Deployment
For our first effort, we will set up 3 machines as shown in the diagram above.
We expect that we'll have to do some experimenting to get these "right".
Once we are happy with these 3 VMs and the "application",
we plan to clone the VMs to create a QA, and a PROD environment.
Carinet, please review this section.
Our primitive datacenter BCP plan is as follows.
Whenever we change a VM configuration, we take copy the VM and store it offsite (at the city?).
Should the datacenter fail badly (fire, etc), we provide carinet with the VMs,
and carinet brings up the VMs at another location.
Note that we handle DB backups separately.
Carinet, please review this section.
We plan to move these VMs to our datacenter by midyear 2011.
We want to insure that these VMs are potable.
We expect to do a simple VM copy and do not need v-motion.
Carinet Responsibilities
- Provision hardware
...
All machines
- OS:
- Provide 3 VMs using barebones
VMWare version x.x (todo - need version number) - install Centos 5 64 bit
Software requirements
...
- on each VM
- install Apache web server on the web server VM
...
- install package manager (yum or Apt-get)
All other software will be installed by city employees.
Security
...
We assume the following.
- The data center is
...
- physically secure.
- VMware installation has latest kernel updates/patches
Please let us know if any of these assumptions is incorrect.
...
SE Linux
...
Do not enable No SE Linux.
SSH Access
All access will be through VMs shall be accessible via ssh.
The city will provide public keys for those that will have linux root access.
All services shall be disabled unless otherwise requested.
This shall include the followingThe following shall be disabled:
- NFS
- FTP
- incoming mail
The following services shall be enabled.
- outgoing mail
- SSH
- firewall (see below)
Firewall Configuration
Web Server VM
Allow access from
...
- Allow request from web & geo server on port 5432
- Allow ssh request from all
- Deny request from all other host on port 5432
Packages/Modules: Barebones from VMware on all servers with firewall enabled and package manager(yum or Apt-get) installed
SFGov Responsibilites
Install application software including the following
...
.
You will need to see the SVN readme for all the excruciating details.
Geoserver
- java virutal machine
- tomcat
Database
- GEOS
- proj4
- postresql
...
- with postgis
Web Server
- gdal
- python
- django
- geo-django
...
linux admin
...
- set up appropriate new
...
- linux users
- Password & Access security
- use of public/private keys
- limit root access
- use sudo as needed
- provide file system security
- umask settings
- setting up appropriate file permissions
...
Tests
...
Tests
...
Test the following application/server connection pairs via SSH tunnel
- browser/geoserver - localhost:8080
- pgadmin/database- localhost:5432
Test the EAS application connection