Category Archives: Linux

Auto deploy from BitBucket repository via Cron

Setup the environment

Create the environment for Apache

mkdir /home/deployment
chown apache:apache /home/deployment

Create ssh key in /home/deployment/.ssh/id_rsa

Create wrapper for git to auth via SSH keys

cat > /home/deployment/git.sh <<EOF
#!/bin/bash

if [ $# -eq 0 ]; then
    echo "Git wrapper script that can specify an ssh-key file
Usage:
    git.sh -i ssh-key-file git-command
    "
    exit 1
fi

# remove temporary file on exit
trap 'rm -f /home/deployment/.git_ssh.$$' 0

if [ "$1" = "-i" ]; then
    SSH_KEY=$2; shift; shift
    echo "ssh -o StrictHostKeyChecking=no -i $SSH_KEY \$@" > /home/deployment/.git_ssh.$$
    chmod +x /home/deployment/.git_ssh.$$
    export GIT_SSH=/home/deployment/.git_ssh.$$
fi

# in case the git command is repeated
[ "$1" = "git" ] && shift

# Run the git command
git "$@"
EOF 

Run the fist clone

~# su - apache -s /bin/bash
Last login: Tue Apr  5 16:03:53 BST 2016 on pts/0
-bash-4.2$ cd /var/www/vhosts/

-bash-4.2$ /home/deployment/git.sh -i /home/deployment/.ssh/id_rsa clone [email protected]:repository01.git

Test the Re-Base

Make sure to get into the folder with .git subfolder
(in this case we did the clone into /var/www/vhosts/ BUT the code is stored into a new subfolder pulled with the domain name. So we cd into that one)

-bash-4.2$ cd /var/www/vhosts/blog.com && /home/deployment/git.sh -i /home/deployment/.ssh/id_rsa pull --rebase
Could not create directory '/usr/share/httpd/.ssh'.
Failed to add the host to the list of known hosts (/usr/share/httpd/.ssh/known_hosts).
Current branch master is up to date.
-bash-4.2$

Install the CRON

echo "*/5 * * * * apache cd /var/www/vhosts/blog.com && /home/deployment/git.sh -i /home/deployment/.ssh/id_rsa pull --rebase > /dev/null 2>&1" >> /etc/crontab

Rackspace – Cloud Monitoring – Ansible plugins

Install the required packages (Ubunto/Centos):

apt-get update && apt-get install python-apt python-pip build-essential python-dev git python-virtualenv -y

yum install python-pip git python-devel python-virtualenv gcc -y

Prepare the virtual environment

virtualenv /root/monitorenv
. /root/monitorenv/bin/activate
pip install paramiko PyYAML jinja2 httplib2 ansible

Download the playbook

git clone https://github.com/stevekaten/cloud-monitoring-plugin-deploy
cd cloud-monitoring-plugin-deploy

Install the required plugin:

ansible-playbook -i hosts holland_mysqldump.yml

	This will configure the holland_mysqldump plugin on the localhost.

ansible-playbook -i hosts mysql_slave.yml

	This will configure the mysql_slave plugin on the localhost.

ansible-playbook -i hosts port_check.yml

	This will fail with an error message informing you that you need to set a port.

ansible-playbook -i hosts port_check.yml -e port=8080

	This will configure the port_check plugin on the localhost checking if port 8080 is open.

ansible-playbook -i hosts port_check.yml -e '{"host":"rackspace.com","port":"80"}'

	This will configure the port_check plugin to check rackspace.com:80.

ansible-playbook -i hosts port_check.yml -e '{"host":"10.X.X.X","port":"3306"}'

	This will configure the port_check plugin to check mysql's port 3306 on the ServiceNet address.

ansible-playbook -i hosts lsyncd_status.yml

	This will configure the lsyncd_check plugin.

To UNINSTALL the monitoring, you need to delete the check, removing the related file from /etc/rackspace-monitoring-agent.conf.d/ and restart the Cloud Monitoring agent.

Rackspace – Cloud server inaccessible after creation from custom image

It happens that sometimes a server built from a custom image is not accessible. Sometimes the reason is becase the Nova agent was not running (for various reasons) on the source server and the networking wasn’t set correctly during the building process. This means the new server still have the old IP and routes of the original, the one used to create the image itself.

How to fix it?
Connect on the console and make sure xe-linux-distribution (xe-daemon) and Nova Agent are restarted/up and running.

Important: Make sure xe-linux-distribution is started BEFORE Nova Agent is.

Once this has been done run the following command on the Cloud server to force the Hypervisor to re-push the right configuration (this works only on Linux servers):

UUID=`uuidgen`; xenstore-write data/host/$UUID '{"name":"resetnetwork","value":""}'; sleep 10; xenstore-read data/guest/$UUID; unset UUID

# If completed successfully it will return something like this:
{"message": "", "returncode": "0"}

Rackspace – Cloud Sever autokill script

#!/bin/bash

# This script auto delete the current instance and ask the
# Autoscale Group to replace the node


###########################################################

CRED_FILE=/opt/autoscale/.credentials
AS_GRP_ID=a17b08b3-0c04-48e8-84a9-3070c29a27fa

###########################################################

# Gather info from credential file
USERNAME=$(grep username $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g')
APIKEY=$(grep api_key $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g')
REGION=$(grep region $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g' | tr '[:upper:]' '[:lower:]')


SERVER_UID=$(xenstore-read name | sed 's/instance-//')

AUTH=$(
curl -sd \
"{
   \"auth\":
   {
        \"RAX-KSKEY:apiKeyCredentials\":
        {\"username\": \"$USERNAME\",
        \"apiKey\": \"$APIKEY\"}        }
}" \
-H 'Content-Type: application/json' \
'https://identity.api.rackspacecloud.com/v2.0/tokens' | python -m json.tool | grep -A 7 token | awk '/id/ { print $2 }' | tr -d '"' | tr -d ","
) 

TOKEN=$(echo $AUTH | awk '{print $1}')
ID=$(echo $AUTH | awk '{print $2}')


curl -sH "X-Auth-Token: $TOKEN" -H "Content-type: application/json" -X DELETE https://$REGION.autoscale.api.rackspacecloud.com/v1.0/$ID/groups/$AS_GRP_ID/servers/$SERVER_UID?replace=true

Scheduled unattended tasks – at

$ at time date

$ at 11 am may 20

# at 02:00 AM Fri
at> yum update glibc
at> echo "Executing scheduled task" | logger
at> shutdown -r +5 "Server is going to be rebooted in 5 minutes for scheduled task. Please save your work ASAP." 
at> <EOT>
job 2 at 2015-02-06 02:00

Ends using CTRL+D that generates the <EOT> bit.

Source: http://www.computerhope.com/unix/uat.htm

Check the processes in the queue

atq

Check content of a job

at -c <job number>

Delete job

atrm <job number>

Also, you can cat/modify the job in /var/spool/cron/atjobs/ or /var/spool/at (in Centos)

If not installed, on Centos, make sure to start also ‘atd‘ service.

# chkconfig atd on && service atd start

WordPress Apache ProxyPass

Option 1

Ensure certain traffic goes to a certain server, you can use this:

<LocationMatch "^/wordpress/wp-admin/?.*>
        ProxyPreserveHost On
        ProxyPass http://ip.of.master.server/
</LocationMatch>

Option 2

Step One: Configure Environment

We need to setup some environment variables to get this to work correctly.
Add the following to your environment on the slave server(s):

RHEL/CentOS: /etc/sysconfig/httpd

OPTIONS="-DSLAVE"
export MASTER_SERVER="SERVERIP HERE"

Ubuntu: /etc/apache2/envvars

OPTIONS="-DSLAVE"
export MASTER_SERVER="SERVERIP HERE"

Step Two: Configure your VirtualHost

In your VirtualHost configuration do something like the following.

RewriteEngine On
ProxyPreserveHost On
ProxyPass /wp-admin/ http://${MASTER_SERVER}/wp-admin/
ProxyPassReverse /wp-admin/ http://${MASTER_SERVER}/wp-admin/

RewriteCond %{REQUEST_METHOD} =POST
RewriteRule . http://${MASTER_SERVER}%{REQUEST_URI} [P]

Fullstatus Apache 2.4 Centos7

Apache on CentOS 7 doesn’t come with any configuration for enabling /server-status
The module does come by default though, so to get this going, all you need to do is:

$ cat >> /etc/httpd/conf.modules.d/01-status.conf << EOF
<Location /server-status>
SetHandler server-status
Require local
</Location>
EOF

$ systemctl reload httpd
$ apachectl fullstatus

APC (php module) and OPcache

apt-get install php-apc

apc
apc.shm_size=256M

cp /etc/php.d/apc.ini /home/rack && sed -i 's/^.*apc.shm_size=.*$/apc.shm_size=256M/' /etc/php.d/apc.ini && grep "apc.shm_size=" /etc/php.d/apc.ini

cp  /usr/share/doc/php*apc*/apc.php /var/www/

service httpd graceful && service httpd status

PHP5.5 -> If it has Zend OPcache it doesn’t need APC anymore

php -m

Look for this:

[Zend Modules]
Zend OPcache

GUI: https://github.com/amnuts/opcache-gui

wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php

/etc/php5/mods-available/opcache.ini or /etc/php5/fpm/conf.d/05-opcache.ini

opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=1