We will implement a tooling website solution which makes access to DevOps tools within the corporate infrastructure easily accessible.
In this project we will implement a solution that consists of following components:
- Infrastructure: AWS
- Webserver Linux: Red Hat Enterprise Linux 8
- Database Server: Ubuntu 20.04 + MySQL
- Storage Server: Red Hat Enterprise Linux 8 + NFS Server
- Programming Language: PHP
- Code Repository: GitHub
-
Lunch 3 redhat EC2 instances in AWS. Label one
NFS Server
and the other 2webserver-1
andwebserver-2
. -
We create and attach a 15gb volume to our
NFS server
making sure the volume is in the sameavailability zone
as ourNFS Server
-
Login to the
NFS server
and runlsblk
command to see our newly attached device listed asxvdf
. -
Next, we create a single partition on each of our newly created disk.
-
Next, we install
lvm2
usingsudo yum install lvm2
, with this we can create a logical volume. -
We create a physical volume using
sudo pvcreate /dev/xvdf1
-
Run
sudo pvs
-
Next, we create a
volume group
namedwebdata-vg
by running
sudo vgcreate webdata-vg /dev/xvdf1
- Verify volume group is successfully created by running
sudo vgs
- We use
lvcreate
utility to create 2 logical volumes namelyapps-lv
(which would be used to store data for the website) andlogs-lv
(this will be used to store data for logs). We divide our physical volume between them withe each getting equal halves.
sudo lvcreate -n lv-apps -L 5G webdata-vg
sudo lvcreate -n lv-logs -L 5G webdata-vg
sudo lvcreate -n lv-opt -L 100%FREE webdata-vg
-
Run
sudo lvs
to verify that the Logical Volume has been successfully created. -
We use
mkfs.xfs
to format the logical volumes with ext4 filesystem
sudo mkfs.xfs /dev/webdata-vg/lv-apps
sudo mkfs.xfs /dev/webdata-vg/lv-logs
sudo mkfs.xfs /dev/webdata-vg/lv-opt
- Create mount points on /mnt directory for the logical volumes as follow:
- Mount
lv-apps
on/mnt/apps
- To be used by webservers - Mount
lv-logs
on/mnt/logs
- To be used by webserver logs - Mount
lv-opt
on/mnt/opt
- To be used by Jenkins server .
- create /mnt directory and the necessary folders
sudo mkdir /mnt/apps
sudo mkdir /mnt/logs
sudo mkdir /mnt/opt
- Mount the logical volumes on their respective diretories.
sudo mount /dev/webdata-vg/lv-apps /mnt/apps
sudo mount /dev/webdata-vg/lv-logs /mnt/logs
sudo mount /dev/webdata-vg/lv-opt /mnt/opt
Run df -h
so the our mounted directories.
- We make the our mount persist by updating
/etc/fstab/
with our LVUUID
- Run
sudo blkid
to getUUID
number - Run
sudo vi /etc/fstab
and update as shown in the image below - Confirm the by running
sudo mount - a
- Reload the daemon by running
sudo systemctl daemon-reload
- Install the following:
sudo yum -y update
sudo yum install nfs-utils -y
sudo systemctl start nfs-server.service
- Set up permission that will allow our Web servers to read, write and execute files on NFS Server:
sudo chown -R nobody: /mnt/apps
sudo chown -R nobody: /mnt/logs
sudo chown -R nobody: /mnt/opt
sudo chmod -R 777 /mnt/apps
sudo chmod -R 777 /mnt/logs
sudo chmod -R 777 /mnt/opt
Restart the nfs service
sudo systemctl restart nfs-server.service
- Configure access to NFS for clients within the same subnet
sudo vi /etc/exports
/mnt/apps <Subnet-CIDR>(rw,sync,no_all_squash,no_root_squash)
/mnt/logs <Subnet-CIDR>(rw,sync,no_all_squash,no_root_squash)
/mnt/opt <Subnet-CIDR>(rw,sync,no_all_squash,no_root_squash)
sudo exportfs -arv
- Check which port is used by NFS and open it using Security Groups (add new Inbound Rule)
rpcinfo -p | grep nfs
-
In order for NFS server to be accessible from our webservers, we must open following ports: TCP 111, UDP 111, TCP 2049 and UDP 2049
- Spin up an Ubuntu instance on aws
- Install mysql server
sudo apt install mysql-server
- configure mysql by running
sudo mysql_secure_installation
- Follow the on screen prompts to set up password and login into mysql
- log into my mysql using
sudo mysql
- create a database named tooling
create database tooling;
- create user with name webacces
CREATE USER 'webaccess'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
GRANT ALL PRIVILEGES ON tooling.* TO 'webaccess'@'%' WITH GRANT OPTION;
- Exit
- Edit bind address in mysql configuration file to allow traffic.
sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
- Change bind address to
0.0.0.0
- Restart msyql service
sudo systemctl restart mysql
To store shared files for our Web Servers, we will utilize NFS and mount our previously created Logical Volume
lv-apps
to the folder where Apache stores files to be served to the users/var/www
- Configure NFS client (this step must be done on all three servers)
- Deploy a Tooling application to our Web Servers into a shared NFS folder
- Configure the Web Servers to work with a single MySQL database
- Launch a new EC2 instance with RHEL 8 Operating System
- Install NFS client
sudo yum install nfs-utils nfs4-acl-tools -y
- Mount
/var/www
and target NFS's export/mnt/apps
sudo mkdir /var/www
sudo mount -t nfs -o rw,nosuid <NFS-Server-Private-IP-Address>:/mnt/apps /var/www
sudo vi /etc/fstab
add the following line
<NFS-Server-Private-IP-Address>:/mnt/apps /var/www nfs defaults 0 0
- Install apache
sudo yum install httpd -y
- Start apache
sudo systemctl enable httpd
sudo systemctl start httpd
- Install PHP and it's dependencies
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo yum install yum-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo yum module list php
sudo yum module reset php
sudo yum module enable php:remi-7.4
sudo yum install php php-opcache php-gd php-curl php-mysqlnd
sudo systemctl start php-fpm
sudo systemctl enable php-fpm
setsebool -P httpd_execmem 1
- Backup
/var/log/httpd
sudo mv /var/log/httpd /var/log/httpd.bak
It's very important to backup our httpd folder because mounting the httpd folder on NFS server would delete everything inside the folder which would cause serious errors.
- Mount
/var/log/httpd
and target NFS's export/mnt/logs
sudo mount -t nfs -o rw,nosuid <NFS-Server-Private-IP-Address>:/mnt/logs /var/log/httpd
11. Make sure that the changes will persist on Web Server after reboot
sudo vi /etc/fstab
add the following line
<NFS-Server-Private-IP-Address>:/mnt/logs /var/log/httpd nfs defaults 0 0
- Make sudo to restart deamon by doing
sudo systemctl daemon-reloadn
Copy the contents of apache backup folder into the active apache folder
sudo cp -R var/log/httpd.bak/. /var/log/httpd
- Restart apache
sudo systemctl restart httpd
- Install git
sudo dnf install git
- Clone tooling repo
git clone https://github.com/realayo/tooling.git
- Change directory to tooling folder and copy html folder to
/var/www
cd tooling
cp - R html /var/www/
- Edit functions.php in html folder and add our database values in there
cd /var/www/html
sudo vi functions.php
Save and exit 20. Configure SElinux policies
sudo setsebool -P httpd_can_network_connect=1
sudo setsebool -P httpd_use_nfs 1
sudo setsebool -P httpd_can_network_connect_db 1
- Repeat steps 1-20 on the other 2 webservers
- Install mysql
sudo yum install mysql-server -y
- Navigate into tooling folder and apply tooling script
cd tooling
mysql -h 172.31.45.212 -u webaccess -p tooling < tooling-db.sql
- On Database server
create a user named
myuser
with passwordpassword
CREATE USER 'myuser'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
GRANT ALL PRIVILEGES ON tooling.* TO 'myuser'@'%' WITH GRANT OPTION;
- Insert new records into table
users
INSERT INTO users (id, username, password, email, user_type, status) VALUES ('1', 'myuser', '5f4dcc3b5aa765d61d8327deb882cf99', 'user@mail.com', 'admin', '1');
- Repeat steps 1-4 on the other 2 web servers
Finally, navigate to http://<Web-Server-Public-IP-Address-or-Public-DNS-Name>/index.php
on your browswer and make sure you can login into the website with myuser
user.
Remember to add TCP port 80 and TCP port 3036 in your inbound security group.