Difference between revisions of "IT/Benchfile"
(→Local name service)
|Line 49:||Line 49:|
== CiviCRM ==
== CiviCRM ==
A demonstration instance of CiviCRM was installed in March 2011. This instance was abandoned because its
A demonstration instance of CiviCRM was installed in March 2011. This instance was abandoned because its user.
Revision as of 16:30, 18 December 2011
A "benchfile" is the book you leave in your desk drawer for your replacement in case you suddenly get a better job.
The Green Party of California rents a virtual private server (VPS) from Godmama's Forge. It's Ubuntu-9.0 ("Karmic Koala") based on Debian-5.0 ("Squeeze") plus some work-in-progress from Debian Unstable ("Sid"). The virtual host is named wangari.cagreens.org and runs under Vmware Enterprise.
Secrets and Authentication
There's no root password. Members of the "admin" user group can get a root shell by
sudo su -
or run other single commands under sudo. That's how Ubuntu does things. Passwords such as the MySQL root user's are shown in a text file "notes" in root's home directory.
Domain Name Service
The cagreens.org domain is served by two DNS vendors with five public name servers. The master is "amybiehl.greens.org" running on Cameron's "bract" VPS (bract.truffula.us, bract.cagreens.org...) at Chunkhost. The four slaves are on Dyn.com ("The Dynamic DNS") where Cameron has a "VIP" account.
About fifty other domains depend on a name server "cesarchavez.cagreens.org", which is running right now on Cameron's "rachel" dedicated server. These domains include addictedtowar.com, interfaithpeacecoalition.org, sjvgreens.org, migreens.org, etc.
apt-get install apache2-mpm-prefork php5-pear php5-gd php5-cli libapache2-mod-php5 mysql-server mysql-client
apt-get install rsync
Backup is a nightly rsync via ssh to a host in Cameron's garage. Authentication is by a key in ~root/.ssh/authorized_keys.
Local name service
apt-get install maradns
A lightweight caching name server, itself authoritative for no domains, listens on address 127.0.0.53. It queries customer name servers belonging to got.net and Godmama's Forge. It's mentioned first in our resolver configuration file /etc/resolv.conf which is obliquely mentioned (as "files") in /etc/nsswitch.conf. To see its configuration,
egrep -v '^#|^$' /etc/maradns/mararc
A local caching name server, also known as a "DNS forwarder", means you don't have to use the network for most name queries. For an email server that's looking up sender's PTR records, it's a real speed-up.
DNS block list
apt-get install rbldnsd
The blocklist file is /var/lib/rbldns/iparanges. It's maintained on another server, and pushed here by rsync via ssh. Configuration is in /etc/default/rbldnsd. This is one of two servers of the "dnsbl.cagreens.org" blocklist. At least four hosts refer to this DNSBL.
Email server: Postfix and Mailman
The "Debian Way" has Postfix' configuration files in /etc/postfix and the mapfiles they use in /etc/postfix/maps. Tradition has the email aliases file in /etc/, so we have a symlink there pointing at the real one.
apt-get install postfix postfix-pcre mailman
Mailman runs as the "list" user. GNU Mailman installs into its data directories and runs there. Debian installs the software in /usr/lib/cgi-bin/mailman and /usr/lib/mailman/, with data files in /var/lib/mailman/. They've done a nice job of separating the files their package maintainer updates from those Mailman updates as it runs, so you can do
apt-get install mailman
when there's an update, without losing/breaking anything.
Mailman generates two files /var/lib/mailman/data/aliases and /var/lib/mailman/data/aliases.db which are nentioned in /etc/postfix/main.cf. That's where the aliases for Mailman posting and admin functions are.
There's a popular script for further integration between Postfix and Mailman. Debian distributes it with Mailman but we're not using it. It makes Postfix depend on Python. The main advantage would be pre-queue rejection of rejectable messages, reducing backscatter and administrative noise.
Drupal and carve-outs
Most of the www.cagreens.org site is on Drupal, installed by the mbrennan user in /w/d7 Sept. 2011. Margot Brennan is a principal of the Radical Designs web design shop. Many directories and individual files are "carved out" of the www.cagreens.org virtual web server. These "carve-outs" are listed as Alias directives in the file /etc/apache2/sites-available/d7.cagreens.org. They refer to files on the pre-Drupal web site, in /w/cal/. That site appears intact at http://files.cagreens.org.
A demonstration instance of CiviCRM was installed in March 2011. This instance was abandoned because no first-tier technical support was available for its lone user.