86ae7170e61fb92155431c0470fe01e1ac290e93
configuration/on-site-scripts/sap-p1-1/hosts
| ... | ... | @@ -0,0 +1,26 @@ |
| 1 | +127.0.0.1 localhost |
|
| 2 | +#127.0.0.1 security-service.sapsailing.com |
|
| 3 | +#127.0.1.1 sap-p1-1 sap-p1-1.sapsailing.com |
|
| 4 | +# The following is currently an SAP Guest WiFi address and will need to be changed manually for now: |
|
| 5 | +#10.1.3.197 sap-p1-2 sap-p1-2.sapsailing.com |
|
| 6 | +#10.1.3.197 sap-p1-2 sap-p1-2.sapsailing.com |
|
| 7 | +#127.0.0.1 osg2020.sapsailing.com |
|
| 8 | +#127.0.0.1 tokyo2020-master.sapsailing.com |
|
| 9 | +#127.0.0.1 www.sapsailing.com |
|
| 10 | +# Jump host in Tokyo (ap-northeast-1) with elastic IP |
|
| 11 | +#52.194.91.94 tokyo-ssh.sapsailing.com |
|
| 12 | +# Igtimi primary web server |
|
| 13 | +#114.23.98.68 www.igtimi.com |
|
| 14 | +# AWS SMTP server |
|
| 15 | +#34.250.124.29 email-smtp.eu-west-1.amazonaws.com |
|
| 16 | +# TracTrac on-site servers |
|
| 17 | +#10.1.1.104 stso1 |
|
| 18 | +#10.1.1.105 stso2 |
|
| 19 | + |
|
| 20 | +# The following lines are desirable for IPv6 capable hosts |
|
| 21 | +::1 ip6-localhost ip6-loopback |
|
| 22 | +fe00::0 ip6-localnet |
|
| 23 | +ff00::0 ip6-mcastprefix |
|
| 24 | +ff02::1 ip6-allnodes |
|
| 25 | +ff02::2 ip6-allrouters |
|
| 26 | + |
configuration/on-site-scripts/sap-p1-1/master.conf
| ... | ... | @@ -0,0 +1,16 @@ |
| 1 | +INSTALL_FROM_RELEASE=build-202107291820 |
|
| 2 | +INSTALL_FROM_SCP_USER_AT_HOST_AND_PORT=sailing@localhost |
|
| 3 | +SERVER_NAME=tokyo2020 |
|
| 4 | +MONGODB_URI="mongodb://localhost:10201,localhost:10202,localhost:10203/${SERVER_NAME}?replicaSet=tokyo2020&retryWrites=true&readPreference=nearest" |
|
| 5 | +# RabbitMQ in eu-west-1 (rabbit.internal.sapsailing.com) is expected to be found through SSH tunnel on localhost:5675 |
|
| 6 | +# Replication of shared services from central security-service.sapsailing.com through SSH tunnel 443:security-service.sapsailing.com:443 |
|
| 7 | +# with a local /etc/hosts entry mapping security-service.sapsailing.com to 127.0.0.1 |
|
| 8 | +REPLICATE_MASTER_QUEUE_HOST=localhost |
|
| 9 | +REPLICATE_MASTER_QUEUE_PORT=5675 |
|
| 10 | +REPLICATE_MASTER_BEARER_TOKEN="..." |
|
| 11 | +# Outbound replication to RabbitMQ through SSH tunnel with port forward on port 5673, regularly to rabbit-ap-northeast-1.sapsailing.com |
|
| 12 | +# Can be re-mapped to the RabbitMQ running on sap-p1-2 |
|
| 13 | +REPLICATION_HOST=localhost |
|
| 14 | +REPLICATION_PORT=5673 |
|
| 15 | +USE_ENVIRONMENT=live-master-server |
|
| 16 | +ADDITIONAL_JAVA_ARGS="${ADDITIONAL_JAVA_ARGS} -Dcom.sap.sse.debranding=true -Dpolardata.source.url=https://www.sapsailing.com:22443 -Dwindestimation.source.url=https://www.sapsailing.com:22443" |
configuration/on-site-scripts/sap-p1-1/security_service.conf
| ... | ... | @@ -0,0 +1,19 @@ |
| 1 | +# This is a configuration for an "emergency" local copy of the security-service.sapsailing.com server. |
|
| 2 | +# It assumes that a regular back-up of the eu-west-1 "security_service" DB from the "live" replica set |
|
| 3 | +# has been copied to the local tokyo2020 replica set. Outbound replication is to the RabbitMQ on sap-p1-2. |
|
| 4 | +INSTALL_FROM_RELEASE=build-202107291820 |
|
| 5 | +INSTALL_FROM_SCP_USER_AT_HOST_AND_PORT=sailing@localhost |
|
| 6 | +SERVER_NAME=security_service |
|
| 7 | +SERVER_PORT=8889 |
|
| 8 | +EXPEDITION_PORT=2011 |
|
| 9 | +TELNET_PORT=14889 |
|
| 10 | +MONGODB_URI="mongodb://localhost/${SERVER_NAME}?replicaSet=security_service&retryWrites=true&readPreference=nearest" |
|
| 11 | +# RabbitMQ in eu-west-1 (rabbit.internal.sapsailing.com) is expected to be found through SSH tunnel on localhost:5675 |
|
| 12 | +# Replication of shared services from central security-service.sapsailing.com through SSH tunnel 443:security-service.sapsailing.com:443 |
|
| 13 | +# with a local /etc/hosts entry mapping security-service.sapsailing.com to 127.0.0.1 |
|
| 14 | +REPLICATION_HOST=sap-p1-1 |
|
| 15 | +REPLICATION_PORT=5672 |
|
| 16 | +# To enable the use of the shared SecurityService and SharedSailingData from security-service.sapsailing.com: |
|
| 17 | +ADDITIONAL_JAVA_ARGS="$ADDITIONAL_JAVA_ARGS -Dsecurity.sharedAcrossSubdomainsOf=sapsailing.com -Dsecurity.baseUrlForCrossDomainStorage=https://security-service.sapsailing.com -Dgwt.acceptableCrossDomainStorageRequestOriginRegexp=https?://(.*\.)?sapsailing\.com(:[0-9]*)?$" |
|
| 18 | +ADDITIONAL_JAVA_ARGS="${ADDITIONAL_JAVA_ARGS} -Dcom.sap.sse.debranding=true" |
|
| 19 | +MEMORY="4g" |
configuration/on-site-scripts/sap-p1-2/hosts
| ... | ... | @@ -0,0 +1,17 @@ |
| 1 | +127.0.0.1 localhost |
|
| 2 | +127.0.0.1 security-service.sapsailing.com |
|
| 3 | +127.0.1.1 sap-p1-2 sap-p1-2.sapsailing.com |
|
| 4 | +10.1.3.195 sap-p1-1 sap-p1-1.sapsailing.com |
|
| 5 | +#10.94.81.137 sap-p1-1 sap-p1-1.sapsailing.com |
|
| 6 | +127.0.0.1 tokyo2020-master.sapsailing.com |
|
| 7 | +127.0.0.1 www.sapsailing.com |
|
| 8 | +# TracTrac on-site servers |
|
| 9 | +10.1.1.104 stso1 |
|
| 10 | +10.1.1.105 stso2 |
|
| 11 | + |
|
| 12 | +# The following lines are desirable for IPv6 capable hosts |
|
| 13 | +::1 ip6-localhost ip6-loopback |
|
| 14 | +fe00::0 ip6-localnet |
|
| 15 | +ff00::0 ip6-mcastprefix |
|
| 16 | +ff02::1 ip6-allnodes |
|
| 17 | +ff02::2 ip6-allrouters |
configuration/on-site-scripts/sap-p1-2/master.conf
| ... | ... | @@ -0,0 +1,17 @@ |
| 1 | +INSTALL_FROM_RELEASE=build-202107291820 |
|
| 2 | +INSTALL_FROM_SCP_USER_AT_HOST_AND_PORT="sailing@sap-p1-1" |
|
| 3 | +#INSTALL_FROM_SCP_USER_AT_HOST_AND_PORT="sailing@localhost" |
|
| 4 | +SERVER_NAME=tokyo2020 |
|
| 5 | +MONGODB_URI="mongodb://localhost:10202,localhost:10203/${SERVER_NAME}?replicaSet=tokyo2020&retryWrites=true&readPreference=nearest" |
|
| 6 | +# RabbitMQ in eu-west-1 (rabbit.internal.sapsailing.com) is expected to be found through SSH tunnel on localhost:5675 |
|
| 7 | +# Replication of shared services from central security-service.sapsailing.com through SSH tunnel 443:security-service.sapsailing.com:443 |
|
| 8 | +# with a local /etc/hosts entry mapping security-service.sapsailing.com to 127.0.0.1 |
|
| 9 | +REPLICATE_MASTER_QUEUE_HOST=localhost |
|
| 10 | +REPLICATE_MASTER_QUEUE_PORT=5675 |
|
| 11 | +REPLICATE_MASTER_BEARER_TOKEN="..." |
|
| 12 | +# Outbound replication to RabbitMQ through SSH tunnel with port forward on port 5673, regularly to rabbit-ap-northeast-1.sapsailing.com |
|
| 13 | +# Can be re-mapped to the RabbitMQ running on sap-p1-2 |
|
| 14 | +REPLICATION_HOST=localhost |
|
| 15 | +REPLICATION_PORT=5673 |
|
| 16 | +USE_ENVIRONMENT=live-master-server |
|
| 17 | +ADDITIONAL_JAVA_ARGS="${ADDITIONAL_JAVA_ARGS} -Dcom.sap.sse.debranding=true -Dpolardata.source.url=https://www.sapsailing.com:22443 -Dwindestimation.source.url=https://www.sapsailing.com:22443" |
configuration/on-site-scripts/sap-p1-2/replica.conf
| ... | ... | @@ -0,0 +1,19 @@ |
| 1 | +# Regular operations; sap-p1-2 replicates sap-p1-1 using the rabbit-ap-northeast-1.sapsailing.com RabbitMQ in the cloud through SSH tunnel. |
|
| 2 | +# Outbound replication, though not expected to become active, goes to a local RabbitMQ |
|
| 3 | +INSTALL_FROM_RELEASE=build-202107291820 |
|
| 4 | +INSTALL_FROM_SCP_USER_AT_HOST_AND_PORT="sailing@sap-p1-1" |
|
| 5 | +#INSTALL_FROM_SCP_USER_AT_HOST_AND_PORT="sailing@localhost" |
|
| 6 | +SERVER_NAME=tokyo2020 |
|
| 7 | +MONGODB_URI="mongodb://localhost:10201,localhost:10202,localhost:10203/${SERVER_NAME}-replica?replicaSet=tokyo2020&retryWrites=true&readPreference=nearest" |
|
| 8 | +# RabbitMQ in ap-northeast-1 is expected to be found locally on port 5673 |
|
| 9 | +REPLICATE_MASTER_SERVLET_HOST=sap-p1-1 |
|
| 10 | +REPLICATE_MASTER_SERVLET_PORT=8888 |
|
| 11 | +REPLICATE_MASTER_QUEUE_HOST=localhost |
|
| 12 | +REPLICATE_MASTER_QUEUE_PORT=5673 |
|
| 13 | +REPLICATE_MASTER_BEARER_TOKEN="..." |
|
| 14 | +# Outbound replication to RabbitMQ running locally on sap-p1-2 |
|
| 15 | +REPLICATION_HOST=localhost |
|
| 16 | +REPLICATION_PORT=5672 |
|
| 17 | +REPLICATION_CHANNEL=${SERVER_NAME}-replica |
|
| 18 | +USE_ENVIRONMENT=live-replica-server |
|
| 19 | +ADDITIONAL_JAVA_ARGS="${ADDITIONAL_JAVA_ARGS} -Dcom.sap.sse.debranding=true" |
configuration/on-site-scripts/sap-p1-2/security_service.conf
| ... | ... | @@ -0,0 +1,19 @@ |
| 1 | +# This is a configuration for an "emergency" local copy of the security-service.sapsailing.com server. |
|
| 2 | +# It assumes that a regular back-up of the eu-west-1 "security_service" DB from the "live" replica set |
|
| 3 | +# has been copied to the local tokyo2020 replica set. Outbound replication is to the RabbitMQ on sap-p1-2. |
|
| 4 | +INSTALL_FROM_RELEASE=build-202107291820 |
|
| 5 | +INSTALL_FROM_SCP_USER_AT_HOST_AND_PORT=sailing@sap-p1-1 |
|
| 6 | +SERVER_NAME=security_service |
|
| 7 | +SERVER_PORT=8889 |
|
| 8 | +EXPEDITION_PORT=2011 |
|
| 9 | +TELNET_PORT=14889 |
|
| 10 | +MONGODB_URI="mongodb://localhost/${SERVER_NAME}?replicaSet=security_service&retryWrites=true&readPreference=nearest" |
|
| 11 | +# RabbitMQ in eu-west-1 (rabbit.internal.sapsailing.com) is expected to be found through SSH tunnel on localhost:5675 |
|
| 12 | +# Replication of shared services from central security-service.sapsailing.com through SSH tunnel 443:security-service.sapsailing.com:443 |
|
| 13 | +# with a local /etc/hosts entry mapping security-service.sapsailing.com to 127.0.0.1 |
|
| 14 | +REPLICATION_HOST=sap-p1-1 |
|
| 15 | +REPLICATION_PORT=5672 |
|
| 16 | +# To enable the use of the shared SecurityService and SharedSailingData from security-service.sapsailing.com: |
|
| 17 | +ADDITIONAL_JAVA_ARGS="$ADDITIONAL_JAVA_ARGS -Dsecurity.sharedAcrossSubdomainsOf=sapsailing.com -Dsecurity.baseUrlForCrossDomainStorage=https://security-service.sapsailing.com -Dgwt.acceptableCrossDomainStorageRequestOriginRegexp=https?://(.*\.)?sapsailing\.com(:[0-9]*)?$" |
|
| 18 | +ADDITIONAL_JAVA_ARGS="${ADDITIONAL_JAVA_ARGS} -Dcom.sap.sse.debranding=true" |
|
| 19 | +MEMORY="4g" |
wiki/info/landscape/olympic-plan-for-paris-marseille-2024.md
| ... | ... | @@ -26,6 +26,8 @@ Note: The shadow master must have at least one registered replica because otherw |
| 26 | 26 | |
| 27 | 27 | Furthermore, the shadow master must not send into the production RabbitMQ replication channel that is used by the production master instance while it is not in production itself, because it would duplicate the operations sent. Instead, the shadow master shall use a local RabbitMQ instance to which an SSH tunnel forwards. |
| 28 | 28 | |
| 29 | +We will install a cron job that regularly performs a "compareServers" between production and shadow master. Any deviation shall be notified using the e-mail notification mechanism in place for all other alerts and monitoring activities, too. |
|
| 30 | + |
|
| 29 | 31 | ## Cloud RabbitMQ |
| 30 | 32 | |
| 31 | 33 | Instead of ``rabbit-ap-northeast-1.sapsailing.com`` we will use ``rabbit-eu-west-3.sapsailing.com`` pointing to the internal IP address of the RabbitMQ installation in ``eu-west-3`` that is used as the default for the on-site master processes as well as for all cloud replicas. |
| ... | ... | @@ -64,7 +66,7 @@ The baseline is again the Tokyo 2020 set-up. Besides the jump host's re-naming f |
| 64 | 66 | The ports and their semantics: |
| 65 | 67 | |
| 66 | 68 | * 443: HTTPS port of security-service.sapsailing.com (or its local replacement through NGINX) |
| 67 | -* 5673: Outbound RabbitMQ to use by on-site master (or local replacement) |
|
| 69 | +* 5673: Outbound RabbitMQ to use by on-site master (regularly to RabbitMQ in eu-west-3, local replacement as fallback) |
|
| 68 | 70 | * 5675: Inbound RabbitMQ (rabbit.internal.sapsailing.com) for replication from security-service.sapsailing.com (or local replacement) |
| 69 | 71 | * 9443: NGINX HTTP port on sap-p1-1 (also reverse-forwarded from paris-ssh.sapsailing.com) |
| 70 | 72 | * 9444: NGINX HTTP port on sap-p1-2 (also reverse-forwarded from paris-ssh.sapsailing.com) |
| ... | ... | @@ -95,7 +97,6 @@ Here are the major changes: |
| 95 | 97 | |
| 96 | 98 | * ``sap-p1-2`` runs the ``paris2024`` shadow master from ``/home/sailing/servers/paris2024`` against local database ``paris2024:paris2024-shadow``, replicating from ``security-service.sapsailing.com`` through SSH tunnel from local port 443 pointing to ``security-service.sapsailing.com`` (which actually forwards to the ALB hosting the rules for ``security-service.sapsailing.com`` and RabbitMQ ``rabbit.internal.sapsailing.com`` tunneled through port 5675, with the RabbitMQ admin UI tunneled through port 15675; *outbound replication goes to local port 5673 which tunnels to* ``rabbit-eu-west-3.sapsailing.com`` *whose admin UI is reached through port 15673 which tunnels to* ``rabbit-eu-west-3.sapsailing.com:15672`` |
| 97 | 99 | |
| 98 | - |
|
| 99 | 100 | ### Internet Failure |
| 100 | 101 | |
| 101 | 102 | While cloud replicas and hence the ALBs and Global Accelerator will remain reachable with the latest data snapshot at the time the connection is lost, we will then lose the following capabilities: |
| ... | ... | @@ -117,7 +118,7 @@ This makes for the following set-up: |
| 117 | 118 | |
| 118 | 119 | ### Internet Failure Using Shadow Master |
| 119 | 120 | |
| 120 | -TODO |
|
| 121 | + |
|
| 121 | 122 | |
| 122 | 123 | ## Test Plan for Test Event Marseille July 2023 |
| 123 | 124 |