wiki:DevelopmentServer

Version 9 (modified by chris, 6 years ago) (diff)

--

kiwi.transitionnetwork.org

The original documentation for this server is at http://atrium.transitiontoday.org/dev/development-server the parts that still seem relevant have been copied here and updated as necessary.

The development server is kiwi.transitionnetwork.org, it's a encrypted 40G debian virtual machine with 1Gb of dedicated RAM. The encryption key can be shared with others if needs be, there is a ssh account on the physical machine that can be used to reboot and decrypt the machine. The physical server that virtual machine is running on has quad Intel Xeon 2.00GHz 64bit processors, 16Gb RAM, the host OS debian is running on a pair of mirrored 73Gb SAS disks and the virtual machines on a pair of mirrored 2Tb SATA disks.

There are remote munin stats for the server available. The stats are also available from the server itself and the server hosts munin stats for the live server, transitiontowns.gaiahost.coop.

The development server has a development, http://dev.transitionnetwork.org/, and a testing, http://test.transitionnetwork.org/, version of the live server set-up. The test, dev and live code bases are currently kept in this subversion repository but the plan is to migrate it to the Trac svn repo. To mirror LIVE's set up, there are Drupal multi-sites for the workspaces sub-site at http://workspaces.dev.transitionnetwork.org/ and http://workspaces.test.transitionnetwork.org/.

Network and DNS

The server has 3 IP addresses, but only one is currently needed, 81.95.52.78, 81.95.52.79, 81.95.52.80

SSH access

Which ever developers need ssh access can have it, and sudo if needs be, contact chris@…. When adding a new account don't forget to edit /etc/ssh/sshd_config to add the new user to AllowUsers and restart sshd.

Users can be granted sudo rights like this:

kiwi:~# adduser username sudo

/etc/sudoers is set up so that people don't need to type their passwords when sudo'ing. If users also set up ssh keys then this means that people can use very long, essentially uncrackable, passwords but never actually need to remember or use them unless they lose their local ssh key or they need to login via the consol.

live2dev

This is a script, run as root, which will update either the http://dev.transitionnetwork.org.webarch.net/ or the http://test.transitionnetwork.org.webarch.net/ sites with the last MySQL dump from the live site and also copy across backups of the uploaded files.

The script can be run interactively or my telling it which site to update on the command line, for example to update the dev site:

live2dev dev

Packages

The following packages and their dependencies have been installed using aptitude:

  • rsync
  • libapache2-mod-fastcgi
  • mysql-server
  • php5-imagick
  • php5-mysql
  • phpmyadmin
  • php-pear
  • subversion
  • php5-suhosin
  • php-apc
  • php5-mcrypt
  • php5-dev
  • libmagic-dev
  • make
  • dnsutils
  • whois
  • munin
  • libwww-perl
  • lynx
  • imagemagick
  • trac

Apache

After making any changes to the Apache configuration best do a configtest first to make sure the configuration is OK:

sudo /usr/sbin/apache2ctl configtest

And then to restart the apache server:

sudo /usr/sbin/apache2ctl restart

phpMyAdmin

The phymyadmin debian package was installed and directives from /etc/phpmyadmin/apache.conf and /etc/apache2/sites-available/default-ssl were copied into /etc/apache2/sites-available/phpmyadmin and then the VirtualServer was enabled, a2ensite phpmyadmin and apache restarted.

phpMyAdmin is available at: https://kiwi.transitionnetwork.org/phpmyadmin/

MySQL

There is a copy of the root passwd for MySQL in /root/.

The MySQL settings have been tweaked to increase memory usage, see /etc/mysql/my.cnf

MySQL users and databases were set up using the phpMyAdmin interface.

Postfix

Postfix has been installed for outgoing SMPT email, the only changes from the default configuration are related to enabling TLS and these changes are in /etc/postfix/main.cf.

Email to root is forwarded to chris@… via /root/.forward -- if anyone else needs to get a copy of the root emails then please add yourself to this file.

Backupninja

Backupninja has been installed and set up -- it's set to backup files to another server in the same rack. The main configuration file is /etc/backupninja.conf and the files containing the list of things to be backed up are in /etc/backup.d/. 60 days worth of backups are saved. It is set to backup MySQL and the following directories:

include = /etc
include = /home
include = /var
include = /home
include = /usr
include = /srv
include = /web
 
exclude = /var/run

DenyHosts

To prevent SSH brute force attacks DenyHosts has been installed -- if you make too many mistakes with your password you will be locked out! To whitelist IP addresses add them to /etc/hosts.allow -- blacklisted IP's are written to /etc/hosts.deny.

Munin

There are remote munin stats for the server available. The stats are also available from the server itself and the server hosts munin stats for the live server

The munin client has been configured via /etc/munin/munin-node.conf

Note the missing iostat graph is caused by a debian munin xen bug.

Attachments