BOA

From Things and Stuff Wiki
Jump to navigation Jump to search


Basics

Barracuda Octopus Aegir

Old;

  • All libraries & tools required to install and run Nginx based Aegir system.
  • Latest release of MariaDB 5.5 or 10.0 database server with Chive manager.
  • Latest version of Nginx web server.
  • PHP-FPM 5.6, 5.5, 5.4, 5.3 - multi-install mode, configurable per Octopus.
  • PHP extensions: Zend OPcache, PHPRedis, UploadProgress, MailParse and ionCube.
  • Fast Redis Cache with DB auto-failover for all 6.x and 7.x platforms.
  • Fast Redis Lock support with DB auto-failover for all 6.x and 7.x platforms.
  • Fast proxy DNS server (pdnsd) with permanent caching.
  • Limited Shell, SFTP and FTPS separate accounts per Octopus instance.
  • Limited Shell, SFTP and FTPS accounts per Aegir Client with per site access.
  • Drush access on command line in all shell accounts.
  • Drush Make access on command line for main shell account only.
  • Support for New Relic monitoring with per Octopus instance license key.
  • Solr 4 cores can be added/updated/deleted via site level INI settings.
  • HTTPS access with self-signed certificate for all hosted sites.
  • Magic Speed Booster cache, working like a Boost + AuthCache, but per user.
  • Entry level XSS built-in protection on the Nginx level.
  • Firewall csf/lfd integrated with Nginx abuse guard.
  • PHP errors debugging, including WSOD, enabled on the fly on dev. aliases.
  • Boost, AdvAgg, Domain Access and Drupal for Facebook built-in support.
  • Built-in collection of useful modules available in all platforms.
  • Autonomous Maintenance & Auto-Healing scripts in /var/xdrago.
  • Every 10 seconds uptime/self-healing local monitoring.
  • Automated, rotated daily backups for all databases in /data/disk/arch/sql.

Optional:

  • Compass Tools.
  • SPDY Nginx support.
  • PFS (Perfect Forward Secrecy) support in Nginx.
  • HHVM support - see docs/HHVM.txt for details.
  • MultiCore Apache Solr 1.4.1 with Jetty 7 - see docs/SOLR.txt for details.
  • MultiCore Apache Solr 3.6.2 with Jetty 8 - see docs/SOLR.txt for details.
  • MultiCore Apache Solr 4.2.0 with Jetty 8 or Jetty 9 on Precise and Wheezy.
  • New Relic Apps Monitor with per Octopus license and per Site reporting.
  • Image Optimize toolkit binaries.
  • FFmpeg support.
  • Bind9 DNS server.
  • Webmin Control Panel.
  • SQL Buddy database manager.
  • Collectd server monitor.
  • LDAP Nginx support via third-party module (experimental).
  • MongoDB driver for PHP 5.3 (experimental).
  • GEOS extension for PHP 5.3 (experimental).

Documentation

Aegir master install goes in /var/aegir. Not as tuned and featured as the Octopus Aegir install. Best practice is to use Octopus for production.


.barracuda.conf xtra shortcodes [1]

PDS --- fast DNS cache server (pdnsd) (default)
BND --- Bind9 DNS Server
SLR --- MultiCore Apache Solr Tomcat
CHV --- Chive DB Manager (default)
BDD --- SQL Buddy DB Manager
CGP --- Collectd Graph Panel
WMN --- Webmin Control Panel
CSF --- csf/lfd Firewall (default)
FTP --- ??? (default)

If you want to whitelist any non-BOA users, add them to the "users" group:

usermod -aG users vagrant


Nginx configuration layout; /etc/nginx/nginx.conf

user www-data;
worker_processes  4;  
pid /var/run/nginx.pid;

events {
  multi_accept on; 
}

http {
  default_type application/octet-stream;
  gzip on; 
  gzip_disable "msie6";
  keepalive_timeout 65; 
  sendfile on; 
  tcp_nodelay on; 
  tcp_nopush on; 
  types_hash_max_size 8192;
  include /etc/nginx/mime.types;
  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}
  • /etc/nginx/conf.d/aegir.conf -symlink-> /var/aegir/config/nginx.conf - barracuda specific
    • /var/aegir/config/server_master/nginx/pre.d/*;
      • extra_ip.conf
      • extra_ip_ssl.conf
      • nginx_speed_purge.conf
      • nginx_wild_ssl.conf
    • /var/aegir/config/server_master/nginx/platform.d/*;
      • /data/disk/o1/config/o1.nginx.conf - octopus specific
        • /data/disk/o1/config/server_master/nginx/vhost.d/*; - o1 hosted Drupal sites
    • /var/aegir/config/server_master/nginx/vhost.d/*; - master and admin tool sites
      • chive.master.purple.thingsandstuff.org
      • master.purple.thingsandstuff.org
    • /var/aegir/config/server_master/nginx/post.d/*; - empty

Install and upgrade

# Download and run BOA Meta Installer.
wget -q -U iCab http://files.aegir.cc/BOA.sh.txt
bash BOA.sh.txt
Will honour settings in;
/root/.barracuda.cnf
/root/.o1.octopus.cnf
/root/.o2.octopus.cnf
# To upgrade system and Aegir Master Instance to Stable
barracuda up-stable

To upgrade system and Aegir Master Instance to HEAD
barracuda up-head

#To upgrade selected Aegir Satellite Instance to Stable
octopus up-stable o1

# To upgrade *all* Aegir Satellite Instances to Stable
octopus up-stable all

t

# To upgrade selected Aegir Satellite Instance to HEAD
octopus up-head o1

# To upgrade *all* Aegir Satellite Instances to HEAD
octopus up-head all

See also Security#csf.2Flfd

Maintenance

xdrago cron runs tool helper scripts

See also HINTS.txt

Do not use apt to upgrade. Upgrading got easier with BOA 2. See UPGRADE.txt for full details.

# Download and run BOA Meta Installer.
wget -q -U iCab http://files.aegir.cc/BOA.sh.txt
bash BOA.sh.txt

this is now old?!:

# To upgrade system and Aegir Master Instance to Stable
barracuda up-stable

# To upgrade system and Aegir Master Instance to HEAD
barracuda up-head
# To upgrade selected Aegir Satellite Instance to Stable
octopus up-stable o1

# To upgrade *all* Aegir Satellite Instances to Stable
octopus up-stable all
# To upgrade selected Aegir Satellite Instance to HEAD
octopus up-head o1

# To upgrade *all* Aegir Satellite Instances to HEAD
octopus up-head all

Certain configs can be heldback on upgrade. Upgrading CFS config can lose ports.

Caching

  • Redis is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.

New system uses only Redis cache and the same configuration for all Drupal 6 and Drupal 7 platforms. This new system doesn't require any extra module to be enabled in any site. Complete integration is already enabled by default for every platform/site installed by default and for every custom platform as before - the next day after first site on the custom platform has been created. You can disable this caching layer using the same modules/cache/NO.txt control file as before. While there is just one cache engine (Redis) used, there is also an automatic, instant failover to standard database caching, just in case Redis is not available for some reason. You can also disable Redis cache on the fly for debugging by adding ?noredis=1 to any URL.

Development

Alias a dev.* site domain to bypass JS compression and CSS aggregation.