|
VMwareDesign
vmware considerations and best practices
see also vmware documents test matrix appliance guidelines SecurityTry to keep the distributed image as secure as possible. As an image or clone, any security weaknesses in one copy will be present in all copies until the image security issue is addressed or the image patched and updated. Any personal/institutional information or passwords should not be included as part of the distributed image(remove/change before merge/distribution). #system users: root, user, xeniaprod files: /etc/hosts.allow applications: java/tomcat, geoserver #postgres users: postgres, xeniaprod files: pg_hba.conf /home/xeniaprod/config StorageTry to keep the distributed image physical disk size as small as possible. Relevant applications and software should be included on the image, but large associated datasets should be referenced off-image with documentation regarding access as a separate link or download. #system /usr2/data/xeniaprod #postgres /usr2/pg_data OrganizationTry to keep the applications and their locations or associated crons as organized as possible. For the Xenia related scripts, everything should be currently located under the directory branch /home/xeniaprod and accessed via the user xeniaprod with an associated crontab for running user 'xeniaprod' scripts. There is one user crontab entry under user 'root' relating to nightly cleanup of files generated by apache/web user 'www-data'. The folders/scripts under /home/xeniaprod should reflect the same xenia project svn folder/scripts structure for consistency between the project and svn. This will not be true for the initial version 1.0 release(svn will lag image scripts due to many conversion changes), but should be corrected in upcoming release. Code/ScriptsTry to make configuration easier by placing all configuration options and security information within the same or a few config files (say in XML format). Failing this, try to use comment LABELS which are documented and easily seen and searched for in the code. Try to make common code flexible enough for reuse in a variety of possible contexts. For instance, would prefer to have one script with a few database flag options (Oracle,SQL Server, PostgreSQL, MySQL, Sqlite, etc) than several scripts which only vary by their database connection method and small differences in SQL syntax. Checklistsearch for #VM_CONFIG in effected files #stop crons - root, xeniaprod #enable #VM_CONFIG xeniaprod: crontab -e #possible federal(nos,nws,etc) or other feeds in xeniaprod crontab #enable feeds as needed /home/xeniaprod/cron/getObskml.sh /home/xeniaprod/cron/mk_xenia_all_latest.sh = #bootup /etc/rc.local - mountpoints, postgres #amazon ec2 dhcp sshd_config #postgres optional - database size on /usr2, delete old records - backup(pg_dump),vacuum,reindex user passwds - user,root,postgres,xeniaprod - passwd <username> psql -U postgres -h xxx.xxx.xxx.xxx alter user postgres with password 'postgres99'; alter user xeniaprod with password 'xeniaprod99'; #enable #VM_CONFIG ip addresses sudo vi /usr2/pg_data/pg_hba.conf cd /home/xeniaprod/config #database user/password grep '99' * grep 'VM_CONFIG' * dbConfig.ini environment_xenia_default.xml /etc/hosts.allow #ssh ip access /etc/exports #nfs remote mount access = #remove hidden log, history files cd /home/xeniaprod ls -la -sort rm .sqlite_history rm .ssh/known_hosts rm .gnuplot_history rm .bash_history rm .psql_history rm /var/lib/postgresql/.psql_history #remove old log, tmp files under /usr2 = clear users history (history -c) clear apache/tomcat, application logs (access_log) ls -sort -h /var/log/apache2/ = optional - reboot, check ps-auxf, top #VM_CONFIG notesroot@gisvm:/# cd /home/xeniaprod/ root@gisvm:/home/xeniaprod# grep -r 'VM_CONFIG' * cron/getObskml.sh:#VM_CONFIG add wget of additional ObsKML files here cron/getObskml.sh:#VM_CONFIG start cron/getObskml.sh:#VM_CONFIG end cron/mk_xenia_all_latest.sh:#VM_CONFIG start - add org name ObsKML metadata file reference below cron/mk_xenia_all_latest.sh:#VM_CONFIG end cron/styleLatest.pl:#VM_CONFIG add additional org names to below array to create styled KMZ config/environment_xenia_default.xml: <!-- #VM_CONFIG --> <http_xenia_graph>http://129.252.37.90/xenia/time_series/get_graph.php?</http_xenia_graph> config/emailAlertsConfig.xml: <host>129.252.37.90</host> <!-- #VM_CONFIG --> config/emailAlertsConfig.xml: <unsubscribeURL>http://neptune.baruch.sc.edu/xenia/rcoos/alerts/AlertsUnsubscribeRev2.php?</unsubscribeURL> <!-- #VM_CONFIG --> config/emailAlertsConfig.xml: <geoRSSURL>http://carocoops.org/~dramage_prod/seacoos/georss/</geoRSSURL> <!-- #VM_CONFIG --> config/emailAlertsConfig.xml: <surveyURL>http://carolinasrcoos.org/survey.php</surveyURL> <!-- #VM_CONFIG --> config/UptimeConfigPostgres.xml: <sensorplotphp>http://129.252.37.90/xenia/sensorgraph/DumpPlatformSensorReport.php?</sensorplotphp> <!-- #VM_CONFIG --> scripts/obskml/products/gearth/genPlacemarksObsKML.pl:my $host_http = 'http://129.252.37.90'; #VM_CONFIG scripts/obskml/products/html_tables/obskml_to_html_content_sqlite.pl:my $host_http = 'http://129.252.37.90'; #VM_CONFIG scripts/obskml/products/georss/ObsKMLToGeoRSS.pl: #VM_CONFIG $strDesc .= '<table><tr></br></tr><tr>Please fill out our survey and let us know your who/what/wheres and how we can improve the information to better serve you.<tr><a href="http://carolinasrcoos.org/survey.php">Survey</a></tr></table>'; scripts/postgresql/sos/difSOS.html:<!-- #VM_CONFIG http address --> scripts/postgresql/sos/difSOS.html:<!-- #VM_CONFIG http address --> scripts/postgresql/sos/difSOS.html:<!-- #VM_CONFIG http address where '129.252.37.90' --> scripts/postgresql/time_series/get_graph.php:$host_http = 'http://129.252.37.90'; #VM_CONFIG #optional cron/checkStatus.sh:#VM_CONFIG number of hour offset is 4th parameter(0 hours) in the examples below cron/checkStatus.sh:#VM_CONFIG number of max range for a magnified graph is 9th parameter(200) in the examples below cron/checkStatus.sh:#VM_CONFIG modify hour_offset from -3 to -30 hours depending on quickness of backfilling to archive file #ignore scripts/postgresql/import_export/xenia_to_obskml.pl:#VM_CONFIG START
scripts/postgresql/import_export/xenia_to_obskml.pl:#VM_CONFIG END
scripts/postgresql/import_export/obskml_to_xenia_postgresql.pl:#VM_CONFIG_START
scripts/postgresql/import_export/obskml_to_xenia_postgresql.pl:#VM_CONFIG_END
scripts/sqlite/sos/difSOS.html:<!-- #VM_CONFIG http address -->
scripts/sqlite/sos/difSOS.html:<!-- #VM_CONFIG http address -->
scripts/sqlite/sos/difSOS.html:<!-- #VM_CONFIG http address where 'carocoops' -->
scripts/sqlite/archive/pop_archive_db.pl:my $source_url = 'http://localhost/xenia/feeds/latest_raw.sql'; #VM_CONFIG
scripts/sqlite/flow_monitor/check_status.pl:my @org_array = qw(usgs nerrs ndbc nws); #VM_CONFIG
scripts/sqlite/flow_monitor/check_status.pl:my $host_http = 'http://129.252.37.90'; #VM_CONFIG
scripts/sqlite/flow_monitor/check_status.pl:my $smtp = Net::SMTP->new("xxx.xxx.xxx.xxx"); #VM_CONFIG substitute your SMTP mail server
scripts/sqlite/flow_monitor/check_status.pl:@to_array = qw(name\@somewhere.com name_2\@somewhere.com); #VM_CONFIG emails to notify if low sensor count
scripts/sqlite/flow_monitor/check_status.pl:@to_array = qw(name\@somewhere.com); #VM_CONFIG
scripts/sqlite/flow_monitor/status.lib:#VM_CONFIG in 'plot' statement below - if adding/removing org sensor counts, add a corresponding line to plot in graph
scripts/sqlite/time_series/get_graph.php:$host_http = 'http://129.252.37.90'; #VM_CONFIG
grep: scripts/postgresql/qaqc/platformuptime/graphsensorupdates/cgi-bin/sensorgraph: Too many levels of symbolic links
grep: src/mapfishtrunk/client/build/venv/include/python2.5/numpy: No such file or directory
grep: src/venv/include/python2.5/numpy: No such file or directory#/home/xeniaprod/config root@gisvm:/home/xeniaprod/config# grep -r '99' * config_moving.xml: <pwd>xeniaprod99</pwd> config.xml: <pwd>xeniaprod99</pwd> dbConfig.ini:password = xeniaprod99 dbConfig.ini:password = xeniaprod99 DrifterConfigPG.xml: <pwd>xeniaprod99</pwd> emailAlertsConfig.xml: <pwd>xeniaprod99</pwd> environment_xenia_default.xml: <passwd>xeniaprod99</passwd> rangeCheckConfig.xml: <pwd>xeniaprod99</pwd> UptimeConfigPostgres.xml: <pwd>xeniaprod99</pwd> Shortlist#within server image 1)stop xeniaprod crontab 2)comment out 'extra' data flow inputs 3)change db passwords, config file references 4)access - /etc/hosts.allow,/etc/exports,pg.hba 5)user passwords default/neutral set 6)clear user home history files, history 7)re-enable sample crontab flow #from vSphere power off image #from vCenter select image as source, destination as 'virtual appliance' and begin image copy #split image, edit version reference,etc to download wiki page E:\accord_backup\vmware\xeniavm20090722>c:\unxutils\usr\local\wbin\split.exe --b ytes=2000m xeniavm20090722.vmdk multi #move large single image to archive desktop folder, upload split image to torino via scp |
Sign in to add a comment
