Deployment - post Xserve

Similar documents
Deployment and Monitoring. Pascal Robert MacTI

CS197U: A Hands on Introduction to Unix

13.1 Backup virtual machines running on VMware ESXi / ESX Server

Week Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration

Verax Service Desk Installation Guide for UNIX and Windows

Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide

Parallels Plesk Automation

ServerPronto Cloud User Guide

INUVIKA OVD INSTALLING INUVIKA OVD ON RHEL 6

JAMF Software Server Installation Guide for Linux. Version 8.6

QuickStart Guide for Managing Computers. Version 9.2

Server Monitoring. AppDynamics Pro Documentation. Version Page 1

PARALLELS SERVER BARE METAL 5.0 README

Install Cacti Network Monitoring Tool on CentOS 6.4 / RHEL 6.4 / Scientific Linux 6.4

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.0

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

3.0 CDN 3.0 OnApp CDN Activation and Setup Guide Author: Version: Date:

Cloud UT. Pay-as-you-go computing explained

Building a Private Cloud Cloud Infrastructure Using Opensource

Options in Open Source Virtualization and Cloud Computing. Andrew Hadinyoto Republic Polytechnic

OnCommand Performance Manager 1.1

Installation & Upgrade Guide

BF2CC Daemon Linux Installation Guide

Lab Objectives & Turn In

Linux Security Ideas and Tips

This document will list the ManageEngine Applications Manager best practices

Windows Template Creation Guide. How to build your own Windows VM templates for deployment in Cloudturk.

Proposal for Virtual Private Server Provisioning

Prepared for: How to Become Cloud Backup Provider

OS Installation: CentOS 5.8

SEP Disaster Recovery and Backup Restore: Best

Plesk 11 Manual. Fasthosts Customer Support

Installing Booked scheduler on CentOS 6.5

Operating Systems Virtualization mechanisms

Virtualization in Linux

Cloud n Service Presentation. NTT Communications Corporation Cloud Services

Hadoop Lab - Setting a 3 node Cluster. Java -

Quick Note 052. Connecting to Digi Remote Manager SM Through Web Proxy

Parallels Panel. Deployment Guide. Plesk Automation Revision 1.0

User Guide for VMware Adapter for SAP LVM VERSION 1.2

CentOS. Apache. 1 de 8. Pricing Features Customers Help & Community. Sign Up Login Help & Community. Articles & Tutorials. Questions. Chat.

BOA BARRACUDA ON ÆGIR ~ MY FIRST YEAR ~ Mladen

How To Install Acronis Backup & Recovery 11.5 On A Linux Computer

Plexxi Control Installation Guide Release 2.1.0

Syncplicity On-Premise Storage Connector

Create a virtual machine at your assigned virtual server. Use the following specs

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

AT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM : How to Get Started. Version 2.0 January 2012

ISPS & WEBHOSTS SETUP REQUIREMENTS & SIGNUP FORM LOCAL CLOUD

Semantic based Web Application Firewall (SWAF - V 1.6)

Citrix XenServer 5.6 OpenSource Xen 2.6 on RHEL 5 OpenSource Xen 3.2 on Debian 5.0(Lenny)

IT6204 Systems & Network Administration. (Optional)

Amahi Instruction Manual

RingStor User Manual. Version 2.1 Last Update on September 17th, RingStor, Inc. 197 Route 18 South, Ste 3000 East Brunswick, NJ

Deploying IBM Lotus Domino on Red Hat Enterprise Linux 5. Version 1.0

Zenoss Core Installation and Upgrade

virtualization.info Review Center SWsoft Virtuozzo (for Windows) //

GestióIP IPAM v3.0 IP address management software Installation Guide v0.1

QuickStart Guide for Client Management. Version 8.7

Altor Virtual Network Security Analyzer v1.0 Installation Guide

Moving to Plesk Automation 11.5

Mark Bennett. Search and the Virtual Machine

In order to upload a VM you need to have a VM image in one of the following formats:

Taking Drupal development to the Cloud. Karel Bemelmans

Railo Installation on CentOS Linux 6 Best Practices

WHM Administrator s Guide

Server Installation/Upgrade Guide

PARALLELS SERVER 4 BARE METAL README

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Installation and Configuration Guide for Windows and Linux

Tips for getting started! with! Virtual Data Center!

Bitrix Site Manager. VMBitrix Virtual Machine. Quick Start And Usage Guide

CDN OnApp CDN Activation and Setup Guide Author: Version: Date:

About the VM-Series Firewall

VERSION 9.02 INSTALLATION GUIDE.

Rally Installation Guide

Table of Contents. Online backup Manager User s Guide

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

Installation and Configuration Guide for Windows and Linux

Postgres Enterprise Manager Installation Guide

Basic Installation of the Cisco Collection Manager

Signiant Agent installation

Oracle, the Oracle logo, Java, and MySQL are registered trademarks of the Oracle Corporation and/or its affiliates.

How to set up multiple web servers (VMs) on XenServer reusing host's static IP

Introduction to Operating Systems

SnapLogic Sidekick Guide

ISPS & WEBHOSTS SETUP REQUIREMENTS & SIGNUP FORM LOCAL CLOUD

Preparing for the Installation

Nixu SNS Security White Paper May 2007 Version 1.2

Aspen Cloud Server Management Console

Small Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent

Linux Virtualization. Kir Kolyshkin OpenVZ project manager

ODP REGIONAL NODE DEPLOYMENT QUICK GUIDE FOR TRAININGS

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

METAARCHIVE & CLOUD COMPUTING

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager

PMOD Installation on Linux Systems

PZVM1 Administration Guide. V1.1 February 2014 Alain Ganuchaud. Page 1/27

Transcription:

MONTREAL 1/3 JULY 2011 Deployment - post Xserve Pascal Robert Miguel Arroz David LeBer

The Menu Deployment options Deployment on CentOS Linux Deployment on Ubuntu Linux Deployment on BSD

Hardware/environment options

Choices Using your own hardware Leasing the hardware Virtual machines (VMWare ESXi/Xen) / VPS (Slicehost, Linode) Cloud hosting (Amazon EC2/Windows Azure/RackSpace)

Your own hardware Pros It can be cheaper, if you use the hardware to its full potential. You can resell it. You do whatever you want. Cons You have to manage everything yourself. Must get a good support contract in case of hardware problems Not cost effective if you don't need a lot of processing power.

Leasing the hardware Pros The provider will take care of hardware problems, with resonable SLA. You can buy software support, including backup solutions. No big upfront cost, can pay per month. Cons Still have to manage the operating system yourself. Less hardware and software support. Can cost more in the long run.

Virtual machines/vps Pros: You can isolate customers by using virtual machines. Can create your own virtual environment on your own or leased hardware (Xen, VMWare ESX, KVM, etc.), or get VMs (VPS) on a hosted partner (Slicehost, Linode, etc.) Easy to allocate more ressources to the VMs. Snapshots! Cons: Can get pricy, especially for Virtual Private Server. CPU is shared for all hosts on the physical server.

Cloud hosting (virtual machines on steroids) Pros: Tons of options. Example: load balancer, Can be cheap if you don't need CPU or bandwith all of time. Cons: Can get very pricy if you use a lot of resources (bandwith, CPU, memory)

Price comparaison One CPU, 2 GB of RAM, 64 GB disk space, 700 GB bandwith/ month Leased hardware (iweb.com): $99 (with 320 GB of storage) VPS (Linode.com): $79.95 Amazon EC2: $125.96 (1.7 GB of RAM)

Other things to check 32 bits vs 64 bits... memory "Commercial software" Adding volumes (LVM)

Memory If using a virtual machine, be it Amazon EC2, Xen or otherwise, check for memory usage of your app! Amazon Linux don't have a swap partition! On a 64 bits system, a single instance of an application can take up to 1.5 GB of memory! A "micro" instance of Amazon Linux (32 bits) with Apache, wotaskd and JavaMonitor will eat up 187 MB of RAM.

Memory Use the Xmx parameters to make sure your apps would not start using all "real" and "virtual" memory. Monitoring the heap space of your instances to see if you need more memory. For Amazon Linux: add a swap partition. Use a 32 bits system if you only need a VM with less than 1.5 GB of RAM.

RedHat/CentOS/Amazon vs Ubuntu/Debian RedHat Enterprise Linux is a "stable" release of work done in the Fedora project + support. CentOS is the "free as in beer" clone of RedHat. Amazon Linux is based on RedHat. Ubuntu is a deriative of Debian. Debian is another distribution that is there for a long time.

Which distro to use? If you need to install commercial software, go with RedHat or CentOS. CentOS is also more «stable» but packages can be very old (ex: PHP). Ubuntu is the cool kid, and packages are more current. Ubuntu Server LTS have support for 5 years. RedHat have support for 7 years. CentOS major releases take more time to get out than RedHat.

RedHat/CentOS Linux Primer

Installing software on RedHat/ CentOS Use the RPM package when possible. rpm --install software.rpm You can find other software on RPM Forge (http://rpmrepo.org/ RPMforge) On CentOS, you can also use «yum» to get software from the CentOS and other repositories. yum info sofware-name yum install software-name

Starting/stopping services Init scripts are in /etc/init.d To start a service: service servicename start To stop it: service servicename stop chkconfig servicename on To mark it to start at reboot:

Network configuration Network scripts are in /etc/sysconfig/network-scripts sh /etc/init.d/network restart If you do change, you have to restart the network script: DNS resolver configuration file is /etc/resolv.conf (put your nameservers IP in there). You can use the Network control panel too. command line: system-config-network-tui GUI (X11): system-config-network

GUI By default, RedHat/CentOS will start in GUI mode, which will use some RAM. To disable the GUI when starting up, edit /etc/ inittab to put it in level 3 instead of 5. Even if the GUI is not started, you can still start GUI apps remotely. ssh -X user@host

To create a user: User management useradd -d /path/to/user/home -g main_group -G other_groups username passwd username To modify a user, use «usermod», to delete one, use «userdel». To change a password of another user: passwd username (with no argument, it will change your own password) GUI tool: system-config-users

Unneeded packages Check that you are not running extra stuff that you don't need (sendmail, Samba, etc.) You can get a list of started services with: chkconfig --list grep "on" Check their description in the init.d script to see if you really need it.

Unneeded Apache modules You should also disable unneeded Apache modules. Get the list of modules with: httpd -M You can delete unneeded module installed by RedHat/CentOS with Yum: yum provides "mod_cgi.so" yum erase mod_perl Apache configuration files are in /etc/httpd/conf and /etc/httpd/ conf.d

Installing WO on RedHat/CentOS Linux

You can use OpenJDK 1.6 Installing a JVM yum install java-1.6.0-openjdk... but some other software (ex: Atlassian) doesn't work well with OpenJDK, so it's better to get the JVM from Oracle. Oracle JVM install itself into /usr/java alternatives --config To manage the JVMs, use «alternatives». alternatives --install /usr/bin/java java /usr/java/default/bin/java 2

Installing wotaskd and Monitor Make sure you have Apache on the system. If not, you can install it with: yum install httpd httpd-devel Amazon Linux: beware, Apache is not installed by default Follow the rest of the instructions from the wiki

Monitoring performance

top/free/vmstat top: shows which processes are taking the most memory or CPU. Nice summary of load. free: shows how much RAM and swap space is available. vmtstat: good way to monitor RAM and I/O. lsof: finding which resources are used by a process

JMX Use JMX to monitor CPU and heap space usage. Nagios is your friend (again).

Security

SSH Configuration file on the server is /etc/ssh/sshd_config Disable root login ("PermitRootLogin" directive) Disable SSH v1 ("Protocol 2") Allow only specific users AllowUsers user1 user2 user3 Run the server on a different port ("Port 2345") PasswordAuthentication no Disable password authentification and use public/private keys.

iptables Software firewall included in RedHat/CentOS for a long time. To list firewall rules: /sbin/iptables --list To save them in a text file: /sbin/iptables-save > somefile.txt To restore them from the text file: /sbin/iptables-restore < somefile.txt

iptables To block 1085 from the external network: /sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 1085 -j DROP /sbin/iptables -A INPUT -i eth0 -p udp -m udp --dport 1085 -j DROP

Protecting from brute force attacks SSH password brute force attacks are common... and IMAP/POP3 brute force attacks are more and more popular too If you can't disable SSH password authentification, use iptables to block IPs that are doing too much SSH requests for a given period

logwatch Useful tool to get a summary of common hack attempts Will generate a nightly summary of various system logs, including Apache error log It's also available for other platforms than Linux

SSH tunnels Don't allow access to JavaMonitor and your database servers from the outside world! Use SSH tunnels instead SSH tunnel will map a local port with a remote server Example, to access a remote PostgreSQL server and make it available on port 55432 on your system: ssh -fng -L 55432:127.0.0.1:5432 user@yourserver.com

SELinux Policies-based security system Can be a PITA to configure Apps are allowed to read/write only to specific paths Put SELinux in permissive mode first, check the warnings, fix them, put it on enforcing mode.

chroot Basic isolation Put a user into its own environnement User won't be able to navigate to other users or system directories, think FTP chroot Use "jailkit" to ease the pain a bit Is a PITA when doing OS updates (you have to update the libs and binaries of each user's chroot)

OpenVZ chroot on steroids Think of Solaris Zones and BSD jails Will run a copy of Linux userland for each "VZ", including its own root user Can only run Linux

Resources http://wiki.centos.org/howtos/network/securingssh http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf http://wiki.objectstyle.org/confluence/x/cye5 http://wiki.openvz.org/main_page http://olivier.sessink.nl/jailkit/ http://sourceforge.net/projects/logwatch/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information