Ams

De Admin -- TALEVAS.

(Différences entre les versions)

Aller à : Navigation, rechercher

Version actuelle en date du 28 octobre 2012 à 17:42

Sommaire

1 Admin
- 1.1 Installation
- 1.2 backups
2 Frontaux
3 Databases
- 3.1 Procédure de bascule

Admin

admin.prod.allmyski.info

newaliases

Installation

lvcreate -L10G -ngit vg
mkfs.ext3 /dev/mapper/vg-git
mkdir /home/config
echo "/dev/mapper/vg-git    /home/config  ext3    defaults        0       0" >> /etc/fstab
mount /home/config
lvcreate -L 100G -nfrontlog vg
mkfs.ext3 /dev/mapper/vg-frontlog
mkdir /home/log
echo "/dev/mapper/vg-frontlog    /home/log  ext3    defaults        0       0" >> /etc/fstab
mount /home/log
lvcreate -L 100G -nbackup vg
mkfs.ext3 /dev/mapper/vg-backup
mkdir /home/backup
echo "/dev/mapper/vg-backup    /home/backup  ext3    defaults        0       0" >> /etc/fstab
mount /home/backup
rm -rf /home/backup/lost*
rm -rf /home/log/lost*
rm -rf /home/config/lost*
rm -rf /home/lost*
rm -rf /tmp/lost*

apt-get update
apt-get install tree htop zip openntpd git-core proftpd rsnapshot

apt-get install -yq openvpn

http://doc.ubuntu-fr.org/openvpn

git config --global user.name "Damien"
git config --global user.email "damien@talevas.com"
git config --global core.autocrlf input
git config --global core.safecrlf true

backups

Tout les jours à 3h30 on récupère le contenu de /var/www/upload dans /home/backup/. Toutes les semaines (le Lundi à 4h ) on archive une version.

mkdir /home/backup/front/
cat /etc/cron.d/rsnapshot
# This is a sample cron file for rsnapshot.
# The values used correspond to the examples in /etc/rsnapshot.conf.
# There you can also set the backup points and many other things.
#
# To activate this cron file you have to uncomment the lines below.
# Feel free to adapt it to your needs.

30 3   * * *           root    /usr/bin/rsnapshot -c /etc/rsnapshot-front.conf daily
0  4   * * 1           root    /usr/bin/rsnapshot -c /etc/rsnapshot-front.conf weekly

Ainsi les archives sont consultables dans /home/backup/ et s'ordonnent ainsi :

tree /home/backup/
.
└── front
    ├── daily.0
    │   └── var
    │       └── www
    │           └── upload
    └── daily.1
        └── var
            └── www
                └── upload

Frontaux

front01.prod.allmyski.info -- front02.prod.allmyski.info

apt-get install linux-image-3.2.0-31-generic
update-grub2
vim /boot/grub/grub.cfg => changer le default

apt-get update
apt-get upgrade
apt-get install openvpn
apt-get install htop tree nfs-client postfix openntpd htop php5 php5-mysql python-soappy python keepalived memcached php5-memcached syslog-ng
lvcreate -L 50G -nwww vg
mkfs.ext3 /dev/mapper/vg-www
echo "/dev/mapper/vg-www   /var/www  ext3    defaults        0       0" >> /etc/fstab
mount /var/www
mkdir /var/www/shared/
# mount -t nfs 10.16.101.6:/nas-000108/mininas-001386 /var/www/shared/
echo "10.16.101.6:/nas-000108/mininas-001386 /var/www/shared/ nfs   rw,_netdev,mountproto=tcp     0       0 " >>/etc/fstab
mount /var/www/shared

PHP 5.4 Apache Spec

apt-get install python-software-properties
add-apt-repository ppa:ondrej/php5
apt-get update
apt-get install php5

a2enmod rewrite ssl
service apache2 restart

Keepalived Spécifiques

chmod +x /etc/keepalived/front01.failover.py
chmod +x /etc/keepalived/front02.failover.py

ifconfig tunl0 ${VIP_HTTPS} netmask 255.255.255.255 broadcast ${VIP_HTTPS}
ifconfig tunl0 87.98.251.179 netmask 255.255.255.255 broadcast 87.98.251.179

iptables -t mangle -I PREROUTING -i eth0 -p tcp -m tcp -s 0/0 -d 87.98.251.179 --dport 80 -j MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -i tunl0 -p tcp -m tcp -s 0/0 -d 87.98.251.179 --dport 80 -j MARK --set-mark 0x0
- virtual_server 87.98.251.179 80 {
+ virtual_server fwmark 1 {

Mise en place de SkiVoiturage

injection DB

Erreur

Requête SQL: 

--
-- Contraintes pour la table `ams_user_data`
--
ALTER TABLE `ams_user_data` ADD CONSTRAINT `ams_user_data_ibfk_2` FOREIGN KEY ( `uda_usr_id` ) REFERENCES `ams_user` ( `usr_id` ) ON DELETE CASCADE ON  UPDATE NO ACTION ,
ADD CONSTRAINT `fk_ams_user_data_ams_city1` FOREIGN KEY ( `uda_cty_id` ) REFERENCES `ams_city` ( `cty_id` ) ON DELETE NO ACTION ON UPDATE NO ACTION ;

MySQL a répondu: Documentation
#1452 - Cannot add or update a child row: a foreign key constraint fails (`allmyski`.<result 2 when explaining filename '#sql-d72_72'>, CONSTRAINT  `fk_ams_user_data_ams_city1` FOREIGN KEY (`uda_cty_id`) REFERENCES `ams_city` (`cty_id`) ON DELETE NO ACTION ON UPDATE )

Le PHP qd on met en 'production'

Oct 22 07:21:42 10.8.1.16 skivoiturage_error: [Mon Oct 22 07:21:42 2012] [error] [client 82.227.229.68] PHP Fatal error:  Uncaught exception 'Zend_Config_Exception' with message 'Section 'production' cannot be found in /var/www/skiVoiturage/application/configs/eventManager.ini' in /var/www/skiLibraries/Zend/Config/Ini.php:151\nStack trace:\n#0 /var/www/skiLibraries/Zend/Application.php(386): Zend_Config_Ini->__construct('/var/www/skiVoi...', 'production')\n#1 /var/www/skiLibraries/Zend/Application.php(130): Zend_Application->_loadConfig('/var/www/skiVoi...')\n#2 /var/www/skiLibraries/Zend/Application.php(92): Zend_Application->setOptions(Array)\n#3 /var/www/skiVoiturage/public/index.php(33): Zend_Application->__construct('production', Array)\n#4 {main}\n  thrown in /var/www/skiLibraries/Zend/Config/Ini.php on line 151
Oct 22 07:21:42 10.8.1.12 skivoiturage_error: [Mon Oct 22 07:21:42 2012] [error] [client 82.227.229.68] PHP Warning:  require_once(Zend/Application.php): failed to open stream: No such file or directory in /var/www/skiVoiturage/public/index.php on line 19
Oct 22 07:21:42 10.8.1.12 skivoiturage_error: [Mon Oct 22 07:21:42 2012] [error] [client 82.227.229.68] PHP Fatal error:  require_once(): Failed opening required 'Zend/Application.php' (include_path='/var/www/skiVoiturage/libraries::.:/usr/share/php:/usr/share/pear') in /var/www/skiVoiturage/public/index.php on line 19

bench

siege -b -t30s 87.98.251.179/index.php
** SIEGE 2.72
** Preparing 15 concurrent users for battle.
The server is now under siege...
Lifting the server siege...      done.

Transactions:		      203907 hits
Availability:		      100.00 %
Elapsed time:		       29.69 secs
Data transferred:	        8.17 MB
Response time:		        0.00 secs
Transaction rate:	     6867.87 trans/sec
Throughput:		        0.28 MB/sec
Concurrency:		       14.88
Successful transactions:      203907
Failed transactions:	           0
Longest transaction:	        0.05
Shortest transaction:	        0.00

MONIT

<cib epoch="10" num_updates="1" admin_epoch="0" validate-with="pacemaker-1.2" crm_feature_set="3.0.5" update-origin="front01.prod.allmyski.info" update-client="cibadmin" cib-last-written="Mon Oct  8 11:40:50 2012" have-quorum="1" dc-uuid="c2032697-6411-4735-be3d-d3f16349b485">
 <configuration>
   <crm_config>
     <cluster_property_set id="cib-bootstrap-options">
       <nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.1.6-9971ebba4494012a93c03b40a2c58ec0eb60f50c"/>
       <nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="Heartbeat"/>
     </cluster_property_set>
   </crm_config>
   <nodes>
     <node id="c2032697-6411-4735-be3d-d3f16349b485" type="normal" uname="front01.prod.allmyski.info"/>
     <node id="ef24c295-5bf3-4efa-b4ff-5413e70ce0a0" type="normal" uname="front02.prod.allmyski.info"/>
   </nodes>
   <resources>
     <primitive class="lsb" id="haproxy" type="haproxy">
       <operations>
         <op id="haproxy-monitor-1s" interval="1s" name="monitor"/>
       </operations>
     </primitive>
   </resources>
   <constraints>
     <rsc_colocation id="haproxy-with-public-IPs" rsc="haproxy" score="INFINITY" with-rsc="failover-ip"/>
     <rsc_order first="failover-ip" id="haproxy-after-IP" score="INFINITY" then="haproxy"/>
   </constraints>
   <rsc_defaults>
     <meta_attributes id="rsc-options">
       <nvpair id="rsc-options-resource-stickiness" name="resource-stickiness" value="100"/>
     </meta_attributes>
   </rsc_defaults>
 </configuration>
 <status>
   <node_state id="c2032697-6411-4735-be3d-d3f16349b485" uname="front01.prod.allmyski.info" ha="active" in_ccm="true" crmd="online" join="member" expected="member" crm-debug-origin="do_state_transition" shutdown="0">
     <transient_attributes id="c2032697-6411-4735-be3d-d3f16349b485">
       <instance_attributes id="status-c2032697-6411-4735-be3d-d3f16349b485">
         <nvpair id="status-c2032697-6411-4735-be3d-d3f16349b485-probe_complete" name="probe_complete" value="true"/>
       </instance_attributes>
     </transient_attributes>
     <lrm id="c2032697-6411-4735-be3d-d3f16349b485">
       <lrm_resources>
         <lrm_resource id="failover-ip" type="IPaddrFO" class="ocf" provider="heartbeat">
           <lrm_rsc_op id="failover-ip_last_0" operation_key="failover-ip_monitor_0" operation="monitor" crm-debug-origin="build_active_RAs" crm_feature_set="3.0.5" transition-key="4:3:7:435c0652-727e-4f25-97c9-700ccbf60c97" transition-magic="0:7;4:3:7:435c0652-727e-4f25-97c9-700ccbf60c97" call-id="2" rc-code="7" op-status="0" interval="0" op-digest="8ce385c47ac3d840d034c58ed9c92acf"/>
         </lrm_resource>
       </lrm_resources>
     </lrm>
   </node_state>
   <node_state id="ef24c295-5bf3-4efa-b4ff-5413e70ce0a0" uname="front02.prod.allmyski.info" ha="dead" in_ccm="false" crmd="offline" join="down" crm-debug-origin="do_state_transition"/>
 </status>
</cib>

<configuration>
       <crm_config>
               <cluster_property_set id="cib-bootstrap-options">
                       <nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.1.6-9971ebba4494012a93c03b40a2c58ec0eb60f50c"/>
                       <nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="Heartbeat"/>
               </cluster_property_set>
       </crm_config>
       <nodes>
               <node id="c2032697-6411-4735-be3d-d3f16349b485" type="normal" uname="front01.prod.allmyski.info"/>
               <node id="ef24c295-5bf3-4efa-b4ff-5413e70ce0a0" type="normal" uname="front02.prod.allmyski.info"/>
       </nodes>
       <resources>
               <primitive class="lsb" id="haproxy" type="haproxy">
                       <operations>
                               <op id="haproxy-monitor-1s" interval="1s" name="monitor"/>
                       </operations>
               </primitive>
       </resources>
       <constraints>
               <rsc_colocation id="haproxy-with-public-IPs" rsc="haproxy" score="INFINITY" with-rsc="failover-ip"/>
               <rsc_order first="failover-ip" id="haproxy-after-IP" score="INFINITY" then="haproxy"/>
       </constraints>
       <rsc_defaults>
               <meta_attributes id="rsc-options">
                       <nvpair id="rsc-options-resource-stickiness" name="resource-stickiness" value="100"/>
               </meta_attributes>
       </rsc_defaults>
</configuration>

Databases

db01.prod.allmyski.info -- db02.prod.allmyski.info

# creation de l'espace disque
lvcreate -L50G -nmysql vg
lvcreate -L10G -nbinlog vg
mkfs.ext3 /dev/mapper/vg-mysql
mkfs.ext3 /dev/mapper/vg-binlog
mkdir /var/lib/mysql
mkdir /var/log/mysql-binlog
echo "/dev/mapper/vg-mysql    /var/lib/mysql  ext3    defaults        0       0" >> /etc/fstab
echo "/dev/mapper/vg-binlog   /var/log/mysql-binlog  ext3    defaults        0       0" >> /etc/fstab
mount /var/lib/mysql
mount /var/log/mysql-binlog
chown mysql:mysql /var/log/mysql-binlog/
rm -rf /var/lib/mysql/lost*
rm -rf /home/lost*
rm -rf /tmp/lost*
rm -rf  /var/log/mysql-binlog/lost*
# installation de Mysql
apt-get update
apt-get install -yq openvpn openntpd htop
apt-get install -yq mysql-server

# DB01
iptables -A INPUT -p tcp -s 188.165.240.126 --dport 3306 -j ACCEPT
# DB02
iptables -A INPUT -p tcp -s 188.165.241.29 --dport 3306 -j ACCEPT
# front01
iptables -A INPUT -p tcp -s 94.23.12.228 --dport 3306 -j ACCEPT
# front02
iptables -A INPUT -p tcp -s 94.23.241.220 --dport 3306 -j ACCEPT
# admin
iptables -A INPUT -p tcp -s 91.121.8.205 --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

iptables-save > /etc/iptables.rules

# recup des données openvpn depuis le master
scp admin.ams.talevas.com:/home/config/db02/etc/openvpn/* /etc/openvpn/
/etc/init.d/openvpn start

Procédure de bascule

couper le master

iptables partout

allow writes sur le slave

suppression du fichier de conf

pointage des frontaux

édition du fichier host

Le script

#!/bin/bash

ServerList="front01.prod.allmyski.info front02.prod.allmyski.info"
MasterDb="db01.prod.allmyski.info"
SlaveDb="db02.prod.allmyski.info"

# couper le master => IPTABLES sur les frontaux

for server in $ServerList
do
        echo "$server => iptables -A OUTPUT -p tcp  -d 188.165.241.29 -j DROP"
        ssh $server "iptables -A OUTPUT -p tcp  -d 188.165.241.29 -j DROP"
done

# supression du read_only sur le slave
# restart du slave
echo "supression du read_only sur le slave"
ssh $SlaveDb "rm /etc/mysql/conf.d/slave.cnf; service mysql restart"

# changement du master dans les fichiers host des frontaux
for server in $ServerList
do
        echo "On change l'entree master pour le front $server."
        ssh $server "cp /etc/hosts /etc/hosts.ori"
        ssh $server "echo '188.165.241.29 $MasterDb' >> /etc/hosts"
done

Ams