[Savannah-cvs] [429] Update frontend1 documentation

savannah-cvs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [429] Update frontend1 documentation

From:	bob
Subject:	[Savannah-cvs] [429] Update frontend1 documentation
Date:	Thu, 7 Jan 2021 19:31:56 -0500 (EST)
Revision: 429
          
http://svn.savannah.gnu.org/viewvc/?view=rev&root=administration&revision=429
Author:   rwp
Date:     2021-01-07 19:31:54 -0500 (Thu, 07 Jan 2021)
Log Message:
-----------
Update frontend1 documentation

Modified Paths:
--------------
    trunk/sviki/SavannahHosts.mdwn

Modified: trunk/sviki/SavannahHosts.mdwn
===================================================================
--- trunk/sviki/SavannahHosts.mdwn      2021-01-07 22:13:14 UTC (rev 428)
+++ trunk/sviki/SavannahHosts.mdwn      2021-01-08 00:31:54 UTC (rev 429)
@@ -3,32 +3,20 @@
 
 The current hosts are:
 
-    download
-    frontend
-    internal
-    mgt
-    vcs
-
-These are being migrated to new hosts:
-
     download0
-    frontend0
+    frontend1
     internal0
     mgt0
     vcs0
+    vcs1
 
-There have been many years of incomplete cleanup and agressive
-installation over the top of the system.  This has left the system in
-a problematic state.  Many programs have a packaged version installed
-with a locally modified version installed on top of it.  On two of the
-systems the kernels no longer upgrade cleanly.  By migrating onto
-freshly installed systems we gain several benefits.
+These hosts are currently in process of being migrated to these new hosts:
 
-* We will know what we have installed
-* Fresh installation free of legacy
-* Upgrades will then work reliably again
+    download1
+    internal1
+    vcs2
 
-Further reading about the existing setup:
+Further reading about the collection, perhaps more historical now:
 
 * [[SavannahArchitecture]] - overview of the current setup (i.e. vcs, mgt,
   frontend, internal, vcs).
@@ -575,7 +563,7 @@
     /root/ChangeLog : -u : savannah-hackers-private@gnu.org
     /root/.ssh/authorized_keys : -u : savannah-hackers-private@gnu.org
 
-Host frontend0
+Host frontend1
 --------------
 
 The IPv4 address for internal0 is 208.118.235.77.  It does not
@@ -589,10 +577,9 @@
 
     auto eth0
     iface eth0 inet static
-      address 208.118.235.77/24
-      gateway 208.118.235.1
+      address 209.51.188.72/24
+      gateway 209.51.188.1
       dns-search savannah.gnu.org gnu.org
-      pre-up iptables-restore < /etc/default/iptables-rules || :
 
 Install MySQL client.  In the future use MariaDB when it is available.
 
@@ -608,11 +595,12 @@
       database        = savane
     chmod go-rw /root/.my.cnf
 
-Install Apache and PHP5.  In the future this should be Nginx and PHP-FPM.
+Install Apache and PHP7.  As a future direction I (Bob Proulx) would
+much prefer this to be Nginx and FPM.
 
     apt-get install apache2 apache2-mpm-prefork
     apt-get install lynx  # for "apachectl status"
-    apt-get install php5 php5-cli php5-fpm php5-gd php5-mysql 
libapache2-mod-php5
+    apt-get install php7.0 php7.0-cli php7.0-fpm php7.0-gd php7.0-mysql 
libapache2-mod-php7.0
     apt-get install imagemagick gettext # used by php installation script
     apt-get install passwdqc # used by php code to check password strength
     apt-get install python python-pip python-dev # for future developments
@@ -619,30 +607,70 @@
     apt-get install libmysqlclient-dev # for future developments
 
 Since this is a migration I am going to take the easy documentation
-way out and say migrate the hosts from the old frontend to the new
-frontend0 without specifying them here.  FIXME: Document the web
-virtual hosts better in this section.
+way out and say migrate the hosts from the old frontendX to the new
+frontendY without specifying them here.
 
-    /etc/apache2/sites-available from frontend
+    /etc/apache2/sites-available/*.conf
 
-Set up the HTTP SSL certificates. The current ('old') certificates are
-wildcard SSL certificates from GANDI.NET. Copy them as-is:
+Here is a grep of the VirtualHost sites that are better documented in
+their own configuration files than here.
 
-    /etc/ssl/private installed from frontend
+    /etc/apache2/sites-enabled/00-default-local.conf:<VirtualHost _default_:80>
+    /etc/apache2/sites-enabled/00-default-local.conf:<VirtualHost 
_default_:443>
+    /etc/apache2/sites-enabled/sv-i18n-dev.conf:<VirtualHost *:80>
+    /etc/apache2/sites-enabled/sv-i18n-dev.conf:  ServerName   
i18n.savannah.gnu.org
+    /etc/apache2/sites-enabled/sv-i18n-dev.conf:<VirtualHost *:443>
+    /etc/apache2/sites-enabled/sv-i18n-dev.conf:  ServerName  
i18n.savannah.gnu.org
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:<VirtualHost *:80>
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:  ServerName 
savannah.gnu.org
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:<VirtualHost *:80>
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:  ServerName sv.gnu.org
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:<VirtualHost *:443>
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:  ServerName 
savannah.gnu.org
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:<VirtualHost *:443>
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:  ServerName sv.gnu.org
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:#<VirtualHost *:443>
+    /etc/apache2/sites-enabled/vhosts-gnu.org.conf:#  ServerName sv.gnu.org
+    /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:<VirtualHost *:80>
+    /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:  ServerName 
savannah.nongnu.org
+    /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:<VirtualHost *:80>
+    /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:  ServerName 
sv.nongnu.org
+    /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:<VirtualHost *:443>
+    /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:  ServerName 
savannah.nongnu.org
+    /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:<VirtualHost *:443>
+    /etc/apache2/sites-enabled/vhosts-nongnu.org.conf:  ServerName 
sv.nongnu.org
 
-FIXME: Adjust the wording on this next paragraph.  "Will use?"
-The new SSL certificates (e.g. for `frontend0`) will use certbot/let's-encrypt.
-See [[https]] for details about them.
+Set up the HTTP SSL certificates.  We are using Let's Encrypt DV
+Domain Validation certificates.  We are using the `dehydrated` client.
 
+    root@frontend1:~# find /etc/dehydrated/ 
/etc/cron.daily/renew-https-cert-local -type f -ls
+       394555      4 -rw-r--r--   1 root     root          141 Feb 10  2020 
/etc/dehydrated/config
+       394561      4 -rw-r--r--   1 root     root          345 Feb 10  2020 
/etc/dehydrated/conf.d/local.sh
+       396695      4 -rw-r--r--   1 root     root          213 Jul  9  2020 
/etc/dehydrated/domains.txt
+       268207      8 -rwxr-xr-x   1 root     root         4710 May 26  2020 
/etc/cron.daily/renew-https-cert-local
+
 Set up munin-node.
 
     apt-get install munin-node
-    echo 'allow ^208\.118\.235\.77$' >> /etc/munin/munin-node.conf
+    echo 'allow ^209\.51\.188\.77$' >> /etc/munin/munin-node.conf
+    echo 'allow ^2001:470:142:5::77$' >> /etc/munin/munin-node.conf
     service munin-node restart
 
 Create directories for savannah's project-submissions and tracker attachments,
-ensure the webserver can write in them:
+ensure the webserver can write in them.  Place these on the NFS mount
+for shared access.
 
+    root@frontend1:~# ls -dl /var/lib/savane
+    lrwxrwxrwx 1 root root 23 Dec  9  2019 /var/lib/savane -> 
/net/vcs/var.lib.savane
+
+    root@frontend1:~# ll -dl /var/www/submissions_uploads
+    lrwxrwxrwx 1 root root 43 Jan  7 19:17 /var/www/submissions_uploads -> 
/net/vcs/var.lib.savane/submissions_uploads
+
+    root@frontend1:~# grep nfs /etc/fstab
+    nfs1:/srv/vcs  /net/vcs nfs4  defaults,async,nofail
+
+For reference they were created like this but in their previous locations.
+
    for i in /var/www/submissions_uploads \
             /var/lib/savane/trackers_attachments ; do \
      mkdir -p $i ; \
@@ -650,9 +678,6 @@
      chmod g+w $i ; \
    done
 
-FIXME: Copy the content of these directories from `frontend` to `frontend0`
-before going live. See [[MigrationChecklist]].
-
 See [[FrontEndSetup]], [[FrontEndDevelopmentSite]] for details
 about Apache/PHP/db configuration from the frontend's website.
 
@@ -659,13 +684,12 @@
 See [[HowToAdminThisWiki]] for wiki-related configuration settings
 on frontend0.
 
-FIXME: Document max client limitations and configuration here.
+We are currently using the package default values for the
+MaxRequestWorkers and MaxSpareThreads.  The PHP processes for Savane
+are sufficiently light and usage not having been a problem that we
+haven't found the need to calculate the actual limits needed and have
+not set them.
 
-FIXME: Need to transfer and test /etc/cron.d/sv_export cronjob.
-
-FIXME: Need to increase processors, memory, and swap before production
-release.
-
 Host vcs0
 ---------
[Prev in Thread]
Current Thread
[Next in Thread]
[Savannah-cvs] [429] Update frontend1 documentation, bob <=
Prev by Date: [Savannah-cvs] [428] Tweak up user auth documentation
Next by Date: [Savannah-cvs] [430] Record request for taviso.
Previous by thread: [Savannah-cvs] [428] Tweak up user auth documentation
Next by thread: [Savannah-cvs] [430] Record request for taviso.
Index(es):
- Date
- Thread