-
Notifications
You must be signed in to change notification settings - Fork 9
Preparation For Production Launch
This guide documents experiences preparing to launch a production service on a dedicated server.
The initial starting point for this guide is to first follow the instructions given at the following link using a dedicated ubuntu 12.04 minimal server installation:
https://github.com/edx/configuration/wiki/edX-Ubuntu-12.04-64-bit-Installation
Setup Firewall if the machine is open the internet. If you don't do this you will get hacked.
# setup ip tables
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 18010 -j ACCEPT
iptables -A INPUT -j DROP
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -L
apt-get install iptables-persistent
service iptables-persistent start
(Edit file /etc/iptables/rules.v4 and /etc/iptables/rules.v6 if you want to change these later)
Only login with keys. If you don't do this you will get hacked.
# add an account to login to that can sudo root
adduser mysuper
adduser mysuper sudo
# setup ssh login.
(key already generated)
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
edit /etc/ssh/sshd_config and change the following line:
PermitRootLogin no
reload ssh
(on client machine needed to do: ssh-add)
Before closing this shell, make sure you can login with your key from another window.
Install Docker to allow splitting web server and database into separate containers.
# install docker- requires upgrading the kernal. This is not for everyone
apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring
reboot
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
apt-get update
apt-get install lxc-docker
In a new Ubuntu 12.04 server, install MongoDB with the following commands:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list
sudo apt-get update
sudo apt-get install mongodb-10gen
Configure MongoDb to allow access from any computer, by editing the /etc/mongodb.conf file and adding bind_ip = 0.0.0.0 port = 27017
I strongly recommend you also set up some firewall in this computer, like Ubuntu's ufw.
Install MySQL with this command: apt-get install mysql-server
Configure mysql to allow external access for the root user. In /etc/mysql/my.cnf add the line: bind-address = 0.0.0.0
and also execute the following mysql commands:
GRANT ALL PRIVILEGES ON *.* TO root@'%';
FLUSH PRIVILEGES;
I think you only need to assign privileges on the edxapp, ora and xqueue databases so you probably could be more restrictive in the grant order.
-Backup your data and restore it in the new server. You can do it with: mongodump -o ./mongo-backup mongorestore -drop ./mongo-backup mysqldump -u root -p --all-databases > ./backup.sql mysql -u root -p < ./backup.sql
-Configure the edx servers to use the new database server. You'll need to edit the following files and change the host/users/passwords in accordance to your db server settings:
lms.auth.json
cms.auth.json
ora.auth.json
xqueue.auth.json
forum/forum_env
-In the edx servers you can stop the mysql and mongodb services. To prevent them to start when booting the system, create the text files /etc/init/mysql.override and /etc/init/mongodb.override with the string: manual into them.