[[PageOutline(2-5, Table of Contents, floated)]]

= Parrot =

parrot.webarch.net is a 3GB RAM, 4 CPU core (AMD Opteron(tm) Processor 6128), with 10GB root, 9GB `/home` and 1GB swap disk partitions which are BSD ZFS partitions, network mounted via NFS, with a 60GB monthly data allowance, running Debian Wheezy, Xen virtual server, supplied by [https://www.webarch.net/virtual-servers Webarchitects Co-operative (VPS 1 + 2GB RAM)] which is running Transition Network WordPress sites. It has the [https://webarch.net/docs/wsh Webarch Secure Hosting] scripts installed. 

The install and initial configuration of this server was tracked on ticket:537.

The server was upgraded from Squeeze to Wheezy on ticket:535#ParrotWheezyUpgrade in December 2013.

== Websites ==

See WordPress#WordPressSites for a list of sites on the server and links to documentation for each site.

== SFTP Access ==

When a new WordPress site is added to the server a email is sent containing the SFTP username and password. The directory structure that you see when you login is as follows:

{{{
/home/username
              /logs     <- access and error logs, rotated daily, kept for 28 days
              /private  <- a place to keep private data, for example .htpasswd files
              /sites
                    /default <- the DocumentRoot for the default site 
                                (additional sites can be added)
              /tmp      <- the temp directory for the site
}}}

If you don't have a SFTP client then https://filezilla-project.org/ is suggested as it's free and available for most platforms. See the install and connection documentation, https://wiki.filezilla-project.org/Client_Installation and the https://wiki.filezilla-project.org/Using#Connecting_to_an_FTP_server you can access the server at this address on '''port 22''':

* sftp://parrot.transitionnetwork.org/

== Phpmyadmin Access ==

You can get access to the database, download backups and also change your password via https://parrot.transitionetwork.org/phpmyadmin using the same username and password as you have for SFTP.

== Munin Stats ==

There are munin stats for the server available here

* https://penguin.transitionnetwork.org/munin/transitionnetwork.org/parrot.transitionnetwork.org/

== Adding a New WordPress Site ==

The server has been set up with the Webarch Secure Hosting scripts, see http://webarch.net/docs/wsh for some documentation of this.

To add a site run the {{{curses-create-user}}} script as root:

{{{
sudo -i
curses-create-user
}}}

The curses interface can be navigated using tab, arrow keys and the space bar on your keyboard.

This will ask you for the following things:

* '''Create a new user''' -- enter the username for SFTP / MySQL and the WordPress admin, this should be short and made up of lowercase letters and numbers
* '''Select product''' -- pick ''' 5  medium+wordpress''' and this will create the site, database and install WordPress
* '''Users email address''' -- enter the email address that the SFTP, MySQL and WordPress login details are to be sent to

This will create a site with a http://username.parrot.transitionnetwork.org/ address which is fine for developing the site, when it needs to be accessed from another domain name there are two steps to complete:

=== Adding a domain to a site ===

To do this edit the {{{/root/webarch/accounts/sites.txt}}} file and add the domain(s) as aliases and run {{{buildapache username}}}, their '''username''' is the username for the site, for example:

{{{
sudo -i
vim /root/webarch/accounts/sites.txt
buildapache username
}}}

This is what the file looks like:

{{{
# File format "username" "sites subdir" "ServerName" "ServerAliases"
# note ServerAliases are comma delimited.
#
#Example
#aed foo foo.example.com www.foo.example.com,foo.example.org
movie default movie.parrot.webarch.net movie.parrot.transitionnetwork.org,intransitionmovie.com,www.intransitionmovie.com,intransitionmovie.org,www.intransitionmovie.org,transitionmovie.org,www.transitionmovie.org
}}}

See also http://webarch.net/docs/wsh#buildapache

=== Changing the default domain of a site ===

WordPress will redirect all requests to a single domain, this is set on the '''Settings -> General''' page at {{{/wp-admin/options-general.php}}} using the '''WordPress Address (URL)''' field.

To change this address you need to add the following to {{{wp-config.php}}} after the "define" statements (just before the comment line that says "That's all, stop editing!"): 

{{{
define('RELOCATE',true);
}}}

Then update the DNS and visit the site at the correct URl, login and then remove the above from {{{wp-config.php}}}. For more information on this see https://codex.wordpress.org/Changing_The_Site_URL#Relocate_method

== Maintaining WordPress sites ==

This can be done using the {{{wp}}} command line tool.

For site specific notes on maintenance see the page for each site listed on WordPress#WordPressSites

=== wp ===

The server has the http://wp-cli.org/ script installed, this makes it very easy to maintain the sites and do things like installing, activating, deactivating and uninstalling plugins and adding and removing user accounts.

==== wp commands ====
For example:

{{{
sudo -i
su-user su-user recon
cd ~/sites/default/
wp help
Available commands:
    wp backup 
    wp cache add|decr|delete|flush|get|incr|replace|set|type
    wp cap add|list|remove
    wp comment approve|count|create|delete|last|spam|status|trash|unapprove|unspam|untrash
    wp core config|download|install|install-network|is-installed|update|update-db|version
    wp db connect|create|drop|export|import|optimize|query|repair|reset
    wp eval 
    wp eval-file 
    wp export 
    wp help 
    wp home 
    wp option add|delete|get|update
    wp plugin activate|deactivate|delete|install|path|status|toggle|uninstall|update|update-all
    wp post create|delete|edit|generate|list|update
    wp post-meta add|delete|get|update
    wp rewrite dump|flush|structure
    wp scaffold _s|plugin|post-type|taxonomy
    wp search-replace 
    wp shell 
    wp term create|delete|list|update
    wp theme activate|delete|install|path|status|update|update-all
    wp transient delete|get|set|type
    wp user add-role|create|delete|generate|import-csv|list|remove-role|set-role|update
    wp user-meta add|delete|get|update

See 'wp help <command>' for more information on a specific command.

Global parameters:
    --config=<path>     Path to the wp-cli config file
    --path=<path>       Path to the WordPress files
    --url=<url>         Pretend request came from given URL
    --user=<id|login>   Set the WordPress user
    --require=<path>    Load given PHP file before running the command
    --color/--no-color  Whether to colozire the output
    --debug             Show all PHP errors
    --quiet             Suppress informational messages
}}}

==== use wp to list administrators ====

You can use wp to find the admins of a site, for example:

{{{
su-user movie
cd ~/sites/default
wp user list | grep administrator
}}}

== Updates ==

All systems updates are recorded on ticket:218.

There is a script in {{{/usr/local/bin}}} called {{{a-up}}} which can be used to update the system via aptitude, the advantage of using this script is that it writes things that are changed to the {{{/root/Changelog}}} and the time spent doing the updates can then be reported via ticket:218, see AptitudeUpdateScript for a copy of {{{a-up}}} and the {{{logchange}}} script it uses to update the {{{Changelog}}}. 

== Tickets ==

Current Parrot tickets:

[[TicketQuery(status=accepted|new|assigned|reopened&component=Parrot server,order=id,desc=1,format=table,col=summary|owner|reporter)]]

Closed Parrot tickets: 

[[TicketQuery(status=closed&component=Parrot server,order=id,desc=1,format=table,col=summary|owner|reporter)]]

== tmp files ==

Each user has their own {{{~/tmp/}}} directory and for sites which generate session files it's important to add their tmp directory to the list in {{{/etc/tmpreaper.conf}}} so that files older than 1 day are deleted to save the machine from running out of inodes, see ticket:583 and ticket:696:

{{{
TMPREAPER_DIRS='/home/reconomy/tmp/. /home/tc/tmp/.  /home/ttt/tmp/. /home/ts/tmp.'
}}}

== SSL Certs ==

There is a ticket regarding what do to for HTTPS for the server ticket:540.

The server has a copy of the *.transitionnetwork.org wild card certificate installed and this is used for https://parrot.transitionnetwork.org/ 

The server also has a dedicated IP address for the https://intransitionmovie.com/ site and SSL certificate.

All the other sites use a free http://cacert.org/ certificate, see ticket:540#comment:1 for a list of domains. To get rid of the security warnings that you will get if you don't have the CAcert root installed you need to install the root cert from http://www.cacert.org/index.php?id=3 to do this using Windows simply click http://www.cacert.org/certs/CAcert_Root_Certificates.msi and for Firefox and Chrome click https://www.cacert.org/certs/root.crt

== Console and SSH Access ==

There is a Xen shell available for console access, see wiki:XenShell.

For developers and sysadmins there is SSH access, contact [mailto:chris@webarchitects.co.uk chris@webarchitects.co.uk] if you need an account creating.

The server is also running [http://mosh.mit.edu/ Mosh : the mobile shell] which is very handy when you internet connection is poor, for example on a train. Mosh was installed on ticket:673.

== Backups ==

The server is running backupninja, the config files for this are in {{{/etc/backup.d/}}}, {{{/etc/backup.d/20.mysql}}} which dumps all the MySQL databases to {{{/var/backups/mysql}}}.

17th November 2013 we switched the servers filesystem to a ZFS server on the network and filesystem backups are now done via ZFS snapshots so the rsync backup was disabled, see ticket:535#comment:22 however these backups are not available to anyone apart from the Webarchitects sysadmin so on 23rd July 2014 on ticket:763 additional backups were set up, these are done via {{{/usr/local/bin/agile-backup}}}, see AgileBackup and people who have had their ssh public keys added can access these backups via SFTP:

{{{
sftp tn-parrot@store1.webarch.net
}}}

The latest backups are in {{{parrot.webarch.net}}} and 60 days worth of snapshots are in {{{~/.zfs/}}}, you can mount these backups locally, for example on Debian:

{{{
aptitude install sshfs
mkdir -p /media/tn-parrot
chmod 700 /media/tn-parrot/
mkdir /media/tn-parrot/latest
mkdir /media/tn-parrot/archive
echo "sshfs#tn-parrot@store1.webarch.net:parrot /media/tn-parrot/latest fuse ro,nobootwait 0 0" >> /etc/fstab
echo "sshfs#tn-parrot@store1.webarch.net::.zfs/snapshot /media/tn-parrot/archive fuse ro 0,nobootwait 0" >> /etc/fstab
mount -a
}}}