Version 10 (modified by chris, 6 years ago) (diff) |
---|
Table of Contents
kiwi.transitionnetwork.org
The original documentation for this server is at http://atrium.transitiontoday.org/dev/development-server the parts that still seem relevant have been copied here and updated as necessary.
The development server is kiwi.transitionnetwork.org, it's a encrypted 40G debian virtual machine with 1Gb of dedicated RAM. The encryption key can be shared with others if needs be, there is a ssh account on the physical machine that can be used to reboot and decrypt the machine. The physical server that virtual machine is running on has quad Intel Xeon 2.00GHz 64bit processors, 16Gb RAM, the host OS debian is running on a pair of mirrored 73Gb SAS disks and the virtual machines on a pair of mirrored 2Tb SATA disks.
There are remote munin stats for the server available. The stats are also available from the server itself and the server hosts munin stats for the live server, transitiontowns.gaiahost.coop.
The development server has a development, http://dev.transitionnetwork.org/, and a testing, http://test.transitionnetwork.org/, version of the live server set-up. The test, dev and live code bases are currently kept in this subversion repository but the plan is to migrate it to the Trac svn repo. To mirror LIVE's set up, there are Drupal multi-sites for the workspaces sub-site at http://workspaces.dev.transitionnetwork.org/ and http://workspaces.test.transitionnetwork.org/.
Network and DNS
The server has 3 IP addresses, but only one is currently needed, 81.95.52.78, 81.95.52.79, 81.95.52.80
SSH access
Which ever developers need ssh access can have it, and sudo if needs be, contact chris@…. When adding a new account don't forget to edit /etc/ssh/sshd_config to add the new user to AllowUsers and restart sshd.
Users can be granted sudo rights like this:
kiwi:~# adduser username sudo
/etc/sudoers is set up so that people don't need to type their passwords when sudo'ing. If users also set up ssh keys then this means that people can use very long, essentially uncrackable, passwords but never actually need to remember or use them unless they lose their local ssh key or they need to login via the consol.
live2dev
This is a script, run as root, which will update either the http://dev.transitionnetwork.org.webarch.net/ or the http://test.transitionnetwork.org.webarch.net/ sites with the last MySQL dump from the live site and also copy across backups of the uploaded files.
The script can be run interactively or my telling it which site to update on the command line, for example to update the dev site:
kiwi:~# live2dev dev
Packages
The following packages and their dependencies have been installed using aptitude:
- rsync
- libapache2-mod-fastcgi
- mysql-server
- php5-imagick
- php5-mysql
- phpmyadmin
- php-pear
- subversion
- php5-suhosin
- php-apc
- php5-mcrypt
- php5-dev
- libmagic-dev
- make
- dnsutils
- whois
- munin
- libwww-perl
- lynx
- imagemagick
- trac
Apache
After making any changes to the Apache configuration best do a configtest first to make sure the configuration is OK:
sudo /usr/sbin/apache2ctl configtest
And then to restart the apache server:
sudo /usr/sbin/apache2ctl restart
phpMyAdmin
The phymyadmin debian package was installed and directives from /etc/phpmyadmin/apache.conf and /etc/apache2/sites-available/default-ssl were copied into /etc/apache2/sites-available/phpmyadmin and then the VirtualServer was enabled, a2ensite phpmyadmin and apache restarted.
phpMyAdmin is available at: https://kiwi.transitionnetwork.org/phpmyadmin/
MySQL
There is a copy of the root passwd for MySQL in /root/.
The MySQL settings have been tweaked to increase memory usage, see /etc/mysql/my.cnf
MySQL users and databases were set up using the phpMyAdmin interface.
Postfix
Postfix has been installed for outgoing SMPT email, the only changes from the default configuration are related to enabling TLS and these changes are in /etc/postfix/main.cf.
Email to root is forwarded to chris@… via /root/.forward -- if anyone else needs to get a copy of the root emails then please add yourself to this file.
Backupninja
Backupninja has been installed and set up -- it's set to backup files to another server in the same rack. The main configuration file is /etc/backupninja.conf and the files containing the list of things to be backed up are in /etc/backup.d/. 60 days worth of backups are saved. It is set to backup MySQL and the following directories:
include = /etc include = /home include = /var include = /home include = /usr include = /srv include = /web exclude = /var/run
DenyHosts
To prevent SSH brute force attacks DenyHosts has been installed -- if you make too many mistakes with your password you will be locked out! To whitelist IP addresses add them to /etc/hosts.allow -- blacklisted IP's are written to /etc/hosts.deny.
Munin
There are remote munin stats for the server available. The stats are also available from the server itself and the server hosts munin stats for the live server
The munin client has been configured via /etc/munin/munin-node.conf
Note the missing iostat graph is caused by a debian munin xen bug.
Attachments
- serialize.php (262 bytes) - added by chris 6 years ago.
- serialize.sh (67 bytes) - added by chris 6 years ago.
- wiki-live2dev (842 bytes) - added by chris 6 years ago.
- mediawiki-upgrade (2.4 KB) - added by chris 6 years ago.
- live2dev (6.4 KB) - added by chris 5 years ago.