Jeff Moe
6 years ago
parent
c13f257b6f
commit
612e9fdf9b
@ -0,0 +1,159 @@
|
||||
#ao-oca-dev2 How to set up a clone of an existing OCA 9 server.
|
||||
###############
|
||||
# First, set up database server
|
||||
# Install Debian Stretch
|
||||
# Install postgres 9.6 from Debian repo
|
||||
# Add fast disk for /var/lib/postgresql
|
||||
|
||||
apt-get install \
|
||||
postgresql-all
|
||||
|
||||
# XXX set up postgres config.
|
||||
# XXX is superuser. OCA 9 import needs it, so don't mix with other DB.
|
||||
sudo -u postgres createuser aooncedev2 -U postgres --createdb --superuser --pwprompt
|
||||
|
||||
# Create database:
|
||||
sudo -u postgres createdb --owner aooncedev2 aooncedev2
|
||||
|
||||
# Set up Postgres IP:
|
||||
auto ens18 ens19
|
||||
iface ens19 inet static
|
||||
address 10.53.1.81/24
|
||||
|
||||
# XXX edit /etc/postgresql/9.6/main/postgresql.conf and change to be
|
||||
# like this (note single quotes ')
|
||||
# ao-pg1
|
||||
listen_addresses = '127.0.0.1,10.53.1.81' # what IP address(es) to listen on;
|
||||
|
||||
# Set up access permissions file as root:
|
||||
cat > /etc/postgresql/9.6/main/pg_hba.conf <<EOF
|
||||
# IPv4 local connections
|
||||
host all all 127.0.0.1/32 md5
|
||||
# Database administrative login by Unix domain socket
|
||||
local all postgres peer
|
||||
# "local" is for Unix domain socket connections only
|
||||
local all all peer
|
||||
|
||||
# Allow ao-once-dev2 XXX use password hash
|
||||
host all all 10.53.1.196/32 trust
|
||||
EOF
|
||||
|
||||
# Set up firewall
|
||||
vim /etc/iptables.test.rules
|
||||
# add rule:
|
||||
# Allow ao-once-dev2 to Postgres
|
||||
-A INPUT -s 10.53.1.196/32 -d 10.53.1.81/32 -p tcp -m tcp --dport 5432 -j ACCEPT
|
||||
|
||||
/root/iptables-reload
|
||||
|
||||
|
||||
# Now Set up Actual OCA server.
|
||||
##############################################################################
|
||||
|
||||
# Set up Debian Stretch server.
|
||||
|
||||
# Add this to firewall:
|
||||
|
||||
#=============================================================================
|
||||
# On development servers, add this to firewall rules to block
|
||||
# sending/receiving of mails.
|
||||
# Block outgoing traffic to email ports...
|
||||
# SMTP, POP, IMAP, plus encrypted ports
|
||||
# Be sure to put *before* this line in the firewall rules:
|
||||
# -A OUTPUT -j ACCEPT
|
||||
#
|
||||
# Allow only communications to localhost on port 25 ( -s IP )
|
||||
-A OUTPUT -p tcp --dport 25 -o lo -d 127.0.0.1 -j ACCEPT
|
||||
# Allow only communications to localhost on IMAP port 993 ( -s IP )
|
||||
-A OUTPUT -p tcp --dport 993 -o lo -d 127.0.0.1 -j ACCEPT
|
||||
# Block SMTP
|
||||
-A OUTPUT -p tcp --dport 25 -j REJECT
|
||||
-A INPUT -p tcp --dport 25 -j REJECT
|
||||
# Block POP
|
||||
-A OUTPUT -p tcp --dport 110 -j REJECT
|
||||
-A INPUT -p tcp --dport 110 -j REJECT
|
||||
# Block IMAP
|
||||
-A OUTPUT -p tcp --dport 143 -j REJECT
|
||||
-A INPUT -p tcp --dport 143 -j REJECT
|
||||
# Block Email Submission
|
||||
-A OUTPUT -p tcp --dport 587 -j REJECT
|
||||
-A INPUT -p tcp --dport 587 -j REJECT
|
||||
# Block encrypted IMAPS
|
||||
-A OUTPUT -p tcp --dport 993 -j REJECT
|
||||
-A INPUT -p tcp --dport 993 -j REJECT
|
||||
# Block encrypted POP
|
||||
-A OUTPUT -p tcp --dport 995 -j REJECT
|
||||
-A INPUT -p tcp --dport 995 -j REJECT
|
||||
|
||||
#=============================================================================
|
||||
|
||||
# Set up postgres IP
|
||||
auto ens19
|
||||
iface ens19 inet static
|
||||
address 10.53.1.196/24
|
||||
|
||||
# Add user odoo
|
||||
adduser group odoo
|
||||
|
||||
mkdir /var/log/oca /var/log/odoo /etc/odoo
|
||||
|
||||
chown odoo:odoo /var/log/oca /var/log/odoo /etc/odoo /srv /opt
|
||||
|
||||
# Rsync over /opt from live (or staging) server:
|
||||
# Run as user 'odoo' on new server (e.g. ao-once-dev2) and set up keys:
|
||||
# odoo@once-dev2:~$ ssh-keygen -t ed25519
|
||||
|
||||
|
||||
rsync --dry-run \
|
||||
-ulta \
|
||||
odoo@ao-once-dev1:/opt/ \
|
||||
/opt/
|
||||
|
||||
rsync --dry-run \
|
||||
-ulta \
|
||||
odoo@ao-once-dev1:/srv/ \
|
||||
/srv/
|
||||
|
||||
rsync --dry-run \
|
||||
-ulta \
|
||||
odoo@ao-once-dev1:/etc/odoo/ \
|
||||
/etc/odoo/
|
||||
|
||||
|
||||
chown root:root /srv /opt
|
||||
|
||||
# Install postgres:
|
||||
apt install postgresql-client-9.6
|
||||
|
||||
# Load the database into Postgres. Run on ao-once-dev2, loads to ao-pg1:
|
||||
|
||||
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
|
||||
|
||||
|
||||
##############################################################################
|
||||
# Benchmarks
|
||||
#
|
||||
|
||||
# Run 1:
|
||||
# Default postgres settings.
|
||||
# 23G: /srv/oca-live/backup_ao_odoo_20180807.sql
|
||||
# Import from ao-once-dev2 to ao-pg1:
|
||||
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
|
||||
# Runtime:
|
||||
# df -h /var/lib/postgresql:
|
||||
|
||||
# Run 2:
|
||||
# Setting Changed:
|
||||
max_connections = 512
|
||||
shared_buffers = 8GB
|
||||
work_mem = 27962kB
|
||||
maintenance_work_mem = 2GB
|
||||
max_wal_size = 8GB
|
||||
wal_buffers = 16MB
|
||||
effective_cache_size = 16GB
|
||||
# 23G: /srv/oca-live/backup_ao_odoo_20180807.sql
|
||||
# Import from ao-once-dev2 to ao-pg1:
|
||||
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
|
||||
# Runtime:
|
||||
|
||||
##############################################################################
|
||||
Binary file not shown.
Loading…
Reference in new issue