Skip to content

Preparation For Production Launch

Science VM edited this page Aug 28, 2014 · 13 revisions

This guide documents experiences preparing to launch a production service on a dedicated server.

The initial starting point for this guide is to first follow the instructions given at the following link using a dedicated ubuntu 12.04 minimal server installation:
https://github.com/edx/configuration/wiki/edX-Ubuntu-12.04-64-bit-Installation

Setup Firewall if the machine is open the internet. If you don't do this you will get hacked.

# setup ip tables
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 18010 -j ACCEPT
iptables -A INPUT -j DROP
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -L
apt-get install iptables-persistent
service iptables-persistent start
(Edit file /etc/iptables/rules.v4 and /etc/iptables/rules.v6 if you want to change these later)

Only login with keys and don't allow login from root. If you don't do this you will get hacked.

# add an account to login to that can sudo root (change mysuper to something else)
adduser mysuper
adduser mysuper sudo

# setup ssh login.
(key already generated)
cat ~/.ssh/id_rsa.pub | ssh mysuper@<my ip> "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"
edit /etc/ssh/sshd_config and change the following line:
PermitRootLogin no
reload ssh
(on client machine needed to do: ssh-add)

Before closing this shell, make sure you can login with your key from another window.

Install Docker to allow splitting web server and database into separate containers.

# install docker- requires upgrading the kernal.  This is not for everyone
apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring
reboot
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
apt-get update
apt-get install lxc-docker

In a new Ubuntu 12.04 server, install MongoDB with the following commands:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list
sudo apt-get update
sudo apt-get install mongodb-10gen

Configure MongoDb to allow access from any computer, by editing the /etc/mongodb.conf file and adding bind_ip = 0.0.0.0 port = 27017

I strongly recommend you also set up some firewall in this computer, like Ubuntu's ufw.

Install MySQL with this command: apt-get install mysql-server

Configure mysql to allow external access for the root user. In /etc/mysql/my.cnf add the line: bind-address = 0.0.0.0

and also execute the following mysql commands:

GRANT ALL PRIVILEGES ON *.* TO root@'%';
FLUSH PRIVILEGES;

I think you only need to assign privileges on the edxapp, ora and xqueue databases so you probably could be more restrictive in the grant order.

-Backup your data and restore it in the new server. You can do it with: mongodump -o ./mongo-backup mongorestore -drop ./mongo-backup mysqldump -u root -p --all-databases > ./backup.sql mysql -u root -p < ./backup.sql

-Configure the edx servers to use the new database server. You'll need to edit the following files and change the host/users/passwords in accordance to your db server settings:

lms.auth.json
cms.auth.json
ora.auth.json
xqueue.auth.json
forum/forum_env

-In the edx servers you can stop the mysql and mongodb services. To prevent them to start when booting the system, create the text files /etc/init/mysql.override and /etc/init/mongodb.override with the string: manual into them.