Opened 8 years ago

Closed 7 years ago

#4937 closed task (implemented)

make a vm for the blog

Reported by: arma Owned by: phobos
Priority: Medium Milestone:
Component: Company Version:
Severity: Keywords:
Cc: mikeperry, weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Mike wants to migrate the blog from its current machine to a tpo machine. The plan is to have a normal tpo machine, and if we give Mike root then he'll set up drupal and transfer the content over.

Memory and disk requirements are flexible, depending on how much we want it to be able to handle spikes. A gig of ram should be safe. Disk requirements are small (beyond whatever the standard distro install takes up).

Child Tickets

TicketStatusOwnerSummaryComponent
#4940closedphobosmigrate from drupal to ikiwikiWebpages/Website

Change History (29)

comment:1 Changed 8 years ago by arma

(oh, and weasel, in this case mike says he's ready to start the migration as soon as there is a vm. so hopefully i am not screwing up the timing this time :)

comment:2 Changed 8 years ago by mikeperry

Also, note that the blog may be an attractive target for ddos attacks, exploit attempts, spambots, etc. So far, the worst we've seen are a few slashdottings, but it might not always be that way.

Therefore, we may want to place the blog vm on physical hardware that is not shared with too many other core services, so they don't end up impacted by an application-level ddos that is aimed at choking out disk bandwidth through mysql, for example.

comment:3 Changed 8 years ago by phobos

Cc: weasel added

put weasel on the ticket if you want him to see it in the next week or so.

comment:4 Changed 8 years ago by phobos

Status: newaccepted

Weasel and I discussed this ticket today. Here's the plan:

  1. Mike gets a role account and access to the new VM to do the drupal migration.
  2. Jeremy fixes up his ikiwiki work, and we migrate from drupal to ikiwiki.
  3. The migration of ikiwiki moves the blog to the current set of three webservers. The dedicated vm goes away.
  4. ikiwiki is used as a static site generator. comments and such move to a forum.
  5. weasel and phobos are happy to not have to take care of another new technology.

comment:5 Changed 8 years ago by phobos

mike has access to the role account on motor. he can do step 1 any time.

comment:6 Changed 8 years ago by mikeperry

I am logged in to motor, but don't seem to have full sudo access? db.torproject.org seems to tell me that my sudo password is what I think it is, but I can't sudo. Motor doesn't tell me I'm not in sudoers, at least, but it doesn't like my password either...

comment:7 Changed 8 years ago by mikeperry

Aha, apparently there was just ldap delay on the sudo password. Now it is telling me I am definitely not in sudoers for anything useful.

comment:8 Changed 8 years ago by weasel

sudo -l is the magic sudo call that tells you what you have access to.

comment:9 Changed 8 years ago by mikeperry

Ok, I definitely need more. I need to be able to install and configure mysql and php. I assume "apache2-vhost-update" will allow me to edit the httpd.conf such as to enable php?

Can I just get a sudo bash for setup purposes? It would make this all a lot quicker.

comment:10 Changed 8 years ago by weasel

apache2-vhost-update allows you to update the vhost config you find in /srv/blog.torproject.org/etc (or somewhere like that).

mod php is already installed. if you need changes to the ini file that can't be done with php_admin_value and friends, ping us with a patch to the php config.

I can install the mysql-server-5.1 package. would that do?

comment:11 Changed 8 years ago by mikeperry

Yes. But I will also need the mysql root user+pass, and will probably want need to tweak the my.cnf values too.

I would rather not have to remotely walk someone through mysql user creation and db imports. This whole process is going to be painful enough already for me.

comment:12 Changed 8 years ago by weasel

let andrew or me know when you need changes applied to my.cnf.

comment:13 Changed 8 years ago by mikeperry

apache2-vhost-update blog.torproject.org seemed to find my apache diffs in /srv/blog.torproject.org, seemed to commit them, and claimed to restart apache, but motor.torproject.org does not seem to be using the vhost I defined in /srv/blog.torproject.org/etc/apache2.conf.

Is something in the main apache config overriding it? I'm not allowed to edit /etc/apache2...

comment:14 Changed 8 years ago by phobos

it should be blog2.tpo

comment:15 Changed 8 years ago by mikeperry

Ok. Now there is some other error. I don't seem to have access to /var/log/apache2/, though.. Not sure what it is.

comment:16 Changed 8 years ago by mikeperry

Alright, found at lest one problem with some blind luck. We also need the php mysql module package. On my system, this is php52-mysql, but ymmv.

comment:17 Changed 8 years ago by phobos

installed.

comment:18 Changed 8 years ago by mikeperry

Need ssl module? Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

Otherwise all set, modulo testing. blog2.tp.o seems to load posts + everything fine.

comment:19 Changed 8 years ago by mikeperry

Ok, phobos installed the ssl module and also did a sudo a2enmod headers for hsts but I'm still getting broken links. I think we still need a sudo a2enmod rewrite for clean urls to worl.

comment:20 Changed 8 years ago by mikeperry

Alright. We're running. After the blog has been up for 48 hrs, mysql will have gathered statistics on how to optimize for it.

We can then extract them using https://launchpad.net/mysql-tuning-primer/ and add the recommendations to my.cnf.

comment:21 Changed 8 years ago by phobos

I'll look at it in a day or two. I'm not too worried yet, as the goal is to hit the db as little as possible. It seems memory and disk caching is working well to reduce the drupal load to minimal.

comment:22 Changed 8 years ago by mikeperry

I tried to give the script a run to see what it produces, but it needs bc (and possibly a few other things).

Can someone sudo apt-get install bc?

comment:23 Changed 8 years ago by phobos

The server is idle, see https://munin.torproject.org/torproject.org/motor.torproject.org.html. The goal is to minimize queries to mysql. So far, that seems to be working fine. I'll poke at the script in a bit.

comment:24 Changed 8 years ago by phobos

I ran that horrid script. Forced color output is a bad idea. It confirms the mysql server is idle. I tuned the temp table bit just for the sake of seeing if the script's recommendations are worth anything. However, the goal is to minimize usage of mysql.

comment:25 Changed 8 years ago by mikeperry

Heh, you're such a hater. The point of the script *is* to minimize mysql activity.

Unless you mean "Eliminate use of this software by Tor based on dogmatic opinions about databases in general and Oracle in particular." ;)

comment:26 Changed 8 years ago by phobos

By minimize I mean, 'be able to apt-get remove mysql' and have the blog not notice the db is gone for hours. ;)

Until you've had to deal with oracle first hand, mysql seems like a good choice.

comment:27 Changed 7 years ago by arma

This ticket looks all done? (there is a vm for the blog, and the blog is using it)

comment:28 Changed 7 years ago by phobos

Yes, it's done. There is a child ticket not done yet.

comment:29 Changed 7 years ago by phobos

Resolution: implemented
Status: acceptedclosed
Note: See TracTickets for help on using tickets.