We will implement a tooling website solution which makes access to DevOps tools within the corporate infrastructure easily accessible.
In this project we will implement a solution that consists of following components:
- Infrastructure: AWS
- Webserver Linux: Red Hat Enterprise Linux 8
- Database Server: Ubuntu 20.04 + MySQL
- Storage Server: Red Hat Enterprise Linux 8 + NFS Server
- Programming Language: PHP
- Code Repository: GitHub
-
Lunch 3 redhat EC2 instances in AWS. Label one
NFS Serverand the other 2webserver-1andwebserver-2. -
We create and attach a 15gb volume to our
NFS servermaking sure the volume is in the sameavailability zoneas ourNFS Server -
Login to the
NFS serverand runlsblkcommand to see our newly attached device listed asxvdf.
-
Next, we create a single partition on each of our newly created disk.
-
Run
sudo gdisk /dev/xvdf
-
Next, we install
lvm2usingsudo yum install lvm2, with this we can create a logical volume. -
We create a physical volume using
sudo pvcreate /dev/xvdf1 -
Run
sudo pvs -
Next, we create a
volume groupnamedwebdata-vgby running
sudo vgcreate webdata-vg /dev/xvdf1
- Verify volume group is successfully created by running
sudo vgs - We use
lvcreateutility to create 2 logical volumes namelyapps-lv(which would be used to store data for the website) andlogs-lv(this will be used to store data for logs). We divide our physical volume between them withe each getting equal halves.
sudo lvcreate -n lv-apps -L 5G webdata-vg
sudo lvcreate -n lv-logs -L 5G webdata-vg
sudo lvcreate -n lv-opt -L 100%FREE webdata-vg
-
Run
sudo lvsto verify that the Logical Volume has been successfully created.
-
We use
mkfs.xfsto format the logical volumes with ext4 filesystem
sudo mkfs.xfs /dev/webdata-vg/lv-apps
sudo mkfs.xfs /dev/webdata-vg/lv-logs
sudo mkfs.xfs /dev/webdata-vg/lv-opt
- Create mount points on /mnt directory for the logical volumes as follow:
- Mount
lv-appson/mnt/apps- To be used by webservers - Mount
lv-logson/mnt/logs- To be used by webserver logs - Mount
lv-opton/mnt/opt- To be used by Jenkins server .
- create /mnt directory and the necessary folders
sudo mkdir /mnt/apps
sudo mkdir /mnt/logs
sudo mkdir /mnt/opt
- Mount the logical volumes on their respective diretories.
sudo mount /dev/webdata-vg/lv-apps /mnt/apps
sudo mount /dev/webdata-vg/lv-logs /mnt/logs
sudo mount /dev/webdata-vg/lv-opt /mnt/opt
Run df -h so the our mounted directories.
- We make the our mount persist by updating
/etc/fstab/with our LVUUID - Run
sudo blkidto getUUIDnumber - Run
sudo vi /etc/fstaband update as shown in the image below
- Confirm the by running
sudo mount - a - Reload the daemon by running
sudo systemctl daemon-reload
- Install the following:
sudo yum -y update
sudo yum install nfs-utils -y
sudo systemctl start nfs-server.service
- Set up permission that will allow our Web servers to read, write and execute files on NFS Server:
sudo chown -R nobody: /mnt/apps
sudo chown -R nobody: /mnt/logs
sudo chown -R nobody: /mnt/opt
sudo chmod -R 777 /mnt/apps
sudo chmod -R 777 /mnt/logs
sudo chmod -R 777 /mnt/opt
Restart the nfs service
sudo systemctl restart nfs-server.service
- Configure access to NFS for clients within the same subnet
sudo vi /etc/exports
/mnt/apps <Subnet-CIDR>(rw,sync,no_all_squash,no_root_squash)
/mnt/logs <Subnet-CIDR>(rw,sync,no_all_squash,no_root_squash)
/mnt/opt <Subnet-CIDR>(rw,sync,no_all_squash,no_root_squash)
sudo exportfs -arv
- Check which port is used by NFS and open it using Security Groups (add new Inbound Rule)
rpcinfo -p | grep nfs
-
In order for NFS server to be accessible from our webservers, we must open following ports: TCP 111, UDP 111, TCP 2049 and UDP 2049
- Spin up an Ubuntu instance on aws
- Install mysql server
sudo apt install mysql-server - configure mysql by running
sudo mysql_secure_installation - Follow the on screen prompts to set up password and login into mysql
- log into my mysql using
sudo mysql - create a database named tooling
create database tooling;
- create user with name webacces
CREATE USER 'webaccess'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
GRANT ALL PRIVILEGES ON tooling.* TO 'webaccess'@'%' WITH GRANT OPTION;
- Exit
- Edit bind address in mysql configuration file to allow traffic.
sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
- Change bind address to
0.0.0.0 - Restart msyql service
sudo systemctl restart mysql
To store shared files for our Web Servers, we will utilize NFS and mount our previously created Logical Volume
lv-appsto the folder where Apache stores files to be served to the users/var/www
- Configure NFS client (this step must be done on all three servers)
- Deploy a Tooling application to our Web Servers into a shared NFS folder
- Configure the Web Servers to work with a single MySQL database
- Launch a new EC2 instance with RHEL 8 Operating System
- Install NFS client
sudo yum install nfs-utils nfs4-acl-tools -y
- Mount
/var/wwwand target NFS's export/mnt/apps
sudo mkdir /var/www
sudo mount -t nfs -o rw,nosuid <NFS-Server-Private-IP-Address>:/mnt/apps /var/www
- Verify by running
df -h
- Make sure that the changes will persist on Web Server after reboot
sudo vi /etc/fstab
add the following line
<NFS-Server-Private-IP-Address>:/mnt/apps /var/www nfs defaults 0 0
- Install apache
sudo yum install httpd -y
- Start apache
sudo systemctl enable httpd
sudo systemctl start httpd
- Install PHP and it's dependencies
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo yum install yum-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo yum module list php
sudo yum module reset php
sudo yum module enable php:remi-7.4
sudo yum install php php-opcache php-gd php-curl php-mysqlnd
sudo systemctl start php-fpm
sudo systemctl enable php-fpm
setsebool -P httpd_execmem 1
- Backup
/var/log/httpd
sudo mv /var/log/httpd /var/log/httpd.bak
It's very important to backup our httpd folder because mounting the httpd folder on NFS server would delete everything inside the folder which would cause serious errors.
- Mount
/var/log/httpdand target NFS's export/mnt/logs
sudo mount -t nfs -o rw,nosuid <NFS-Server-Private-IP-Address>:/mnt/logs /var/log/httpd
11. Make sure that the changes will persist on Web Server after reboot
sudo vi /etc/fstab
add the following line
<NFS-Server-Private-IP-Address>:/mnt/logs /var/log/httpd nfs defaults 0 0
- Make sudo to restart deamon by doing
sudo systemctl daemon-reloadn
Copy the contents of apache backup folder into the active apache folder
sudo cp -R var/log/httpd.bak/. /var/log/httpd
- Restart apache
sudo systemctl restart httpd
- Install git
sudo dnf install git
- Clone tooling repo
git clone https://github.com/realayo/tooling.git
- Change directory to tooling folder and copy html folder to
/var/www
cd tooling
cp - R html /var/www/
- Edit functions.php in html folder and add our database values in there
cd /var/www/html
sudo vi functions.php
Save and exit
20. Configure SElinux policies
sudo setsebool -P httpd_can_network_connect=1
sudo setsebool -P httpd_use_nfs 1
sudo setsebool -P httpd_can_network_connect_db 1
- Repeat steps 1-20 on the other 2 webservers
- Install mysql
sudo yum install mysql-server -y
- Navigate into tooling folder and apply tooling script
cd tooling
mysql -h 172.31.45.212 -u webaccess -p tooling < tooling-db.sql
- On Database server
create a user named
myuserwith passwordpassword
CREATE USER 'myuser'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
GRANT ALL PRIVILEGES ON tooling.* TO 'myuser'@'%' WITH GRANT OPTION;
- Insert new records into table
users
INSERT INTO users (id, username, password, email, user_type, status) VALUES ('1', 'myuser', '5f4dcc3b5aa765d61d8327deb882cf99', 'user@mail.com', 'admin', '1');
- Repeat steps 1-4 on the other 2 web servers
Finally, navigate to http://<Web-Server-Public-IP-Address-or-Public-DNS-Name>/index.php on your browswer and make sure you can login into the website with myuser user.
Remember to add TCP port 80 and TCP port 3036 in your inbound security group.