Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
computer:colo_container_recipe [2018/06/18 20:31]
tdobes
computer:colo_container_recipe [2019/04/18 12:06] (current)
tdobes
Line 2: Line 2:
 //LXC Container - Debian 9// //LXC Container - Debian 9//
  
-  * Create CT:  debian 9.4 lxc template, ​2/4 cpu limit, 20 gb (or 40 gb) hdd, 2048/4096 mb ram, 1024 mb swap+  * Create CT:  debian 9.4 lxc template, 4 cpu limit, 20 gb (or 40 gb) hdd, 1024/2048/4096 mb ram, 512/1024 mb swap
   * <​del>​enable fuse container (see http://​myatus.com/​p/​quick-note-fuse-inside-proxmox-lxc-container/​):<​code>​   * <​del>​enable fuse container (see http://​myatus.com/​p/​quick-note-fuse-inside-proxmox-lxc-container/​):<​code>​
 echo $'​lxc.autodev:​ 1\nlxc.hook.autodev:​ sh -c "mknod -m 0666 ${LXC_ROOTFS_MOUNT}/​dev/​fuse c 10 229"'​ >> /​etc/​pve/​lxc/###​.conf echo $'​lxc.autodev:​ 1\nlxc.hook.autodev:​ sh -c "mknod -m 0666 ${LXC_ROOTFS_MOUNT}/​dev/​fuse c 10 229"'​ >> /​etc/​pve/​lxc/###​.conf
Line 25: Line 25:
   * ''​aptitude update && aptitude forget-new && aptitude full-upgrade''​   * ''​aptitude update && aptitude forget-new && aptitude full-upgrade''​
   * ''​aptitude install apache2 php-fpm''​   * ''​aptitude install apache2 php-fpm''​
 +  * //for glpa-web:// ''​aptitude install php-mcrypt''​
   * ''​a2enmod rewrite proxy_fcgi ssl userdir && a2enconf php7.0-fpm''​   * ''​a2enmod rewrite proxy_fcgi ssl userdir && a2enconf php7.0-fpm''​
   * <​del>#​ ''​a2ensite default-ssl''</​del>​   * <​del>#​ ''​a2ensite default-ssl''</​del>​
Line 65: Line 66:
 cp -a /​mnt/​old/​etc/​dehydrated/​domains.txt /​etc/​dehydrated/​domains.txt cp -a /​mnt/​old/​etc/​dehydrated/​domains.txt /​etc/​dehydrated/​domains.txt
 rsync -aix /​mnt/​old/​var/​lib/​dehydrated/​ /​var/​lib/​dehydrated/​ rsync -aix /​mnt/​old/​var/​lib/​dehydrated/​ /​var/​lib/​dehydrated/​
-sed -e $"​s|^\t\tSSLCertificateFile\t/​etc/​ssl/​certs/​ssl-cert-snakeoil.pem$|\t\tSSLCertificateFile /​var/​lib/​dehydrated/​certs/​glpa.org/​fullchain.pem|g"​ -e $"​s|^\t\tSSLCertificateKeyFile /​etc/​ssl/​private/​ssl-cert-snakeoil.key$|\t\tSSLCertificateKeyFile /​var/​lib/​dehydrated/​certs/​glpa.org/​privkey.pem|g"​ /​etc/​apache2/​sites-available/​default-ssl.conf > /​etc/​apache2/​sites-enabled/​000-default-ssl.conf+SITE=glpa.org 
 +sed -e $"​s|^\t\tSSLCertificateFile\t/​etc/​ssl/​certs/​ssl-cert-snakeoil.pem$|\t\tSSLCertificateFile /​var/​lib/​dehydrated/​certs/​$SITE/​fullchain.pem|g"​ -e $"​s|^\t\tSSLCertificateKeyFile /​etc/​ssl/​private/​ssl-cert-snakeoil.key$|\t\tSSLCertificateKeyFile /​var/​lib/​dehydrated/​certs/​$SITE/​privkey.pem|g"​ /​etc/​apache2/​sites-available/​default-ssl.conf > /​etc/​apache2/​sites-enabled/​000-default-ssl.conf 
 +SITE=
  
 dehydrated -c dehydrated -c
Line 77: Line 80:
 </​code>​ </​code>​
  
-  * ''​aptitude install mariadb-server mariadb-client php-mysql''​ +  ​* on Drupal sites ONLY (not m-mproductions.com):​ 
-  * <​del><​code>​+    ​* ''​aptitude install mariadb-server mariadb-client php-mysql''​ 
 +    * <​del><​code>​
 mypass=`date +%s | sha256sum | base64 | head -c 15` mypass=`date +%s | sha256sum | base64 | head -c 15`
 mysqladmin --user=root password $mypass mysqladmin --user=root password $mypass
Line 85: Line 89:
 mypass= mypass=
 </​code></​del>​ </​code></​del>​
-  ​* <​code>​+    ​* <​code>​
 mysql mysql
 CREATE USER tdobes@localhost IDENTIFIED BY '​***PASSWORD***';​ CREATE USER tdobes@localhost IDENTIFIED BY '​***PASSWORD***';​
Line 92: Line 96:
 rm ~/​.mysql_history rm ~/​.mysql_history
 </​code>​ </​code>​
-  ​* ''​aptitude install git tmux''​ +    ​* ''​aptitude install git tmux''​ 
-  * ''​aptitude install phpmyadmin''​ # (when asked, enable for apache2, tell it yes when asked about creating db, and provide no password to randomly generate) +    * ''​aptitude install phpmyadmin''​ # (when asked, enable for apache2, tell it yes when asked about creating db, and provide no password to randomly generate) 
-  * force phpmyadmin to HTTPS only: <​code>​+    * force phpmyadmin to HTTPS only: <​code>​
 echo '<​Directory /​usr/​share/​phpmyadmin/>'​ > /​etc/​apache2/​sites-enabled/​phpmyadmin-force_ssl.conf echo '<​Directory /​usr/​share/​phpmyadmin/>'​ > /​etc/​apache2/​sites-enabled/​phpmyadmin-force_ssl.conf
 echo '​RewriteEngine On' >> /​etc/​apache2/​sites-enabled/​phpmyadmin-force_ssl.conf echo '​RewriteEngine On' >> /​etc/​apache2/​sites-enabled/​phpmyadmin-force_ssl.conf
Line 101: Line 105:
 echo '</​Directory>'​ >> /​etc/​apache2/​sites-enabled/​phpmyadmin-force_ssl.conf echo '</​Directory>'​ >> /​etc/​apache2/​sites-enabled/​phpmyadmin-force_ssl.conf
 </​code>​ </​code>​
-  * migrate ssh keys: ''​cp -a /​mnt/​old/​etc/​ssh/​ssh_host_*key* /​etc/​ssh/''​ +    ​* enable remote SSH access to old system ​to migrate db: ''​ssh-keygen''​ , then ''​%%cat .ssh/​id_rsa.pub >> /​mnt/​old/​root/​.ssh/​authorized_keys%%''​ 
-  * migrate homes: ''​%%rsync -aix --del /​mnt/​old/​home/​ /​home/​%%''​ +    * migrate databases: ''​%%ssh 192.168.222.4 mysqldump -p***PASSWORD*** --add-drop-database --databases drupal civicrm pleiades_drupal pleiades_civicrm | mysql%%''​ 
-  * migrate webroot: ''​%%rsync -aix --del /​mnt/​old/​var/​www/​ /​var/​www/​%%''​ +    * migrate db credentials:​ ''​%%ssh 192.168.222.4 '​mysqldump -p***PASSWORD*** mysql db user --skip-add-drop-table --no-create-info --complete-insert --where="​User IN (\"​drupal\",​ \"​civicrm\",​ \"​pleiades_drupal\",​ \"​pleiades_civicrm\"​)"'​ | mysql mysql && mysql -e 'flush privileges;'​%%''​ 
-  ​* enable remote SSH access to old system: ''​ssh-keygen''​ , then ''​%%cat .ssh/​id_rsa.pub >> /​mnt/​old/​root/​.ssh/​authorized_keys%%''​ +    * recreate drupal apache config:<​code>​
-  * migrate databases: ''​%%ssh 192.168.222.4 mysqldump -p***PASSWORD*** --add-drop-database --databases drupal civicrm pleiades_drupal pleiades_civicrm | mysql%%''​ +
-  * migrate db credentials:​ ''​%%ssh 192.168.222.4 '​mysqldump -p***PASSWORD*** mysql db user --skip-add-drop-table --no-create-info --complete-insert --where="​User IN (\"​drupal\",​ \"​civicrm\",​ \"​pleiades_drupal\",​ \"​pleiades_civicrm\"​)"'​ | mysql mysql && mysql -e 'flush privileges;'​%%''​ +
-  * recreate drupal apache config:<​code>​+
 echo '<​Directory /​var/​www/​html/>'​ > /​etc/​apache2/​sites-enabled/​drupal.conf echo '<​Directory /​var/​www/​html/>'​ > /​etc/​apache2/​sites-enabled/​drupal.conf
 cat /​var/​www/​html/​.htaccess >> /​etc/​apache2/​sites-enabled/​drupal.conf cat /​var/​www/​html/​.htaccess >> /​etc/​apache2/​sites-enabled/​drupal.conf
 echo '</​Directory>'​ >> /​etc/​apache2/​sites-enabled/​drupal.conf echo '</​Directory>'​ >> /​etc/​apache2/​sites-enabled/​drupal.conf
 </​code>​ </​code>​
-  ​* merge in any site-specific settings into /​etc/​apache2/​sites-enabled/​drupal.conf+    ​* merge in any site-specific settings into /​etc/​apache2/​sites-enabled/​drupal.conf 
 +    * ''​a2enmod headers expires''​ # these are used by drupal 
 +    * ''​%%aptitude --without-recommends install php-uploadprogress%%''​ # drupal wants this too (without recommends to avoid apache mod_php) 
 +  * migrate ssh keys: ''​cp -a /​mnt/​old/​etc/​ssh/​ssh_host_*key* /​etc/​ssh/''​ 
 +  * migrate homes: ''​%%rsync -aix --del /​mnt/​old/​home/​ /​home/​%%''​ 
 +  * migrate webroot: ''​%%rsync -aix --del /​mnt/​old/​var/​www/​ /​var/​www/​%%''​
   * migrate apache config: ''​%%rsync -ai --ignore-existing /​mnt/​old/​etc/​apache2/​sites-enabled/​ /​etc/​apache2/​sites-enabled/​%%''​   * migrate apache config: ''​%%rsync -ai --ignore-existing /​mnt/​old/​etc/​apache2/​sites-enabled/​ /​etc/​apache2/​sites-enabled/​%%''​
-  * ''​a2enmod ​headers expires''​ # these are used by drupal+  ​* migrate cron scripts: ''​%%rsync -ai --ignore-existing --exclude php5 /​mnt/​old/​etc/​cron.d/​ /​etc/​cron.d/​%%''​ 
 +  * for iyb vm: 
 +    * migrate http basic auth files: ''​%%rsync -aix --del /​mnt/​old/​etc/​apache2/​auth /​etc/​apache2/​%%''​ 
 +    * ''​aptitude install unzip''​ 
 +  * for glpa vm: 
 +    ​* ''​a2enmod ​proxy_http''​ # needed to pass through HLS to stream vm 
 +    * php 7.3 backport:<​code>​ 
 +aptitude install apt-transport-https 
 +#wget -O- "​https://​packages.sury.org/​php/​apt.gpg"​ | apt-key add - 
 +wget -O /​etc/​apt/​trusted.gpg.d/​php.gpg https://​packages.sury.org/​php/​apt.gpg 
 +echo 'deb https://​packages.sury.org/​php/​ stretch main' > /​etc/​apt/​sources.list.d/​php.list 
 +aptitude update && aptitude full-upgrade # (but disable libapache2-mod-php,​ which is recommended ​by php-uploadprogress) 
 +a2disconf php7.0-fpm && a2enconf php7.3-fpm && systemctl reload apache2 
 +sed -i -e '​s/​^post_max_size = 8M$/​post_max_size = 50M/g' -e '​s/​^upload_max_filesize = 2M$/​upload_max_filesize = 50M/g' /​etc/​php/​7.3/​fpm/​php.ini 
 +systemctl reload php7.3-fpm 
 +systemctl stop php7.0-fpm && systemctl disable php7.0-fpm 
 +systemctl enable php7.3-fpm && systemctl start php7.3-fpm 
 +</​code>​
computer/colo_container_recipe.1529371889.txt.gz · Last modified: 2018/06/18 20:31 by tdobes
Recent changes RSS feed Driven by DokuWiki Valid XHTML 1.0 Valid CSS