Last updated by brianmercer on Fri, 2012-03-30 23:54
I've been learning puppet this week and turning my system into a puppet config. It's gotten me thinking of all the things that go into a system and I'd appreciate any input.
What are the components of a good Drupal/nginx stack?
Software:
* nginx
* mysql/mariadb/percona
* memcache/redis
* php-fpm
* php-apc
* php-gd
* php5-mysqlnd
* fcgiwrap (for awstats)
* git
* php5-curl
* php5-xhprof
* awstats
* drush
* imagemagick/graphicsmagick?
* collectd
* duplicity for off-site backup
* postfix
* ssh
* reniced (to push collectd back in priority)
* automysqlbackup for db backup
* cron-apt for package update notifications
* phpmyadmin/chive
* ufw
* solr (jetty or tomcat)?
* phpmyadmin/chive
* s3cmd
What capabilities:
* manage apt repositories and packages
* manage github content
* download different drupal distributions (hopefully by git)
* create drupal site with database user and DB
* configure nginx for multiple sites
* configure awstats for selected sites
* configure ufw firewall or iptables?
* move ssh to non-standard port?
* require list of all drupal modules in the config?
* configure an admin site with ssl and password
* configure collectd for relevant stats and front end
* configure memory allocation of memcache, mysql qcache, apc
* configure postfix (relay through google apps?)
* auto-configure ssh key?
* auto-create a self-signed ssl certificate?
* setup a drush user and adjust file permissions
* configure sudo
* setup hostname and hosts
* tweak cron jobs for drupal cron, awstats, duplicity off site backup
I've been looking over the Pantheon Mercury step-by-step, Visualfox's recipes, and Barracuda/Octopus.
What am I forgetting?
Comments
I too have been working on
I too have been working on something similar, if you throw up a repo somewhere I'd be happy to contribute as well :)
Dont forget all the work
Dont forget all the work perusio has done,
https://github.com/perusio/drupal-with-nginx
I have yet to get it to fully work since im using ubuntu 10.04 and all the packages are old as dirt, and requires a bunch of hackery.. i posted my exp so far in this group.
We can include perusio's
We can include perusio's config along with other nginx configs, but this would really be about a puppet script that would install all your daemons and configure them all and if you wanted to you could spin up a new vps and do "puppet apply drunx-stack" and you'd have a completely working site.
You could also add a new domain name to the master puppet file and it'd configure nginx, create your mysql db and user, add your drush alias, configure awstats, configure postfix for relay, create a new solr shard, etc.
It's not only about convenience and time savings though. It's about standardization, making sure you've got all the same tweaks to every site and machine. And every tweak is versioned and trackable.
So i would add to the list
So i would add to the list either phpmyadmin which always has security issues , but this seems like a winner and their is a nginx config
http://www.chive-project.com/
I also have a fix-perm script that runs you pass it the path and the user and it sets the proper permissions.
If you want to store your files folder in Amazon s3 bucket we use this command http://s3tools.org/s3cmd to sync , right now just image cache stuff gets off loaded.
Those sound good. I use
Those sound good. I use phpmyadmin behind a password and ssl and s3cmd as part of duplicity.
Good idea
But I think it should be as empty as possible. Install all you need to get Nginx + drupal working. For example: I don't see any reason to force a web client for the DB.
As stated above
phpmyadminis a total security disaster, so I wouldn't touch it even with a 12 foot pole.There have been issues also with
awstats. It should be as minimal as possible. I also think that tweaking the DB and even Nginx is quite difficult to do in a generic fashion.Otherwise there's already Barracuda that provides a server out of the box with much of what you aim to provide. Hélas is not puppet or chef based.
Of course it's your time and initiative. I just happen to prefer more loose approaches. I also happen to think that people that use puppet or chef on a daily basis don't usually set up a do-it-all server, but rather use stacks that are more vertically integrated, in the sense that the machine that runs drupal is not usually the machine that collects statistics, for example.
Perhaps the best thing would be to split the script in several components so that each person can adapt to his/her own needs.
Just an idea.
I appreciate the input and I
I appreciate the input and I agree that such a project should be as modular and minimal as the user wants.
Installation of phpmyadmin would depend on a config file line like:
# general configuration$::phpmyadmin = true
And installation of awstats for a given domain would be along the lines of:
# Drupal sitesdrunx::site {
"www.mysite.com":
db => "mysite",
dbuser => "mysite",
root_dir => "/srv/www/mysite",
solr => true,
awstats => false,
memcache => true,
"www.myothersite.com":
db => "othersite",
dbuser => "othersite",
solr => false,
awstats => true,
memcache => true,
}
So if the user didn't want awstats or phpmyadmin for any sites, then the package or software wouldn't even be installed on the machine. There's practically no overhead for including these features. The puppet system of dependencies makes this the preferred way of installing things.
Security of phpmyadmin and awstats and other admin software would be improved by automatically creating a self-signed cert and placing these items behind ssl and passwords. For those folks that want them.
I'm definitely looking to Barracuda for ideas. Configuration management software was created specifically to deal with the limitations of using bash/perl/python scripts for server configs.
As for a do-it-all approach, I agree on that, except that this puppet config, at least at first, will specifically target people who want a full drupal web server on one machine, which I believe is a common enough situation.
Thanks for the concerns. Keep em coming.
I would like to see quite a
I would like to see quit a bit of emphasis on caching from the nginx side to micro caching also with some maybe default configs based upon the systems ram.
Personally I would like to have this but not set up for multi site,I personally fire up a box per site I'm building .
Awstas is ok also something's that help it is the geoip plugin which last time I installed awstats it required some extra steps.
One of the hardest things I keep struggling with is a proper nginx config for php-fpm and Drupal. So many many damn things you can do and for me it's been kinda a do something, it doesn't work, google for a few hours etc.. I must unfortunately don't have that time.
Also the flavor of *nix can install older packages or someone has to back port etc.. Hence my original post on installing it on ubuntu
I would suggest adding xcache
I would suggest adding xcache as well.
Konstantin Boyandin
System administrator & Web programmer
Email: konstantin at boyandin dot com
One thing that puppet doesn't
One thing that puppet doesn't do is recompile software. It is not intended to replace the package manager that comes with your distro.
We could certainly include xcache as soon as someone compiles it into a deb for 12.04. I won't be doing that myself, but from searching Launchpad https://launchpad.net/ubuntu/+ppas?name_filter=xcache someone probably will.
Continuous Development tools
For continuous development with Drupal, I use Jenkins, Aegir, and either Capistrano or Fabric. I would love to contribute if we could get this thrown up in a repository somewhere
I created a vagrant box with
I created a vagrant box with percona 5.5, nginx, php 5 on https://github.com/hackerhub/boxes