-
Notifications
You must be signed in to change notification settings - Fork 9
Preparation For Production Launch
This guide documents experiences preparing to launch a production service on a dedicated server.
NOTE: This is WIP and not ready yet.
The initial starting point for this guide is to first follow the instructions given at the following link using a dedicated ubuntu 12.04 minimal server installation:
https://github.com/edx/configuration/wiki/edX-Ubuntu-12.04-64-bit-Installation
Setup Firewall if the machine is open the internet. If you don't do this you will get hacked.
# setup ip tables
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 18010 -j ACCEPT
iptables -A INPUT -j DROP
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -L
apt-get install iptables-persistent
service iptables-persistent start
(Edit file /etc/iptables/rules.v4 and /etc/iptables/rules.v6 if you want to change these later)
Only login with keys and don't allow login from root. If you don't do this you will get hacked.
# add an account to login to that can sudo root (change mysuper to something else)
adduser mysuper
adduser mysuper sudo
# setup ssh login.
(key already generated)
cat ~/.ssh/id_rsa.pub | ssh mysuper@<my ip> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
edit /etc/ssh/sshd_config and change the following line:
PermitRootLogin no
reload ssh
(on client machine needed to do: ssh-add)
Before closing this shell, make sure you can login with your key from another window.
Install Docker to allow splitting web server and database into separate containers. You can also run multiple dedicated servers.
# install docker- requires upgrading the kernal. This is not for everyone
apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring
reboot
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
apt-get update
apt-get install lxc-docker
In a new Ubuntu 12.04 server, install MongoDB with the following commands:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list
sudo apt-get update
sudo apt-get install mongodb-10gen
Configure MongoDb to allow access from any computer, by editing the /etc/mongodb.conf file and adding bind_ip = 0.0.0.0 port = 27017
I strongly recommend you also set up some firewall in this computer, like Ubuntu's ufw.
Install MySQL with this command: apt-get install mysql-server
Configure mysql to allow external access for the root user. In /etc/mysql/my.cnf add the line: bind-address = 0.0.0.0
and also execute the following mysql commands:
GRANT ALL PRIVILEGES ON *.* TO root@'%';
FLUSH PRIVILEGES;
I think you only need to assign privileges on the edxapp, ora and xqueue databases so you probably could be more restrictive in the grant order.
-Backup your data and restore it in the new server. You can do it with: mongodump -o ./mongo-backup mongorestore -drop ./mongo-backup mysqldump -u root -p --all-databases > ./backup.sql mysql -u root -p < ./backup.sql
-Configure the edx servers to use the new database server. You'll need to edit the following files and change the host/users/passwords in accordance to your db server settings:
lms.auth.json
cms.auth.json
ora.auth.json
xqueue.auth.json
forum/forum_env
-In the edx servers you can stop the mysql and mongodb services. To prevent them to start when booting the system, create the text files /etc/init/mysql.override and /etc/init/mongodb.override with the string: manual into them.