LoginSignup
3

More than 5 years have passed since last update.

Zulip のインストールスクリプトを読んだ (2/2)

Posted at

Zulip のインストールスクリプトを読んだ (1/2) の続きです。

README.prod.md によると、Zulip は下記のサービスを利用しているとのこと。

今回は zulip/puppet/zulip/manifests/voyager.pp がインクルードする次のファイルを読んでいきます。

zulip/puppet/zulip/manifests/base.pp

class zulip::base {
  include apt
  $base_packages = [ # Basic requirements for effective operation of a server
                     "ntp",
                     # This is just good practice
                     "molly-guard",
                     # Dependencies of our API
                     "python-requests",
                     "python-simplejson",
                     # For development/debugging convenience
                     "ipython",
                     "screen",
                     "strace",
                     "vim",
                     "moreutils",
                     "emacs23-nox",
                     "git",
                     "puppet-el",
                     "host",
                     ]
  package { $base_packages: ensure => "installed" }

サーバー操作、開発/デバッグ用のパッケージををインストールする。

  user { 'zulip':
    ensure     => present,
    require    => Group['zulip'],
    gid        => 'zulip',
    shell      => '/bin/bash',
    home       => '/home/zulip',
    managehome => true,
  }

  file { '/etc/zulip':
    ensure     => 'directory',
    mode       => 644,
    owner      => 'zulip',
    group      => 'zulip',
  }

  file { '/etc/security/limits.conf':
    ensure     => file,
    mode       => 640,
    owner      => "root",
    group      => "root",
    source     => 'puppet:///modules/zulip/limits.conf',
  }

・・・中略・・・

    source     => 'puppet:///modules/zulip/limits.conf',
  }

Zulip のグループ、ユーザー、ファイルを作成する。

  # This directory is written to by cron jobs for reading by Nagios
  file { '/var/lib/nagios_state/':
    ensure     => directory,
    group      => 'zulip',
    mode       => 774,
  }

・・・以下省略・・・

Nagios、ログ/キューエラー出力用のディレクトリを作成する。

zulip/puppet/zulip/manifests/app_frontend.pp

class zulip::app_frontend {
  include zulip::rabbit
  include zulip::nginx
  include zulip::supervisor

アプリのフロントエンドを設定する。
次のクラスをインクルードする。

zulip/puppet/zulip/manifests/rabbit.pp

class zulip::rabbit {
  $rabbit_packages = [# Needed to run rabbitmq
                      "erlang-base",
                      "rabbitmq-server",
                      ]
  package { $rabbit_packages: ensure => "installed" }

  file { "/etc/cron.d/rabbitmq-queuesize":
    require => Package[rabbitmq-server],
    ensure => file,
    owner  => "root",
    group  => "root",
    mode => 644,
    source => "puppet:///modules/zulip/cron.d/rabbitmq-queuesize",
  }

・・・中略・・・

  # epmd doesn't have an init script.  This won't leak epmd processes
  # because epmd checks if one is already running and exits if so.
  #
  # TODO: Ideally we'd still check if it's already running to keep the
  # puppet log for what is being changed clean
  exec { "epmd":
    command => "epmd -daemon",
    require => Package[erlang-base],
    path    => "/usr/bin/:/bin/",
  }

  service { "rabbitmq-server":
    ensure => running,
    require => Exec["epmd"],
  }

  # TODO: Should also call exactly once "configure-rabbitmq"
}

RabbitMQ についての TODO が2つ・・・

[{kernel, [{inet_dist_use_interface, {127,0,0,1}}]},
 {rabbit, [{tcp_listeners, [{"127.0.0.1", 5672}]}]},
 {rabbitmq_mochiweb, [{listeners, [{mgmt, [{ip, "127.0.0.1"},
                                           {port, 55672}]}]}]}].

zulip/puppet/zulip/manifests/nginx.pp

class zulip::nginx {
  $web_packages = [# Needed to run nginx with the modules we use
                   "nginx-full",

・・・以下省略・・・

zulip/puppet/zulip/manifests/supervisor.pp

class zulip::supervisor {
  $supervisor_packages = [# Needed to run supervisor
                          "supervisor",

・・・中略・・・

    # The "restart" option in the init script does not work.  We could
    # tell Puppet to fall back to stop/start, which does work, but the
    # better option is to tell supervisord to reread its config via
    # supervisorctl and then to "update".  You need to do both --
    # after a "reread", supervisor won't actually take actual based on
    # the changed configuration until you do an "update" (I assume
    # this is so you can check if your config file parses without
    # doing anything, but it's really confusing)
    hasrestart => true,
    restart => "bash -c 'supervisorctl reread && supervisorctl update'"
  }
・・・以下省略・・・

zulip/puppet/zulip/manifests/app_frontend.pp(続き)

  $web_packages = [ # Needed for memcached usage
                    "memcached",
                    "python-pylibmc",
                    # Fast JSON parser
                    "python-ujson",

・・・中略・・・

                    ]
  define safepackage ( $ensure = present ) {
    if !defined(Package[$title]) {
      package { $title: ensure => $ensure }
    }
  }
  safepackage { $web_packages: ensure => "installed" }
  file { "/etc/nginx/zulip-include/app":
    require => Package["nginx-full"],
    owner  => "root",
    group  => "root",
    mode => 644,
    source => "puppet:///modules/zulip/nginx/zulip-include-frontend/app",
    notify => Service["nginx"],
  }

・・・以下省略・・・

zulip/puppet/zulip/files/nginx/zulip-include-frontend/app
zulip/puppet/zulip/files/nginx/zulip-include-frontend/upstreams
zulip/puppet/zulip/files/nginx/zulip-include-frontend/uploads.types
zulip/puppet/zulip/files/memcached.conf
zulip/puppet/zulip/files/supervisor/conf.d/zulip.conf

zulip/puppet/zulip/files/nginx/zulip-include-frontend/app

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

# Enable HSTS: tell browsers to always use HTTPS
add_header Strict-Transport-Security max-age=15768000;

# Serve a custom error page when the app is down
error_page 502 503 504 /static/html/5xx.html;

# Serve static files directly
location /static/ {
    alias /home/zulip/prod-static/;
    error_page 404 /static/html/404.html;
}

・・・中略・・・

include /etc/nginx/zulip-include/app.d/*.conf;

zulip/puppet/zulip/files/nginx/zulip-include-frontend/upstreams

upstream django {
    server unix:/home/zulip/deployments/fastcgi-socket;
}

upstream tornado {
    server localhost:9993;
    keepalive 10000;
}

upstream localhost_sso {
    server localhost:8888;
}

zulip/puppet/zulip/files/nginx/zulip-include-frontend/uploads.types

types {
    text/plain                            txt;

    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    image/png                             png;
    image/tiff                            tif tiff;
    image/webp                            webp;

    video/3gpp                            3gpp 3gp;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

zulip/puppet/zulip/files/memcached.conf

-d
-m 512
-p 11211
-u nobody

zulip/puppet/zulip/files/supervisor/conf.d/zulip.conf

supervisor
(参考)Supervisor - Configuration File

  • fcgi-program:zulip-django
  • program:zulip-tornado
  • program:zulip-events-user-activity
  • program:zulip-events-user-activity-interval
  • program:zulip-events-user-presence
  • program:zulip-events-signups
  • program:zulip-events-confirmation-emails
  • program:zulip-events-missedmessage_reminders
  • program:zulip-events-missedmessage_mobile_notifications
  • program:zulip-events-slowqueries
  • program:zulip-events-message_sender
  • program:zulip-events-feedback_messages
  • program:zulip-events-error_reports
  • program:zulip-events-digest_emails
  • program:zulip-events-email_mirror
  • program:zulip-deliver-enqueued-emails
  • group:zulip-workers
  • group:zulip-senders

zulip/puppet/zulip/manifests/postgres_appdb.pp

class zulip::postgres_appdb {
  include zulip::postgres_common
  include zulip::supervisor

zulip/puppet/zulip/manifests/postgres_common.pp

class zulip::postgres_common {

・・・中略・・・

  exec { "disable_logrotate":
    command => "/usr/bin/dpkg-divert --rename --divert /etc/logrotate.d/postgresql-common.disabled --add /etc/logrotate.d/postgresql-common",
    creates => '/etc/logrotate.d/postgresql-common.disabled',
  }
}

zulip/puppet/zulip/manifests/postgres_appdb.pp(続き)

supervisor

  • program:process-fts-updates

zulip/puppet/zulip/manifests/redis.pp

class zulip::redis {
  $redis_packages = [ # The server itself
                      "redis-server",
                      ]

  package { $redis_packages: ensure => "installed" }

  file { "/etc/redis/redis.conf":
    require => Package[redis-server],
    ensure => file,
    owner  => "root",
    group  => "root",
    mode => 644,
    source => "puppet:///modules/zulip/redis/redis.conf",
  }

  service { 'redis-server':
    ensure     => running,
    subscribe  => File['/etc/redis/redis.conf'],
  }
}
################################ GENERAL  #####################################
daemonize yes
port 6379
bind 127.0.0.1
timeout 0
tcp-keepalive 0
loglevel notice
logfile /var/log/redis/redis-server.log
databases 16
################################ SNAPSHOTTING  ################################
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
################################# REPLICATION #################################
slave-serve-stale-data yes
slave-read-only yes
repl-disable-tcp-nodelay no
slave-priority 100
############################## APPEND ONLY MODE ###############################
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
################################ LUA SCRIPTING  ###############################
lua-time-limit 5000
################################## SLOW LOG ###################################
slowlog-log-slower-than 10000
slowlog-max-len 128
############################# Event notification ##############################
notify-keyspace-events ""
############################### ADVANCED CONFIG ###############################
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
save ""

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
3