Versions Compared

Old Version 25

changes.mady.by.user Brian Van Klaveren

Saved on

compared with

New Version Current

changes.mady.by.user Brian Van Klaveren

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Task marked complete

...

Existing Servers And Host Names

Web ServerPriorityIISTomcatMigration StatusComments
glast-ground.slac.stanford.edu0glast-win01,glast-win02multipleMigrated (11/16/2015) 
web08.slac.stanford.edu web08   This is unfortunately used directly by some EXO applications (/logbook a php application). Maybe should use a better name like exo-logbook.slac.stanford.edu
aida.freehep.org2web08scalnx-v03  
aidatld.freehep.org2web08scalnx-v03 Up
exo-data.slac.stanford.edu4web08exolnx-v01  
forum.freehep.org web08N/A fudform application DeadPage is up, but forum may be down, returns a blank page (was fhforum.slac.stanford.edu)
heprep.freehep.org2web08scalnx-v03 Up
jas.freehep.org2web08scalnx-v03  
java.freehep.org1web08scalnx-v03  

lcsim.org, www.lcsim.org

lcsim.freehep.org

 web08scalnx-v03 lcsim.freehep.org exists as a host name, but the application appears to actually be www.lcsim.org. DNS controlled by Norman Graf.
lelaps.freehep.org2web08scalnx-v03 Up
lp99.freehep.org web08  DeadDown, no DNS record- but IIS is still aware of the Application (checked via telnet web08 80: GET / HTTP/1.1\nHost: lp99.freehep.org\n\n)
lsst-camera.slac.stanford.edu web08

lsstlnx-v01,

scalnx-v05 (firefly)

 Up
pingerlod.slac.stanford.edu web08

scalnx-v06

 Up

portal.lsst-desc.org

portal.lsstdesc.org

3web08 scalnx01 Up
sid.slac.stanford.edu web08  DeadPoints to exo portal?
srs.slac.stanford.edu5web08 scalnx-v01 Up
wired1.freehep.org2web08N/A (on web08) DeadUp
www.freehep.org2web08N/A (on web08) Up

www-sld.slac.stanford.edu

www-bes.slac.stanford.edu

www-midas.slac.stanford.edu

 web08N/A (on web08) Up. Also has www-bes and www-midas, but they all serve the same page.
www-sldnt.slac.stanford.edu web08scalnx-v03/Also on web08? Peter Rowson has been asking to get this working again.scalnx-v03, just a blank page
xrdmon.slac.stanford.edu web08  DeadWorker defined to be xrootd-mon, Not sure if this is on web08 or some other server?

wired4.freehep.org

wired.freehep.org

2web08scalnx-v03  
wired2.freehep.org web08  DeadPoints to web08. No record in IIS. Not sure how this one works? There is a directory on scalnx-v03
forum.linearcollider.org web08N/A (web08) DNS controlled by linearcollider.org

To Do List

  •  Ask windows-admin/unix-admin glast-win01,win02 to be shutdown (but not immediately removed)
  •  Make plan for how to handle cas.slac.stanford.edu (separate CAS at root?)
  •  Tony should add java.freehep.org to his hosts file to check that it works
  •  Move java.freehep.org (priority 1)
  •  Move rest of freehep (priority 2) – target 3/17
  •  Move rest of priority 3 – target 3/21 – need to make sure we have lsstdesc.org and lsst-desc.org ready
  •  Move priority 4 – target 3/23
  •  Get ready for priority 5 moves
  •  Complete work on setting up php for forum.linearcollider.org
  •  Consider where php code will live (afs, nfs) and how we will ensure it is backed up
  •  

...

  • Talk to Matthias Wittgen about where/how to move EXO logbook stuff

nginx configuration workbook

Note: See SCA NGINX Configuration for information on actual configuration. 

SSL Configuration

http://nginx.com/resources/admin-guide/nginx-ssl-termination/

...

http://fudforum.org/doc/d/manual.html#admin.dump

Keepalived

keepalived is to be configured on both machines.

keepalived seems to support HTTP status checks.

The following is roughly the configuration for sca-nginx01. The configuration for sca-nginx02, which will be the failover machine, will be nearly identical, but the priority on the vrrp_instance MUST BE LOWER than the priority on the master. The password will be different.

The configuration is located in /etc/keepalived/keepalived.conf

Code Block
global_defs {
   notification_email {
     bvan@slac.stanford.edu
   }
   notification_email_from bvan@slac.stanford.edu
   smtp_server smtp.slac.stanford.edu  # Not sure if this works
   smtp_connect_timeout 30
   router_id SCA_WWW  # Not sure if this is used
}
 
# This is a health check script. Right now it just checks to see
# if nginx is up.
#
# Note on the weight: If the weight isn't enough to break a tie between
# the priority difference between sca-nginx01 and sca-nginx02, and
# nginx is down but sca-nginx01 is up, then requests
# may still go to sca-nginx01.
vrrp_script chk_nginx {
      script "killall -0 nginx"
      interval 2 # seconds
      weight 2 # points
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 85 # Random ID. We shouldn't have the same router id on the same subnet
    priority 100  # See note on weight above
    advert_int 1 # Advertisement interval (i.e. heartbeat seconds)
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        134.79.129.86
    }
    track_script {
         chk_nginx
    }
   unicast_src_ip 134.79.129.92   # Unicast specific option, this is the IP of the interface keepalived listens on
   unicast_peer {                 # Unicast specific option, this is the IP of the peer instance 
     134.79.129.91
   }
}