Differenze tra le versioni di "Server/lessema/Technical documentation"
(+info) |
|||
| (15 versioni intermedie di 2 utenti non mostrate) | |||
| Riga 1: | Riga 1: | ||
| − | == On-site | + | {{Inglese}} |
| + | == Unix users with sudo == | ||
| + | |||
| + | Current enabled users with sudo: | ||
| + | |||
| + | * civihost-samuele ({{Fornitore link|prr}}) - for CiviCRM development | ||
| + | * civihost-stefano ({{Fornitore link|prr}}) - for CiviCRM development | ||
| + | * civihost-alessio ({{Fornitore link|prr}}) - for CiviCRM development | ||
| + | * emerald-stefano ({{Fornitore link|eme}}) - tu support CiviCRM | ||
| + | * valerio-bozzolan (volunteer) | ||
| + | * <s>anylink-davide-cuteri</s> ({{Fornitore link|anylk}}) - in charge of operating system updates, backups, etc. | ||
| + | |||
| + | Password authentication is not allowed. | ||
| + | |||
| + | == Add Unix user == | ||
| + | |||
| + | Don't create Unix users with passwords. | ||
| + | |||
| + | Create Unix users with public SSH keys. | ||
| + | |||
| + | Shortcut: | ||
| + | |||
| + | <pre> | ||
| + | /root/scripts/add-user.sh | ||
| + | </pre> | ||
| + | |||
| + | Source code from [[Server/Setup]] | ||
| + | |||
| + | ;Important | ||
| + | : After creation, mark the related user page in this website with: | ||
| + | :: {{Tl|Accesso server wmit|lessema|sistemisti}} | ||
| + | |||
| + | == Backups == | ||
| + | |||
| + | === On-site backup === | ||
At 23:00 an on-site copy of all databases and webserver files are saved in this location: | At 23:00 an on-site copy of all databases and webserver files are saved in this location: | ||
| − | /var/backups/wmi | + | /var/backups/wmi/lessema.wikimedia.it |
| + | |||
| + | Note: the permissions of the parent directory MUST be set to <code>750</code> <code>root:root</code> to keep the backups not accessible by untrusted users (note: the <code>www-data</code> is considered not trusted). | ||
| − | The | + | The execution time can be edited with |
crontab -e | crontab -e | ||
| + | |||
| + | Note: the backup script prevents duplicate executions caused by daylight saving or standard time changeover. | ||
| + | |||
| + | The backup instructions can be configured here: | ||
| + | |||
| + | /opt/micro-backup-script/backup-instructions.conf | ||
| + | |||
| + | This is the source code of our dummy backup script in use: | ||
| + | |||
| + | https://gitpull.it/source/micro-backup-script/ | ||
| + | |||
| + | === Off-site backups === | ||
| + | |||
| + | The same script that does [[#On-site backup]] also push the backup on server {{Server link|horror}} in this position: | ||
| + | |||
| + | /var/backups/wmi/lessema.wikimedia.it | ||
| + | |||
| + | The users are authorized to access this location: | ||
| + | |||
| + | * {{Fornitore link|Anylink}} (preferred professional contact) | ||
| + | * {{Fornitore link|prr}} (another preferred professional contact) | ||
| + | * {{Fornitore link|eme}} (secondary professional contact) | ||
| + | * [[User:Valerio Bozzolan]] (emergency volunteer contact) | ||
| + | |||
| + | The exact data retention is documented on server {{Server link|horror}}. | ||
| + | |||
| + | === Other on-site backups === | ||
| + | |||
| + | There is also this location with additional backups handled by {{Fornitore link|prr}}: | ||
| + | |||
| + | /mnt/backup/databases | ||
| + | |||
| + | Script: | ||
| + | |||
| + | /root/mysql_db_backup.sh | ||
| + | |||
| + | Usually they are executed at 11:00, 15:00, 18:00. If you notice slowness in the application in these hours, consider changing or disabling this backup entry. | ||
| + | |||
| + | [[Categoria:Documentazione tecnica]] | ||
Versione attuale delle 16:21, 29 gen 2024
Unix users with sudo
Current enabled users with sudo:
- civihost-samuele (
💼 prr) - for CiviCRM development - civihost-stefano (
💼 prr) - for CiviCRM development - civihost-alessio (
💼 prr) - for CiviCRM development - emerald-stefano (
💼 eme) - tu support CiviCRM - valerio-bozzolan (volunteer)
anylink-davide-cuteri(💼 anylk) - in charge of operating system updates, backups, etc.
Password authentication is not allowed.
Add Unix user
Don't create Unix users with passwords.
Create Unix users with public SSH keys.
Shortcut:
/root/scripts/add-user.sh
Source code from Server/Setup
- Important
- After creation, mark the related user page in this website with:
- {{Accesso server wmit|lessema|sistemisti}}
Backups
On-site backup
At 23:00 an on-site copy of all databases and webserver files are saved in this location:
/var/backups/wmi/lessema.wikimedia.it
Note: the permissions of the parent directory MUST be set to 750 root:root to keep the backups not accessible by untrusted users (note: the www-data is considered not trusted).
The execution time can be edited with
crontab -e
Note: the backup script prevents duplicate executions caused by daylight saving or standard time changeover.
The backup instructions can be configured here:
/opt/micro-backup-script/backup-instructions.conf
This is the source code of our dummy backup script in use:
https://gitpull.it/source/micro-backup-script/
Off-site backups
The same script that does #On-site backup also push the backup on server ⚙️ horror in this position:
/var/backups/wmi/lessema.wikimedia.it
The users are authorized to access this location:
💼 Anylink(preferred professional contact)💼 prr(another preferred professional contact)💼 eme(secondary professional contact)- User:Valerio Bozzolan (emergency volunteer contact)
The exact data retention is documented on server ⚙️ horror.
Other on-site backups
There is also this location with additional backups handled by 💼 prr:
/mnt/backup/databases
Script:
/root/mysql_db_backup.sh
Usually they are executed at 11:00, 15:00, 18:00. If you notice slowness in the application in these hours, consider changing or disabling this backup entry.