Web Frontends
www-node-* run apache daemons to handle requests for most web services cclub hosts, including www.contrib and www.club.
- Apache
- apache2-mpm-prefork
- libapache2-mod-auth-kerb (not really used, but why not)
- Pubcookie: libapache2-mod-pubcookie pubcookie-config pubcookie-key-client
- Packages for perl modules installed (not including their dependencies):
- libapt-pkg-perl
- libdbd-mysql-perl
- libdbi-perl
- libhtml-parser-perl
- libhtml-tagset-perl
- libhtml-tree-perl
- libio-multiplex-perl
- libnet-cidr-perl
- libnet-daemon-perl
- libnet-server-perl
- libplrpc-perl
- librpc-xml-perl
- liburi-perl
- libwww-perl
- libxml-parser-perl
- Other nonstandard packages installed:
- daemontools daemontools-run svtools
- nfs-common (for NFS-accessed mirrors)
- Other useful things not likely necessary for operation
- mysql-client
- postgresql-client
Setup Procedure
- Install packages
- Setup partitions
- /var/cache/apache2
- openafs
- multilog for apache
- move svscanboot above init.d stuff in /etc/inittab (daemontools-run package bug)
- add apache_access_log and apache_error_log multilog setups in /etc/service (e.g. copy from another front-end)
- mkdir /var/log/apache2/{access_log,error_log}
- mkfifo /var/log/apache2/{access,error}_log/fifo
- apache support stuff
- setup /var/apache/andrew-contrib (contains org and usr symlink trees)
- mkdir -p /var/apache/andrew-contrib/{org,usr,suspended}
- touch /var/apache/andrew-contrib/passwd.old
- cwscript (scripts that make contrib go round)
- copy cwscript-001 from collections (or previous www frontend) into /usr/local/stow
- make sure to get sql_*.pm with passwords from old www frontend or backup
- cd /usr/local/stow; stow cwscript-001
- add /usr/local/cwscript/cron/contrib_user_update.sh to cron for daily
- add /usr/local/cwscript/cron/userindex_update.sh to cron for once-weekly on ONE front-end
- add /usr/local/cwscript/cron/userindex_generate.sh to cron for daily
- add /usr/local/cwscript/cron/update_orgs.sh to cron for twice-daily
(etch -> squeeze required update of paths in scripts from /etc/apache -> /etc/apache2)
- userindex
- copy /var/apache/andrew-contrib/userindex hierarchy from old www frontend or backup
- copy /var/apache/iscgi.pl from old www frontend or backup
- setup /var/apache/andrew-contrib (contains org and usr symlink trees)
- apache - debian package
- configs in /etc/apache2 - update paths and port to new configfile format as needed
- enable modules - the following were not by default:
- auth_kerb
- authn_dbm
- cache
- disk_cache
- imagemap
- include
- proxy
- proxy_http
- pubcookie
- rewrite
- ssl
- userdir
- copy ssl.* directories
- Setup nfs mounts for FTP mirrors
- Copy /etc/init.d/mirror-mtpts from another www frontend
- Add nfs mount entries to /etc/fstab from another www frontend
- insserv mirror-mtpts
- Used to be update-rc.d mirror-mtpts start 2 3 4 5
- Setup pubcookie
- Fill in /etc/pubcookie/config with values from other web frontend
- Copy /var/lib/pubcookie/keys from another web frontend
- Copy /etc/apache2/pubcookie-* from another web frontend
- Apache config in /etc/apache2
- Get rid of sites-{enabled,available}
- Copy params from another web frontend's apache2.conf
- Edit mods-enabled/*.conf to match other web frontend
- mkdir {main,project,org,user}_vhosts/ and copy (editing as necessary if upgrading) from other web frontend
- Setup awstats
- for primary www node:
- Install package awstats (put awstats user in passwd.system!)
- Add sufficiently large (currently 4gb) /var/awstats
- Copy contents of /var/awstats from prior primary node
- Add crontab entry for user awstats: 20 * * * * ~/bin/update.sh
- do a test krb login to each secondary www node as awstats (see the cron script)
- make sure all slave node hostname are listed as a slave nodes in /var/awstats/config
- for secondary www nodes:
- add awstats passwd file entry from existing node
- note passwd field should be "K" to allow krb logins without a shadow entry
- rsync -avr /var/awstats from existing secondary node
- make sure files in /var/awstats/www are actually owned by the awstats user
- do a test krb login from the primary www node as awstats (see the cron script)
- make sure node hostname is listed as a slave node in /var/awstats/config on the primary node
- add awstats passwd file entry from existing node
- for primary www node:
- setup vsftpd (currently, installed on all but just used on www-node-2 due to the active ftp load balancing problem)
- apt-get install vsftpd
- copy /etc/vsftpd.conf from an exising node while comparing to upstream to pick up any worthwhile changes
- Setup bits necessary for LVS load-balancing
- Copy /etc/network/interfaces from old www-node-? to new
- But wait until switchover time
- Add new backend IP to LVS on lb-* if not replacing a prior www-node
- /etc/keepalived
- /etc/ipvsadm.rules
- /etc/init.d/firewall-po.sh
- Add to /etc/sysctl.conf:
- Copy /etc/network/interfaces from old www-node-? to new
#needed for LVS load-balancing system net.ipv4.conf.eth0.arp_ignore = 1 net.ipv4.conf.eth0.arp_announce = 2 (...repeated for each additional real eth interface present...)
- Do switchover
- Run all the cron scripts (except userindex_update.sh) once
- Copy /etc/network/interfaces from old www-node-? to new
- Halt www-node-? on old dom0, start new on new dom0
- Changing from temporary to real mac address in xen config on dom0 if necessary