======Setting up An Application Server ======
=====Hardware Requirements=====
CENTOS 5 (preferably, 5.9) 64-bit
8192MB RAM
Quad-core 2.6 GHZ CPU (or 4 vCPUs on a VM)
Ports 80, 8090 inbound on the public interface.
No Ingress Control on the private network interface.
No Egress Control on either pubic or private network interface.
Port 80 is not used by any application
10GB for Operating System and Core Application
80GB additional storage for application related needs.
===== What you will need =====
* Windows users : PuTTy, OSX users, Terminal.
* Credentials with READ access to the software repository. \\
* Private/Public key for devops user \\
===== When to follow this guide =====
A golden image for application server already exists within the OpSource environment. It is called App Gold. \\
That should be used for all application server deployment needs. \\ This guide exists so that the GOLD image can be recreated (as in for a different vendor's environment). \\ In case of an upgrade to a software version, Doku is well capable of recording revisions and hence do not leave unnecessary or obsolete command blocks in this guide. \\
Guidelines:
* Watch out for strings encapsulated within <> symbols. Ex: . \\ That requires modification or your attention.
* VERIFY sections exist to verify success of the commands ran in the previous section. Use that section.
* Certain sections have links to other sections, WIKI articles for your convenience.
===== Prepare System =====
Start with adding the user:
adduser expprodl
Next, setup key based auth for devops.
#Note the following command needs an IP ADDRESS.
cat ~/.ssh/id_rsa_devops.pub | ssh expprodl@ "cat >> ~/.ssh/authorized_keys"
Grant sudo power to expprodl
//Copy the code block after the block before you exec the following command // \\
* nano /etc/sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhap using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
## Command Aliases
## These are groups of related commands...
## Networking
#Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
#Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
#Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Updating the locate database
#Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
#Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Delegating permissions
#Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
#Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
#Cmnd_Alias DRIVERS = /sbin/modprobe
Cmnd_Alias APACHE = /opt/apache2/bin/apachectl, /bin/vi /opt/apache2/conf/httpd.conf
Cmnd_Alias MYSQL = /sbin/service mysql stop, /sbin/service mysql start, /sbin/service mysql status, /sbin/service mysql restart
Cmnd_Alias IPTABLES = /sbin/service iptables stop, /sbin/service iptables start, /sbin/iptables
# Defaults specification
#
# Disable "ssh hostname sudo ", because it will show the password in clear.
# You have to run "ssh -t hostname sudo ".
#
#Defaults requiretty
#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults !visiblepw
Defaults env_reset
Defaults env_keep = "PATH COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
_XKB_CHARSET XAUTHORITY"
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
expprodl ALL= NOPASSWD: APACHE, MYSQL, IPTABLES
We will need to install the following as we will be compiling some packages:
yum install nano lynx -y
yum groupinstall "Development Tools" -y
yum groupinstall "Development Libraries" -y
yum update -y
Set Timezone
sudo rm /etc/localtime
sudo ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
Additionally, we will disable the firewall:
chkconfig iptables off
# A text editor will open with the following command, set SELINUX=disabled
nano /etc/selinux/config
Now reboot the machine and verify:
Whether you are able to login without any password?\\
Whether the machine boots properly after the update?\\
Whether selinux was disabled? \\
sestatus
Whether iptables is turn off?\\
service iptables status
===== Install required system software =====
==== Install Apache ====
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/httpd-2.2.21.tar
tar xvf httpd-2.2.21.tar
./configure --prefix=/opt/apache2 --enable-mods-shared=most --enable-ssl --enable-usertrack --enable-unique-id --with-included-apr --with-pcre=/usr/bin/pcre-config
make && make install
echo 'export APXS2=/opt/apache2/bin/apxs' >> /etc/profile.d/crossbow.sh
logout
You will need an additional script to ensure this service is started after a system reboot. Look at the section titled [[https://wiki.exphosted.com/doku.php/setup_an_app_server#init_scripts|init scripts]].
== Verify ==
/opt/apache2/bin/apachectl start
lynx localhost
Expected output: \\
You should see a default page text. \\
=== Install Apache modules ===
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/apache-upload-progress-module.tar
tar xvf apache-upload-progress-module.tar
cd apache-upload-progress-module
sudo apxs -c -i -a mod_upload_progress.c
== Verify: ==
ls /opt/apache2/modules/ | grep mod_upload_progress.so
Expected output:
mod_upload_progress.so
Additionally, repeat the verification steps from Apache Installation section above.
====Setup Ruby Enterprise Edition [EOL] ====
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/ruby-enterprise-1.8.7-2011.03.tar.gz
tar -zxvf ruby-enterprise-1.8.7-2011.03.tar.gz
cd ruby-enterprise-1.8.7-2011.03
./installer --dont-install-useful-gems
echo 'pathmunge /opt/ruby-enterprise-1.8.7-2011.03/bin' >> /etc/profile.d/crossbow.sh
logout
== Verify ==
ruby -v
Expected output:
ruby 1.8.7 (2011-02-18 patchlevel 334) [x86_64-linux], MBARI 0x6770, Ruby Enterprise Edition 2011.03
=== Install //correct// version of RubyGems and Passenger ===
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/rubygems-1.3.7.tgz
tar zxvf rubygems-1.3.7.tgz
cd rubygems-1.3.7
sudo ruby setup.rb
== Verify ==
gem --version
Expected output:
1.3.7
=== Install Passenger ===
gem install passenger -v "3.0.9"
== Verify ==
gem list | grep passenger
Expected output:
passenger (3.0.9)
#It has been observed (but not throughly test) that the app works fine with -v #"4.0.9" as well
=== Integrate Apache and Passenger ===
/opt/ruby-enterprise-1.8.7-2011.03/bin/passenger-install-apache2-module
You will see a CUI. Keep on pressing next with a space bar and it will install the required module.
== Verify ==
This will be automatically verified in the next section.
==== Setup Apache Conf files ====
cd /opt/apache2/conf
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/conf/httpd.conf_live
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/conf/httpd.conf_maintenance
cp httpd.conf_live httpd.conf
== Verify ==
IP addresses in the conf file - By Default, Apache listens on All IP addresses. \\
Additionally, repeat the verification steps from Apache Installation section above. \\
Make sure the RailsEnv variable is correctly set. \\
==== Install FFMPEG ====
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/ffmpeg-1.2.4-withmods.tar.gz
tar -zxvf ffmpeg-1.2.4-withmods.tar.gz
cd ffmpeg-1.2.4
yum install nasm
cd yasm-1.2.0
./configure
make && make install
cd ..
./configure --datadir=/usr/share/ffmpeg --extra-cflags=-I/tmp/ffmpeg-1.2.4/include --extra-ldflags=-L/tmp/ffmpeg-1.2.4/lib --bindir=/usr/local/bin --extra-libs=-ldl --enable-gpl --enable-nonfree --enable-libmp3lame --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libtheora --enable-libspeex --enable-libfaac
make && make install
echo "/usr/local/lib" > /etc/ld.so.conf.d/loadusrlocallib.conf
ldconfig
FFMPEG will be installed at /usr/local/bin. \\
Additionally, the ruby ffmpeg wrapper we use //streamio-ffmpeg// needs ffmpeg at /usr/bin. \\
ln -nfs /usr/local/bin/ffmpeg /usr/bin/ffmpeg
== Verify ==
ffmpeg
Expected output:
ffmpeg version 1.2.4 Copyright (c) 2000-2013 the FFmpeg developers
built on Jan 7 2014 01:23:25 with gcc 4.1.2 (GCC) 20080704 (Red Hat 4.1.2-54)
configuration: --datadir=/usr/share/ffmpeg --extra-cflags=-I/tmp/ffmpeg-1.2.4/include --extra-ldflags=-L/tmp/ffmpeg-1.2.4/lib --bindir=/usr/local/bin --extra-libs=-ldl --enable-gpl --enable-nonfree --enable-libmp3lame --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libtheora --enable-libspeex --enable-libfaac
libavutil 52. 18.100 / 52. 18.100
libavcodec 54. 92.100 / 54. 92.100
libavformat 54. 63.104 / 54. 63.104
libavdevice 54. 3.103 / 54. 3.103
libavfilter 3. 42.103 / 3. 42.103
libswscale 2. 2.100 / 2. 2.100
libswresample 0. 17.102 / 0. 17.102
libpostproc 52. 2.100 / 52. 2.100
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]... {[outfile options] outfile}...
Use -h to get full help or, even better, run 'man ffmpeg'
==== Install JRE ====
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/jre-7u45-linux-x64.rpm
yum localinstall jre-7u45-linux-x64.rpm
== Verify ==
java -version
Expected output:
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
==== Install OpenOffice ====
* Check the release specific version required on https://wiki.exphosted.com/doku.php/releasespecifictasks under Predeployment tasks.
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/Apache_OpenOffice_4.0.1_Linux_x86-64_install-rpm_en-US.tar.gz
tar zxvf Apache_OpenOffice_4.0.1_Linux_x86-64_install-rpm_en-US.tar.gz
cd en-US/RPMS
yum localinstall *.rpm --nogpgcheck
== Verify ==
netstat -anp | grep 8100
Expected output:
tcp 0 0 127.0.0.1:8100 0.0.0.0:* LISTEN 15465/soffice.bin
==== Install glusterfs====
cd /etc/yum.repos.d/
wget http://download.gluster.org/pub/gluster/glusterfs/repos/YUM/glusterfs-3.4/LATEST/CentOS/glusterfs-epel.repo
nano glusterfs-epel.repo
#The following is not a command.
//SET enabled=0 for noarch//
yum install glusterfs-fuse
===Verify ===
mount.glusterfs
Expected output:
Usage: mount.glusterfs : -o
Options:
man 8 mount.glusterfs
To display the version number of the mount helper:
mount.glusterfs --version
==== Install Pdftk 1.44 ====
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/pdftk-1.44-2.el5.rf.x86_64.rpm
yum localinstall pdftk-1.44-2.el5.rf.x86_64.rpm
Yum will also install dependency packages:
(1/6): java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.x86_64.rpm
(2/6): jpackage-utils-1.7.3-1jpp.3.el5.noarch.rpm
(3/6): gjdoc-0.7.7-12.el5.x86_64.rpm
(4/6): antlr-2.7.6-4jpp.2.x86_64.rpm
(5/6): pdftk-1.44-2.el5.rf.x86_64.rpm
(6/6): libgcj-4.1.2-54.el5.x86_64.rpm
== Verify ==
pdftk --version
Expected output:
pdftk 1.44 a Handy Tool for Manipulating PDF Documents
Copyright (C) 2003-10, Sid Steward - Please Visit: www.pdftk.com
This is free software; see the source code for copying conditions. There is
NO warranty, not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
==== Install PDF2JSON ====
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/pdf2json-0.61.tar.gz
mkdir pdf2json
mv pdf2json-0.61.tar.gz pdf2json
cd pdf2json
tar zxvf pdf2json-0.61.tar.gz
make && make install
== Verify ==
pdf2json
Expected output:
pdf2json version 0.61 http://flexpaper.devaldi.com/pdf2json/, based on Xpdf version 3.02
==== Install SWFTOOLS ====
=== PDF2SWF Dependencies ===
PDF2SWF program requires //libgif// and //freetype// headers. \\
yum install giflib-devel freetype-devel
=== Compile and Install ===
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/swftools-0.9.2.tar.gz
tar zxvf swftools-0.9.2.tar.gz
cd swftools-0.9.2
./configure
make && make install
== Verify ==
pdf2swf -V
Expected output:
pdf2swf - part of swftools 0.9.2
==== Install MUPDF ====
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/mupdf-1.2-source.zip
unzip mupdf-1.2-source.zip
cd mupdf-1.2-source
make && make install
===Verify===
mupdf
Expected output:
usage: mupdf [options] file.pdf [page]
-b - set anti-aliasing quality in bits (0=off, 8=best)
-p - password
-r - resolution
==== Install Microsoft Core Fonts =====
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/msttcorefonts-2.5-1.noarch.rpm
rpm -ivh msttcorefonts-2.5-1.noarch.rpm
cd /usr/share/fonts/default/
ln -s ../msttcorefonts TrueType
== Verify ==
This package only installs font files. You will not be able to install rmagic gem if this was unsuccesfull.
=== Build from source ===
cd /tmp
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/cabextract-1.4-1.el5.rf.x86_64.rpm
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/installed-software/msttcorefonts-2.5-1.spec
rpm -ivvh cabextract-1.4-1.el5.rf.x86_64.rpm
echo "%_topdir %(echo $HOME)/rpmbuild" > ~/.rpmmacros
mkdir ~/rpmbuild/BUILD -p
mkdir ~/rpmbuild/RPMS/noarch -p
rpmbuild -bb msttcorefonts-2.5-1.spec
rpm -ivh $HOME/rpmbuild/RPMS/noarch/msttcorefonts-2.5-1.noarch.rpm
/sbin/service xfs reload
cd /usr/share/fonts/default/
ln -s ../msttcorefonts TrueType
yum remove cabextract
rm -rf ~/rpmbuild
==== Cleanup ====
yum uninstall group "Development Tools"
cd /tmp
rm * -rf
==== Install Subversion and ImageMagick====
yum install subversion -y
yum install pcre-devel imagemagick imagemagick-devel git mutt gcc gcc-c++ libxml2 libxml2-devel libxslt-devel libxslt mysql-devel make
===== Ruby Configuration & Depedencies======
==== Rmagick 1.15.17====
gem install rmagick -v 1.15.17
cd /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/rmagick-1.15.17/
make && make install
cd /opt/ruby-enterprise-1.8.7-2011.03/share/RMagick/
setfacl -R -m d:u::7 .
setfacl -R -m u::7 .
setfacl -R -m d:u:expprodl:7 .
setfacl -R -m u:expprodl:7 .
==== Rake 0.8.7 ====
We are removing the shipped version and installing an older version.
gem uninstall rake
gem install rake -v 0.8.7
==== Rack 1.3.2 ====
We are removing the shipped version and installing an older version.
gem uninstall rack
gem install rack -v "1.3.2"
==== Bundler 1.0.21 ====
gem install bundler -v "1.0.21"
ln -nfs /opt/ruby-enterprise-1.8.7-2011.03/bin/bundle /usr/local/bin/bundle
==== God & Daemon ====
gem install god -v 0.11.0
gem install daemons
===== Monitoring =====
We use Zabbix for monitoring.
==== Install Zabbix ====
Follow [[https://wiki.exphosted.com/doku.php/zabbix_configuration#install_and_configure_zabbix_agent|Zabbix Configuration Guide]]
==== Configure Zabbix ====
Follow [[https://wiki.exphosted.com/doku.php/zabbix_configuration#install_and_configure_zabbix_agent|Zabbix Configuration Guide]]
===== Init Scripts =====
==== Install God init.d ====
sudo touch /var/run/god
sudo chown expprodl:expprodl /var/run/god
Install INIT file
cd /etc/init.d
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/conf/init/god
Modify the environment for this server (if needed) in the CONFIGFILE.
==== INIT for Apache, God & Zabbix Agent ====
Put the following block in /etc/rc.local
echo "Starting Apache"
/opt/apache2/bin/apachectl start
echo "Starting God"
su - expprodl -s "/deploy/systasks/god.sh start"
echo "Starting ZabbixAgent"
zabbixBin=`which zabbix_agentd`
exec zabbixBin
==== Server services ====
chkconfig sendmail on
Other INIT files are in the Application Setup.
====== Application Setup ======
===== Download Precompiled binaries and scripts =====
cd /home/expprodl
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/crossbowsoft/*.zip
#unless this is a build server
rm crossbow.zip
==== Install the /home/expprodl/app folder ====
This includes redis and Juggernaut (required for Chat functionality to work)
cd /home/expprodl
unzip app.zip
rm app.zip
==== Install the /home/expprodl/bin folder ====
This includes the init script for chat, deploy specific scripts such as backup, solr restart etc.
cd /home/expprodl
unzip bin.zip
rm bin.zip
==== Install crossbow application root skeleton ====
cd /
wget --user=expbbbu --password= ftp://qacollab01.exphosted.com/softrepo/app/deploystructure/deploy.zip
unzip deploy.zip
chown -hR expprodl.expprodl deploy
rm deploy.zip
add below line in /etc/rc.local
/usr/local/bin/get_params.sh
touch /var/lock/subsys/local
runuser -l expprodl -c '/bin/sh /home/expprodl/bin/chat_sss.sh start '
runuser -l expprodl -c '/bin/sh /deploy/systasks/god.sh start'
/bin/sh /opt/apache2/bin/apachectl start
/bin/sh /opt/tomcat6/bin/startup.sh start
====== Detailed Log ======
0.2 - added development libraries required for compiling native gem dependencies - gcc gcc-c++ libxml2-devel mysql-devel libxslt-devel make
0.1 - created.