[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [429] Update frontend1 documentation
From: |
bob |
Subject: |
[Savannah-cvs] [429] Update frontend1 documentation |
Date: |
Thu, 7 Jan 2021 19:31:56 -0500 (EST) |
Revision: 429
http://svn.savannah.gnu.org/viewvc/?view=rev&root=administration&revision=429
Author: rwp
Date: 2021-01-07 19:31:54 -0500 (Thu, 07 Jan 2021)
Log Message:
-----------
Update frontend1 documentation
Modified Paths:
--------------
trunk/sviki/SavannahHosts.mdwn
Modified: trunk/sviki/SavannahHosts.mdwn
===================================================================
--- trunk/sviki/SavannahHosts.mdwn 2021-01-07 22:13:14 UTC (rev 428)
+++ trunk/sviki/SavannahHosts.mdwn 2021-01-08 00:31:54 UTC (rev 429)
@@ -3,32 +3,20 @@
The current hosts are:
- download
- frontend
- internal
- mgt
- vcs
-
-These are being migrated to new hosts:
-
download0
- frontend0
+ frontend1
internal0
mgt0
vcs0
+ vcs1
-There have been many years of incomplete cleanup and agressive
-installation over the top of the system. This has left the system in
-a problematic state. Many programs have a packaged version installed
-with a locally modified version installed on top of it. On two of the
-systems the kernels no longer upgrade cleanly. By migrating onto
-freshly installed systems we gain several benefits.
+These hosts are currently in process of being migrated to these new hosts:
-* We will know what we have installed
-* Fresh installation free of legacy
-* Upgrades will then work reliably again
+ download1
+ internal1
+ vcs2
-Further reading about the existing setup:
+Further reading about the collection, perhaps more historical now:
* [[SavannahArchitecture]] - overview of the current setup (i.e. vcs, mgt,
frontend, internal, vcs).
@@ -575,7 +563,7 @@
/root/ChangeLog : -u : savannah-hackers-private@gnu.org
/root/.ssh/authorized_keys : -u : savannah-hackers-private@gnu.org
-Host frontend0
+Host frontend1
--------------
The IPv4 address for internal0 is 208.118.235.77. It does not
@@ -589,10 +577,9 @@
auto eth0
iface eth0 inet static
- address 208.118.235.77/24
- gateway 208.118.235.1
+ address 209.51.188.72/24
+ gateway 209.51.188.1
dns-search savannah.gnu.org gnu.org
- pre-up iptables-restore < /etc/default/iptables-rules || :
Install MySQL client. In the future use MariaDB when it is available.
@@ -608,11 +595,12 @@
database = savane
chmod go-rw /root/.my.cnf
-Install Apache and PHP5. In the future this should be Nginx and PHP-FPM.
+Install Apache and PHP7. As a future direction I (Bob Proulx) would
+much prefer this to be Nginx and FPM.
apt-get install apache2 apache2-mpm-prefork
apt-get install lynx # for "apachectl status"
- apt-get install php5 php5-cli php5-fpm php5-gd php5-mysql
libapache2-mod-php5
+ apt-get install php7.0 php7.0-cli php7.0-fpm php7.0-gd php7.0-mysql
libapache2-mod-php7.0
apt-get install imagemagick gettext # used by php installation script
apt-get install passwdqc # used by php code to check password strength
apt-get install python python-pip python-dev # for future developments
@@ -619,30 +607,70 @@
apt-get install libmysqlclient-dev # for future developments
Since this is a migration I am going to take the easy documentation
-way out and say migrate the hosts from the old frontend to the new
-frontend0 without specifying them here. FIXME: Document the web
-virtual hosts better in this section.
+way out and say migrate the hosts from the old frontendX to the new
+frontendY without specifying them here.
- /etc/apache2/sites-available from frontend
+ /etc/apache2/sites-available/*.conf
-Set up the HTTP SSL certificates. The current ('old') certificates are
-wildcard SSL certificates from GANDI.NET. Copy them as-is:
+Here is a grep of the VirtualHost sites that are better documented in
+their own configuration files than here.
- /etc/ssl/private installed from frontend
+ /etc/apache2/sites-enabled/00-default-local.conf:<VirtualHost _default_:80>
+ /etc/apache2/sites-enabled/00-default-local.conf:<VirtualHost
_default_:443>
+ /etc/apache2/sites-enabled/sv-i18n-dev.conf:<VirtualHost *:80>
+ /etc/apache2/sites-enabled/sv-i18n-dev.conf: ServerName
i18n.savannah.gnu.org
+ /etc/apache2/sites-enabled/sv-i18n-dev.conf:<VirtualHost *:443>
+ /etc/apache2/sites-enabled/sv-i18n-dev.conf: ServerName
i18n.savannah.gnu.org
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf:<VirtualHost *:80>
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf: ServerName
savannah.gnu.org
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf:<VirtualHost *:80>
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf: ServerName sv.gnu.org
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf:<VirtualHost *:443>
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf: ServerName
savannah.gnu.org
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf:<VirtualHost *:443>
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf: ServerName sv.gnu.org
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf:#<VirtualHost *:443>
+ /etc/apache2/sites-enabled/vhosts-gnu.org.conf:# ServerName sv.gnu.org
+ /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:<VirtualHost *:80>
+ /etc/apache2/sites-enabled/vhosts-nongnu.org.conf: ServerName
savannah.nongnu.org
+ /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:<VirtualHost *:80>
+ /etc/apache2/sites-enabled/vhosts-nongnu.org.conf: ServerName
sv.nongnu.org
+ /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:<VirtualHost *:443>
+ /etc/apache2/sites-enabled/vhosts-nongnu.org.conf: ServerName
savannah.nongnu.org
+ /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:<VirtualHost *:443>
+ /etc/apache2/sites-enabled/vhosts-nongnu.org.conf: ServerName
sv.nongnu.org
-FIXME: Adjust the wording on this next paragraph. "Will use?"
-The new SSL certificates (e.g. for `frontend0`) will use certbot/let's-encrypt.
-See [[https]] for details about them.
+Set up the HTTP SSL certificates. We are using Let's Encrypt DV
+Domain Validation certificates. We are using the `dehydrated` client.
+ root@frontend1:~# find /etc/dehydrated/
/etc/cron.daily/renew-https-cert-local -type f -ls
+ 394555 4 -rw-r--r-- 1 root root 141 Feb 10 2020
/etc/dehydrated/config
+ 394561 4 -rw-r--r-- 1 root root 345 Feb 10 2020
/etc/dehydrated/conf.d/local.sh
+ 396695 4 -rw-r--r-- 1 root root 213 Jul 9 2020
/etc/dehydrated/domains.txt
+ 268207 8 -rwxr-xr-x 1 root root 4710 May 26 2020
/etc/cron.daily/renew-https-cert-local
+
Set up munin-node.
apt-get install munin-node
- echo 'allow ^208\.118\.235\.77$' >> /etc/munin/munin-node.conf
+ echo 'allow ^209\.51\.188\.77$' >> /etc/munin/munin-node.conf
+ echo 'allow ^2001:470:142:5::77$' >> /etc/munin/munin-node.conf
service munin-node restart
Create directories for savannah's project-submissions and tracker attachments,
-ensure the webserver can write in them:
+ensure the webserver can write in them. Place these on the NFS mount
+for shared access.
+ root@frontend1:~# ls -dl /var/lib/savane
+ lrwxrwxrwx 1 root root 23 Dec 9 2019 /var/lib/savane ->
/net/vcs/var.lib.savane
+
+ root@frontend1:~# ll -dl /var/www/submissions_uploads
+ lrwxrwxrwx 1 root root 43 Jan 7 19:17 /var/www/submissions_uploads ->
/net/vcs/var.lib.savane/submissions_uploads
+
+ root@frontend1:~# grep nfs /etc/fstab
+ nfs1:/srv/vcs /net/vcs nfs4 defaults,async,nofail
+
+For reference they were created like this but in their previous locations.
+
for i in /var/www/submissions_uploads \
/var/lib/savane/trackers_attachments ; do \
mkdir -p $i ; \
@@ -650,9 +678,6 @@
chmod g+w $i ; \
done
-FIXME: Copy the content of these directories from `frontend` to `frontend0`
-before going live. See [[MigrationChecklist]].
-
See [[FrontEndSetup]], [[FrontEndDevelopmentSite]] for details
about Apache/PHP/db configuration from the frontend's website.
@@ -659,13 +684,12 @@
See [[HowToAdminThisWiki]] for wiki-related configuration settings
on frontend0.
-FIXME: Document max client limitations and configuration here.
+We are currently using the package default values for the
+MaxRequestWorkers and MaxSpareThreads. The PHP processes for Savane
+are sufficiently light and usage not having been a problem that we
+haven't found the need to calculate the actual limits needed and have
+not set them.
-FIXME: Need to transfer and test /etc/cron.d/sv_export cronjob.
-
-FIXME: Need to increase processors, memory, and swap before production
-release.
-
Host vcs0
---------
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [429] Update frontend1 documentation,
bob <=