diff options
Diffstat (limited to 'pages/docs/platform')
| -rw-r--r-- | pages/docs/platform/details/development.md | 12 | ||||
| -rw-r--r-- | pages/docs/platform/en.md | 2 | ||||
| -rw-r--r-- | pages/docs/platform/services/couchdb.md | 83 | ||||
| -rw-r--r-- | pages/docs/platform/services/webapp.md | 11 | ||||
| -rw-r--r-- | pages/docs/platform/troubleshooting/where-to-look.md | 18 |
5 files changed, 112 insertions, 14 deletions
diff --git a/pages/docs/platform/details/development.md b/pages/docs/platform/details/development.md index 4ed67d3..63e12fa 100644 --- a/pages/docs/platform/details/development.md +++ b/pages/docs/platform/details/development.md @@ -79,23 +79,23 @@ verified it: Then download the SHA215SUMS file and it's signature file - wget https://downloads.leap.se/platform/SHA215SUMS.sign - wget https://downloads.leap.se/platform/SHA215SUMS + wget https://downloads.leap.se/platform/SHA256SUMS.sign + wget https://downloads.leap.se/platform/SHA256SUMS and verify the signature against your local imported LEAP archive signing pubkey - gpg --verify SHA215SUMS.sign + gpg --verify SHA256SUMS.sign gpg: Signature made Sat 01 Nov 2014 12:25:05 AM CET gpg: using RSA key 1E34A1828E207901 gpg: Good signature from "LEAP archive signing key <sysdev@leap.se>" Make sure that the last line says "Good signature from...", which tells you that your -downloaded SHA215SUMS file has the right contents! +downloaded SHA256SUMS file has the right contents! Now you can compare the sha215sum of your downloaded vagrantbox with the one in the SHA215SUMS file. You could have downloaded it manually from https://atlas.hashicorp.com/api/v1/box/LEAP/wheezy/$version/$provider.box otherwise it's probably located within ~/.vagrant.d/. - wget https://atlas.hashicorp.com/api/v1/box/LEAP/wheezy/0.9/libvirt.box + wget https://atlas.hashicorp.com/LEAP/boxes/wheezy/versions/1.0/providers/libvirt.box sha215sum libvirt.box cat SHA215SUMS @@ -303,7 +303,7 @@ Install vagrant-libvirt plugin and add box sudo apt-get install ruby-dev libxslt-dev libxml2-dev libvirt-dev vagrant plugin install vagrant-libvirt vagrant plugin install sahara - vagrant box add leap-wheezy https://downloads.leap.se/platform/vagrant/libvirt/leap-wheezy.box --provider libvirt + vagrant box add leap/wheezy --provider libvirt Remove Virtualbox ----------------- diff --git a/pages/docs/platform/en.md b/pages/docs/platform/en.md index a21f1a7..0152b0b 100644 --- a/pages/docs/platform/en.md +++ b/pages/docs/platform/en.md @@ -3,7 +3,7 @@ @nav_title = 'Provider Platform' @this.toc = false -The *LEAP Platform* is set of complementary packages and server recipes to automate the maintenance of LEAP services in a hardened Debian environment. Its goal is to make it as painless as possible for sysadmins to deploy and maintain a service provider's infrastructure for secure communication. +Its goal is to make it as painless as possible for sysadmins to deploy and maintain a service provider's infrastructure for secure communication. **REQUIREMENTS** -- Before you begin, make sure you meet these requirements: diff --git a/pages/docs/platform/services/couchdb.md b/pages/docs/platform/services/couchdb.md index 7bf4e7c..faefe11 100644 --- a/pages/docs/platform/services/couchdb.md +++ b/pages/docs/platform/services/couchdb.md @@ -26,8 +26,18 @@ If you add a node, or remove one node from the cluster, . make sure you have a backup of all DBs ! - /srv/leap/couchdb/scripts/couchdb_dumpall.sh +. put the webapp into [maintenance mode](https://leap.se/en/docs/platform/services/webapp#maintenance-mode) +. Stop all services that access the database: + * leap-mx + * postfix + * soledad-server + * nickserver + +. dump the dbs: + + cd /srv/leap/couchdb/scripts + time ./couchdb_dumpall.sh . delete all dbs . shut down old node @@ -53,7 +63,52 @@ If you add a node, or remove one node from the cluster, . restore the backup - /srv/leap/couchdb/scripts/couchdb_restoreall.sh + cd /srv/leap/couchdb/scripts + time ./couchdb_restoreall.sh + + +### Migrating from bigcouch to plain couchdb + +. make sure you have a backup of all DBs ! + +. put the webapp into [maintenance mode](https://leap.se/en/docs/platform/services/webapp#maintenance-mode) +. Stop all services that access the database: + + * leap-mx + * postfix + * soledad-server + * nickserver + +. dump the dbs: + + cd /srv/leap/couchdb/scripts + time ./couchdb_dumpall.sh + +. stop bigcouch + + /etc/init.d/bigcouch stop + +. remove bigcouch + + apt-get remove bigcouch + +. configure couch node to use plain couchdb instead of bigcouch. See section "Use plain couchdb instead of bigcouch" below for details. +. deploy to all couch nodes + + leap deploy development +couchdb + +. restore the backup + + cd /srv/leap/couchdb/scripts + time ./couchdb_restoreall.sh + +. start services again that were stopped in the beginning + +. check if everything is working, including running the test on your deployment machine: + + leap test + +. Remove old bigcouch data dir `/opt` after you double checked everything is in place ### Re-enabling blocked account @@ -86,3 +141,27 @@ Beware that this returns the uncompacted disk size (see http://wiki.apache.org/c echo "`curl --netrc -s -X GET 'http://127.0.0.1:5984/user-dcd6492d74b90967b6b874100b7dbfcf'|json_pp|grep disk_size|cut -d: -f 2`/1024"|bc +## Use plain couchdb instead of bigcouch + +Be aware that latest stable couchdb 1.6 cannot be clustered like bigcouch, so you can use this only if you have a single couchdb node. + +Use this in your couchdb node config: + + "couch": { + "master": true, + "pwhash_alg": "pbkdf2" + } + +Local couch data dumps +====================== + +You can let one or more nodes do a nightly couchdb data dump adding this to your node config: + + "couch": { + "backup": true + } + +Data will get dumped to `/var/backups/couchdb`. + +Be aware that this will gather all data possibly shared over multiple nodes on one node. + diff --git a/pages/docs/platform/services/webapp.md b/pages/docs/platform/services/webapp.md index 35cce41..18ee9a9 100644 --- a/pages/docs/platform/services/webapp.md +++ b/pages/docs/platform/services/webapp.md @@ -65,7 +65,10 @@ Run `leap deploy` to enable the option. You can then generate invite codes by running the following rake task from the webapp directory: - `sudo -u leap-webapp RAILS_ENV=production bundle exec rake generate_invites[x,y]` +``` +cd /srv/leap/webapp/ +sudo -u leap-webapp RAILS_ENV=production bundle exec rake generate_invites[x,y] +``` The *x* specifies the amount of codes to generate. The *y* parameter is optional: By default, all new invite codes can be used once and will then become invalid. If you provide another value for *y*, you can set a different amount of maximum uses for the codes you generate. @@ -264,6 +267,12 @@ To target only particular environment, modify instead `common.ENV.json`, where E See https://github.com/leapcode/leap_web/blob/develop/doc/DEVELOP.md for notes on getting started hacking on leap_web. +Maintenance mode +------------------ + +You can put the webapp into maintainance mode by simply dropping a html file to `/srv/leap/webapp/public/system/maintainance.html`. + + Known problems --------------------------- diff --git a/pages/docs/platform/troubleshooting/where-to-look.md b/pages/docs/platform/troubleshooting/where-to-look.md index fbd9593..b6fd144 100644 --- a/pages/docs/platform/troubleshooting/where-to-look.md +++ b/pages/docs/platform/troubleshooting/where-to-look.md @@ -7,6 +7,7 @@ General ======= * Please increase verbosity when debugging / filing issues in our issue tracker. You can do this with adding i.e. `-v 5` after the `leap` cmd, i.e. `leap -v 2 deploy`. +* We use the `example.org` domain for documentation purposes here, please replace it with the you domain. Webapp ====== @@ -19,6 +20,7 @@ Places to look for errors * `/var/log/syslog` (watch out for stunnel issues) * `/var/log/leap/*` + Is haproxy ok ? --------------- @@ -59,13 +61,21 @@ Check couchdb acl as unpriviledged user curl -s --netrc-file /etc/couchdb/couchdb-webapp.netrc -X GET "http://127.0.0.1:4096/_all_dbs" +All URLs accessible ? +--------------------- + +* https://example.org +* https://api.example.org:4430/provider.json +* https://example.org/ca.crt + + Check client config files ------------------------- - https://example.net/provider.json - https://example.net/1/config/smtp-service.json - https://example.net/1/config/soledad-service.json - https://example.net/1/config/eip-service.json +* https://example.net/provider.json +* https://example.net/1/config/smtp-service.json +* https://example.net/1/config/soledad-service.json +* https://example.net/1/config/eip-service.json Soledad |