CENTOS 5 (preferably, 5.9) 64-bit 
8192MB RAM
Quad-core 2.6 GHZ CPU (or 4 vCPUs on a VM)
Ports 80, 8090 inbound on the public interface.
No Ingress Control on the private network interface.
No Egress Control on either pubic or private network interface.
Port 80 is not used by any application
10GB for Operating System and Core Application
80GB additional storage for application related needs.

• Windows users : PuTTy, OSX users, Terminal.
• Credentials with READ access to the software repository.
  
• Private/Public key for devops user
  

A golden image for application server already exists within the OpSource environment. It is called App Gold.
That should be used for all application server deployment needs.
This guide exists so that the GOLD image can be recreated (as in for a different vendor's environment).
In case of an upgrade to a software version, Doku is well capable of recording revisions and hence do not leave unnecessary or obsolete command blocks in this guide.

Guidelines:

• Watch out for strings encapsulated within <> symbols. Ex: <IPADDRESS>.
  That requires modification or your attention.
• VERIFY sections exist to verify success of the commands ran in the previous section. Use that section.
• Certain sections have links to other sections, WIKI articles for your convenience.

Start with adding the user:

adduser expprodl

Next, setup key based auth for devops.

#Note the following command needs an IP ADDRESS.
cat ~/.ssh/id_rsa_devops.pub | ssh expprodl@<IPADDRESSOFSERVER> "cat >> ~/.ssh/authorized_keys"

Grant sudo power to expprodl Copy the code block after the block before you exec the following command
* nano /etc/sudoers

## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
## 
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhap using 
## wildcards for entire domains) or IP addresses instead.
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
#Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
#Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
#Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
#Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
#Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
#Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 

## Processes
#Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
#Cmnd_Alias DRIVERS = /sbin/modprobe
Cmnd_Alias APACHE = /opt/apache2/bin/apachectl, /bin/vi /opt/apache2/conf/httpd.conf
Cmnd_Alias MYSQL = /sbin/service mysql stop, /sbin/service mysql start, /sbin/service mysql status, /sbin/service mysql restart
Cmnd_Alias IPTABLES = /sbin/service iptables stop, /sbin/service iptables start, /sbin/iptables
# Defaults specification

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear. 
#         You have to run "ssh -t hostname sudo <cmd>".
#
#Defaults    requiretty

#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults   !visiblepw

Defaults    env_reset
Defaults    env_keep = "PATH COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                        _XKB_CHARSET XAUTHORITY"

## Next comes the main part: which users can run what software on 
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## 	user	MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere 
root	ALL=(ALL) 	ALL

## Allows members of the 'sys' group to run networking, software, 
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL

## Same thing without a password
# %wheel	ALL=(ALL)	NOPASSWD: ALL

## Allows members of the users group to mount and unmount the 
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now
expprodl ALL= NOPASSWD: APACHE, MYSQL, IPTABLES

We will need to install the following as we will be compiling some packages:

yum install nano lynx -y
yum groupinstall "Development Tools" -y
yum groupinstall "Development Libraries" -y    
yum update -y

Set Timezone

sudo rm /etc/localtime
sudo ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime

Additionally, we will disable the firewall:

chkconfig iptables off
# A text editor will open with the following command, set SELINUX=disabled
nano /etc/selinux/config

Now reboot the machine and verify:

Whether you are able to login without any password?
Whether the machine boots properly after the update?
Whether selinux was disabled?

sestatus

Whether iptables is turn off?

service iptables status

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/httpd-2.2.21.tar
tar xvf httpd-2.2.21.tar 
./configure --prefix=/opt/apache2 --enable-mods-shared=most --enable-ssl --enable-usertrack --enable-unique-id --with-included-apr --with-pcre=/usr/bin/pcre-config
make && make install
echo 'export APXS2=/opt/apache2/bin/apxs' >> /etc/profile.d/crossbow.sh
logout

You will need an additional script to ensure this service is started after a system reboot. Look at the section titled init scripts.

/opt/apache2/bin/apachectl start
lynx localhost

Expected output:
You should see a default page text.

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/apache-upload-progress-module.tar
tar xvf apache-upload-progress-module.tar
cd apache-upload-progress-module
sudo apxs -c -i -a mod_upload_progress.c

ls /opt/apache2/modules/ | grep mod_upload_progress.so

Expected output:

	
mod_upload_progress.so

Additionally, repeat the verification steps from Apache Installation section above.

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/ruby-enterprise-1.8.7-2011.03.tar.gz
tar -zxvf ruby-enterprise-1.8.7-2011.03.tar.gz
cd ruby-enterprise-1.8.7-2011.03
./installer --dont-install-useful-gems
echo 'pathmunge /opt/ruby-enterprise-1.8.7-2011.03/bin' >> /etc/profile.d/crossbow.sh
logout

ruby -v

Expected output:

	
ruby 1.8.7 (2011-02-18 patchlevel 334) [x86_64-linux], MBARI 0x6770, Ruby Enterprise Edition 2011.03

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/rubygems-1.3.7.tgz
tar zxvf rubygems-1.3.7.tgz 
cd rubygems-1.3.7
sudo ruby setup.rb

gem --version

Expected output:

	
1.3.7

gem install passenger -v "3.0.9" 

gem list | grep passenger

Expected output:

	
passenger (3.0.9)

#It has been observed (but not throughly test) that the app works fine with -v #“4.0.9” as well

/opt/ruby-enterprise-1.8.7-2011.03/bin/passenger-install-apache2-module

You will see a CUI. Keep on pressing next with a space bar and it will install the required module.

This will be automatically verified in the next section.

cd /opt/apache2/conf
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/conf/httpd.conf_live
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/conf/httpd.conf_maintenance
cp httpd.conf_live httpd.conf

IP addresses in the conf file - By Default, Apache listens on All IP addresses.
Additionally, repeat the verification steps from Apache Installation section above.
Make sure the RailsEnv variable is correctly set.

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/ffmpeg-1.2.4-withmods.tar.gz
tar -zxvf ffmpeg-1.2.4-withmods.tar.gz 
cd ffmpeg-1.2.4
yum install nasm
cd yasm-1.2.0
./configure
make && make install
cd ..
./configure --datadir=/usr/share/ffmpeg --extra-cflags=-I/tmp/ffmpeg-1.2.4/include --extra-ldflags=-L/tmp/ffmpeg-1.2.4/lib --bindir=/usr/local/bin --extra-libs=-ldl --enable-gpl --enable-nonfree --enable-libmp3lame --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libtheora --enable-libspeex --enable-libfaac
make && make install
echo "/usr/local/lib" > /etc/ld.so.conf.d/loadusrlocallib.conf
ldconfig

FFMPEG will be installed at /usr/local/bin.
Additionally, the ruby ffmpeg wrapper we use streamio-ffmpeg needs ffmpeg at /usr/bin.

ln -nfs /usr/local/bin/ffmpeg /usr/bin/ffmpeg

ffmpeg

Expected output:

ffmpeg version 1.2.4 Copyright (c) 2000-2013 the FFmpeg developers
  built on Jan  7 2014 01:23:25 with gcc 4.1.2 (GCC) 20080704 (Red Hat 4.1.2-54)
  configuration: --datadir=/usr/share/ffmpeg --extra-cflags=-I/tmp/ffmpeg-1.2.4/include --extra-ldflags=-L/tmp/ffmpeg-1.2.4/lib --bindir=/usr/local/bin --extra-libs=-ldl --enable-gpl --enable-nonfree --enable-libmp3lame --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libtheora --enable-libspeex --enable-libfaac
  libavutil      52. 18.100 / 52. 18.100
  libavcodec     54. 92.100 / 54. 92.100
  libavformat    54. 63.104 / 54. 63.104
  libavdevice    54.  3.103 / 54.  3.103
  libavfilter     3. 42.103 /  3. 42.103
  libswscale      2.  2.100 /  2.  2.100
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  2.100 / 52.  2.100
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]... {[outfile options] outfile}...

Use -h to get full help or, even better, run 'man ffmpeg'

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/jre-7u45-linux-x64.rpm 
yum localinstall jre-7u45-linux-x64.rpm 

java -version

Expected output:

java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)

* Check the release specific version required on https://wiki.exphosted.com/doku.php/releasespecifictasks under Predeployment tasks.

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/Apache_OpenOffice_4.0.1_Linux_x86-64_install-rpm_en-US.tar.gz
tar zxvf Apache_OpenOffice_4.0.1_Linux_x86-64_install-rpm_en-US.tar.gz
cd en-US/RPMS
yum localinstall *.rpm --nogpgcheck
	

netstat -anp | grep 8100

Expected output:

tcp        0      0 127.0.0.1:8100              0.0.0.0:*                   LISTEN      15465/soffice.bin  

cd /etc/yum.repos.d/
wget http://download.gluster.org/pub/gluster/glusterfs/repos/YUM/glusterfs-3.4/LATEST/CentOS/glusterfs-epel.repo
nano glusterfs-epel.repo
#The following is not a command.
//SET enabled=0 for noarch//
yum install glusterfs-fuse

mount.glusterfs

Expected output:

Usage:  mount.glusterfs <volumeserver>:<volumeid/volumeport> -o <options> <mountpoint>
Options:
man 8 mount.glusterfs

To display the version number of the mount helper:
mount.glusterfs --version

wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/pdftk-1.44-2.el5.rf.x86_64.rpm
yum localinstall pdftk-1.44-2.el5.rf.x86_64.rpm

Yum will also install dependency packages:

(1/6): java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.x86_64.rpm
(2/6): jpackage-utils-1.7.3-1jpp.3.el5.noarch.rpm
(3/6): gjdoc-0.7.7-12.el5.x86_64.rpm
(4/6): antlr-2.7.6-4jpp.2.x86_64.rpm
(5/6): pdftk-1.44-2.el5.rf.x86_64.rpm
(6/6): libgcj-4.1.2-54.el5.x86_64.rpm

 pdftk --version

Expected output:

pdftk 1.44 a Handy Tool for Manipulating PDF Documents
Copyright (C) 2003-10, Sid Steward - Please Visit: www.pdftk.com
This is free software; see the source code for copying conditions. There is
NO warranty, not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/pdf2json-0.61.tar.gz
mkdir pdf2json
mv pdf2json-0.61.tar.gz pdf2json 
cd pdf2json
tar zxvf pdf2json-0.61.tar.gz
make && make install

pdf2json

Expected output:

pdf2json version 0.61 http://flexpaper.devaldi.com/pdf2json/, based on Xpdf version 3.02

PDF2SWF program requires libgif and freetype headers.

yum install giflib-devel freetype-devel

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/swftools-0.9.2.tar.gz
tar zxvf swftools-0.9.2.tar.gz
cd swftools-0.9.2
./configure
make && make install

pdf2swf -V

Expected output:

pdf2swf - part of swftools 0.9.2

wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/mupdf-1.2-source.zip
unzip mupdf-1.2-source.zip
cd mupdf-1.2-source
make && make install

mupdf

Expected output:

usage: mupdf [options] file.pdf [page]
	-b -	set anti-aliasing quality in bits (0=off, 8=best)
	-p -	password
	-r -	resolution

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/msttcorefonts-2.5-1.noarch.rpm
rpm -ivh msttcorefonts-2.5-1.noarch.rpm
cd /usr/share/fonts/default/
ln -s ../msttcorefonts TrueType

This package only installs font files. You will not be able to install rmagic gem if this was unsuccesfull.

cd /tmp
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/cabextract-1.4-1.el5.rf.x86_64.rpm
wget --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/installed-software/msttcorefonts-2.5-1.spec

rpm -ivvh cabextract-1.4-1.el5.rf.x86_64.rpm
echo "%_topdir %(echo $HOME)/rpmbuild" > ~/.rpmmacros
mkdir ~/rpmbuild/BUILD -p
mkdir ~/rpmbuild/RPMS/noarch -p

rpmbuild -bb msttcorefonts-2.5-1.spec
rpm -ivh $HOME/rpmbuild/RPMS/noarch/msttcorefonts-2.5-1.noarch.rpm
/sbin/service xfs reload

cd /usr/share/fonts/default/
ln -s ../msttcorefonts TrueType

yum remove cabextract
rm -rf ~/rpmbuild

yum uninstall group "Development Tools"
cd /tmp
rm * -rf

yum install subversion -y
yum install pcre-devel imagemagick imagemagick-devel git mutt gcc gcc-c++ libxml2 libxml2-devel libxslt-devel libxslt mysql-devel make

gem install rmagick -v 1.15.17
cd /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/rmagick-1.15.17/ 
make && make install
cd /opt/ruby-enterprise-1.8.7-2011.03/share/RMagick/
setfacl -R -m d:u::7 .
setfacl -R -m u::7 .
setfacl -R -m d:u:expprodl:7 . 
setfacl -R -m u:expprodl:7 .

We are removing the shipped version and installing an older version.

  
gem uninstall rake
gem install rake -v 0.8.7

We are removing the shipped version and installing an older version.

  
gem uninstall rack
gem install rack -v "1.3.2"

  
gem install bundler -v "1.0.21"
ln -nfs /opt/ruby-enterprise-1.8.7-2011.03/bin/bundle /usr/local/bin/bundle

gem install god -v 0.11.0
gem install daemons

We use Zabbix for monitoring.

Follow Zabbix Configuration Guide

Follow Zabbix Configuration Guide

sudo touch /var/run/god
sudo chown expprodl:expprodl /var/run/god

Install INIT file

cd /etc/init.d
wget  --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/conf/init/god

Modify the environment for this server (if needed) in the CONFIGFILE.

Put the following block in /etc/rc.local

echo "Starting Apache"
/opt/apache2/bin/apachectl start
echo "Starting God"
su - expprodl -s "/deploy/systasks/god.sh start"
echo "Starting ZabbixAgent"
zabbixBin=`which zabbix_agentd`
exec zabbixBin

chkconfig sendmail on

Other INIT files are in the Application Setup.

cd /home/expprodl 
wget  --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/crossbowsoft/*.zip
#unless this is a build server
rm crossbow.zip

This includes redis and Juggernaut (required for Chat functionality to work)

cd /home/expprodl
unzip app.zip
rm app.zip

This includes the init script for chat, deploy specific scripts such as backup, solr restart etc.

cd /home/expprodl 
unzip bin.zip
rm bin.zip

cd /
wget  --user=expbbbu --password=<RETRACTED> ftp://qacollab01.exphosted.com/softrepo/app/deploystructure/deploy.zip
unzip deploy.zip
chown -hR expprodl.expprodl deploy
rm deploy.zip

add below line in /etc/rc.local
/usr/local/bin/get_params.sh
touch /var/lock/subsys/local
runuser -l expprodl -c  '/bin/sh /home/expprodl/bin/chat_sss.sh start '
runuser -l expprodl -c '/bin/sh /deploy/systasks/god.sh start'
/bin/sh /opt/apache2/bin/apachectl start
/bin/sh /opt/tomcat6/bin/startup.sh start

0.2 - added development libraries required for compiling native gem dependencies - gcc gcc-c++ libxml2-devel mysql-devel libxslt-devel make 0.1 - created.