Zulip のインストールスクリプトを読んだ (1/2) の続きです。
README.prod.md によると、Zulip は下記のサービスを利用しているとのこと。
今回は zulip/puppet/zulip/manifests/voyager.pp がインクルードする次のファイルを読んでいきます。
- zulip/puppet/zulip/manifests/base.pp
- zulip/puppet/zulip/manifests/app_frontend.pp
- zulip/puppet/zulip/manifests/postgres_appdb.pp
- zulip/puppet/zulip/manifests/redis.pp
zulip/puppet/zulip/manifests/base.pp
class zulip::base {
include apt
$base_packages = [ # Basic requirements for effective operation of a server
"ntp",
# This is just good practice
"molly-guard",
# Dependencies of our API
"python-requests",
"python-simplejson",
# For development/debugging convenience
"ipython",
"screen",
"strace",
"vim",
"moreutils",
"emacs23-nox",
"git",
"puppet-el",
"host",
]
package { $base_packages: ensure => "installed" }
サーバー操作、開発/デバッグ用のパッケージををインストールする。
user { 'zulip':
ensure => present,
require => Group['zulip'],
gid => 'zulip',
shell => '/bin/bash',
home => '/home/zulip',
managehome => true,
}
file { '/etc/zulip':
ensure => 'directory',
mode => 644,
owner => 'zulip',
group => 'zulip',
}
file { '/etc/security/limits.conf':
ensure => file,
mode => 640,
owner => "root",
group => "root",
source => 'puppet:///modules/zulip/limits.conf',
}
・・・中略・・・
source => 'puppet:///modules/zulip/limits.conf',
}
Zulip のグループ、ユーザー、ファイルを作成する。
# This directory is written to by cron jobs for reading by Nagios
file { '/var/lib/nagios_state/':
ensure => directory,
group => 'zulip',
mode => 774,
}
・・・以下省略・・・
Nagios、ログ/キューエラー出力用のディレクトリを作成する。
zulip/puppet/zulip/manifests/app_frontend.pp
class zulip::app_frontend {
include zulip::rabbit
include zulip::nginx
include zulip::supervisor
アプリのフロントエンドを設定する。
次のクラスをインクルードする。
- zulip/puppet/zulip/manifests/rabbit.pp
- zulip/puppet/zulip/manifests/nginx.pp
- zulip/puppet/zulip/manifests/supervisor.pp
zulip/puppet/zulip/manifests/rabbit.pp
class zulip::rabbit {
$rabbit_packages = [# Needed to run rabbitmq
"erlang-base",
"rabbitmq-server",
]
package { $rabbit_packages: ensure => "installed" }
file { "/etc/cron.d/rabbitmq-queuesize":
require => Package[rabbitmq-server],
ensure => file,
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/zulip/cron.d/rabbitmq-queuesize",
}
・・・中略・・・
# epmd doesn't have an init script. This won't leak epmd processes
# because epmd checks if one is already running and exits if so.
#
# TODO: Ideally we'd still check if it's already running to keep the
# puppet log for what is being changed clean
exec { "epmd":
command => "epmd -daemon",
require => Package[erlang-base],
path => "/usr/bin/:/bin/",
}
service { "rabbitmq-server":
ensure => running,
require => Exec["epmd"],
}
# TODO: Should also call exactly once "configure-rabbitmq"
}
RabbitMQ についての TODO が2つ・・・
- zulip/puppet/zulip/files/cron.d/rabbitmq-queuesize
- zulip/bots/check-rabbitmq-queue
- zulip/puppet/zulip/files/cron.d/rabbitmq-numconsumers
- zulip/bin/write-rabbitmq-consumers-state-file
- zulip/puppet/zulip/files/rabbitmq/rabbitmq-server
- zulip/puppet/zulip/files/rabbitmq/rabbitmq.config
[{kernel, [{inet_dist_use_interface, {127,0,0,1}}]},
{rabbit, [{tcp_listeners, [{"127.0.0.1", 5672}]}]},
{rabbitmq_mochiweb, [{listeners, [{mgmt, [{ip, "127.0.0.1"},
{port, 55672}]}]}]}].
zulip/puppet/zulip/manifests/nginx.pp
class zulip::nginx {
$web_packages = [# Needed to run nginx with the modules we use
"nginx-full",
・・・以下省略・・・
- zulip/puppet/zulip/files/nginx/zulip-include-common/
- zulip/puppet/zulip/files/nginx/nginx.conf
- zulip/puppet/zulip/files/nginx/fastcgi_params
zulip/puppet/zulip/manifests/supervisor.pp
class zulip::supervisor {
$supervisor_packages = [# Needed to run supervisor
"supervisor",
・・・中略・・・
# The "restart" option in the init script does not work. We could
# tell Puppet to fall back to stop/start, which does work, but the
# better option is to tell supervisord to reread its config via
# supervisorctl and then to "update". You need to do both --
# after a "reread", supervisor won't actually take actual based on
# the changed configuration until you do an "update" (I assume
# this is so you can check if your config file parses without
# doing anything, but it's really confusing)
hasrestart => true,
restart => "bash -c 'supervisorctl reread && supervisorctl update'"
}
・・・以下省略・・・
zulip/puppet/zulip/manifests/app_frontend.pp(続き)
$web_packages = [ # Needed for memcached usage
"memcached",
"python-pylibmc",
# Fast JSON parser
"python-ujson",
・・・中略・・・
]
define safepackage ( $ensure = present ) {
if !defined(Package[$title]) {
package { $title: ensure => $ensure }
}
}
safepackage { $web_packages: ensure => "installed" }
file { "/etc/nginx/zulip-include/app":
require => Package["nginx-full"],
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/zulip/nginx/zulip-include-frontend/app",
notify => Service["nginx"],
}
・・・以下省略・・・
zulip/puppet/zulip/files/nginx/zulip-include-frontend/app
zulip/puppet/zulip/files/nginx/zulip-include-frontend/upstreams
zulip/puppet/zulip/files/nginx/zulip-include-frontend/uploads.types
zulip/puppet/zulip/files/memcached.conf
zulip/puppet/zulip/files/supervisor/conf.d/zulip.conf
zulip/puppet/zulip/files/nginx/zulip-include-frontend/app
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Enable HSTS: tell browsers to always use HTTPS
add_header Strict-Transport-Security max-age=15768000;
# Serve a custom error page when the app is down
error_page 502 503 504 /static/html/5xx.html;
# Serve static files directly
location /static/ {
alias /home/zulip/prod-static/;
error_page 404 /static/html/404.html;
}
・・・中略・・・
include /etc/nginx/zulip-include/app.d/*.conf;
zulip/puppet/zulip/files/nginx/zulip-include-frontend/upstreams
upstream django {
server unix:/home/zulip/deployments/fastcgi-socket;
}
upstream tornado {
server localhost:9993;
keepalive 10000;
}
upstream localhost_sso {
server localhost:8888;
}
zulip/puppet/zulip/files/nginx/zulip-include-frontend/uploads.types
types {
text/plain txt;
image/gif gif;
image/jpeg jpeg jpg;
image/png png;
image/tiff tif tiff;
image/webp webp;
video/3gpp 3gpp 3gp;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
zulip/puppet/zulip/files/memcached.conf
-d
-m 512
-p 11211
-u nobody
zulip/puppet/zulip/files/supervisor/conf.d/zulip.conf
supervisor
(参考)Supervisor - Configuration File
- fcgi-program:zulip-django
- program:zulip-tornado
- program:zulip-events-user-activity
- program:zulip-events-user-activity-interval
- program:zulip-events-user-presence
- program:zulip-events-signups
- program:zulip-events-confirmation-emails
- program:zulip-events-missedmessage_reminders
- program:zulip-events-missedmessage_mobile_notifications
- program:zulip-events-slowqueries
- program:zulip-events-message_sender
- program:zulip-events-feedback_messages
- program:zulip-events-error_reports
- program:zulip-events-digest_emails
- program:zulip-events-email_mirror
- program:zulip-deliver-enqueued-emails
- group:zulip-workers
- group:zulip-senders
zulip/puppet/zulip/manifests/postgres_appdb.pp
class zulip::postgres_appdb {
include zulip::postgres_common
include zulip::supervisor
zulip/puppet/zulip/manifests/postgres_common.pp
class zulip::postgres_common {
・・・中略・・・
exec { "disable_logrotate":
command => "/usr/bin/dpkg-divert --rename --divert /etc/logrotate.d/postgresql-common.disabled --add /etc/logrotate.d/postgresql-common",
creates => '/etc/logrotate.d/postgresql-common.disabled',
}
}
zulip/puppet/zulip/manifests/postgres_appdb.pp(続き)
- zulip/puppet/zulip/files/postgresql/process_fts_updates
- zulip/puppet/zulip/files/supervisor/conf.d/zulip_db.conf
- zulip/puppet/zulip/files/postgresql/zulip_english.stop
supervisor
- program:process-fts-updates
zulip/puppet/zulip/manifests/redis.pp
class zulip::redis {
$redis_packages = [ # The server itself
"redis-server",
]
package { $redis_packages: ensure => "installed" }
file { "/etc/redis/redis.conf":
require => Package[redis-server],
ensure => file,
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/zulip/redis/redis.conf",
}
service { 'redis-server':
ensure => running,
subscribe => File['/etc/redis/redis.conf'],
}
}
################################ GENERAL #####################################
daemonize yes
port 6379
bind 127.0.0.1
timeout 0
tcp-keepalive 0
loglevel notice
logfile /var/log/redis/redis-server.log
databases 16
################################ SNAPSHOTTING ################################
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
################################# REPLICATION #################################
slave-serve-stale-data yes
slave-read-only yes
repl-disable-tcp-nodelay no
slave-priority 100
############################## APPEND ONLY MODE ###############################
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
################################ LUA SCRIPTING ###############################
lua-time-limit 5000
################################## SLOW LOG ###################################
slowlog-log-slower-than 10000
slowlog-max-len 128
############################# Event notification ##############################
notify-keyspace-events ""
############################### ADVANCED CONFIG ###############################
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
save ""