Ams

De Admin -- TALEVAS.

Sommaire

Admin

admin.ams.talevas.com

Installation 

lvcreate -L10G -ngit vg
mkfs.ext3 /dev/mapper/vg-git
mkdir /home/config
echo "/dev/mapper/vg-git    /home/config  ext3    defaults        0       0" >> /etc/fstab
mount /home/config
lvcreate -L 100G -nfrontlog vg
mkfs.ext3 /dev/mapper/vg-frontlog
mkdir /home/log
echo "/dev/mapper/vg-frontlog    /home/log  ext3    defaults        0       0" >> /etc/fstab
mount /home/log
lvcreate -L 100G -nbackup vg
mkfs.ext3 /dev/mapper/vg-backup
mkdir /home/backup
echo "/dev/mapper/vg-backup    /home/backup  ext3    defaults        0       0" >> /etc/fstab
mount /home/backup
rm -rf /home/backup/lost*
rm -rf /home/log/lost*
rm -rf /home/config/lost*
rm -rf /home/lost*
rm -rf /tmp/lost*

apt-get update
apt-get install tree htop zip openntpd git-core proftpd rsnapshot

apt-get install -yq openvpn

http://doc.ubuntu-fr.org/openvpn 


git config --global user.name "Damien"
git config --global user.email "damien@talevas.com"
git config --global core.autocrlf input
git config --global core.safecrlf true


backups

Tout les jours à 3h30 on récupère le contenu de /var/www/upload dans /home/backup/. Toutes les semaines (le Lundi à 4h ) on archive une version. 

mkdir /home/backup/front/
cat /etc/cron.d/rsnapshot
# This is a sample cron file for rsnapshot.
# The values used correspond to the examples in /etc/rsnapshot.conf.
# There you can also set the backup points and many other things.
#
# To activate this cron file you have to uncomment the lines below.
# Feel free to adapt it to your needs.

30 3   * * *           root    /usr/bin/rsnapshot -c /etc/rsnapshot-front.conf daily
0  4   * * 1           root    /usr/bin/rsnapshot -c /etc/rsnapshot-front.conf weekly


Ainsi les archives sont consultables dans /home/backup/ et s'ordonnent ainsi : 

tree /home/backup/
.
└── front
    ├── daily.0
    │   └── var
    │       └── www
    │           └── upload
    └── daily.1
        └── var
            └── www
                └── upload

Frontaux

front01.ams.talevas.com -- front02.ams.talevas.com 

rm -rf /home/lost*
rm -rf /tmp/lost*
apt-get update
apt-get install openvpn
apt-get install htop tree nfs-client openntpd htop php5 php5-mysql python-soappy python heartbeat memcached
lvcreate -L 50G -nwww vg
mkfs.ext3 /dev/mapper/vg-www
echo "/dev/mapper/vg-www   /var/www  ext3    defaults        0       0" >> /etc/fstab
mount /var/www
rm -rf /var/www/lost*
mkdir /var/www/upload/
# mount -t nfs 10.16.101.6:/nas-000108/mininas-001386 /var/www/upload/
echo "10.16.101.6:/nas-000108/mininas-001386 /var/www/upload/ nfs   rw,_netdev,mountproto=tcp     0       0 " >>/etc/fstab
mount /var/www/upload



a2enmod rewrite
service apache2 restart

ajout de l'ip FailOver
#vim /etc/network/interfaces
auto eth0:0
iface eth0:0 inet static
       address 87.98.251.179
       netmask 255.255.255.255
       broadcast 87.98.251.179

chmod +x /etc/ha.d/front01.failover.py
chmod +x /etc/ha.d/front02.failover.py
chmod +x /etc/ha.d/resource.d/IPaddrFO

commiter toute la partie HB


A valdier

ServerTokens Prod


A tester 

http://blog.guiguiabloc.fr/index.php/2008/10/17/cluster-haute-disponibilite-chez-ovh-avec-ipfailover-heartbeat-et-drbd-via-ipsec/

Databases

db01.ams.talevas.com -- db02.ams.talevas.com 

# creation de l'espace disque
lvcreate -L50G -nmysql vg
lvcreate -L10G -nbinlog vg
mkfs.ext3 /dev/mapper/vg-mysql
mkfs.ext3 /dev/mapper/vg-binlog
mkdir /var/lib/mysql
mkdir /var/log/mysql-binlog
echo "/dev/mapper/vg-mysql    /var/lib/mysql  ext3    defaults        0       0" >> /etc/fstab
echo "/dev/mapper/vg-binlog   /var/log/mysql-binlog  ext3    defaults        0       0" >> /etc/fstab
mount /var/lib/mysql
mount /var/log/mysql-binlog
chown mysql:mysql /var/log/mysql-binlog/
rm -rf /var/lib/mysql/lost*
rm -rf /home/lost*
rm -rf /tmp/lost*
rm -rf  /var/log/mysql-binlog/lost*
# installation de Mysql
apt-get update
apt-get install -yq openvpn openntpd htop
apt-get install -yq mysql-server

# DB01
iptables -A INPUT -p tcp -s 188.165.240.126 --dport 3306 -j ACCEPT
# DB02
iptables -A INPUT -p tcp -s 188.165.241.29 --dport 3306 -j ACCEPT
# front01
iptables -A INPUT -p tcp -s 94.23.12.228 --dport 3306 -j ACCEPT
# front02
iptables -A INPUT -p tcp -s 94.23.241.220 --dport 3306 -j ACCEPT
# admin
iptables -A INPUT -p tcp -s 91.121.8.205 --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

iptables-save > /etc/iptables.rules

# recup des données openvpn depuis le master
scp admin.ams.talevas.com:/home/config/db02/etc/openvpn/* /etc/openvpn/
/etc/init.d/openvpn start

Procédure de bascule

couper le master 

iptables partout

allow writes sur le slave 

suppression du fichier de conf

pointage des frontaux 

édition du fichier host

Le script 

#!/bin/bash

ServerList="front01.prod.allmyski.info front02.prod.allmyski.info"
MasterDb="db01.prod.allmyski.info"
SlaveDb="db02.prod.allmyski.info"

# couper le master => IPTABLES sur les frontaux

for server in $ServerList
do
        echo "$server => iptables -A OUTPUT -p tcp  -d 188.165.241.29 -j DROP"
        ssh $server "iptables -A OUTPUT -p tcp  -d 188.165.241.29 -j DROP"
done

# supression du read_only sur le slave
# restart du slave
echo "supression du read_only sur le slave"
ssh $SlaveDb "rm /etc/mysql/conf.d/slave.cnf; service mysql restart"

# changement du master dans les fichiers host des frontaux
for server in $ServerList
do
        echo "On change l'entree master pour le front $server."
        ssh $server "cp /etc/hosts /etc/hosts.ori"
        ssh $server "echo '188.165.241.29 $MasterDb' >> /etc/hosts"
done
Récupérée de « http://wiki.umbo.fr/index.php?title=Ams »