deploying to ubuntu on linode
TRANSCRIPT
MONTREAL 1/3 JULY 2011
Deploying to Ubuntu on LinodeDavid LeBerAlign Software Inc.
Overview
• What
• Why
• How
• Q&A
Linode Overview
• VPS Supplier
• Xen Virtualized Servers
• Multiple available Linux Distros
• Distributed data centers (1 x UK, 4 x USA)
• Multiple Linode sizes
• Pro-rated billing
Linode Sizes
Why Linode
• Familiar distros (Ubuntu 10.04 LTS)
• Pricing
• Pooled bandwidth
• Awesome performance (IO and network)
• Private network access
• Free DNS
• Virtual console (Lish)
Linode Creation
Creating a Linode - 1
Creating a Linode - 2
Creating a Linode - 3
Creating a Linode - 4
Creating a Linode - 5
Creating a Linode - 6
Creating a Linode - 7
Creating a Linode - 8
KEEP NOTES!
Preliminary Setup
• Apply Updates:
• sudo apt-get update
• sudo apt-get upgrade --show-upgradegraded
• Set hostname
• echo "demo" > /etc/hostname
• hostname -F /etc/hostname
Preliminary Setup
• Configure Network:
• Add private IP
• sudo nano /etc/network/interfaces
• Edit hosts file
• nano /etc/hosts
• Configure DNS
Preliminary Setup
• Set Timezone
• dpkg-reconfigure tzdata
• Create admin user
• adduser admin
Preliminary Setup
• Add admin user to /etc/sudoers
• visudo
• add “admin ALL=(ALL) ALL” to User priveleges
• Test ssh login with admin
• Test sudo with admin
Secure SSH
• On Linode (as admin)
• cd ~
• mkdir .ssh
• On local machine
• ssh-keygen -t dsa
• ssh [email protected] "echo `cat ~/.ssh/id_dsa.pub` >> ~/.ssh/authorized_keys"
Secure SSH
• Test login
• sudo nano /etc/ssh/sshd_config
• Change port: Port 22022
• Disable root login: PermitRootLogin no
• Allow only admin user: AllowUsers admin
• Disable password auth: PasswordAuthentication no
Secure SSH
• Restart: sudo /etc/init.d/ssh restart
• Do not close terminal!
• Test login
Firewall
• sudo apt-get install ufw
• sudo ufw allow 22022
• sudo ufw allow 80
• sudo ufw allow ...
• sudo ufw enable
Oh Crap!
Linode Typical Types
512Apache
PHP
1024Apachewotaskd
apps
2048 MySQL
512Monitor
512JenkinsSVN
Install Java
• sudo echo "deb http://archive.canonical.com/ lucid partner\n deb-src http://archive.canonical.com/ lucid partner " >> /etc/apt/sources.list
• apt-get update
• apt-get install sun-java6-jdk
Installing Software
• Ubuntu - apt-get
• Linode Library
Linode StackScripts
• Scripts to automate Linode setup
• Hooks for user input
• Extensive library
• Create your own
• API for external control
Install WO Frameworks
• Wait... Actually don’t.
Prepare for WO Apps
• Apache 2.2?
• Apache Adapter?
Build Apache Adaptor
• Curl Wonder source from webobjects.mdimension.com
• cd Wonder/Utilities/Adaptors/
• nano make.config and change ADAPTOR_OS
• remove srandomdev() call as per wiki
• make and install as per wiki
Prepare WO Directories
• mkdir -p /opt/Library/WebObjects/JavaApplications/
• mkdir -p /opt/Local/Library/WebObjects/Applications/
• mkdir -p /opt/Local/Library/Logs/
Generate WO Users
• sudo groupadd appserveradm
• sudo useradd -g appserveradm appserver
Install wotaskd
• Curl wotaskd.woa.tar.gz from webobjects.mdiminsion.com
• untar and mv into /opt/Library/WebObjects/JavaApplications/
• Fix permissions
Install JavaMonitor
• Curl JavaMonitor.woa.tar.gz from webobjects.mdiminsion.com
• untar and mv into /opt/Library/WebObjects/JavaApplications/
• Fix permissions
Ubuntu Upstart
• Replacement for rc.d scripts
• Similar in concept to launchd
• Can perform auto relaunch
Upstart Example
Upstart
• File /etc/init/webobjects.conf
• Started with:
• services webobjects start
WO App Installation
• Curl the app.woa from the build server
• Untar and mv to /opt/Local/Library/WebObjects/Applications/
• Curl the WSR app.woa from the build server
• Untar and mv to /srv/www/xxx.com/public_html/WebObjects/
• Fix permissions
Linode Performance Tuning
• Choose the correct size Linode for the job
• Tune config for the service
• Apache
• MySQL
• Linode Library as lots of tips
Linode Backup
• Linode offers a file system level backup service
• Enabled per Linode ($5 - $40/mo)
• 4 Snapshots (today, 1 weekly, 2 week, user triggered)
• DB export may be required for full coverage
Q&A
MONTREAL 1/3 JULY 2011