declare independence from your it department sysadmin skills for symfony developers

Declare Independence from your IT department

Sysadmin skills for Symfony developers

June 8, 2012 - Symfony Live ParisPablo Godel @pgodel

Friday, June 8, 2012

- Why SysAdmin Skills- Introduction to LAMP- Hosting options- Linux distributions- Installing PHP options- Deploying PHP- Various production tips- Monitoring- Backups

Agenda


Who Am I?

⁃ Born in Argentina, living in the US since 1999⁃ PHP & Symfony developer

⁃ Founder of the original PHP mailing list in spanish ⁃ Master of the parrilla


⁃ Founded ServerGrove Networks in 2005

⁃ Provider of web hosting specialized in PHP, Symfony, ZendFramework, and others

⁃ Now with servers in Europe (and USA)

⁃ Mongohosting.com under beta!

ServerGrove!


⁃ Very active open source supporter through codecontributions and usergroups/conference sponsoring

Community is our teacher


Sysadmin Skills

Who needs them?


Text

IT is busy / Different PrioritiesFriday, June 8, 2012

!Rocket ScienceFriday, June 8, 2012

Lack of controlFriday, June 8, 2012

Less downtimeFriday, June 8, 2012

Better PerformanceFriday, June 8, 2012

What do you prefer?Friday, June 8, 2012

Or this?Friday, June 8, 2012

An example...

I s. I ’ s L. E Cs , .


LAMPWhat is


LAMPFriday, June 8, 2012

LAMP Scott Beale


http://www.flickr.com/photos/laughingsquid/

http://www.flickr.com/photos/laughingsquid/

LNMPFriday, June 8, 2012

LAMPFriday, June 8, 2012

LAPPFriday, June 8, 2012

LANMMPPFriday, June 8, 2012

LANMMPPWhy?


Why LANMMPP

Proven


Stable

Why LANMMPP


Secure

Why LANMMPP


Why LANMMPP

Free


Free*

Why LANMMPP


Inexpensive

Why LANMMPP


Easily Available

Why LANMMPP


Hosting Options


Hosting OptionsShared Hosting

- Inexpensive- Widely available- Easy to use- No maintenance- No updates- Instant provisioning- DNS/Email services

- Shared resources- No/Limited Shell- Many restrictions- No control- Fixed versions - Multitude of CPs

+ -


Hosting OptionsDedicated Servers

- Full control- No sharing- Best performance- Software / Hardware to specs

- Hard to plan- Software updates- SysAdmin skills- Expensive to start- Parts replacements- Control Panel licenses

+ -


Hosting OptionsVirtual Servers / VPS

- Shared resources- Software updates- SysAdmin skills- Limited/No CP- Lack of email

-


Hosting OptionsVirtual Servers / VPS

- Inexpensive- Widely available- Choice of OS- Root access- Full shell- Fast provisioning- Custom software

- Custom configurations- Snapshots- Multiple Envs

+ +


Hosting OptionsCloud Hosting

Depends on implementation

+ -



Some are a shared hosting with a fancy new name



Some are a shared hosting with a fancy new nameOthers let you start small and scale easily



Some are a shared hosting with a fancy new nameOthers let you start small and scale easilyGets really expensive at scale



Most suffer from some of the shared hosting problems:- vendor lock-in- lack of control- high learning curve- limited environment


Hosting Options

Which one to choose?


Hosting OptionsWhich one to choose?

I T D E P E N D S


Linux Distributions


DistributionsRedHat based

- Fedora- RedHat Enterprise Linux (RHEL)- CentOS- Scientific Linux


DistributionsDebian based

- Debian- Ubuntu


DistributionsOthers

- Gentoo- Slackware- OpenSuse- Archlinux- any many many more!

http://distrowatch.com/http://en.wikipedia.org/wiki/Linux_distribution


http://distrowatch.com/

http://distrowatch.com/

http://en.wikipedia.org/wiki/Linux_distribution

http://en.wikipedia.org/wiki/Linux_distribution

DistributionsKey differences- Configuration files- Package Manager- Managing Services- Software versions- Updates


DistributionsKey differences

- Configuration files

CentOS

Ubuntu

/etc/sysconfig/network-scripts/ifcfg-eth0

/etc/network/interfaces



- Package Manager

CentOS

Ubuntu

yum install php-cli

apt-get install php5



- Package Manager

CentOS

Ubuntu

yum search php-cli

apt-cache search php



- Managing Services

CentOS

Ubuntu

service restart httpdchkconfig --list httpdchkconfig httpd on

service restart apache2sudo update-rc.d apache2 enable



- Software versions

CentOS

Ubuntu

httpd-2.2.3

apache-2.2.17



- Updates

CentOS 5.x

Ubuntu 11

PHP 5.1.6

PHP 5.3.5


DistributionsKey similarities

- Based on Linux Kernel

- Screwed up or ancient PHP- Lack of PHP extensions


DistributionsWhich one to choose?

I T D E P E N D S


DistributionsWhich one to choose?

- Best feeling- Previous experience- Workplace selection- Coworker / friend knowledge


DistributionsTest Drive

Virtual Machines:

- VirtualBox- Parallels- VMware- VPS


Installing PHP


Installing PHPCentOS

yum install php php-cliyum install php-libxml



Third Party Repositories- Remi RPMhttp://blog.famillecollet.com/- Webtatichttp://www.webtatic.com/- ServerGrove: PHP 5.3.13 / 5.4.3 (always latest)http://repos.servergrove.com


http://blog.famillecollet.com/

http://blog.famillecollet.com/

http://www.webtatic.com/

http://www.webtatic.com/

http://repos.servergrove.com



Third Party Repositories

cd /etc/yum.repos.d/wget http://repos.servergrove.com/servergrove-centos-5/servergrove-centos-5.repoyum install php53 # or php54


http://repos.servergrove.com/servergrove-centos-5/servergrove-centos-5.repo




Installing PHPUbuntu

apt-get install php5 libapache2-mod-php5apt-get install php5-libxml




- Dotdeb:http://www.dotdeb.org/- ServerGrove: (always latest)http://repos.servergrove.com

PHP 5.3.13 / 5.4.3


http://www.dotdeb.org/

http://www.dotdeb.org/





echo “deb http://repos.servergrove.com/servergrove-ubuntu-natty natty main” >> /etc/apt/sources.list.d/servergrove.listapt-get install php53 # or php54


http://repos.servergrove.com/servergrove-ubuntu-natty




Installing PHPFrom Source

wget http://us2.php.net/get/php-5.4.3.tar.bz2/from/www.php.net/mirrortar jxvf php-5.4.3.tar.bz2cd php-5.4.3./configure make && make install














Installing PHPRecompiling

php -i |grep configure./configure '--with-apxs2=/usr/sbin/apxs' '--prefix=/usr/local/php53' '--with-config-file-scan-dir=/etc/php53/conf.d' '--enable-bcmath' '--enable-ctype' '--enable-exif' '--enable-mbstring' '--enable-ftp' '--enable-intl' '--enable-sockets' '--enable-sysvmsg' '--enable-pcntl' '--with-bz2' '--with-curl' '--with-gettext' '--with-gd' '--enable-gd-native-ttf' '--enable-exif' '--with-freetype-dir=/usr' '--with-jpeg-dir=/usr' '--with-t1lib=/usr' '--with-mcrypt' '--with-openssl' '--with-kerberos' '--with-iconv' '--with-xsl' '--with-xmlrpc' '--with-zlib' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd'make && make install


























Installing PHPCompiling for Apache

./configure '--with-apxs2=/usr/sbin/apxs' make && make install






Installing PHPCompiling for Nginx / PHP-FPM

./configure '--enable-fpm' make && make install






Installing PHPCompiling extension

./configure --with-curl --enable-ftpmake && make install







(dynamic)

cd ext/curlphpize./configure make && make installecho “extension=curl.so” >> php.ini













http://pecl.php.net/





(PECL)pecl install apc# orpecl download apctar zxvf APC-3.1.9.tgzcd APC-3.19phpize./configure make && make installecho “extension=apc.so” >> php.ini




















Automate!

- Chef- Puppet- ...

Installing PHP


Installing PHPConfiguration

/etc/php/php.ini/etc/php5/cli/php.ini

/usr/local/lib/php.ini

Default location

Other common locations

/etc/php5/apache2/php.ini



php -i | grep php.iniConfiguration File (php.ini) Path => /usr/local/php5/libLoaded Configuration File => /usr/local/php5-20110426-093151/lib/php.iniScan this dir for additional .ini files => /usr/local/php5/php.dAdditional .ini files parsed => /usr/local/php5/php.d/10-extension_dir.ini,



php -i | grep mongo/usr/local/php5/php.d/50-extension-mongo.ini,mongomongo.allow_empty_keys => 0 => 0mongo.allow_persistent => 1 => 1mongo.auto_reconnect => 1 => 1mongo.chunk_size => 262144 => 262144mongo.cmd => $ => $mongo.default_host => localhost => localhostmongo.default_port => 27017 => 27017



[PHP Modules]apcbcmathbz2Corectypecurldatedomereg

php -m



php.iniextension_dir=/usr/lib/php/extensions/no-debug-non-zts-20090626

extension=apc.soextension=mongo.so



php.ini

php -i | grep extension_dirextension_dir => /usr/local/php5/lib/php/extensions/no-debug-non-zts-20090626



php.ini

date.timezone=UTCdisplay_errors = offlog_errors = onerror_log = /var/log/php.log



Securitymemory_limit = 128Mmax_execution_time = 30display_errors = offexpose_php = offmail.log = /var/log/phpmails.logdisable_functions = execallow_url_fopen = off



File uploads on .htaccessphp_value memory_limit 128Mphp_value max_file_uploads 20php_value max_input_time -1php_value post_max_size 8Mphp_value upload_max_filesize 2Mphp_value max_execution_time 0

AllowOverride=All in Apache!Friday, June 8, 2012


Apache

php_value date.timezone UTCphp_flag display_errors 1php_value memory_limit 128Mphp_value max_execution_time 0

Donʼt forget to restart ApacheFriday, June 8, 2012

Installing PHPWeb Server User

- apache- nobody- www-data- ftp / ssh user (sometimes)

Possible users

Permissions issues with clear cache and uploads, Anyone?


Installing PHPWeb Server User

Fix:

Permissions issues with clear cache and uploads, Anyone?

rm -rf app/cache/*rm -rf app/logs/*

sudo chmod +a "www-data allow delete,write,append,file_inherit,directory_inherit" app/cache app/logssudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs

http://symfony.com/doc/current/book/installation.html




Deploying PHP


Deploying PHPBefore going live

Make sure ntpd is installed and running to ensure accurate server time

yum install ntpchkconfig ntpd onntpdate pool.ntp.org



- Limit access by IP

<Location /admin> Order Deny,Allow Deny from all Allow from 1.2.3.4</Location>



- Add HTTP Authentication

<Location /admin> Require valid-user AuthType Basic AuthName "SG" AuthUserFile /path/users</Location>



- Quiet down Apache

ServerTokens Prod



RewriteEngine On

RewriteRule ^\.htaccess$ - [F]

RewriteCond %{REQUEST_FILENAME} -fRewriteRule ^.*$ - [NC,L]

RewriteCond %{REQUEST_URI} !^/web/.*$RewriteRule ^(.*)$ /web/$1

Move document root with .htaccess



- Case senstive filesystem

IPCheck_Form_Index_Login != IpCheck_Form_Index_Login

/path/to/file/IpCheck_Form_Index_Login.php<?php class IPCheck_Form_Index_Login {...


Deploying PHP- server-side vi- plain old FTP- SFTP- scp- rsync + ssh- git- tar / gzip- rpm / deb packages- capistrano / capifony


Deploying PHPEffing Package Management

https://github.com/jordansissel/fpm

Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.

fpm -s dir -t rpm -n "sfapp" -v 1.0 /var/www/sfapp

fpm -s dir -t deb -a all -n sfapp -v 1.0 /etc/apache2/conf.d/my.conf /var/www/sfapp




Deploying PHPCapifony

- multiple servers- multiple environments- setup shared folders (vendors, cache, logs, etc)- copy files- update vendors- multi versions- rollback- restart apache


Deploying PHP

Automate!


DNS TipsThe Power of the hosts file


DNS Tips

/etc/hosts

10.0.1.1 www.lottery.com

The Power of the hosts file


http://www.lottery.com

http://www.lottery.com

DNS Tips

/etc/hosts

10.0.1.1 example1.com example2.com

The Power of the hosts file


DNS TipsVirtual Document Root

UseCanonicalName Off

VirtualDocumentRoot /var/www/vhosts/%0/web

<Location /var/www/vhosts> AllowOverride All Options +FollowSymLinks</Location>

example.com => /var/www/vhosts/example.com/webexample2.com => /var/www/vhosts/example2.com/web


DNS TipsNameservers/Expiration

whois servergrove.com...Name Servers: ns1.servergrove.com ns2.servergrove.com ns3.servergrove.com

Creation date: 19 May 2005 23:34:36Expiration date: 19 May 2014 23:34:00


DNS TipsDNS records

dig -t A google.com;; ANSWER SECTION:google.com. 184 IN A 74.125.230.227google.com. 184 IN A 74.125.230.228google.com. 184 IN A 74.125.230.229google.com. 184 IN A 74.125.230.230google.com. 184 IN A 74.125.230.231google.com. 184 IN A 74.125.230.232google.com. 184 IN A 74.125.230.233google.com. 184 IN A 74.125.230.238google.com. 184 IN A 74.125.230.224google.com. 184 IN A 74.125.230.225google.com. 184 IN A 74.125.230.226


DNS TipsDNS records

dig -t A servergrove.eu @ns1.servergrove.com;; ANSWER SECTION:servergrove.eu. 3600 IN A 149.5.47.100


DNS Tipstraceroute

traceroute google.com

traceroute to google.com (173.194.37.33), 30 hops max, 40 byte packets 1 2.69-195-222.static.servergrove.com (69.195.222.2) 0.360 ms 0.365 ms 0.432 ms 2 t0-1-0-5.br2.mia.terremark.net (66.165.161.45) 1.558 ms 1.546 ms 1.532 ms 3 core1-1-0-0.mia.net.google.com (198.32.124.133) 0.238 ms 0.224 ms 0.230 ms 4 209.85.253.74 (209.85.253.74) 0.266 ms 0.283 ms 0.312 ms 5 209.85.254.252 (209.85.254.252) 12.764 ms 12.757 ms 12.749 ms 6 64.233.175.92 (64.233.175.92) 14.177 ms 14.257 ms 14.359 ms 7 atl14s07-in-f1.1e100.net (173.194.37.33) 13.653 ms 13.606 ms 13.618 ms


DNS Tipshttp://whereisitup.com


http://whereisitup.com


DNS Tipsmtr


Monitoring


Monitoring

<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from .your_domain.com</Location>

ExtendedStatus On

Apache Requests


MonitoringApache Requests


Monitoring

- Cacti- Ganglia- Zabbix- collectd- statsd / StatsDBundle- graphite










Monitoringstatsd / StatsDBundle / Graphite


MonitoringCPU / Memory / IO

top


MonitoringIO

iotop


MonitoringNetwork

iptraf


MonitoringHandling logs

- Centralize logs with syslog

error_log = syslog

- Monolog supports syslog- logstash, logster, loggly, logio


Speeding up


Speeding up

- nginx/php-fpm- APC- Memcache- nginx reverse proxy cache- Varnish


Backups


Backups

- rsync- rdiff-backup- Unison- Bacula- Amanda


Backups

Donʼt forget to backup your DB!


Reading List

- Automating UNIX and Linux Administration- Running Linux - Learning the bash Shell: Unix Shell Programming


The End

Questions?Sysadmin skills for Symfony developers


Thank you!

Sysadmin skills for Symfony developers

https://joind.in/6605

Pablo Godel @pgodel

Feedback Please!




declare independence from your it department sysadmin skills for symfony developers

Technology