Differences between revisions 16 and 17
Deletions are marked like this. Additions are marked like this.
Line 57: Line 57:
   * add /usr/local/cwscript/cron/cuserindex_generate.sh to cron for daily    * add /usr/local/cwscript/cron/userindex_generate.sh to cron for daily

Web Frontends

www-node-* run apache daemons to handle requests for most web services cclub hosts, including www.contrib and www.club.

  • Apache
    • apache2-mpm-prefork
    • libapache2-mod-auth-kerb (not really used, but why not)
    • Pubcookie: libapache2-mod-pubcookie pubcookie-config pubcookie-key-client
  • Packages for perl modules installed (not including their dependencies):
    • libapt-pkg-perl
    • libdbd-mysql-perl
    • libdbi-perl
    • libhtml-parser-perl
    • libhtml-tagset-perl
    • libhtml-tree-perl
    • libio-multiplex-perl
    • libnet-cidr-perl
    • libnet-daemon-perl
    • libnet-server-perl
    • libplrpc-perl
    • librpc-xml-perl
    • liburi-perl
    • libwww-perl
    • libxml-parser-perl
  • Other nonstandard packages installed:
    • daemontools daemontools-run svtools
  • Other useful things not likely necessary for operation
    • mysql-client
    • postgresql-client

Setup Procedure

  • Install packages
  • Setup partitions
    • /var/cache/apache2
    • openafs
  • multilog for apache
    • move svscanboot above init.d stuff in /etc/inittab (daemontools-run package bug)
    • add apache_access_log and apache_error_log multilog setups in /etc/service
    • mkdir /var/log/apache2/{access_log,error_log}
  • apache support stuff
    • setup /var/apache/andrew-contrib (contains org and usr symlink trees)
      • mkdir -p /var/apache/andrew-contrib/{org,usr,suspended}
      • touch /var/apache/andrew-contrib/passwd.old
    • cwscript (scripts that make contrib go round)
      • copy cwscript-001 from collections (or previous www frontend) into /usr/local/stow
      • make sure to get sql_*.pm with passwords from old www frontend or backup
      • cd /usr/local/stow; stow cwscript-001
      • add /usr/local/cwscript/cron/contrib_user_update.sh to cron for daily
      • add /usr/local/cwscript/cron/userindex_update.sh to cron for once-weekly on ONE front-end
      • add /usr/local/cwscript/cron/userindex_generate.sh to cron for daily
      • add /usr/local/cwscript/cron/update_orgs.sh to cron for twice-daily

      • (etch -> squeeze required update of paths in scripts from /etc/apache -> /etc/apache2)

    • userindex
      • copy /var/apache/andrew-contrib/userindex hierarchy from old www frontend or backup
    • copy /var/apache/iscgi.pl from old www frontend or backup
  • apache - debian package
    • configs in /etc/apache2 - update paths and port to new configfile format as needed
    • enable modules - the following were not by default:
      • auth_kerb
      • authn_dbm
      • cache
      • disk_cache
      • imagemap
      • include
      • proxy
      • proxy_http
      • pubcookie
      • rewrite
      • ssl
      • userdir
    • copy ssl.* directories
  • Setup nfs mounts for FTP mirrors
    • Copy /etc/init.d/mirror-mtpts from another www frontend
    • Add nfs mount entries to /etc/fstab from another www frontend
    • insserv mirror-mtpts
      • Used to be update-rc.d mirror-mtpts start 2 3 4 5
  • Setup pubcookie
    • Fill in /etc/pubcookie/config with values from other web frontend
    • Copy /var/lib/pubcookie/keys from another web frontend
    • Copy /etc/apache2/pubcookie-* from another web frontend
  • Apache config in /etc/apache2
    • Get rid of sites-{enabled,available}
    • Copy params from another web frontend's apache2.conf
    • Edit mods-enabled/*.conf to match other web frontend
    • mkdir {main,project,org,user}_vhosts/ and copy (editing as necessary if upgrading) from other web frontend
  • Setup awstats
    • for primary www node:
      • FIXME
    • for secondary www nodes:
      • add awstats passwd file entry from existing node
      • rsync -avr /var/awstats from existing secondary node
  • setup vsftpd (currently, just on www-node-2 due to the active ftp load balancing problem)
    • apt-get install vsftpd
    • copy /etc/vsftpd.conf from an exising node while comparing to upstream to pick up any worthwhile changes
  • Setup bits necessary for LVS load-balancing
    • Copy /etc/network/interfaces from old www-node-? to new
      • But wait until switchover time
    • Add new backend IP to LVS on lb-* if not replacing a prior www-node
      • /etc/keepalived
      • /etc/ipvsadm.rules
      • /etc/init.d/firewall-po.sh
    • Add to /etc/sysctl.conf: 

#needed for LVS load-balancing system
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
(...repeated for each additional real eth interface present...)
  • Do switchover
    • Copy /etc/network/interfaces from old www-node-? to new
    • Halt www-node-? on old dom0, start new on new dom0
      • Changing from temporary to real mac address in xen config on dom0 if necessary

Services/Webserver frontends (last edited 2013-10-27 04:34:23 by scgruber@CLUB.CC.CMU.EDU)