Manual install of a web cluster aegir using nginx

These are some really rough notes on how to go about creating a 4 server aegir installation (aegir, mysql, web1, web2).

Adapted from reading through the BOA project and my own experimentation.

** Note -- regarding the wildcard SSL, your sites will need some configuration in your settings.php or local.settings.php to check for the X-Forwarded-Proto headers. I can't recall if the wildcard SSL config.

These notes also assume the last Ubuntu LTS -- 10.04/Lucid.

aegirmysql:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install vim mysql-server


_USER="aegir"
_DOMAIN="aegir.domain.com"
_AEGIR_HOST="aegir.server.hostname"
_AEGIR_HOST_IP="123.456.789.01"
_AEGIR_PASSWORD="password"

#AEGIR_DB_USER=aegir_root
#AEGIR_DB_PASS=`echo $RANDOM:\`date\`:$AEGIR_HOST | openssl md5`

echo "[client]
user=root
password=password" >> .my.cnf

mysql -uroot mysql<<EOFMYSQL
GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'$_DOMAIN' IDENTIFIED BY 'password' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'$_AEGIR_HOST' IDENTIFIED BY 'password' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'$_AEGIR_HOST_IP' IDENTIFIED BY 'password' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO '$_USER'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOFMYSQL


========================

# https://launchpad.net/~brianmercer/+archive/nginx
# https://launchpad.net/~nginx/+archive/php5

aegircontrol:

sudo apt-get update
sudo apt-get upgrade

sudo mkdir -p /var/www/nginx-default

#php5-suhosin
CATHOSTDEBDEPS="git-core git-doc mysql-client-5.1 vim nginx-custom drush postfix php5-cli php5-mysql php5-fpm php5-gd rsync unzip bzr patch curl"
sudo apt-get -V install $CATHOSTDEBDEPS

#postfix config already sorted

sudo adduser --system --group --home /var/aegir aegir
sudo adduser aegir www-data
sudo chsh -s /bin/bash aegir

#patch drush, re: ereg()

#as root:
echo "aegir ALL=NOPASSWD: /etc/init.d/nginx" >> /etc/sudoers

ln -s /var/aegir/config/nginx.conf /etc/nginx/conf.d/aegir.conf
#disable directives in nginx.conf:
#types_hash_max_size
#tcp_nopush
#error_log
invoke-rc.d nginx restart

#install SSL cert to:
/etc/ssl/private/domain.com.cert.pem
cd /etc/ssl/private/
ln -s domain.com.cert.pem nginx-wild-ssl.crt
ln -s domain.com.cert.pem nginx-wild-ssl.key

#install SSL config to:
/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf
#TODO: also install for /var/aegir/config/server_aegirweb{1,2}.host.name

#as aegir:
cd ~

mkdir .ssh
ssh-keygen -t rsa

ln -s /usr/share/drush /var/aegir/drush
mkdir ~/.drush
cd ~/.drush
wget -c http://ftp.drupal.org/files/projects/provision-6.x-1.3.tar.gz
tar -zxf provision-6.x-1.3.tar.gz

#htaccess password bit
mkdir ~/tmp
cd ~/tmp
git clone --branch develop git://github.com/computerminds/aegir_http_basic.git
#must be develop branch to use crypt() and for nginx support
cp -r aegir_http_basic/provision ~/.drush/provision/aegir_http_basic
cp -r aegir_http_basic/hosting ~/hostmaster-6.x-1.3/profiles/hostmaster/modules/hosting/http_basic_auth
#set directory permissions? -- patch aegir/http_basic module to do so?

_DOMAIN="aegir.domain.com"
_USER="aegir"
#_AEGIR_HOST=`uname -n`
_AEGIR_HOST="aegir.server.hostname"
_AEGIR_HOME="$HOME"
_AEGIR_DB_PASS="password"
_AEGIR_DB_HOST="mysql.server.fqdn"
_AEGIR_VERSION="1.3"
#_AEGIR_ROOT="$_AEGIR_HOME/hostmaster-$_AEGIR_VERSION"
_ADM_EMAIL="admin@domain.com""
_WEBG=www-data
_USRG=users

#going vanilla
echo "drush hostmaster-install $_DOMAIN --aegir_host=$_AEGIR_HOST --aegir_db_user=$_USER --aegir_db_pass=$_AEGIR_DB_PASS --http_service_type=nginx --db_service_type=mysql --db_port=3306 --aegir_db_host=$_AEGIR_DB_HOST --client_email=$_ADM_EMAIL --script_user=$_USER --web_group=$_WEBG --profile=hostmaster -d -v"

drush hostmaster-install $_DOMAIN --aegir_host=$_AEGIR_HOST --aegir_db_user=$_USER --aegir_db_pass=$_AEGIR_DB_PASS --http_service_type=nginx --db_service_type=mysql --db_port=3306 --aegir_db_host=$_AEGIR_DB_HOST --client_email=$_ADM_EMAIL --script_user=$_USER --web_group=$_WEBG --profile=hostmaster -d -v

cd hostmaster-6.x-1.3
echo "alive" >> healthcheck

#enable aegir modules
drush @hostmaster en hosting_web_cluster
drush @hostmaster en hosting_alias
drush @hostmaster en hosting_http_basic_auth
#*** enable hosting client in features -- disabling client module cause WSOD on site add page

# setup aegirweb{1,2}
# test ssh to aegirweb{1,2}
# add to known_hosts

# NOTE: Aegir web clusters need to share the files, and private directories between web servers (also cache directory, if using boost module)
# Setup provision hook for NFS links
# http://drupal.org/node/1283738

mkdir -p /var/lib/sitedata/aegir
chown -R aegir:www-data /var/lib/sitedata/aegir

mkdir -p /var/lib/sitedata/aegir/cache
chown -R aegir:www-data /var/lib/sitedata/aegir/cache


# add web servers
# add web cluster
#TODO: Add DR web servers to cluster
#TODO: Add WR, re: DR web servers & firewall

# set date/time settings in Aegir

#TODO: Logrotate webserver logs

#TODO: Add an alias for the aegir user:
#aegir: "admin@domain.com""

========================

aegirweb{1,2}:
#TODO: Check puppeted stuff, fix, etc

sudo apt-get update
sudo apt-get upgrade

sudo mkdir -p /var/www/nginx-default

CATWEBDEBDEPS="mysql-client-5.1 vim nginx-custom drush postfix php5-cli php5-mysql php5-fpm php5-gd rsync unzip patch"
sudo apt-get -V install $CATWEBDEBDEPS


sudo adduser --system --group --home /var/aegir aegir
sudo adduser aegir www-data
sudo chsh -s /bin/bash aegir

#install SSL cert to:
/etc/ssl/private/domain.com.cert.pem
cd /etc/ssl/private/
ln -s domain.com.cert.pem nginx-wild-ssl.crt
ln -s domain.com.cert.pem nginx-wild-ssl.key

#install SSL config to:
/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf
#TODO: also install for /var/aegir/config/server_aegirweb{1,2}.host.name

#as root:
echo "aegir ALL=NOPASSWD: /etc/init.d/nginx" >> /etc/sudoers

#as aegir:
mkdir /var/aegir/.ssh
cat aegir.aegircontrol.id_rsa.pub >> /var/aegir/.ssh/authorized_keys2


#TODO: Logrotate webserver logs

==========================