + "python-pylibmc", + # Fast JSON parser + "python-ujson", + # Django dependencies + "python-django", + "python-django-guardian", + "python-django-pipeline", + "python-django-bitfield", + # Needed for mock objects in decorators + "python-mock", + # Tornado dependencies + "python-tornado", + "python-sockjs-tornado", + # Needed for our fastcgi setup + "python-flup", + # Needed for markdown processing + "python-markdown", + "python-pygments", + # Used for Hesiod lookups, etc. + "python-dns", + # Needed to access our database + "postgresql-client-9.3", + "python-psycopg2", + # Needed for building complex DB queries + "python-sqlalchemy", + # Needed for integrations + "python-twitter", + "python-defusedxml", + # Needed for the email mirror + "python-twisted", + "python-html2text", + # Needed to access rabbitmq + "python-pika", + # Needed for timezone work + "python-tz", + # Needed to parse source maps for error reporting + "python-sourcemap", + # Needed for redis + "python-redis", + # Needed for S3 file uploads + "python-boto", + # Needed to send email + "python-mandrill", + # Needed to generate diffs for edits + "python-diff-match-patch", + # Needed for iOS + "python-apns-client", + # Needed for Android push + "python-gcm-client", + # Needed for avatar image resizing + "python-imaging", + # Needed for LDAP support + "python-django-auth-ldap", + # Needed for Google Apps mobile auth + "python-googleapi", + # Needed for JWT-based auth + "python-pyjwt", + # Needed for update prod-static + "closure-compiler", + ] define safepackage ( $ensure = present ) { if !defined(Package[$title]) { - package { $title: ensure => $ensure } + package { $title: ensure => $ensure } } } safepackage { $web_packages: ensure => "installed" } file { "/etc/nginx/zulip-include/app": require => Package["nginx-full"], - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/nginx/zulip-include-frontend/app", } file { "/etc/nginx/zulip-include/upstreams": require => Package["nginx-full"], - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/nginx/zulip-include-frontend/upstreams", } file { "/etc/nginx/zulip-include/uploads.types": require => Package["nginx-full"], - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/nginx/zulip-include-frontend/uploads.types", } @@ -120,14 +121,14 @@ class zulip::app_frontend { file { '/home/zulip/logs': ensure => 'directory', - owner => 'zulip', - group => 'zulip', + owner => 'zulip', + group => 'zulip', } file { '/home/zulip/deployments': ensure => 'directory', - owner => 'zulip', - group => 'zulip', + owner => 'zulip', + group => 'zulip', } file { "/etc/cron.d/email-mirror": @@ -135,25 +136,25 @@ class zulip::app_frontend { } file { '/etc/log2zulip.conf': - ensure => file, - owner => "zulip", - group => "zulip", - mode => 644, - source => 'puppet:///modules/zulip/log2zulip.conf', + ensure => file, + owner => "zulip", + group => "zulip", + mode => 644, + source => 'puppet:///modules/zulip/log2zulip.conf', } file { '/etc/log2zulip.zuliprc': - ensure => file, - owner => "zulip", - group => "zulip", - mode => 600, - source => 'puppet:///modules/zulip/log2zulip.zuliprc', + ensure => file, + owner => "zulip", + group => "zulip", + mode => 600, + source => 'puppet:///modules/zulip/log2zulip.zuliprc', } file { "/etc/cron.d/check-apns-tokens": ensure => file, - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/cron.d/check-apns-tokens", } diff --git a/zulip-puppet/manifests/base.pp b/zulip-puppet/manifests/base.pp index 7f20907..813a5e7 100644 --- a/zulip-puppet/manifests/base.pp +++ b/zulip-puppet/manifests/base.pp @@ -1,50 +1,50 @@ class zulip::base { - include apt - $base_packages = [ # Dependencies of our API - "python-requests", - "python-simplejson", - ] - package { $base_packages: ensure => "installed" } + include apt + $base_packages = [ + # Dependencies of our API + "python-requests", + "python-simplejson", + ] + package { $base_packages: ensure => "installed" } + group { 'zulip': + ensure => present, + } - group { 'zulip': - ensure => present, - } + user { 'zulip': + ensure => present, + require => Group['zulip'], + gid => 'zulip', + shell => '/bin/bash', + home => '/home/zulip', + managehome => true, + } - user { 'zulip': - ensure => present, - require => Group['zulip'], - gid => 'zulip', - shell => '/bin/bash', - home => '/home/zulip', - managehome => true, - } + file { '/etc/zulip': + ensure => 'directory', + mode => 644, + owner => 'zulip', + group => 'zulip', + } - file { '/etc/zulip': - ensure => 'directory', - mode => 644, - owner => 'zulip', - group => 'zulip', - } + file { '/etc/security/limits.conf': + ensure => file, + mode => 640, + owner => "root", + group => "root", + source => 'puppet:///modules/zulip/limits.conf', + } - file { '/etc/security/limits.conf': - ensure => file, - mode => 640, - owner => "root", - group => "root", - source => 'puppet:///modules/zulip/limits.conf', - } + file { '/var/log/zulip': + ensure => 'directory', + owner => 'zulip', + group => 'zulip', + mode => 640, + } - file { '/var/log/zulip': - ensure => 'directory', - owner => 'zulip', - group => 'zulip', - mode => 640, - } - - file { '/var/log/zulip/queue_error': - ensure => 'directory', - owner => 'zulip', - group => 'zulip', - mode => 640, - } + file { '/var/log/zulip/queue_error': + ensure => 'directory', + owner => 'zulip', + group => 'zulip', + mode => 640, + } } diff --git a/zulip-puppet/manifests/nginx.pp b/zulip-puppet/manifests/nginx.pp index 637f60b..fc4e4d8 100644 --- a/zulip-puppet/manifests/nginx.pp +++ b/zulip-puppet/manifests/nginx.pp @@ -1,14 +1,15 @@ class zulip::nginx { - $web_packages = [# Needed to run nginx with the modules we use - "nginx-full", - ] + $web_packages = [ + # Needed to run nginx with the modules we use + "nginx-full", + ] package { $web_packages: ensure => "installed" } file { "/etc/nginx/zulip-include/": require => Package["nginx-full"], recurse => true, - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/nginx/zulip-include-common/", } @@ -16,8 +17,8 @@ class zulip::nginx { file { "/etc/nginx/nginx.conf": require => Package["nginx-full"], ensure => file, - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/nginx/nginx.conf", } @@ -25,8 +26,8 @@ class zulip::nginx { file { "/etc/nginx/fastcgi_params": require => Package["nginx-full"], ensure => file, - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/nginx/fastcgi_params", } diff --git a/zulip-puppet/manifests/postgres_appdb.pp b/zulip-puppet/manifests/postgres_appdb.pp index 9b2a480..fae2876 100644 --- a/zulip-puppet/manifests/postgres_appdb.pp +++ b/zulip-puppet/manifests/postgres_appdb.pp @@ -2,11 +2,12 @@ class zulip::postgres_appdb { include zulip::postgres_common include zulip::supervisor - $appdb_packages = [# Needed to run process_fts_updates - "python-psycopg2", - # Needed for our full text search system - "postgresql-9.3-tsearch-extras", - ] + $appdb_packages = [ + # Needed to run process_fts_updates + "python-psycopg2", + # Needed for our full text search system + "postgresql-9.3-tsearch-extras", + ] define safepackage ( $ensure = present ) { if !defined(Package[$title]) { package { $title: ensure => $ensure } diff --git a/zulip-puppet/manifests/postgres_common.pp b/zulip-puppet/manifests/postgres_common.pp index e6ddedf..f72e0c0 100644 --- a/zulip-puppet/manifests/postgres_common.pp +++ b/zulip-puppet/manifests/postgres_common.pp @@ -1,11 +1,12 @@ class zulip::postgres_common { - $postgres_packages = [# Python modules used in our monitoring/worker threads - "python-gevent", - "python-tz", - "python-dateutil", - # our dictionary - "hunspell-en-us", - ] + $postgres_packages = [ + # Python modules used in our monitoring/worker threads + "python-gevent", + "python-tz", + "python-dateutil", + # our dictionary + "hunspell-en-us", + ] define safepackage ( $ensure = present ) { if !defined(Package[$title]) { package { $title: ensure => $ensure } diff --git a/zulip-puppet/manifests/rabbit.pp b/zulip-puppet/manifests/rabbit.pp index 64f0e81..e997014 100644 --- a/zulip-puppet/manifests/rabbit.pp +++ b/zulip-puppet/manifests/rabbit.pp @@ -1,24 +1,16 @@ class zulip::rabbit { - $rabbit_packages = [# Needed to run rabbitmq - "erlang-base", - "rabbitmq-server", - ] + $rabbit_packages = [ + # Needed to run rabbitmq + "erlang-base", + "rabbitmq-server", + ] package { $rabbit_packages: ensure => "installed" } - file { "/etc/cron.d/rabbitmq-queuesize": - require => Package[rabbitmq-server], - ensure => file, - owner => "root", - group => "root", - mode => 644, - source => "puppet:///modules/zulip/cron.d/rabbitmq-queuesize", - } - file { "/etc/cron.d/rabbitmq-numconsumers": require => Package[rabbitmq-server], ensure => file, - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/cron.d/rabbitmq-numconsumers", } diff --git a/zulip-puppet/manifests/supervisor.pp b/zulip-puppet/manifests/supervisor.pp index 41373ad..0d926c0 100644 --- a/zulip-puppet/manifests/supervisor.pp +++ b/zulip-puppet/manifests/supervisor.pp @@ -1,7 +1,8 @@ class zulip::supervisor { - $supervisor_packages = [# Needed to run supervisor - "supervisor", - ] + $supervisor_packages = [ + # Needed to run supervisor + "supervisor", + ] package { $supervisor_packages: ensure => "installed" } file { "/etc/supervisor/supervisord.conf": @@ -16,7 +17,7 @@ class zulip::supervisor { file { '/etc/supervisor/conf.d': require => Package[supervisor], ensure => 'directory', - owner => 'root', - group => 'root', + owner => 'root', + group => 'root', } } diff --git a/zulip-puppet/manifests/voyager.pp b/zulip-puppet/manifests/voyager.pp index 714ca47..30214c3 100644 --- a/zulip-puppet/manifests/voyager.pp +++ b/zulip-puppet/manifests/voyager.pp @@ -4,23 +4,24 @@ class zulip::voyager { include zulip::postgres_appdb apt::source {'zulip': - location => 'http://ppa.launchpad.net/tabbott/zulip/ubuntu', - release => 'trusty', - repos => 'main', - key => '84C2BE60E50E336456E4749CE84240474E26AE47', - key_source => 'https://zulip.com/dist/keys/zulip.asc', - pin => '995', + location => 'http://ppa.launchpad.net/tabbott/zulip/ubuntu', + release => 'trusty', + repos => 'main', + key => '84C2BE60E50E336456E4749CE84240474E26AE47', + key_source => 'https://zulip.com/dist/keys/zulip.asc', + pin => '995', include_src => true, } file { "/etc/nginx/sites-available/zulip-enterprise": require => Package["nginx-full"], ensure => file, - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 644, source => "puppet:///modules/zulip/nginx/sites-available/zulip-enterprise", } + file { '/etc/nginx/sites-enabled/zulip-enterprise': require => Package["nginx-full"], ensure => 'link', @@ -29,16 +30,8 @@ class zulip::voyager { file { '/home/zulip/prod-static': ensure => 'directory', - owner => 'zulip', - group => 'zulip', - } - - file { "/etc/cron.d/restart-zulip": - ensure => file, - owner => "root", - group => "root", - mode => 644, - source => "puppet:///modules/zulip/cron.d/restart-zulip", + owner => 'zulip', + group => 'zulip', } file { "/etc/supervisor/conf.d/zulip_postsetup.conf": @@ -52,8 +45,8 @@ class zulip::voyager { file { "/opt/setupZulipUser.sh": ensure => file, - owner => "root", - group => "root", + owner => "root", + group => "root", mode => 755, source => "puppet:///modules/zulip/setupZulipUser.sh", }