forksand-it-manual/source/resources/apps/oca/oca9-dev

#ao-oca-dev2 How to set up a clone of an existing OCA 9 server.
###############
# First, set up database server
# Install Debian Stretch
# Install postgres 9.6 from Debian repo
# Add fast disk for /var/lib/postgresql

apt-get install pbzip2
apt-get install \
        postgresql-all

# XXX set up postgres config.
# XXX is superuser. OCA 9 import needs it, so don't mix with other DB.
sudo -u postgres createuser aooncedev2 -U postgres --createdb --superuser --pwprompt

# Create database:
sudo -u postgres createdb --owner aooncedev2 aooncedev2

# Set up Postgres IP:
auto ens18 ens19
iface ens19 inet static
	address 10.53.1.81/24

# XXX edit /etc/postgresql/9.6/main/postgresql.conf and change to be
# like this (note single quotes ')
# ao-pg1
listen_addresses = '127.0.0.1,10.53.1.81'         # what IP address(es) to listen on;

# Set up access permissions file as root:
cat > /etc/postgresql/9.6/main/pg_hba.conf <<EOF
# IPv4 local connections
host    all             all             127.0.0.1/32            md5
# Database administrative login by Unix domain socket
local   all             postgres                                peer
# "local" is for Unix domain socket connections only
local   all             all                                     peer

# Allow ao-once-dev2 XXX use password hash
host    all             all             10.53.1.196/32            trust
host    all    odoo         10.53.1.196/32      trust
host    all    postgres         10.53.1.196/32      trust
EOF

# Set up firewall
vim /etc/iptables.test.rules
# add rule:
# Allow ao-once-dev2 to Postgres
-A INPUT -s 10.53.1.196/32 -d 10.53.1.81/32 -p tcp -m tcp --dport 5432 -j ACCEPT

/root/iptables-reload


# Now Set up Actual OCA server.
##############################################################################

# Set up Debian Stretch server.

# Add this to firewall:

#=============================================================================
# On development servers, add this to firewall rules to block
# sending/receiving of mails.
# Block outgoing traffic to email ports...
# SMTP, POP, IMAP, plus encrypted ports
# Be sure to put *before* this line in the firewall rules:
# -A OUTPUT -j ACCEPT
#
# Allow only communications to localhost on port 25 ( -s IP )
-A OUTPUT -p tcp --dport 25 -o lo -d 127.0.0.1 -j ACCEPT
# Allow only communications to localhost on IMAP port 993 ( -s IP )
-A OUTPUT -p tcp --dport 993 -o lo -d 127.0.0.1 -j ACCEPT
# Block SMTP
-A OUTPUT -p tcp --dport  25 -j REJECT
-A INPUT  -p tcp --dport  25 -j REJECT
# Block POP
-A OUTPUT -p tcp --dport 110 -j REJECT
-A INPUT  -p tcp --dport 110 -j REJECT
# Block IMAP
-A OUTPUT -p tcp --dport 143 -j REJECT
-A INPUT  -p tcp --dport 143 -j REJECT
# Block Email Submission
-A OUTPUT -p tcp --dport 587 -j REJECT
-A INPUT  -p tcp --dport 587 -j REJECT
# Block encrypted IMAPS
-A OUTPUT -p tcp --dport 993 -j REJECT
-A INPUT  -p tcp --dport 993 -j REJECT
# Block encrypted POP
-A OUTPUT -p tcp --dport 995 -j REJECT
-A INPUT  -p tcp --dport 995 -j REJECT

#=============================================================================

# Set up postgres IP
auto ens19
iface ens19 inet static
        address 10.53.1.196/24

# install packages:
apt-get install                         \
        python-pip                      \
        libxml2-dev python-libxml2      \
        libxslt1-dev                    \
        cython                          \
        libldap2-dev                    \
        zlib1g-dev                      \
        libgsasl7-dev libsasl2-dev      \
        libevent-dev                    \
        python-babel python-decorator python-docutils python-feedparser python-gevent python-greenlet python-html2text python-jinja2 python-lxml python-mako python-markupsafe python-mock python-ofxparse python-passlib python-pil python-psutil python-psycopg2 python-pydot python-pyldap python-pyparsing python-pypdf2 python-serial python-dateutil python-arrow python-usb python-yaml python-qrcode python-reportlab python-requests python-six python-suds python-vatnumber python-vobject python-werkzeug python-xlsxwriter python-xlwt python-xlrd wkhtmltopdf python-pdfkit

apt install nodejs

# Meh, this runs the wrong version, needs /usr/loca/bin cruft
apt purge wkhtmltopdf

# meh install all packages from ao-once-dev1
/etc/init.d/exim4 stop
update-rc.d exim4 disable
update-rc.d fancontrol disable
update-rc.d lvm2-lvmetad disable
update-rc.d lvm2-lvmpolld disable
update-rc.d munin-node disable
update-rc.d mdadm disable
update-rc.d libvirtd disable
update-rc.d libvirt-guests disable
update-rc.d virtlogd disable
update-rc.d postgresql disable
update-rc.d cpufrequtils disable
update-rc.d loadcpufreq disable
update-rc.d snmpd disable
update-rc.d sysstat disable
update-rc.d xinetd disable
update-rc.d sysfsutils disable

# Add user odoo
adduser group odoo

mkdir /var/log/oca /var/log/odoo /etc/odoo

chown odoo:odoo /var/log/oca /var/log/odoo /etc/odoo /srv /opt

# Rsync over /opt from live (or staging) server:
# Run as user 'odoo' on new server (e.g. ao-once-dev2) and set up keys:
# odoo@once-dev2:~$ ssh-keygen -t ed25519

# Fast
rsync --dry-run				\
	-ulta				\
	odoo@ao-once-dev1:/opt/		\
	/opt/

# 111 minutes
rsync --dry-run				\
	-ulta				\
	odoo@ao-once-dev1:/srv/		\
	/srv/

# Fast
rsync --dry-run				\
	-ulta				\
	odoo@ao-once-dev1:/etc/odoo/		\
	/etc/odoo/


chown root:root /srv /opt

# Set the database correct in /etc/odoo/odoo-server.conf
db_host = 10.53.1.81
db_name = ao_odoo
;db_password = XXX
db_password = False
db_user = odoo
admin_passwd = XXX
;log_level = debug
log_level = info

# Copy over cruft:
scp -rp ao-once-dev1:/usr/local .
sudo mv /usr/local /usr/local.orig
sudo mv local /usr/
sudo chown -R root:root /usr/local

# Copy over startup script:
scp -p ao-once-dev1:/etc/init.d/odoo .
sudo mv odoo /etc/init.d/
sudo chown root:root /etc/init.d/odoo
update-rc.d odoo defaults

# Install postgres:
apt install postgresql-client-9.6

# Load the database into Postgres. Run on ao-once-dev2, loads to ao-pg1:

cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2

##############################################################################
# Copy database from live server to ao-once-dev1:
# On main oca server, add this to ~/.ssh/config
Host ao-once-dev1
        Port 42563
        Hostname 174.128.244.208
        User jebba

# Add main jebba oca key to ao-once-dev1 (temporary).
# On main oca server, copy over the 4GB compressed database. Takes less than 2min or so at 60MB/s.
time scp -p postgres-2018-09-23-16-00.bz2 ao-once-dev1:
# Copy that over to whatever dev server...
# Set up ~/.ssh/config XXX note, different than remote:
Host ao-once-dev1
        Port 22
        Hostname 10.192.1.195
        User jebba

##############################################################################


##############################################################################
# Benchmarks
#

##########
# Run 1: #
##########
# Default postgres settings.
# 23G: /srv/oca-live/backup_ao_odoo_20180807.sql
# Import from ao-once-dev2 to ao-pg1:
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
# df -h /var/lib/postgresql: 25G
# Runtime: 23m41.270s

##########
# Run 2: #
##########
# Setting Changed:
max_connections = 512
shared_buffers = 8GB
work_mem = 27962kB
maintenance_work_mem = 2GB
max_wal_size = 8GB
wal_buffers = 16MB
effective_cache_size = 16GB
# Drop old DB on ao-pg1 and create new one:
# sudo -u postgres dropdb aooncedev2
# sudo -u postgres createdb --owner aooncedev2 aooncedev2
# 23G: /srv/oca-live/backup_ao_odoo_20180807.sql
# Import from ao-once-dev2 to ao-pg1:
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
# start: df -h /var/lib/postgresql: 1.1G
# end: df -h /var/lib/postgresql: 32G
# Runtime: 20m12.831s

##########
# Run 3: #
##########
sudo mkdir /srv/db
sudo chown jebba:jebba /srv/db
mv postgres-2018-09-23-16-00.bz2 /srv/db
pbzip2 -m2000 --keep --decompress /srv/db/postgres-2018-09-23-16-00.bz2
# Compressed size: 4.2G
# Uncompressed size: 24G
# Runtime: 1m20s
# sudo -u postgres dropdb aooncedev2
# sudo -u postgres dropdb ao_odoo
pbzip2 --stdout -p16 -m2000 --keep --decompress /srv/db/postgres-2018-09-23-16-00.bz2 | psql --quiet --host 10.53.1.81 --user postgres
# start: df -h /var/lib/postgresql: 7.6G
# end: df -h /var/lib/postgresql: 33G
# Runtime: 20m34.922s


##########
# Run 4: #
##########
# Host pg2
# sudo -u postgres dropdb ao_odoo
pbzip2 --stdout -p16 -m2000 --keep --decompress /srv/db/postgres-2018-09-23-16-00.bz2 | psql --quiet --host 10.53.1.82 --user postgres
# start: df -h /var/lib/postgresql: 91M
# end: df -h /var/lib/postgresql: 26G
# Runtime: 24m2.173s


##########
# Run 5: #
##########
# Host pg2
# Setting Changed:
max_connections = 512
shared_buffers = 8GB
work_mem = 27962kB
maintenance_work_mem = 2GB
max_wal_size = 8GB
wal_buffers = 16MB
effective_cache_size = 16GB
# sudo -u postgres dropdb ao_odoo
pbzip2 --stdout -p16 -m2000 --keep --decompress /srv/db/postgres-2018-09-23-16-00.bz2 | psql --quiet --host 10.53.1.82 --user postgres
# start: df -h /var/lib/postgresql:
# end: df -h /var/lib/postgresql: 
# Runtime:

##########
# Run X: #
##########
# Disable SSL
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql "sslmode=disable" --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
# Runtime: 


##############################################################################
# Start it...
# Reboot or
#/etc/init.d/odoo start



##############################################################################

##############################################################################
# USAGE #
#########

# Create a tunnel to the server (must have ssh keys set up):
# In ~/.ssh/config:
Host ao-once-dev2
        Port 57525
        Hostname 174.128.244.208
        User jebba

# Run to create an encrypted tunnel:
ssh -N -C -L 58269:localhost:8069 ao-once-dev2

# Then in the browser go to:
http://127.0.0.1:58269

##############################################################################
# XXX
# TODO: Use apache SSL, if not ssh tunnels.
#
# XXX One server is running and you can log in as admin,
# disable all email checks!
# Firewall should prevent this, but still double stop it.

# Technical --> Email --> Incoming Mail Servers
# Technical --> Email --> Outgoing Mail Servers

# Technical --> Automation --> Schedule Actions
# Disable: Email Queue Manager, Cycle Count Planner Computation, 
#  Marketing Campaign: Campaign workitems processing,
#  Run Event Reminder,
# DDMRP Buffer ADU calculation
# Reordering Rule DDMRP calculation
##############################################################################
##############################################################################
# pg2, upgrade to Postgres 10

apt remove postgresql-9.6 postgresql-client-9.6 postgresql-client-common postgresql-common postgresql-server-dev-9.6 postgresql-server-dev-all

# rm -rf /var/lib/postgresql/9.6/

echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" > /etc/apt/sources.list.d/pgdg.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
apt update
apt dist-upgrade
apt autoremove
apt install postgresql-10


# XXX edit /etc/postgresql/10/main/postgresql.conf and change to be
# like this (note single quotes ')
# ao-pg2
listen_addresses = '127.0.0.1,10.53.1.82'         # what IP address(es) to listen on;

cat > /etc/postgresql/10/main/pg_hba.conf <<EOF
host    all             all             127.0.0.1/32            md5
host    all    odoo         10.53.1.196/32      trust
host    all    postgres         10.53.1.196/32      trust
host    aooncedev2    aooncedev2         10.53.1.196/32      trust
local   all             all                                     peer
local   all             postgres                                peer
EOF


##############################################################################