-
Notifications
You must be signed in to change notification settings - Fork 22
Server Management
Randy, Chris Russo, Andrew Hughes-Onslow and Kosta Harlan have full access and control of the server, including ssh, sudo, and access to the vendor’s server control panel.
Mark Martin and Jack Turner know most everything about Warmshowers.org, membership, member management, policy, and who to talk to about what.
Cyril Wendl knows and manages the translators and everything about the translations.
The server is hosted at OVH.com. Chris and Kosta have access to the control panel and could contact OVH for help. Email notifications, though, would go to Randy so you'd have to refresh the control panel pages to get more access.
DNS is controlled on Randy’s Dreamhost account. The domain registrar is currently Godaddy. On Randy’s account.
It seems that currently a problem with one of these would be complex. Randy also has both set up with 2-factor authentication.
The server is Ubuntu 12.04LTS running nginx for webserving and Mariadb as a drop-in mysql replacement. It uses php-fpm for serving PHP. Memcached is used for caching of Drupal cache items.
The Drupal code for Warmshowers.org is in /var/www/warmshowers_org.
All outgoing mail is handled by postfix and delivered via SMTP to Mandrill. Mail Handling is documented in the Mandrill page
Mail Handling is one of the most sensitive things we do, since a failure would look like silent betrayal of the entire membership. Please make sure you understand how mail handling works.
We use Nagios to watch the server (http://monitor.thefays.us/nagios3/). It monitors memory, disk, SSL cert, etc. The monitoring server, though, is on AWS, and there can be network outages. If you see a "connection timed out" on a notification, don’t worry about it unless you see it doesn’t recover in 10 minutes or so.
Backups are done using duplicity. Documentation of the basic technique (my notes) is at evernote link
Backups are sent over to Amazon S3 in encrypted form. The key here is you can never access the backups without the private key used to create them. Randy, Chris, and Kosta have the secret key and the backup script with access to the AWS S3 bucket in Lastpass. Normally, you’d just use root on the server for access to this stuff; the exception would be if the server were completely lost/destroyed.
- Server reboot: "sudo reboot"
- Nginx restart: "sudo service nginx restart"
- PHP-fpm restart: "sudo service php-fpm restart"
- Mariadb restart: "sudo service mysql restart"
- Memcache restart/flush: "sudo service memcached restart"
- Update security packages: "sudo unattended-upgrade"