I received the following email today and i thought it was a question many folks would like to know the answer to:
Is there a way to alter your mercury init.sh so it will ask the directory to move mysql and other files too?
This will help all those folks struggling with the EBS set up.
My simple solution will be to start up the cannonical EBS for Lucid, (which is in ext3), attach another EBS volume formatted in XFS, install mercury in the EBS boot, move mysql datadir to the XFS formatted EBS, move most logfiles to /mnt and if necessary, start another EBS volume for innodb logs.
Updated 7/12/10 with solution!
I agree that a solution is needed. First, a little history as to why we treat AWS different than other VPSs. The root filesystem on a AWS server is 10GB with a 150GB filesystem attached to /mnt (which is a little unusual - on a non-AWS server this would be attached to a directory within /mnt). In order to save as much space on the root filesystem as possible, we store certain data on the /mnt filesystem (again, AWS servers only):
/var/lib/mysql gets synlinked to /mnt/mysql/lib
/var/log/mysql gets synlinked to /mnt/mysql/log
mysql temp dir gets moved to /mnt/mysql/tmp
tomcat temp dir gets moved to /mnt/tomcat6/tmp
/var/lib/varnish gets moved to /mnt/varnish/lib
This solves the space issue, but doesn't fix the potential data-loss problem - both / and /mnt on instance-backed servers are volatile - if the server crashes or is shut down, the data on these filesystems are gone. The filesystems themselves are gone. 2 common solutions to the problem are mounting a EBS volume and storing important data there or (a more recently available option) using a EBS-boot instance (also called EBS-backed instance).
We've looked at adding a variable to the /etc/mercury/server_tuneables that would define the path to store these directories instead (ie, you could replace /mnt with something else). However, there is an issue here: this works the first time because we know the default path and can rsync the old path to the new path before doing the symlink. This would be much more difficult if /mnt was stored in a variable that could be changed because there would be no record of the what the value was before (and hence, where to sync the files from)
Besides, with EBS-boot instances, I would think the desired default behavior would be to leave the default paths of mysql, varnish and tomcat alone since a person can make their EBS-boot root filesytem whatever size they wish. This would give users of EBS-boot servers the most flexibility by allowing someone to move, say, mysql storage to a separate (attached) EBS volume or even RDS.
To achieve this solution we need a way to reliably and automatically identify whether an AWS server is instance or EBS-backed.
Anyone know of a way or have another suggestion?
UPDATE 7/12/10 - we added a bcfg2 group to Mercury 1.1 Beta called mercury-aws-ebs (see http://groups.drupal.org/node/70268) which set's up all the aws-specific packages but makes no changes to the file structure - this should be a good solution for AWS. We've also added tuneables for services such as mysql allowing one to utilize Amazon's RDS without making major changes to Mercury.
Greg
Comments
EBS boot issue
Hi Greg,
No one, it appears, wants EBS boot!
Having said that, its quite simple and easy to use your scripts along with Cannonical´s Lucid EBS boot image to get things working and also to change mysql directories and if needed the apache doc root as well. (I am going by the Bible - John K. VanDyk´s Pro Drupal Development, 2nd Edition!.)
The issue comes in starting and stopping the EBS machine - as its meant to be. It appears that if you stop and EBS instant, the symlinks are not being maintained!. It reboots without an issue - meaning I can issue a shutdown now -r in ssh, with no issues, but if I do stop through the AWS console and start the machine again, the symlinks are gone!
re: EBS boot issue
Are you referring to the symlinks that copy /var/lib/mysql to /mnt/mysql/lib, /var/log/mysql to /mnt/mysql/log and /var/lib/varnish to /mnt/varnish/lib? If so, then yes, they will disappear when a EBS instance is stopped.
The problem is that /mnt is the same regardless if the instance is a regular one or a EBS one - /mnt is volatile in both cases and disappears when the instance is stopped.
We currently change 2 things for Mercury servers running on EC2 instances:
1) Add some EC2-specific packages
2) change the path of the above dirs (due to space considerations)
What we need is a way to identify an EBS-backed server so that we can add the right packages but not change the dir paths on that instance.
Greg
--
Greg Coit
Systems Administrator
http://www.chapterthree.com
more on EBS boot
Yes and no...
I´ve changed /mnt to /mydata - a normal, persistent, EBS volume, which is attached as /dev/sdc and mounted through fstab at atartup. So the symlinks are from /var/lib.... to /mydata/lib etc. But I did something stupid, come to think of it now. I´ve changed the tmp directory to /mnt/tmp and also the apache2 logs to /mnt/logs.
However, even the /var/ib -> /mydata/lib and /var/log -> &mydata/log for mysql logs have also disappeared.
What I need to do is to write a script to restore these symlinks at startup.
As for changing paths, I edited out the reload everything step in your init.sh (with my steps being all manual from your instructions with confirmations every step, I felt it would be not needed and anyway would have negated my next step, which was to edit and change the paths in the secondary script that init.sh calls to create these symlinks.
Obviously not something that you would want an inexperienced drupalist to do, but I think your stack, like the aegir stack, needs a slightly higher level of expertise.
re: more on EBS boot
In that case, I would make sure that the /etc/mercury/init.sh isn't running at every boot (it's only supposed to run at first boot). If you look at the script, it's first looks for /etc/mercury/incep and then stops running if it finds it. Maybe that file doesn't exist (and isn't being created) on your server? That's the only reason I can think of for your symlinks to be disappearing.
Hope this helps,
Greg
--
Greg Coit
Systems Administrator
http://www.chapterthree.com
Ports for AWS Security Groups
I'm attempting an AWS EBS boot install and found myself a bit confused on the ports that I need to open as part of my AWS Security Groups.
(1) Checked the open ports on my installation:
sudo nmap -sT -O localhost
22/tcp open ssh
25/tcp open smtp
3306/tcp open mysql
6789/tcp open
8080/tcp open http-proxy
8081/tcp open
Humm. This is the first time I used nmap, so I may be misinterpreting.
Observations:
Port 80 is not open.
What is port 3306, 6789?
(2) Checked the ports on iptables template
/TGenshi/mercury/iptables/template.newtx
opens 22, 80, 443, 8080, 8081
Question: Which ports should I open in my AWS Security Group? For each of these ports, which may I designate for my local IP address only* for added security?
My early thoughts:
- open 22* ssh, 80 http, 443 https, and 8081 hudson
- Need some input: 25 (mail/smtp), 3306?, 6789? (3306 and 6789 may be outbound)
- 8080 is for Varnish to Apache2.
James
re: Ports for AWS Security Groups
James,
Yes, Varnish is on 80 and apache is on 8080 and 443 (Technically, port 8080 could be bound to localhost but there's no harm in it being open).
SSH is port 22 and also needs to be open.
Mysql uses port 3306 but it's bound to localhost for security.
port 25 is for sending email and should be open if you would like to send mail.
port 6789 is the bcfg2-server port and it's also bound to localhost for security reasons.
Hope this helps,
Greg
--
Greg Coit
Systems Administrator
http://www.chapterthree.com
Greg, Thanks for the
Greg,
Thanks for the information. This is how I'm interpreting it.
Localhost: (these are not part of the security group)
8080 (apache)
3306 (mysql)
6789 (bcfg2)
Security Group for AWS (outward facing)
80 (varnish)
22 (ssl)
25 (for mail - optional)
443 (https)
This is for a single AWS server running all services.
Thanks,
James