forksand
/
forksand-it-manual
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7e02e1049d'
${ noResults }
forksand-it-manual/source/resources/apps/oca/oca9-dev

329 lines
10 KiB
Raw Blame History

#ao-oca-dev2 How to set up a clone of an existing OCA 9 server.
###############
# First, set up database server
# Install Debian Stretch
# Install postgres 9.6 from Debian repo
# Add fast disk for /var/lib/postgresql
apt-get install pbzip2
apt-get install \
postgresql-all
# XXX set up postgres config.
# XXX is superuser. OCA 9 import needs it, so don't mix with other DB.
sudo -u postgres createuser aooncedev2 -U postgres --createdb --superuser --pwprompt
# Create database:
sudo -u postgres createdb --owner aooncedev2 aooncedev2
# Set up Postgres IP:
auto ens18 ens19
iface ens19 inet static
address 10.53.1.81/24
# XXX edit /etc/postgresql/9.6/main/postgresql.conf and change to be
# like this (note single quotes ')
# ao-pg1
listen_addresses = '127.0.0.1,10.53.1.81' # what IP address(es) to listen on;
# Set up access permissions file as root:
cat > /etc/postgresql/9.6/main/pg_hba.conf <<EOF
# IPv4 local connections
host all all 127.0.0.1/32 md5
# Database administrative login by Unix domain socket
local all postgres peer
# "local" is for Unix domain socket connections only
local all all peer
# Allow ao-once-dev2 XXX use password hash
host all all 10.53.1.196/32 trust
host all odoo 10.53.1.196/32 trust
host all postgres 10.53.1.196/32 trust
EOF
# Set up firewall
vim /etc/iptables.test.rules
# add rule:
# Allow ao-once-dev2 to Postgres
-A INPUT -s 10.53.1.196/32 -d 10.53.1.81/32 -p tcp -m tcp --dport 5432 -j ACCEPT
/root/iptables-reload
# Now Set up Actual OCA server.
##############################################################################
# Set up Debian Stretch server.
# Add this to firewall:
#=============================================================================
# On development servers, add this to firewall rules to block
# sending/receiving of mails.
# Block outgoing traffic to email ports...
# SMTP, POP, IMAP, plus encrypted ports
# Be sure to put *before* this line in the firewall rules:
# -A OUTPUT -j ACCEPT
#
# Allow only communications to localhost on port 25 ( -s IP )
-A OUTPUT -p tcp --dport 25 -o lo -d 127.0.0.1 -j ACCEPT
# Allow only communications to localhost on IMAP port 993 ( -s IP )
-A OUTPUT -p tcp --dport 993 -o lo -d 127.0.0.1 -j ACCEPT
# Block SMTP
-A OUTPUT -p tcp --dport 25 -j REJECT
-A INPUT -p tcp --dport 25 -j REJECT
# Block POP
-A OUTPUT -p tcp --dport 110 -j REJECT
-A INPUT -p tcp --dport 110 -j REJECT
# Block IMAP
-A OUTPUT -p tcp --dport 143 -j REJECT
-A INPUT -p tcp --dport 143 -j REJECT
# Block Email Submission
-A OUTPUT -p tcp --dport 587 -j REJECT
-A INPUT -p tcp --dport 587 -j REJECT
# Block encrypted IMAPS
-A OUTPUT -p tcp --dport 993 -j REJECT
-A INPUT -p tcp --dport 993 -j REJECT
# Block encrypted POP
-A OUTPUT -p tcp --dport 995 -j REJECT
-A INPUT -p tcp --dport 995 -j REJECT
#=============================================================================
# Set up postgres IP
auto ens19
iface ens19 inet static
address 10.53.1.196/24
# install packages:
apt-get install \
python-pip \
libxml2-dev python-libxml2 \
libxslt1-dev \
cython \
libldap2-dev \
zlib1g-dev \
libgsasl7-dev libsasl2-dev \
libevent-dev \
python-babel python-decorator python-docutils python-feedparser python-gevent python-greenlet python-html2text python-jinja2 python-lxml python-mako python-markupsafe python-mock python-ofxparse python-passlib python-pil python-psutil python-psycopg2 python-pydot python-pyldap python-pyparsing python-pypdf2 python-serial python-dateutil python-arrow python-usb python-yaml python-qrcode python-reportlab python-requests python-six python-suds python-vatnumber python-vobject python-werkzeug python-xlsxwriter python-xlwt python-xlrd wkhtmltopdf python-pdfkit
apt install nodejs
# meh install all packages from ao-once-dev1
/etc/init.d/exim4 stop
update-rc.d exim4 disable
update-rc.d fancontrol disable
update-rc.d lvm2-lvmetad disable
update-rc.d lvm2-lvmpolld disable
update-rc.d munin-node disable
update-rc.d mdadm disable
update-rc.d libvirtd disable
update-rc.d libvirt-guests disable
update-rc.d virtlogd disable
update-rc.d postgresql disable
update-rc.d cpufrequtils disable
update-rc.d loadcpufreq disable
update-rc.d snmpd disable
update-rc.d sysstat disable
update-rc.d xinetd disable
update-rc.d sysfsutils disable
# Add user odoo
adduser group odoo
mkdir /var/log/oca /var/log/odoo /etc/odoo
chown odoo:odoo /var/log/oca /var/log/odoo /etc/odoo /srv /opt
# Rsync over /opt from live (or staging) server:
# Run as user 'odoo' on new server (e.g. ao-once-dev2) and set up keys:
# odoo@once-dev2:~$ ssh-keygen -t ed25519
# Fast
rsync --dry-run \
-ulta \
odoo@ao-once-dev1:/opt/ \
/opt/
# 111 minutes
rsync --dry-run \
-ulta \
odoo@ao-once-dev1:/srv/ \
/srv/
# Fast
rsync --dry-run \
-ulta \
odoo@ao-once-dev1:/etc/odoo/ \
/etc/odoo/
chown root:root /srv /opt
# Set the database correct in /etc/odoo/odoo-server.conf
db_host = 10.53.1.81
db_name = ao_odoo
;db_password = XXX
db_password = False
db_user = odoo
admin_passwd = XXX
;log_level = debug
log_level = info
# Copy over cruft:
scp -rp ao-once-dev1:/usr/local .
sudo mv /usr/local /usr/local.orig
sudo mv local /usr/
sudo chown -R root:root /usr/local
# Copy over startup script:
scp -p ao-once-dev1:/etc/init.d/odoo .
sudo mv odoo /etc/init.d/
sudo chown root:root /etc/init.d/odoo
update-rc.d odoo defaults
# Install postgres:
apt install postgresql-client-9.6
# Load the database into Postgres. Run on ao-once-dev2, loads to ao-pg1:
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
##############################################################################
# Copy database from live server to ao-once-dev1:
# On main oca server, add this to ~/.ssh/config
Host ao-once-dev1
Port 42563
Hostname 174.128.244.208
User jebba
# Add main jebba oca key to ao-once-dev1 (temporary).
# On main oca server, copy over the 4GB compressed database. Takes less than 2min or so at 60MB/s.
time scp -p postgres-2018-09-23-16-00.bz2 ao-once-dev1:
# Copy that over to whatever dev server...
# Set up ~/.ssh/config XXX note, different than remote:
Host ao-once-dev1
Port 22
Hostname 10.192.1.195
User jebba
##############################################################################
##############################################################################
# Benchmarks
#
##########
# Run 1: #
##########
# Default postgres settings.
# 23G: /srv/oca-live/backup_ao_odoo_20180807.sql
# Import from ao-once-dev2 to ao-pg1:
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
# df -h /var/lib/postgresql: 25G
# Runtime: 23m41.270s
##########
# Run 2: #
##########
# Setting Changed:
max_connections = 512
shared_buffers = 8GB
work_mem = 27962kB
maintenance_work_mem = 2GB
max_wal_size = 8GB
wal_buffers = 16MB
effective_cache_size = 16GB
# Drop old DB on ao-pg1 and create new one:
# sudo -u postgres dropdb aooncedev2
# sudo -u postgres createdb --owner aooncedev2 aooncedev2
# 23G: /srv/oca-live/backup_ao_odoo_20180807.sql
# Import from ao-once-dev2 to ao-pg1:
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
# start: df -h /var/lib/postgresql: 1.1G
# end: df -h /var/lib/postgresql: 32G
# Runtime: 20m12.831s
##########
# Run 3: #
##########
sudo mkdir /srv/db
sudo chown jebba:jebba /srv/db
mv postgres-2018-09-23-16-00.bz2 /srv/db
pbzip2 -m2000 --keep --decompress /srv/db/postgres-2018-09-23-16-00.bz2
# Compressed size: 4.2G
# Uncompressed size: 24G
# Runtime: 1m20s
# sudo -u postgres dropdb aooncedev2
# sudo -u postgres dropdb ao_odoo
pbzip2 --stdout -p16 -m2000 --keep --decompress /srv/db/postgres-2018-09-23-16-00.bz2 | psql --quiet --host 10.53.1.81 --user postgres
# start: df -h /var/lib/postgresql: 7.6G
# end: df -h /var/lib/postgresql: 33G
# Runtime: 20m34.922s
##########
# Run 4: #
##########
# sudo -u postgres dropdb aooncedev2
# sudo -u postgres dropdb ao_odoo
pbzip2 --stdout -p16 -m2000 --keep --decompress /srv/db/postgres-2018-09-23-16-00.bz2 | psql --quiet --host 10.53.1.81 --user postgres
# start: df -h /var/lib/postgresql:
# end: df -h /var/lib/postgresql:
# Runtime:
##########
# Run X: #
##########
# Disable SSL
cat /srv/oca-live/backup_ao_odoo_20180807.sql | psql "sslmode=disable" --quiet --host 10.53.1.81 --user aooncedev2 aooncedev2
# Runtime:
##############################################################################
# Start it...
# Reboot or
#/etc/init.d/odoo start
##############################################################################
##############################################################################
# USAGE #
#########
# Create a tunnel to the server (must have ssh keys set up):
# In ~/.ssh/config:
Host ao-once-dev2
Port 57525
Hostname 174.128.244.208
User jebba
# Run to create an encrypted tunnel:
ssh -N -C -L 58269:localhost:8069 ao-once-dev2
# Then in the browser go to:
http://127.0.0.1:58269
##############################################################################
# XXX
# TODO: Use apache SSL, if not ssh tunnels.
#
# XXX One server is running and you can log in as admin,
# disable all email checks!
# Firewall should prevent this, but still double stop it.
# Technical --> Email --> Incoming Mail Servers
# Technical --> Email --> Outgoing Mail Servers
# Technical --> Automation --> Schedule Actions
# Disable: Email Queue Manager, Cycle Count Planner Computation,
# Marketing Campaign: Campaign workitems processing,
# Run Event Reminder,
# DDMRP Buffer ADU calculation
# Reordering Rule DDMRP calculation
##############################################################################
Reference in new issue View Git Blame Copy Permalink