βリリース環境構築手順
仕様書
2015/10/05
153.126.175.180 (Web)¶
host名設定¶
$ vi /etc/sysconfig/network
HOSTNAME=web1.i-joji.com
$ vi /etc/hosts
153.126.175.180 web1.i-joji.com web1
$ hostname web1.i-joji.com
ローカルIP設定¶
$ vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1" IPADDR="192.168.1.1" NETMASK="255.255.255.0" ONBOOT="yes" TYPE="Ethernet" IPV6INIT="yes" IPV6_ROUTER="no"
$ /etc/init.d/network restart
adminユーザー作成¶
$ useradd admin
$ passwd admin
sshd設定¶
$ vi /etc/ssh/sshd_config
PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes AllowUsers admin
$ /etc/init.d/sshd restart
日本語設定¶
$ vi /etc/sysconfig/i18n
LANG="ja_JP.UTF-8"
nodejsインストール¶
$ git clone https://github.com/creationix/nvm.git ~/.nvm
$ source ~/.nvm/nvm.sh
$ nvm install v0.12.7
$ node --version
v0.12.7
$ npm --version
2.11.3
$ vi ~/.bashrc
if [[ -s ~/.nvm/nvm.sh ]]; then source ~/.nvm/nvm.sh nvm use "v0.12.7" > /dev/null 2>&1 fi
pm2インストール¶
$ npm install pm2 -g
nodemonインストール¶
$ npm install -g nodemon
git flowインストール¶
$ cd /usr/local/src/
$ git clone --recursive git://github.com/nvie/gitflow.git
$ cd gitflow/
$ make install
x-generationリポジトリ取得¶
$ mkdir -p /var/www/
$ cd /var/www/
$ git clone admin@:/home/admin/git/x-generation.git
$ cd x-generation
git flow初期化¶
$ git flow init -d
リリースバージョン取得¶
$ git flow release track 1.0.0
$ git branch
develop
master
※ release/1.0.0
パッケージインストール¶
$ npm install
pm2経由でexpress起動¶
$ NODE_ENV=production NODE_PATH=./config:./app/controllers pm2 start bin/www
$ NODE_ENV=production NODE_PATH=./config:./app/controllers pm2 start bin/wwws
$ NODE_ENV=production NODE_PATH=./config:./app/controllers pm2 start cron/aggregation.js
$ NODE_ENV=production NODE_PATH=./config:./app/controllers pm2 start cron/sync.js
$ NODE_ENV=production NODE_PATH=./config:./app/controllers pm2 start cron/postback.js
$ NODE_ENV=production NODE_PATH=./config:./app/controllers pm2 start cron/log_sync.js
nginxインストール¶
$ rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
$ yum install nginx
$ mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/node-app.conf
$ vi /etc/nginx/conf.d/node-app.conf
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/log/host.access.log main;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://localhost:3000/;
}
}
$ vi /etc/nginx/conf.d/ssl.conf
# HTTPS server
server {
listen 443 ssl;
server_name i-joji.com;
ssl_certificate /etc/nginx/conf.d/ssl/i-joji.com.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/i-joji.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://localhost:3001/;
}
}
SSL設定¶
$ cd /etc/nginx/conf.d/
$ mkdir ssl
$ cd ssl
秘密鍵生成
$ openssl genrsa -des3 -out i-joji.com.key 2048
Enter pass phrase for i-joji.com.key: ign8020
パスワードなし変更
$ openssl rsa -in i-joji.com.key -out i-joji.com.key
$ cat i-joji.com.key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA8dhZtfCtxbnV/y0cHuN7JUMi4T6jbKtpBlokcNUW6lGm++wE
y8ztyEYaIu3qu9DI3haLoL3jFEZoB+215QF40HLyAacnJuDl/LRCnwZQ73cZdfva
7Unbiv++1cyA58nXClkooiU6X5IUM0VSTkvjJuR4LXNx0bTAts9K74StogaeZser
YapAYnSiTDHsYLaFPySLJ1UpN22foe70Kj1wr6vZoHtuPvJgPLlAqsoxqMaj+TEM
hEgnsyadqEXUJx8+f+i8FFT9E8G6V8xWQrhsxorj4O6AOf7wtHFNaUBhQ35P4/bc
pdqYiHEbUkydJKRYv93KZM7bv5v1xepbF2ma2QIDAQABAoIBAAKUVyicn43bVI/7
MDCYJokYNTgHzgBrt5wMvBTEARGQu2I2ezqdPfAD52V1+in0qR/NR8H4JILj2Vo0
S9tcb6hxgWlJGh7NCUbvuUIu9BAJyii6/fPH9OJ/pc5r9vgB7Bw9JTTNhtjcGwEM
/Tq+jnasuydo8s7UybVpcpgpZxyyRhEty9SLj8HHRT9Z7IxLfuhdraxHh24JwKh7
Bdxk7Kli2MlbhEbz7xaA0nkdPvJBlauzieN95YByehZXlcADdElnj9SOFEZQZq6p
Lh8nASHly915zHdAHehlNntkDpBxgLOKwgbFD+QY3auQW4+Oe8pXZPVEPRzZVqEy
X96PnYECgYEA/bS+RLZjJEQW3O+sm/bwK9RZVervbHmjc4Vh36mToqN3zWADK5q7
Af3oCfDYdgWiO6bskNdkPI4dWB1eUA15PEDw846uIdumVd5MCtH9tjEO2H6lceqo
Dwe5HwR0AAKkBgglQFzI20Hax2xLk/GOZmwo1waEZxLd08M/wYnEAckCgYEA9Agn
EByq+2Yjh5sVpghW8FuQOr60N/SolvetjNeKSbjhlMiZWwHlUOaWQhpeHfilt1Ls
XrtAlDh0Yizmv/GnXR/kpybUVQg/pr2r9OLzAm5SvxtbwWHN2cvOM0zLqfONU11M
dUVf30cK4GBRMj/jR1uyRv6hezwkgQlB1OhL2JECgYEA1l308rwlMwxxQQcmkrXp
Iy+OuIEFAmQZDtAh7cksHJ0A6kB5DUv1PW6btGKTk82Y0cxuUMgeQuhVtRFDkmKA
EMBSl4j0a1lbx2xIVlAujtYO1DDWfFWo4OJGsgWiOiwBCbOyPhroABM5140SoxPU
nYhATceM8kbHtllgsphETLkCgYEA5SrWzEmvxCEaEpnwTZidVGEYZCJ9CeNHg2aa
453ybuMhbOCpK47vM/cnenJamljL/wnvkdLVhZwyp5O1KuIcItb1modbdXMmm0aZ
uoJ6ZXkHWhKuKz/W2caMIR7oT/S5bmU6jRKWQw7rRuUMu1zF6lhRZlxvd1R2j3sL
CI8R0xECgYBHomVVnQH3xLxc8qUj0gi9kWIWTEmR1v9h4jlf9tio+DtvLYqLnGVo
LLO/E/8PMe6fsdk0u5YlqU/cFvsUEApc8XNrYW//uFkkcDpOpmOP278olWQWmnkJ
VIqQIunPuDNGA/HygFfbKZayXxcaazoW6tWn7cyTqnQEOeyQNQ6abg==
-----END RSA PRIVATE KEY-----
CSR生成
$ openssl req -new -key i-joji.com.key -out i-joji.com.csr
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Musashino-shi
Organization Name (eg, company) [Default Company Ltd]:i-hearts Inc.
Organizational Unit Name (eg, section) []:Sales
Common Name (eg, your name or your server's hostname) []:i-joji.com
Email Address []:
$ cat i-joji.com.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICtzCCAZ8CAQAwcjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRYwFAYD
VQQHDA1NdXNhc2hpbm8tc2hpMRYwFAYDVQQKDA1pLWhlYXJ0cyBJbmMuMQ4wDAYD
VQQLDAVTYWxlczETMBEGA1UEAwwKaS1qb2ppLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAPHYWbXwrcW51f8tHB7jeyVDIuE+o2yraQZaJHDVFupR
pvvsBMvM7chGGiLt6rvQyN4Wi6C94xRGaAftteUBeNBy8gGnJybg5fy0Qp8GUO93
GXX72u1J24r/vtXMgOfJ1wpZKKIlOl+SFDNFUk5L4ybkeC1zcdG0wLbPSu+EraIG
nmbHq2GqQGJ0okwx7GC2hT8kiydVKTdtn6Hu9Co9cK+r2aB7bj7yYDy5QKrKMajG
o/kxDIRIJ7MmnahF1CcfPn/ovBRU/RPBulfMVkK4bMaK4+DugDn+8LRxTWlAYUN+
T+P23KXamIhxG1JMnSSkWL/dymTO27+b9cXqWxdpmtkCAwEAAaAAMA0GCSqGSIb3
DQEBBQUAA4IBAQDEKzRs6g1TVMIxaLdgCPTaEAXezVOPmNEQmJ8VS+K3hu+xXjH0
KQXRHqnFrZHze1RItzeXq557V1q/+0Bw0BwTumJvyqD8Qu3UOeDJQ7JIH0ki9VEF
SwcxiPXmeRo/AwZ/Km0fpa8HPjAcyTWVIkib++ZOKk0yDZ2r0WkZ5r4uhu6xZni3
VdL9BxbxW9xr5mBflJ8w8WQGKem4sj9wZLPnoXnyW1BKHP666Ijb6v72HFQjKo6d
K/NR1Ji6U+TpSPFWCWRBH6YGiC+oSqYV5mvLFAAT0tH4+tVFT9DQloXj67A85mcc
0B627cx6217zrKwjvTGtlj5hUFQCYnCQ0icB
-----END CERTIFICATE REQUEST-----
証明書設置
/etc/nginx/conf.d/ssl/i-joji.com.crt
/etc/nginx/conf.d/ssl/i-joji.com.key
$ chkconfig nginx on
$ /etc/init.d/nginx start
メール設定¶
postfix設定
$ vi /etc/postfix/mailn.cf
myhostname = i-joji.com
mydomain = i-joji.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = plain
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
message_size_limit = 10485760
$ /etc/init.d/postfix restart
SMTP-Auth起動
$ /etc/rc.d/init.d/saslauthd start
$ chkconfig saslauthd on
postfix新規ユーザー作成用にMaildir形式に対応
$ mkdir -p /etc/skel/Maildir/{new,cur,tmp}
$ chmod -R 700 /etc/skel/Maildir/
dovecotインストール
$ yum -y install dovecot
$ vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
$ /etc/rc.d/init.d/dovecot start
$ chkconfig dovecot on
153.126.205.80 (DB)¶
host名設定¶
$ vi /etc/sysconfig/network
HOSTNAME=db1.i-joji.com
$ vi /etc/hosts
153.126.205.80 db1.i-joji.com db1
$ hostname db1.i-joji.com
ローカルIP設定¶
$ vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1" IPADDR="192.168.1.2" NETMASK="255.255.255.0" ONBOOT="yes" TYPE="Ethernet" IPV6INIT="yes" IPV6_ROUTER="no"
$ /etc/init.d/network restart
adminユーザー作成¶
$ useradd admin
$ passwd admin
sshd設定¶
$ vi /etc/ssh/sshd_config
PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes AllowUsers admin
$ /etc/init.d/sshd restart
日本語設定¶
$ vi /etc/sysconfig/i18n
LANG="ja_JP.UTF-8"
mongodbインストール¶
$ vi /etc/yum.repos.d/mongodb.repo
[mongodb] name=MongoDB Repository baseurl=http://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.0/x86_64/ gpgcheck=0 enabled=1
$ yum install mongodb-org
管理者ユーザー作成¶
use admin
db.createUser({ user: "admin", pwd: "xgn8020", roles: [{role: "userAdminAnyDatabase", db: "admin"}] })
DBユーザー作成¶
use sdk
db.createUser({ user: "x-generation", pwd: "xgn8020", roles: [{role: "readWrite", db: "sdk"}] })
ユーザー認証設定¶
$ vi /etc/mongod.conf
#bind_ip=127.0.0.1 auth=true
$ /etc/init.d/mongod start
$ chkconfig mongod on
※robomongoで接続する際の注意事項
http://ur.edu-connect.net/archives/28838
datadog設定¶
use sdk
db.createUser({"user":"datadog", "pwd": "EAJzF9LbPigtjomn8YOe8dOZ", "roles" : [ 'read', 'clusterMonitor']})
$ vi /etc/dd-agent/conf.d/mongo.yaml
init_config:
instances:
- server: mongodb://datadog:EAJzF9LbPigtjomn8YOe8dOZ@localhost:27017/sdk
$ /etc/datadog-agent restart
$ /etc/datadog-agent info
Checks
======
[...]mongo
-----
- instance #0 [OK]
- Collected 8 metrics & 0 events153.126.136.128 (API)¶
host名設定¶
$ vi /etc/sysconfig/network
HOSTNAME=ad1.i-joji.com
$ vi /etc/hosts
153.126.136.128 ad1.i-joji.com db1
$ hostname ad1.i-joji.com
ローカルIP設定¶
$ vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1" IPADDR="192.168.1.3" NETMASK="255.255.255.0" ONBOOT="yes" TYPE="Ethernet" IPV6INIT="yes" IPV6_ROUTER="no"
$ /etc/init.d/network restart
adminユーザー作成¶
$ useradd admin
$ passwd admin
sshd設定¶
$ vi /etc/ssh/sshd_config
PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes AllowUsers admin
$ /etc/init.d/sshd restart
日本語設定¶
$ vi /etc/sysconfig/i18n
LANG="ja_JP.UTF-8"
openrestyインストール¶
依存ライブラリインストール
$ yum install readline-devel pcre-devel openssl-devel gcc
openrestyインストール
$ cd /usr/local/src
$ wget https://openresty.org/download/ngx_openresty-1.7.10.2.tar.gz
$ tar zxvf https://openresty.org/download/ngx_openresty-1.7.10.2.tar.gz
$ cd ngx_openresty-1.7.10.2
$ ./configure --with-http_stub_status_module
$ gmake
$ gmake install
モジュールインストール
$ cd /usr/local/src
$ git clone https://github.com/bungle/lua-resty-template
$ cp lua-resty-template/lib/resty/template.lua /usr/local/openresty/lualib/resty/
アプリケーション構築¶
git flowインストール
$ cd /usr/local/src/
$ git clone --recursive git://github.com/nvie/gitflow.git
$ cd gitflow/
$ make install
x-generation-apiリポジトリ取得
$ mkdir -p /var/www/
$ cd /var/www/
$ git clone admin@49.212.176.26:/home/admin/git/x-generation-api.git
$ cd x-generation-api
git flow初期化
$ git flow init -d
商用バージョン取得
$ git checkout master
*develop
master
シンボリックリンク作成
$ cd /usr/local/openresty/nginx
$ ln -s /var/www/x-generation-api/lua lua
$ ln -s /var/www/x-generation-api/html/templates html/templates
$ mv conf/nginx.conf conf/nginx.conf.bkup
$ ln -s /var/www/x-generation-api/conf/nginx.conf conf/nginx.conf
$ ln -s /var/www/x-generation-api/conf/nginx.conf_production conf/nginx.conf_production
SSL設定¶
$ cd /usr/local/openresty/nginx/conf/ssl/
秘密鍵生成
$ openssl genrsa des3 -out ad.i-joji.com.key 2048
$ cat ad.i-joji.com.key
-----BEGIN RSA PRIVATE KEY----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9112B2B6F077BC3B
+7Loqm7cTp+Km05NknBk5ABGd40Rg0WyjtSAc6bYWB2ASF5efli4W8oAu/6+hR86
WTcix5nTKGFR2hTWZvfjuHyit+8DGdFTCsYpKrlrHt+32NWFJCSzIf0wxyzOH2H5
nzJDpKG0HTSprC3bmEApJRLseiU1GogqCNvIb3bWleLUcm4k3B/M9LpfKiNKbZlO
gnnMwLYVEBJLEwv4OunRSzPBndDUi0Gn1hDG7JCpMDYYlLVWJoxJiAro5aNW1Qpn
6U+KSuWY5+GKypbZ+p6fUt014A3Rk8sdeDrWhFG+zW8bbm6EYrSF5yRS0hPXGLXw
EoKv6LXIqYlLbygClSxb7N0tXow46j3KHUf4pkgD7UPQn0b7gMXnJUu+Mt79ixde
EkfMRehTt6VEPYODUL/EbMfOCciU1Z8sIu3MNbXC2hyPgaTl2gdmlIt6DdSBRtDt
Ij9VDLBTbp7tOHCcKAWm+jYX6BDRVm8tYRAjrIgXSQEQfqc4x+JbJmBePw2lPk8M
GRVHgOC1OGP/IJ25xtbcQGk4G/lOO4Trm05EuZaXLv3OGNEAjUgWiv7Uoi5iSxGJ
L+lN0FWV8IAUVry2nc8emM20UNO8T+n8cyPQMseeZIX15NkSkqP1tkNyOyKMwB6e
ynXdFsneDjJXJ/DXLFIUlhXzPswSikR4vJxw3rpH8cr3dA2viCjfrN7TH7bD8yUI
1y9BPlCCy7SoR+hJttedBzVMEv4TS/c2bmUv01gXipEq/LR7Tyj7JmdzjbfFgaj7
GGPGVrHBGtKe+DN/xHQOB0PLaTjDSVaxgHsG3OeIbg3qbovEs0QHh09yU2piiSiu
tiQUWYLJgGwDJ1AdMK5yWcS2r9L1whcP9kxWpOxtj94odS/oZtuajDAflYxZ/Ap/
7MOPpgd6j8WXaAsyZC3dvlQO5bHS4Z8vv2pQcqjWrLxiK0IEb2yzT69HkmS9JBmh
nth/TV4g3bTrzV5du8QHP1RLvsUt2GQFBt/kBogtaN5G1sEF04aYARMwwJcM4+MN
0ufK+Gs/AljvtWFGBLeFRGnl1qtGphSA3h60RoAzW9FDvnP5J7RchiMcBzEnzF3v
0QRdpxEoG/0e+CNNGyGwPz2/wWZcx5lgYch3iBioJ2ZmleCoVhEDufR9g6TV5PXx
X6n1+Y/n7hpgxZOrk7l7QOVhmhMv9FonuYOf/SMaSY4oD6Y23zW8s4yq4qkyqGq6
fIjS6D7KwWrxf5bUkeiCQJPIumtDhJQhavhS/omHNt+ZdCpnKAkdsHZstMtHmEQ1
G/+htclz0DW3vLUmplIoLdkSu5cCPwf2+mS3BRHVDJxGsQi1EO4gH0yzHnz8uOQK
ewz41450HQvKJ8nha9rZdfkZJ5z2XT1yRJ7cbcBp0Q5T0KE7qQT0q/VpO58TH2eR
/XITx6UK6W7wpQbSiTyqSSnmv4lGQuseWblgcQb55ak5gtOIcwkOuSy+ijhBPalA
I+G4cHdq2dJxwSy7UCZiJFHRzWkkVNSppT4ya/KAwJuvrfFptsg98YmJ+sRS8eFl
f5/0J7UkBaLoWidvWz7ZKq6XLoc23DfIcI9zUeBs22ufqKqZdNG9a2ZqewkoRaBu
-----END RSA PRIVATE KEY-----
CSR生成
$ openssl req -new -key ad.i-joji.com.key -out ad.i-joji.com.csr
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Musashino-shi
Organization Name (eg, company) [Default Company Ltd]:i-hearts Inc.
Organizational Unit Name (eg, section) []:Sales
Common Name (eg, your name or your server's hostname) []:ad.i-joji.com
Email Address []:
$ cat ad.i-joji.com.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICujCCAaICAQAwdTELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRYwFAYD
VQQHDA1NdXNhc2hpbm8tc2hpMRYwFAYDVQQKDA1pLWhlYXJ0cyBJbmMuMQ4wDAYD
VQQLDAVTYWxlczEWMBQGA1UEAwwNYWQuaS1qb2ppLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAN54r2tt8r3P7QV/pHjDJbNfL/Xd4D3mMrL5ZX8a
xvhgSmcjT47atiKn6ZrIvWTMRNFeJkCfDaJPpBHnPgHT3FeFzlxrhBWsrLs/+d66
IN3jHFVr1e7BMNUBS3kpwnH1tBPzDDy8/6b3mKccqLhhUjwIw+ZlFu6AG33TWOGH
5X7oKW9QVVDOZXmw2u5rCEVOj+X2MLCyhGIxOy8dionfVfGRZXOp6KR8ZF4gkcH3
DhVCa9LspvNurCp22DI6OIK2nuS0vwLRpslxSziKEqmaxPntJ4R+v/5gGAmX14HS
uS8gOoVl5WbvGMrllYyflaFAHsj/+VwWTZ/YksDiw+vPkIECAwEAAaAAMA0GCSqG
SIb3DQEBBQUAA4IBAQAi6LNVX0SbH9I2OtwZXG7t1S1aYKRXHaCvGKICfxGB0amN
nIYMcP9Zh5MrWR4p6wdeyBJFFYztONfY53taTGAlQ411szdZoE332EojauKHIlpq
rgfWaFhe0p5OFE9RG9GxMb+fSHcJzh9f5TBYw/awAZOAjbm88ffuWvY/d/MX1ez5
8WMGr7eok9eic438vBMyXRYNbbetSwZf+MIeqkgw+hne2euz+XkCiynw1h59z91m
Vx5et71GLYuvR4QtMZLYqosz9Cn5hSsBGIDDxUFKXXlLe7fhs9Ql3iXnnAnvyl5u
bjXOHRdUNygwQsuO2F9PCjtW9IU/gmHmUCYNF1zS
-----END CERTIFICATE REQUEST-----
証明書設置
/usr/local/openresty/nginx/conf/ssl/ad.i-joji.com.crt
/usr/local/openresty/nginx/conf/ssl/ad.i-joji.com.key
パスワードなし変更
$ openssl rsa -in ad.i-joji.com.key -out ad.i-joji.com.key
SSL設定(http,httpsどちらも許可する)
$ vi /usr/local/openresty/nginx/conf/nginx.conf
server {
listen 80;
listen 443 ssl;
server_name ad.x-generation.jp
charset utf-8;
ssl_certificate /usr/local/openresty/nginx/conf/ssl/i-joji.com.crt;
ssl_certificate_key /usr/local/openresty/nginx/conf/ssl/i-joji.com.key;
}
nginx起動
$ /usr/local/openresty/nginx/sbin/nginx
ブラウザ確認
https://ad.x-generation.jp/
負荷対策¶
*参考サイト
http://www.1x1.jp/blog/2013/02/nginx_too_many_open_files_error.html
ファイルディスクリプタ上限数変更
$ cat /proc/sys/fs/file-max
386365
$ vi /usr/local/openresty/nginx/conf/nginx.conf
worker_rlimit_nofile 4096;
再起動後適用されることを確認
$ nginx -s reload
$ ps ax | grep nginx | grep worker
モニタリングツールインストール¶
[root@ad1 admin]# yum install python-pip
[root@ad1 admin]# pip install ngxtop
[root@ad1 admin]# vi ~/.bash_profile
PATH=$PATH:/usr/local/openresty/nginx/sbin export PATH
[root@ad1 admin]# source ~/.bash_profile
$ ngxtop
redisインストール¶
$ cd /usr/local/src/
$ wget http://download.redis.io/releases/redis-3.0.5.tar.gz
$ tar zxvf redis-3.0.5.tar.gz
$ cd redis-3.0.5
$ make
$ make install
起動スクリプトコピー
$ cp utils/redis_init_script /etc/init.d/redis
設定ファイルコピー
$ mkdir /etc/redis
$ cp redis.conf /etc/redis/6379.conf
$ vi /etc/redis/6379.conf
dumpファイル生成ディレクトリ作成
$ mkdir /usr/local/redis/
自動起動用設定
$ vi /etc/init.d/redis
# chkconfig: - 85 15 # description: redis-server # processname: redis
$ chkconfig --add redis
$ chkconfig --list
$ chkconfig redis on
サービス起動
$ /etc/init.d/redis start
fluentdインストール¶
$ curl -L http://toolbelt.treasure-data.com/sh/install-redhat.sh | sh
$ /etc/init.d/td-agent start
$ chkconfig td-agent on
動作テスト
$ curl -X POST -d 'json={"json":"message"}' http://localhost:8888/debug.test
$ tail /var/log/td-agent/td-agent.conf
2015-10-23 21:13:11 +0900 debug.test: {"json":"message"}
設定ファイル編集
$ vi /etc/td-agent/td-agent.conf
<source>
type tail
path /usr/local/openresty/nginx/logs/access.log
tag nginx.access
pos_file /var/log/td-agent/nginx.pos
format /^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*) +\S*)?" (?[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" "(?<app_params>[^\"]*)")?$/
time_format %d/%b/%Y:%H:%M:%S %z
</source>
<match nginx.access>
type forward
buffer_type memory
buffer_chunk_limit 256m
buffer_queue_limit 128
flush_interval 5s
<server>
host 192.168.1.4
port 24224
</server>
</match>
153.126.193.140 (集計)¶
host名設定¶
$ vi /etc/sysconfig/network
HOSTNAME=agg1.i-joji.com
$ vi /etc/hosts
153.126.193.140 agg1.i-joji.com agg1
$ hostname agg1.i-joji.com
ローカルIP設定¶
$ vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1" IPADDR="192.168.1.4" NETMASK="255.255.255.0" ONBOOT="yes" TYPE="Ethernet" IPV6INIT="yes" IPV6_ROUTER="no"
$ /etc/init.d/network restart
adminユーザー作成¶
$ useradd admin
$ passwd admin
sshd設定¶
$ vi /etc/ssh/sshd_config
PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes AllowUsers admin
$ /etc/init.d/sshd restart
日本語設定¶
$ vi /etc/sysconfig/i18n
LANG="ja_JP.UTF-8"
kafkaインストール¶
$ cd /usr/local/src/
$ wget http://ftp.jaist.ac.jp/pub/apache/kafka/0.8.2.2/kafka_2.10-0.8.2.2.tgz
$ tar zxvf kafka_2.10-0.8.2.2.tgz
sbtインストール¶
$ curl https://bintray.com/sbt/rpm/rpm | tee /etc/yum.repos.d/bintray-sbt-rpm.repo
$ yum install sbt
sparkユーザー作成¶
$ adduser spark
$ su - spark
PATH設定¶
$ vi ~/.bash_profile
export PATH=$PATH:/usr/local/src/kafka_2.10-0.8.2.2/bin
git flowインストール¶
$ cd /usr/local/src/
$ git clone --recursive git://github.com/nvie/gitflow.git
$ cd gitflow/
$ make install
x-generation-aggregatorソース取得¶
$ cd ~
$ git clone admin@49.212.176.26:/home/admin/git/x-generation-aggregator.git
$ cd x-generation-aggregator/
git flow初期化¶
$ git flow init -d
ソースビルド¶
$ sbt pack
fluentdインストール¶
td-agentインストール
$ curl -L http://toolbelt.treasure-data.com/sh/install-redhat.sh | sh
fluent-plugin-kafkaインストール
$ /usr/lib64/fluent/ruby/bin/fluent-gem install fluent-plugin-kafka
設定ファイル編集
$ vi /etc/td-agent/td-agent.conf
<source> type forward port 24224 </source> <match nginx.access.**> type kafka # Brokers: you can choose either brokers or zookeeper. brokers localhost:9092,localhost:9093,localhost:9094 # Set brokers directly zookeeper localhost:2181 # Set brokers via Zookeeper #default_topic <output topic> default_topic x-generation-aggregation #default_partition_key (string) :default => nil default_partition_key nil #output_data_type (json|ltsv|msgpack|attr:<record name>|<formatter name>) output_data_type json #output_include_tag (true|false) :default => false #output_include_time (true|false) :default => false output_include_time true #max_send_retries (integer) :default => 3 #required_acks (integer) :default => 0 #ack_timeout_ms (integer) :default => 1500 #compression_codec (none|gzip|snappy) :default => none </match>
$ /etc/init.d/td-agent start
$ chkconfig td-agent on