[[PageOutline(2-5, Table of Contents, floated)]]

= Puffin =

puffin.webarch.net is a new 4GB RAM virtual server which will replace NewLiveServer and DevelopmentServer for running Drupal and is due to go live in early 2013. Other services from the old server will be migrated to PenguinServer.

It was agreed to call this server {{{puffin}}} at the ttech meeting on 22nd November 2012, see ticket:463.

The install and initial configuration of this server is being tracked on ticket:466, see also the other #migrationtickets

== Migration Tickets ==

Tickets created during the migration of the http://www.transitionnetwork.org/ site from NewLiveServer to this server:

* ticket:472 Script to copy files from NewLiveServer to puffin 
* ticket:479 Transfer live transitionnetwork.org site to Puffin 
* ticket:480 Transfer news.transitionnetwork.org to puffin 
* ticket:483 Nginx 502 Bad Gateway Errors with BOA 
* ticket:487 robots.txt files for development sites 

== Console Access ==

There is a Xen shell available for console access, see wiki:XenShell.

== Barracuda Octopus Ageir ==

The plan is to use [https://drupal.org/project/octopus Octopus] to manage [http://community.aegirproject.org/ Ageir] and also the upgrades to the Transition Network Drupal site, this system is installed and upgraded using [https://drupal.org/project/barracuda Barracuda], the Barracuda Octopus Aegir combination is documented on the [http://groups.drupal.org/node/163784 BOA wiki].

The BOA install script output has been saved on ticket:466#comment:22

=== Upgrading BOA ===

The steps are documented in [http://drupalcode.org/project/barracuda.git/blob/HEAD:/docs/UPGRADE.txt UPGRADE.txt], see an example of running an upgrade on ticket:466#comment:25

To upgrade everything run these commands, this process can take around 30mins:

{{{
wget -q -U iCab http://files.aegir.cc/BOA.sh.txt
bash BOA.sh.txt
barracuda up-stable
octopus up-stable all
}}}

=== CSF / LDF ===

BOA installs [http://configserver.com/cp/csf.html CSF / LDF] and automatically blocks IP addresses after too many failed SSH login attempts, if someone is blocked who shouldn't be then they can be unblocked like this:

{{{
csf -dr 12.34.56.78
}}}

To check if a IP address is blocked:

{{{
csf -g 12.34.56.78
}}}

=== CGP & Collectd system monitor ===

The [http://collectd.org/ Collectd system statistics collection daemon] is installed, and the CGP (PHP-based graphing and reports tool) is installed with it. The graphs generated are available at: http://cgp.master.puffin.webarch.net/


== Backupninja ==

backupninja has been installed and configured to backup to another server in the Sheffield colo, three backup tasks have been configured in {{{/etc/backup.d/}}}, {{{10.sys}}} which does backups of system settings, like all the packages installed, {{{20.mysql}}} which dumps all the mysql databases into {{{/var/backups/mysql}}} and uses {{{/etc/mysql/debian.cnf}}} for authentication and finally {{{90.rdiff}}} which is set to backup all these directories:

{{{
include = /var/spool/cron/crontabs
include = /var/backups
include = /var/aegir
include = /etc
include = /root
include = /home
include = /usr/local/
include = /var/lib/dpkg/status*
include = /opt
include = /srv
include = /data
exclude = /home/*/.gnupg
exclude = /home/*/.local/share/Trash
exclude = /home/*/.Trash
exclude = /home/*/.thumbnails
exclude = /home/*/.beagle
exclude = /home/*/.aMule
exclude = /home/*/gtk-gnutella-downloads
exclude = /var/cache/backupninja/duplicity
}}}

== Postfix ==

Two changes were made the the default postfix install, it was set to send root emails out, see ticket:466#comment:23 and it was configured to use TLS with the transition network cert, see ticket:466#comment:25.

== Nginx ==

The only changes made to the default nginx configuration was to move the key and cert it was using out of the way and symlink to the *.transitionnetwork.org ones, see ticket:466#comment:25.

== Handy commands ==

There are some Bash aliases to quickly get around the system added by JK...

For {{{root}}}:
{{{
alias cdtn='cd /data/disk/tn/' # cd to tn directory
alias totn='su -s /bin/bash tn' # log into the tn user

# show file usages
alias duf='du -sk * | sort -n | perl -ne '\''($s,$f)=split(m{\t});for (qw(K M G)) {if($s<1024) {printf("%.1f",$s);print "$_\t$f"; last};$s=$s/1024}'\'
}}}

For {{{tn}}}
{{{
alias la='ls -Al --color=auto'
alias lc='ls -ltcr --color=auto'
alias lk='ls -lSr --color=auto'
alias ll='ls -la --group-directories-first --color=auto'
alias lr='ls -lR --color=auto'
alias ls='ls -hF --color=auto'
alias lt='ls -ltr --color=auto'
alias lu='ls -ltur --color=auto'
alias lx='ls -lXB --color=auto'
}}}

=== Vim config ===

To make vim the default editor for root the following was added to {{{/root/.bashrc}}}:

{{{
export EDITOR="vim"
}}}

To make config files nicer to read in vim the following was added to {{{/root/.vimrc}}}:

{{{
syntax on
}}}

And a {{{/root/.vim/filetype.vim}}} files was created with the following in it:

{{{
au BufRead,BufNewFile /etc/mysql/my.cnf, set ft=mycnf
autocmd BufRead,BufNewFile /etc/php5/fpm/* set syntax=dosini
autocmd BufRead,BufNewFile /opt/local/etc/php53-fpm.conf set syntax=dosini
}}}

And a {{{/root/.vim/syntax/}}} directory was created and {{{mycnf.vim}}} was created in it by downloading it from http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/vim-syntax-mycnf/