...
- Stop mifos instance
- Dump database
- Copy uploads/config in MIFOS_CONF
- Create security group in EC2, setup permissions
- SSH "gateways" setup/info
- allows us to limit points of entry for our hosted machines
- note hosts below in ec2-authorize commands... the gateways are currently birch.mifos.org (the whole Seattle GTC, actually) and cloudboss.mifos.org.
- add to your
.ssh/config
(substituting MFINAME for something meaningful):No Format Host *MFINAME.mifos.org ProxyCommand ssh birch.mifos.org exec /bin/nc %h %p
- one-time setup for EC2 physical firewall
- manually change EC2_ACCOUNT_NUMBER with the 12-or-so digit number fetched from the AWS console
- SSH via gateways only - also images will constantly change so you WILL see the "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" often. You can verify the key if you want to with ec2-get-console-output or via the ec2 web ui.
- 18980-18981 is for monitoring JMX over RMI via OpenNMS
- Create security group first via web ui or cli
No Format #!/bin/bash # login through web console and create new security group, e.g. green-grameen set -ex SEC_GROUPS="digamber light-microfinance rise keef" EC2_ACCOUNT_NUMBER=000000000000 for SEC_GROUP in ${SEC_GROUPS} do ec2-authorize -P tcp -p 22-22 -s 75.149.167.24/32 ${SEC_GROUP} ec2-authorize -P tcp -p 22-22 -s 10.252.50.116/32 ${SEC_GROUP} ec2-authorize -P tcp -p 22-22 -s 184.72.240.48/32 ${SEC_GROUP} ec2-authorize -P tcp -p 443-443 -s 0.0.0.0/0 ${SEC_GROUP} ec2-authorize -P tcp -p 80-80 -s 0.0.0.0/0 ${SEC_GROUP} ec2-authorize -P tcp -p 18980-18981 -s 10.252.50.116/32 ${SEC_GROUP} ec2-authorize -P tcp -p 18980-18981 -s 184.72.240.48/32 ${SEC_GROUP} ec2-authorize -P udp -p 161-161 -s 10.252.50.116/32 ${SEC_GROUP} ec2-authorize -P udp -p 161-161 -s 184.72.240.48/32 ${SEC_GROUP} ec2-authorize -P tcp -p 161-161 -s 10.252.50.116/32 ${SEC_GROUP} ec2-authorize -P tcp -p 161-161 -s 184.72.240.48/32 ${SEC_GROUP} ec2-authorize -P icmp -t -1:-1 -s 10.252.50.116/32 ${SEC_GROUP} ec2-authorize -P icmp -t -1:-1 -s 184.72.240.48/32 ${SEC_GROUP} ec2-authorize -o ${SEC_GROUP} -u ${EC2_ACCOUNT_NUMBER} ldap done
- Create RDS security group
- Authorize EC2 security group for MFI
- Authorize default EC2 security group temporarily to make importing existing database more straightforward, remove after importing
- Create RDS instances as m1.small initially
- v5.1.50
- enable auto minor version upgrade
- allocate 10GB
- use MFI long name for MySQL instance (ie: "rise", "secdep")
- initial user/pass can be anything simple, this will be changed later
- leave Database Name blank
- Db Parameter Group: "mifoscloud"
- backup retention period: 8 days (best for PITR/binlogs)
- backup window: 1600-1700 UTC (good for India/Philippines/Africa)
- maintenance windows Saturday 1700-1800 UTC
- example:
No Format Engine: mysql Engine Version: 5.1.50 Auto Minor Ver. Upgrade: Yes DB Instance Class: db.m1.small Multi-AZ Deployment: Yes Allocated Storage: 10 DB Instance Identifier: rise Master User Name: mifos Master User Password: mifos Database Name: Database Port: 3306 Availability Zone: Using a Multi-AZ Deployment disables this preference. DB Parameter Group: mifoscloud DB Security Group(s):rise Backup Retention Period: 8 Backup Window: 16:00-17:00 Maintenance Window: Saturday 17:00-Saturday 18:00
- Create chef roles, base + test + prod + optional MFI specific recipe
- look at an existing role
knife role show mifos_digamber
- create a new role
knife role create mifos_rise
knife role create mifos_rise_test
(look at mifos_digamber_prod, mifos_digamber_test for examples)
- look at an existing role
- Create 2 EBS volumes 1 for test and prod each (storing uploads)
for testing:
for prod:No Format ec2-create-volume --snapshot snap-5abd2f36 -s 1 -z us-east-1d ec2-create-tags -t Name=testing-digamber.mifos.org <vol-id>
No Format ec2-create-volume --snapshot snap-5abd2f36 -s 1 -z us-east-1a ec2-create-tags -t Name=digamber.mifos.org <vol-id>
- Update DNS if required
- Create EC2 instances
- get ami-id from hudson job: https://ci.mifos.org/hudson/view/cloud/job/cloud-mifos-image
- latest ami-id for 2.0.2:ami-8a8d7fe3 (see at end: https://ci.mifos.org/hudson/view/cloud/job/cloud-mifos-image/44/console)
No Format ec2-run-instances ami-8a8d7fe3 --instance-type m1.small -z us-east-1d -d '{ "run_list": ["role[ldapclient]", "role[base]" ] }' --disable-api-termination -g rise ec2-create-tags -t Name=testing-rise.mifos.org -t Service=Mifos INSTANCE_ID
- on boot, the node will add itself to the chef server (see rc.local, imaging/create_image.py, cloud source code)
- make sure you can login via SSH. If not, fetch console output (this is something you may have to do from time to time):
No Format ec2-get-console-output INSTANCE_ID
- attach ec2 volume
No Format ec2-attach-volume -i INSTANCE_ID -d /dev/sdc1 vol-ee7e2386
knife node edit INSTANCE_ID.mifos.org
, add "role[mifos_rise_test]" to run list section or do through http://manage.opscode.com- log into box and run
sudo chef-client
to see change immediately or wait 30 minutes or so
- set up Mifos and Pentaho databases
No Format sudo /etc/pentaho/system/mifos_pentaho_init.sql -u mifos -pmifos
- change mifos password via AWS Web UI (Modify RDS instance, put a password generated with, for example, apg, in the "Master User Password" field)
- add backup jobs to BackupPC
- when adding new backup host, use the NEWHOST=COPYHOST syntax mentioned on the "edit hosts" page
- edit ~backuppc/.ssh/config , disabling strict host checking
- add monitoring of box to OpenNMS
...