39c90a4e98932e5fba59e6e2e7268a3d2a444cc7
wiki/info/landscape/amazon-ec2.md
| ... | ... | @@ -187,10 +187,17 @@ A failover instance is kept ready to switch to in case the primary production ar |
| 187 | 187 | ### Important Amazon Machine Images (AMIs) |
| 188 | 188 | |
| 189 | 189 | In our default region ``eu-west-1`` there are four Amazon Machine Image (AMI) types that are relevant for the operation of the landscape. They all have a base name to which, separated by a space character, a version number consisting of a major and minor version, separated by a dot, is appended. Each of these AMIs has a tag ``image-type`` whose value reflects the type of the image. |
| 190 | -- SAP Sailing Analytics, ``image-type`` is ``sailing-analytics-server`` |
|
| 191 | -- MongoDB Live Replica Set NVMe, ``image-type`` is ``mongodb-server`` |
|
| 192 | -- Hudson Ubuntu Slave, ``image-type`` is ``hudson-slave`` |
|
| 193 | -- Webserver, ``image-type`` is ``webserver`` |
|
| 190 | +- SAP Sailing Analytics, ``image-type`` is ``sailing-analytics-server``, see [here](/wiki/info/landscape/creating-ec2-image-from-scratch) |
|
| 191 | +- MongoDB Live Replica Set NVMe, ``image-type`` is ``mongodb-server``, see [here](/wiki/info/landscape/creating-ec2-mongodb-image-from-scratch) |
|
| 192 | +- Hudson Debian/Ubuntu Slave, ``image-type`` is ``hudson-slave`` |
|
| 193 | +- Webserver, ``image-type`` is ``webserver``, see [here](/wiki/info/landscape/creating-ec2-image-for-webserver-from-scratch) |
|
| 194 | + |
|
| 195 | +There are furthermore instance types that we can configure automatically, based on a clean Amazon Linux 2 instance launched from the respective default Amazon image: |
|
| 196 | +- Hudson / dev.sapsailing.com server, see [here](/wiki/info/landscape/creating-ec2-image-for-hudson-from-scratch) |
|
| 197 | +- MySQL / MariaDB database server holding the data for our ``bugzilla.sapsailing.com`` bug/issue tracker, see [here](/wiki/info/landscape/creating-ec2-image-for-mysql-from-scratch) |
|
| 198 | +- RabbitMQ default instance used by all default sailing servers for replication, see [here](/wiki/info/landscape/creating-ec2-image-for-rabbitmq-from-scratch) |
|
| 199 | + |
|
| 200 | +We try to maintain setup scripts that help us with setting up those instance types from scratch. See the respective Wiki pages referenced from the lists above for more details. |
|
| 194 | 201 | |
| 195 | 202 | The SAP Sailing Analytics image is used to launch new instances, shared or dedicated, that host one or more Sailing Analytics application processes. The image contains an installation of the SAP JVM 8 under /opt/sapjvm_8, an Apache httpd service that is not currently used by default for reverse proxying / rewriting / logging activities, an initially empty directory ``/home/sailing/servers`` used to host default application process configurations, and an initialization script under ``/etc/init.d/sailing`` that handles the instance's initialization with a default application process from the EC2 instance's user data. Instructions for setting up such an image from scratch can be found [here](/wiki/info/landscape/creating-ec2-image-from-scratch). |
| 196 | 203 |
wiki/info/landscape/creating-ec2-image-for-mysql-from-scratch.md
| ... | ... | @@ -1,5 +1,17 @@ |
| 1 | -TODO: link here from some higher-level MarkDown Wiki document |
|
| 1 | +# Setting up an Instance for the MySQL / MariaDB Bugzilla Database |
|
| 2 | 2 | |
| 3 | -TODO: this is all based on configuration/mysql_instance_setup and in particular the setup-mysql-server.sh script therein |
|
| 3 | +Our Bugzilla system at [bugzilla.sapsailing.com](https://bugzilla.sapsailing.com) uses a relational database to store all the bugs and issues. This used to be a MySQL database and has been migrated to MariaDB at the beginning of 2024. |
|
| 4 | 4 | |
| 5 | -TODO: talk about the DNS record for mysql.internal.sapsailing.com which is used by Bugzilla running on the central reverse proxy |
|
| ... | ... | \ No newline at end of file |
| 0 | +We don't provide a dedicated AMI for this because we don't need to scale this out or replicate this by any means. Instead, we provide a script to set this up, starting from a clean Amazon Linux 2 instance. |
|
| 1 | + |
|
| 2 | +Launch a new instance, based on the latest Amazon Linux 2 AMI maintained by AWS, and configure the root volume size to be, e.g., 16GB. As of this writing, the total size consumed by the database contents on disk is less than 1GB. Tag the volume with a tag key ``WeeklySailingInfrastructureBackup`` and value ``Yes`` to include it in the weekly backup schedule. |
|
| 3 | + |
|
| 4 | +When the instance has finished booting up, run the following script, passing the external IP address of the instance as mandatory argument: |
|
| 5 | +``` |
|
| 6 | + configuration/mysql_instance_setup/setup-mysql-server.sh a.b.c.d |
|
| 7 | +``` |
|
| 8 | +where ``a.b.c.d`` stands for the external IP address you have to specify. Before the IP address you may optionally specify the passwords for the ``root`` and the ``bugs`` user of the existing database to be cloned to the new instance. Provide the ``root`` password with the ``-r`` option, the ``bugs`` password with the ``-b`` option. Passwords not provided this way will be prompted for. |
|
| 9 | + |
|
| 10 | +The script will then transfer itself to the instance and execute itself there, forwarding the passwords required. On the instance, it will then establish the periodic management of the login user's ``authorized_keys`` file for all landscape managers' keys, install the packages required (in particular mariadb105-server and cronie), then run a backup on the existing ``mysql.internal.sapsailing.com`` database using the ``root`` user and its password. The ``mysqldump`` client for this is run on ``sapsailing.com``, and the result is stored in the ``/tmp`` folder on the new instance where it is then imported. The import is a bit tricky in case this is a migration from MySQL to MariaDB where the users table has become a view. Therefore, a few additional ``DROP TABLE`` and ``DROP VIEW`` commands are issued before importing the data. When the import is complete, user privileges are flushed so they match with what has been imported. The DB is then re-started in "safe" mode so that the user passwords can be adjusted, in case this was a migration from MySQL to MariaDB. Finally, the DB is restarted properly with the new user passwords. |
|
| 11 | + |
|
| 12 | +The instance then is generally available for testing. Run a few ``mysql`` commands, check out the ``bugs`` database and its contents, especially those of the ``bugs.bugs`` table. If this all looks good, switch the DNS record for ``mysql.internal.sapsailing.com`` to the private IP of the new instance. This will be used by the Bugzilla installation running on our central reverse proxy. When this is done you can consider stopping and ultimately terminating the old DB server. |
wiki/info/landscape/creating-ec2-image-for-rabbitmq-from-scratch.md
| ... | ... | @@ -1,5 +1,17 @@ |
| 1 | -TODO: link here from some higher-level MarkDown Wiki document |
|
| 1 | +# Setting up a RabbitMQ Server Instance |
|
| 2 | 2 | |
| 3 | -TODO: this is all based on configuration/rabbitmq_instance_setup and in particular the setup-rabbitmq-server.sh script therein |
|
| 3 | +RabbitMQ is hard to install on latest versions of Amazon Linux (e.g., 2, or 2023). Therefore, we use a latest Debian 12 default image to start with. |
|
| 4 | 4 | |
| 5 | -TODO: don't forget to talk about the DNS entries and the elastic IP (is the elastic IP for the external RabbitMQ server's address really required?) as well as the tagging |
|
| ... | ... | \ No newline at end of file |
| 0 | +Configure the root volume to be at least 8GB. The empty installation takes about 1.6GB, so you will have enough room for messages queued persistently. |
|
| 1 | + |
|
| 2 | +When the instance has finished booting and SSH access is possible, invoke the following script, providing the instance's external IP address as only parameter: |
|
| 3 | +``` |
|
| 4 | + configuration/rabbitmq_instance_setup/setup-rabbitmq-server.sh a.b.c.d`` |
|
| 5 | +``` |
|
| 6 | +where ``a.b.c.d`` is the external IP address of your fresh instance. |
|
| 7 | + |
|
| 8 | +The script will ensure the login user's ``authorized_keys`` are updated periodically to contain those of the landscape managers, then will install the necessary packages, particularly ``rabbitmq-server`` and, to get real log files under ``/var/log``, the ``syslog-ng`` package. It then enables the ``rabbitmq_management`` plugin, so access to the management UI becomes possible through port ``15672``. The configuration file under ``/etc/rabbitmq/rabbitmq.conf`` is patched such that guest logins are possible also from non-localhost addresses, by adding the ``loopback_users = none`` directive to the config file. It finally (re-)starts the RabbitMQ server to let these config changes take effect. |
|
| 9 | + |
|
| 10 | +Your RabbitMQ server then should be ready to handle requests. Test this by invoking the management UI, e.g., through an ssh port forward to port ``15672``. When this seems good, pick a smart time to change the DNS record for ``rabbit.internal.sapsailing.com`` because there will be a short time of interruptions on all application processes currently connected to the old RabbitMQ which you then have to stop. Those client applications will temporarily lose connection, but our replication component will re-establish these connections, using the DNS name which gets resolved again based on the DNS entry's TTL. Also, let ``rabbit.sapsailing.com`` point to the public IP of the instance. |
|
| 11 | + |
|
| 12 | +Add a tag with key ``RabbitMQEndpoint`` and value ``5672``, specifying the port on which the RabbitMQ server listens. This tag can be used by our landscape automation procedures to discover the RabbitMQ default instance in the region. |
|
| ... | ... | \ No newline at end of file |