soflophp 2013 - sysadmin skills for php developers

SysAdmin skills for PHP developers

Pablo Godel @pgodel - March 13, 2013South Florida PHP Users Group

http://joind.in/8376

Thursday, March 14, 13



- Why SysAdmin Skills- Introduction to LAMP- Hosting options- Linux distributions- Installing PHP options- Deploying PHP- Various production tips- Monitoring- Backups

Agenda


Who Am I?

⁃ Born in Argentina, living in the US since 1999⁃ PHP & Symfony developer

⁃ Founder of the original PHP mailing list in spanish ⁃ Master of the parrilla


⁃ Founded ServerGrove Networks in 2005

⁃ Provider of web hosting specialized in PHP, Symfony, ZendFramework, and others

⁃ Now with servers in Miami, FL and Dublin, Ireland

⁃ Mongohosting.com!

ServerGrove!


⁃ Very active open source supporter through codecontributions and usergroups/conference sponsoring

Community is our teacher


Sysadmin Skills

Who needs them?


Text

IT is busy / Different PrioritiesThursday, March 14, 13

!Rocket ScienceThursday, March 14, 13

Lack of controlThursday, March 14, 13

Less downtimeThursday, March 14, 13

Better PerformanceThursday, March 14, 13

What do you prefer?Thursday, March 14, 13

Or this?Thursday, March 14, 13

An example...

I am limited to line commands. I don’t do line commands in Linux. Either they can install the Centos desktop, or they can just send me the files.


LAMPWhat is


LAMPThursday, March 14, 13

LAMP Scott Beale


http://www.flickr.com/photos/laughingsquid/

http://www.flickr.com/photos/laughingsquid/

LNMPThursday, March 14, 13

LNPPThursday, March 14, 13

LANMMPPThursday, March 14, 13

LANMMPPWhy?


Why LANMMPP

Proven


Stable

Why LANMMPP


Secure

Why LANMMPP


Why LANMMPP

Free


Free*

Why LANMMPP


Inexpensive

Why LANMMPP


Easily Available

Why LANMMPP


Hosting Options


Hosting OptionsShared Hosting

- Inexpensive- Widely available- Easy to use- No maintenance- No updates- Instant provisioning- DNS/Email services

- Shared resources- No/Limited Shell- Many restrictions- No control- Fixed versions - Multitude of CPs

+ -


Hosting OptionsDedicated Servers

- Full control- No sharing- Best performance- Software / Hardware to specs

- Hard to plan- Software updates- SysAdmin skills- Expensive to start- Parts replacements- Control Panel licenses

+ -


Hosting OptionsVirtual Servers / VPS

- Shared resources- Software updates- SysAdmin skills- Limited/No CP- Lack of email

-


Hosting OptionsVirtual Servers / VPS

- Inexpensive- Widely available- Choice of OS- Root access- Full shell- Fast provisioning- Custom software

- Custom configurations- Snapshots- Multiple Envs

+ +


Hosting OptionsCloud Hosting

Depends on implementation

+ -



Some are a shared hosting with a fancy new name



Some are a shared hosting with a fancy new nameOthers let you start small and scale easily



Some are a shared hosting with a fancy new nameOthers let you start small and scale easilyGets really expensive at scale



Most suffer from some of the shared hosting problems:- vendor lock-in- lack of control- high learning curve- limited environment


Hosting Options

Which one to choose?


Hosting OptionsWhich one to choose?

I T D E P E N D S


Linux Distributions


DistributionsRedHat based

- Fedora- RedHat Enterprise Linux (RHEL)- CentOS- Scientific Linux


DistributionsDebian based

- Debian- Ubuntu


DistributionsOthers

- Gentoo- Slackware- OpenSuse- Archlinux- any many many more!

http://distrowatch.com/http://en.wikipedia.org/wiki/Linux_distribution


http://distrowatch.com/

http://distrowatch.com/

http://en.wikipedia.org/wiki/Linux_distribution

http://en.wikipedia.org/wiki/Linux_distribution

DistributionsKey differences- Configuration files- Package Manager- Managing Services- Software versions- Updates


DistributionsKey differences

- Configuration files

CentOS

Ubuntu

/etc/sysconfig/network-scripts/ifcfg-eth0

/etc/network/interfaces



- Package Manager

CentOS

Ubuntu

yum install php-cli

apt-get install php5



- Package Manager

CentOS

Ubuntu

yum search php-cli

apt-cache search php



- Managing Services

CentOS

Ubuntu

service restart httpdchkconfig --list httpdchkconfig httpd on

service restart apache2sudo update-rc.d apache2 enable



- Software versions

CentOS

Ubuntu

httpd-2.2.3

apache-2.2.17



- Updates

CentOS 5.x

Ubuntu 11

PHP 5.1.6

PHP 5.3.5


DistributionsKey similarities

- Based on Linux Kernel

- Screwed up or ancient PHP- Lack of PHP extensions


DistributionsWhich one to choose?

I T D E P E N D S


DistributionsWhich one to choose?

- Best feeling- Previous experience- Workplace selection- Coworker / friend knowledge


Sysadmin skills for PHP Devs


First Experience


First Experience

- Run Linux natively- Mac OSX- Virtual Machine: - VirtualBox - Parallels - VMware- VPS


First Experience#!/bin/bash



Recommended Books:- Learning the bash Shell- bash Cookbook



Most Common Commands:

$ ls -l /path/$ cd /path$ pwd$ cat /etc/passwd$ less /etc/resolv.conf$ tail -f /var/log/*$ last$ lastb$ vi /etc/hosts



User`s config files:

~/.bash_history~/.bash_logout~/.bash_profile PATH=$PATH:$HOME/bin export PATH

~/.bashrc alias rm='rm -i' alias cp='cp -i' alias mv='mv -i'



Most common directories:

/etc /tmp/var/log/var/run/root/home/usr/local/opt


Installing Apache/PHP


Installing Apache/PHP# CentOS$ yum install httpd php-cli mod_php

# Ubuntu$ apt-get install apache2 libapache2-mod-php5

Mac OSX- MAMP- Native Apache + Liip PHP installation- Zend Server CE

Windows- WAMP- IIS + PHP


Installing PHPCentOS

Third Party Repositories- Remi RPMhttp://blog.famillecollet.com/- Webtatichttp://www.webtatic.com/- ServerGrove: PHP 5.3.x / 5.4.x (always latest)http://repos.servergrove.com


http://blog.famillecollet.com/

http://blog.famillecollet.com/

http://www.webtatic.com/

http://www.webtatic.com/

http://repos.servergrove.com


Installing PHPCentOS

Third Party Repositories

cd /etc/yum.repos.d/wget http://repos.servergrove.com/servergrove-centos-5/servergrove-centos-5.repoyum install php53 # or php54


http://repos.servergrove.com/servergrove-centos-5/servergrove-centos-5.repo




Installing PHPUbuntu


- Dotdeb:http://www.dotdeb.org/- ServerGrove: (always latest)http://repos.servergrove.com

PHP 5.3.x / 5.4.x


http://www.dotdeb.org/

http://www.dotdeb.org/



Installing PHPUbuntu


echo “deb http://repos.servergrove.com/servergrove-ubuntu-precise precise main” >> /etc/apt/sources.list.d/servergrove.listapt-get install php53 # or php54


http://repos.servergrove.com/servergrove-ubuntu-natty




Installing PHPFrom Source

wget http://us2.php.net/get/php-5.4.12.tar.bz2/from/www.php.net/mirrortar jxvf php-5.4.12.tar.bz2cd php-5.4.12./configure make && make install














Installing PHPRecompiling

php -i |grep configure./configure '--with-apxs2=/usr/sbin/apxs' '--prefix=/usr/local/php53' '--with-config-file-scan-dir=/etc/php53/conf.d' '--enable-bcmath' '--enable-ctype' '--enable-exif' '--enable-mbstring' '--enable-ftp' '--enable-intl' '--enable-sockets' '--enable-sysvmsg' '--enable-pcntl' '--with-bz2' '--with-curl' '--with-gettext' '--with-gd' '--enable-gd-native-ttf' '--enable-exif' '--with-freetype-dir=/usr' '--with-jpeg-dir=/usr' '--with-t1lib=/usr' '--with-mcrypt' '--with-openssl' '--with-kerberos' '--with-iconv' '--with-xsl' '--with-xmlrpc' '--with-zlib' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd'make && make install


























Installing PHPCompiling for Apache

./configure '--with-apxs2=/usr/sbin/apxs' make && make install






Installing PHPCompiling for Nginx / PHP-FPM

./configure '--enable-fpm' make && make install






Installing PHPCompiling extension

./configure --with-curl --enable-ftpmake && make install







(dynamic)

cd ext/curlphpize./configure make && make installecho “extension=curl.so” >> php.ini













http://pecl.php.net/





(PECL)pecl install apc# orpecl download apctar zxvf APC-3.1.13.tgzcd APC-3.13phpize./configure make && make installecho “extension=apc.so” >> php.ini




















Automate!

- Chef- Puppet- ...

Installing PHP


Installing PHPConfiguration

/etc/php/php.ini/etc/php5/cli/php.ini

/usr/local/lib/php.ini

Default location

Other common locations

/etc/php5/apache2/php.ini



php -i | grep php.iniConfiguration File (php.ini) Path => /usr/local/php5/libLoaded Configuration File => /usr/local/php5-20110426-093151/lib/php.iniScan this dir for additional .ini files => /usr/local/php5/php.dAdditional .ini files parsed => /usr/local/php5/php.d/10-extension_dir.ini,



php -i | grep mongo/usr/local/php5/php.d/50-extension-mongo.ini,mongomongo.allow_empty_keys => 0 => 0mongo.allow_persistent => 1 => 1mongo.auto_reconnect => 1 => 1mongo.chunk_size => 262144 => 262144mongo.cmd => $ => $mongo.default_host => localhost => localhostmongo.default_port => 27017 => 27017



[PHP Modules]apcbcmathbz2Corectypecurldatedomereg

php -m



php.iniextension_dir=/usr/lib/php/extensions/no-debug-non-zts-20090626

extension=apc.soextension=mongo.so



php.ini

php -i | grep extension_dirextension_dir => /usr/local/php5/lib/php/extensions/no-debug-non-zts-20090626



php.ini

date.timezone=UTCdisplay_errors = offlog_errors = onerror_log = /var/log/php.log



Securitymemory_limit = 128Mmax_execution_time = 30display_errors = offexpose_php = offmail.log = /var/log/phpmails.logdisable_functions = execallow_url_fopen = off



File uploads on .htaccessphp_value memory_limit 128Mphp_value max_file_uploads 20php_value max_input_time -1php_value post_max_size 8Mphp_value upload_max_filesize 2Mphp_value max_execution_time 0

AllowOverride=All in Apache!Thursday, March 14, 13


Include .htaccess

<Directory /path/to/document/root> Include /path/to/.htaccess</Directory>

AllowOverride=None in Apache!Thursday, March 14, 13


Apache

php_value date.timezone UTCphp_flag display_errors 1php_value memory_limit 128Mphp_value max_execution_time 0

Don’t forget to restart ApacheThursday, March 14, 13

Installing PHPWeb Server User

- apache- nobody- www-data- ftp / ssh user (sometimes)

Possible users

Permissions issues with clear cache and uploads, Anyone?


Installing PHPWeb Server User

Fix:

Permissions issues with clear cache and uploads, Anyone?

rm -rf app/cache/*rm -rf app/logs/*

sudo chmod +a "www-data allow delete,write,append,file_inherit,directory_inherit" app/cache app/logssudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs

http://symfony.com/doc/current/book/installation.html




Deploying PHP


Deploying PHPBefore going live

Make sure ntpd is installed and running to ensure accurate server time

yum install ntpchkconfig ntpd onntpdate pool.ntp.org



- Disable PHP in specific directories

<Location /uploads> php_admin_flag engine off</Location>



- Limit access by IP

<Location /admin> Order Deny,Allow Deny from all Allow from 1.2.3.4</Location>



- Add HTTP Authentication

<Location /admin> Require valid-user AuthType Basic AuthName "SG" AuthUserFile /path/users</Location>



- Quiet down Apache

ServerTokens Prod



RewriteEngine On

RewriteRule ^\.htaccess$ - [F]

RewriteCond %{REQUEST_FILENAME} -fRewriteRule ^.*$ - [NC,L]

RewriteCond %{REQUEST_URI} !^/web/.*$RewriteRule ^(.*)$ /web/$1

Move document root with .htaccess



- Case senstive filesystem

IPCheck_Form_Index_Login != IpCheck_Form_Index_Login

/path/to/file/IpCheck_Form_Index_Login.php<?php class IPCheck_Form_Index_Login {...


Deploying PHP- server-side vi- plain old FTP- SFTP- scp- rsync + ssh- git- tar / gzip- rpm / deb packages- capistrano / capifony


Deploying PHPEffing Package Management

https://github.com/jordansissel/fpm

Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.

fpm -s dir -t rpm -n "sfapp" -v 1.0 /var/www/sfapp

fpm -s dir -t deb -a all -n sfapp -v 1.0 /etc/apache2/conf.d/my.conf /var/www/sfapp




Deploying PHPCapistrano / Capifony

- multiple servers- multiple environments- setup shared folders (vendors, cache, logs, etc)- copy files- update vendors- multi versions- rollback- restart apache


Deploying PHPSetting up SSH

$ ssh-keygen -t dsa ~/.ssh/id_dsa.pub

$ ssh-copy-id user@remote-host ~/.ssh/authorized_keys ~/.ssh/authorized_keys2

$ ssh-add



~/.ssh/config

Host * ForwardAgent yes Port 22123

Host gh HostName github.com Port 22 PreferredAuthentications publickey IdentityFile ~/.ssh/me_rsa



/etc/ssh/sshd_config

Port 22 Port 22123 PermitRootLogin no PasswordAuthentication no


Deploying PHP Automate!

https://github.com/pgodel/m-sunshinephp/blob/master/web/deploy.php

<?php

exec('/usr/bin/env -‐i HOME=/var/www/vhosts/m.sunshinephp.com/m-‐sunshine git pull origin master');

http://m.sunshinephp.com/deploy.php






DNS Tips


DNS Tips The Power of the hosts file


/etc/hosts

10.0.1.1 www.lottery.com



http://www.lottery.com

http://www.lottery.com

/etc/hosts

10.0.1.1 example1.com example2.com



DNS TipsVirtual Document Root

UseCanonicalName Off

VirtualDocumentRoot /var/www/vhosts/%0/web

<Location /var/www/vhosts> AllowOverride All Options +FollowSymLinks</Location>

example.com => /var/www/vhosts/example.com/webexample2.com => /var/www/vhosts/example2.com/web


DNS TipsNameservers/Expiration

whois servergrove.com...Name Servers: ns1.servergrove.com ns2.servergrove.com ns3.servergrove.com

Creation date: 19 May 2005 23:34:36Expiration date: 19 May 2014 23:34:00


DNS TipsDNS records

dig -t A google.com;; ANSWER SECTION:google.com. 184 IN A 74.125.230.227google.com. 184 IN A 74.125.230.228google.com. 184 IN A 74.125.230.229google.com. 184 IN A 74.125.230.230google.com. 184 IN A 74.125.230.231google.com. 184 IN A 74.125.230.232google.com. 184 IN A 74.125.230.233google.com. 184 IN A 74.125.230.238google.com. 184 IN A 74.125.230.224google.com. 184 IN A 74.125.230.225google.com. 184 IN A 74.125.230.226


DNS TipsDNS records

dig -t A servergrove.eu @ns1.servergrove.com;; ANSWER SECTION:servergrove.eu. 3600 IN A 149.5.47.100


DNS Tips DNS Delegationhttp://www.simpledns.com/lookup-dg.aspx


http://www.simpledns.com/lookup-dg.aspx

http://www.simpledns.com/lookup-dg.aspx

DNS Tipstraceroute

traceroute google.com

traceroute to google.com (173.194.37.33), 30 hops max, 40 byte packets 1 2.69-195-222.static.servergrove.com (69.195.222.2) 0.360 ms 0.365 ms 0.432 ms 2 t0-1-0-5.br2.mia.terremark.net (66.165.161.45) 1.558 ms 1.546 ms 1.532 ms 3 core1-1-0-0.mia.net.google.com (198.32.124.133) 0.238 ms 0.224 ms 0.230 ms 4 209.85.253.74 (209.85.253.74) 0.266 ms 0.283 ms 0.312 ms 5 209.85.254.252 (209.85.254.252) 12.764 ms 12.757 ms 12.749 ms 6 64.233.175.92 (64.233.175.92) 14.177 ms 14.257 ms 14.359 ms 7 atl14s07-in-f1.1e100.net (173.194.37.33) 13.653 ms 13.606 ms 13.618 ms


DNS Tipshttp://whereisitup.com


http://whereisitup.com


DNS Tipsmtr


Monitoring


Monitoring

<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from .your_domain.com</Location>

ExtendedStatus On

Apache Requests


MonitoringApache Requests


Monitoring

- Cacti- Ganglia- Zabbix- collectd- statsd / StatsDBundle- graphite










Monitoringstatsd / StatsDBundle / Graphite


MonitoringCPU / Memory / IO

top


MonitoringIO

iotop


MonitoringNetwork

iptraf


MonitoringHandling logs

- Centralize logs with syslog

error_log = syslog

- Monolog supports syslog- logstash, logster, loggly, logio


MonitoringHandling logs

$ grep POST /var/log/apache2/access_log


Speeding up


Speeding up

- nginx/php-fpm- APC- ZendOptimizer+- Memcache- nginx reverse proxy cache- Varnish


Backups


Backups

- rsync- rdiff-backup- Unison- Bacula- Amanda


Backups

Don’t forget to backup your DB!

http://blog.servergrove.com/2012/01/24/backup-your-mysql-database-using-mysqldump/






Reading List

- Automating UNIX and Linux Administration- Running Linux - Learning the bash Shell: Unix Shell Programming


The End Questions?

Sysadmin skills for PHP developersThursday, March 14, 13

http://joind.in/8376 Thank you!

Sysadmin skills for PHP developers

Pablo Godel @pgodel Thursday, March 14, 13



soflophp 2013 - sysadmin skills for php developers

Technology

distributions

symfony developer

installing

installing

make installthursday

hosting options

shared hosting

clear cache