[[PageOutline(2-9, Table of Contents)]]
= kiwi.transitionnetwork.org =

The original documentation for this server is at http://atrium.transitiontoday.org/dev/development-server the parts that still seem relevant have been copied here and updated as necessary.

The development server is [http://kiwi.transitionnetwork.org/ kiwi.transitionnetwork.org], it's a encrypted 40G debian virtual machine with 1Gb of dedicated RAM. The encryption key can be shared with others if needs be, there is a ssh account on the physical machine that can be used to reboot and decrypt the machine. The physical server that virtual machine is running on has quad Intel Xeon 2.00GHz 64bit processors, 16Gb RAM, the host OS debian is running on a pair of mirrored 73Gb SAS disks and the virtual machines on a pair of mirrored 2Tb SATA disks.

There are [http://nsa.rat.burntout.org/munin/webarch.net/kiwi.webarch.net.html remote munin stats] for the server available. The stats are also [https://kiwi.transitionnetwork.org/munin/webarch.net/kiwi.webarch.net.html available from the server itself] and the server hosts [https://kiwi.transitionnetwork.org/munin/gaiahost.coop/transitiontowns.gaiahost.coop.html munin stats for the live server], transitiontowns.gaiahost.coop.

The development server has a development, http://dev.transitionnetwork.org/, and a testing, http://test.transitionnetwork.org/, version of the live server set-up. The test, dev and live code bases are currently kept in [https://svn.webarch.net/transition/ this subversion repository] but the plan is to migrate it to the [https://tech.transitionnetwork.org/svn/ Trac svn repo]. To mirror LIVE's set up, there are Drupal multi-sites for the workspaces sub-site at http://workspaces.dev.transitionnetwork.org/ and http://workspaces.test.transitionnetwork.org/.

== Network and DNS ==

The server has 3 IP addresses, but only one is currently needed, 81.95.52.78, 81.95.52.79, 81.95.52.80

== SSH access ==

Which ever developers need ssh access can have it, and sudo if needs be, contact chris@webarchitects.co.uk. When adding a new account don't forget to edit /etc/ssh/sshd_config to add the new user to !AllowUsers and restart sshd.

Users can be granted sudo rights like this:
{{{
kiwi:~# adduser username sudo
}}}
/etc/sudoers is set up so that people don't need to type their passwords when sudo'ing. If users also set up ssh keys then this means that people can use very long, essentially uncrackable, passwords but never actually need to remember or use them unless they lose their local ssh key or they need to login via the consol.

== live2dev ==

This is a script, run as root, which will update either the http://dev.transitionnetwork.org.webarch.net/ or the http://test.transitionnetwork.org.webarch.net/ sites with the last MySQL dump from the live site and also copy across backups of the uploaded files.

The script can be run interactively or my telling it which site to update on the command line, for example to update the dev site:

{{{
kiwi:~# live2dev dev
}}}

This script was sorted out via ticket:124 and the email settings via ticket:136.

== Mediawiki ==

There is a development copy of the http://wiki.transitionnetwork.org/ site at http://wiki.dev.transitionnetwork.org/Main_Page which is running on kiwi.transitionnetwork.org it is installed in /web/wiki.dev.transitionnetwork.org/www and the apache !VirtualHost is configured in /etc/apache2/sites-available/wiki.dev.transitionnetwork.org

To upgrade the site to the latest version of Mediawiki, from http://www.mediawiki.org/wiki/Download you could follow the instructions from http://www.mediawiki.org/wiki/Upgrade or use the '''mediawiki-upgrade''' script which takes the latest version of Mediawiki as an argument on the command line and then does everything for you:

{{{
mediawiki-upgrade 1.16.0
}}}

== Packages ==

The following packages and their dependencies have been installed using aptitude:

    * rsync
    * libapache2-mod-fastcgi
    * mysql-server
    * php5-imagick
    * php5-mysql
    * phpmyadmin
    * php-pear
    * subversion
    * php5-suhosin
    * php-apc
    * php5-mcrypt
    * php5-dev
    * libmagic-dev
    * make
    * dnsutils
    * whois
    * munin
    * libwww-perl
    * lynx
    * imagemagick
    * trac

== Apache ==

After making any changes to the Apache configuration best do a configtest first to make sure the configuration is OK:
{{{
sudo /usr/sbin/apache2ctl configtest
}}}
And then to restart the apache server:
{{{
sudo /usr/sbin/apache2ctl restart
}}}

== phpMyAdmin ==

The phymyadmin debian package was installed and directives from /etc/phpmyadmin/apache.conf and /etc/apache2/sites-available/default-ssl were copied into /etc/apache2/sites-available/phpmyadmin and then the !VirtualServer was enabled, a2ensite phpmyadmin and apache restarted.

phpMyAdmin is available at: https://kiwi.transitionnetwork.org/phpmyadmin/

== MySQL ==

There is a copy of the root passwd for MySQL in /root/.

The MySQL settings have been tweaked to increase memory usage, see /etc/mysql/my.cnf

MySQL users and databases were set up using the phpMyAdmin interface.

== Postfix ==

Postfix has been installed for outgoing SMPT email, the only changes from the default configuration are related to enabling TLS and these changes are in /etc/postfix/main.cf.

Email to root is forwarded to chris@webarchitects.co.uk via /root/.forward -- if anyone else needs to get a copy of the root emails then please add yourself to this file.

== Backupninja ==

[https://labs.riseup.net/code/projects/show/backupninja/ Backupninja] has been installed and set up -- it's set to backup files to another server in the same rack. The main configuration file is /etc/backupninja.conf and the files containing the list of things to be backed up are in /etc/backup.d/. 60 days worth of backups are saved. It is set to backup MySQL and the following directories:
{{{
include = /etc
include = /home
include = /var
include = /home
include = /usr
include = /srv
include = /web
 
exclude = /var/run
}}}

== Mysql Backup ==

A MySQL Backup script from http://worldcommunitypress.com/opensource/mysql-backup is installed in /usr/local/bin and it's set to create backups in /var/backups/mysql/

It needs the libmime-lite-perl debian package to be installed.

== !DenyHosts ==

To prevent SSH brute force attacks [http://denyhosts.sourceforge.net/ DenyHosts] has been installed -- if you make too many mistakes with your password you will be locked out! To whitelist IP addresses add them to /etc/hosts.allow -- blacklisted IP's are written to /etc/hosts.deny. 

== Munin ==

There are [http://nsa.rat.burntout.org/munin/webarch.net/kiwi.webarch.net.html remote munin stats] for the server available. The stats are also [https://kiwi.transitionnetwork.org/munin/webarch.net/kiwi.webarch.net.html available from the server itself] and the server hosts [https://kiwi.transitionnetwork.org/munin/gaiahost.coop/transitiontowns.gaiahost.coop.html munin stats for the live server]

The munin client has been configured via /etc/munin/munin-node.conf

Note the [https://kiwi.transitionnetwork.org/munin/localdomain/localhost.localdomain-iostat.html missing iostat graph] is caused by [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552034 a debian munin xen bug].