Pagina in lingua inglese

Differenze tra le versioni di "Server/lessema/Technical documentation"

Da Wikimedia Italia.
Jump to navigation Jump to search
(+info)
 
 
(15 versioni intermedie di 2 utenti non mostrate)
Riga 1: Riga 1:
== On-site backups ==
+
{{Inglese}}
 +
== Unix users with sudo ==
 +
 
 +
Current enabled users with sudo:
 +
 
 +
* civihost-samuele ({{Fornitore link|prr}}) - for CiviCRM development
 +
* civihost-stefano ({{Fornitore link|prr}}) - for CiviCRM development
 +
* civihost-alessio ({{Fornitore link|prr}}) - for CiviCRM development
 +
* emerald-stefano ({{Fornitore link|eme}}) - tu support CiviCRM
 +
* valerio-bozzolan (volunteer)
 +
* <s>anylink-davide-cuteri</s> ({{Fornitore link|anylk}}) - in charge of operating system updates, backups, etc.
 +
 
 +
Password authentication is not allowed.
 +
 
 +
== Add Unix user ==
 +
 
 +
Don't create Unix users with passwords.
 +
 
 +
Create Unix users with public SSH keys.
 +
 
 +
Shortcut:
 +
 
 +
<pre>
 +
/root/scripts/add-user.sh
 +
</pre>
 +
 
 +
Source code from [[Server/Setup]]
 +
 
 +
;Important
 +
: After creation, mark the related user page in this website with:
 +
:: {{Tl|Accesso server wmit|lessema|sistemisti}}
 +
 
 +
== Backups ==
 +
 
 +
=== On-site backup ===
  
 
At 23:00 an on-site copy of all databases and webserver files are saved in this location:
 
At 23:00 an on-site copy of all databases and webserver files are saved in this location:
  
  /var/backups/wmi
+
  /var/backups/wmi/lessema.wikimedia.it
 +
 
 +
Note: the permissions of the parent directory MUST be set to <code>750</code> <code>root:root</code> to keep the backups not accessible by untrusted users (note: the <code>www-data</code> is considered not trusted).
  
The crontab can be edited with
+
The execution time can be edited with
  
 
  crontab -e
 
  crontab -e
 +
 +
Note: the backup script prevents duplicate executions caused by daylight saving or standard time changeover.
 +
 +
The backup instructions can be configured here:
 +
 +
/opt/micro-backup-script/backup-instructions.conf
 +
 +
This is the source code of our dummy backup script in use:
 +
 +
https://gitpull.it/source/micro-backup-script/
 +
 +
=== Off-site backups ===
 +
 +
The same script that does [[#On-site backup]] also push the backup on server {{Server link|horror}} in this position:
 +
 +
/var/backups/wmi/lessema.wikimedia.it
 +
 +
The users are authorized to access this location:
 +
 +
* {{Fornitore link|Anylink}} (preferred professional contact)
 +
* {{Fornitore link|prr}} (another preferred professional contact)
 +
* {{Fornitore link|eme}} (secondary professional contact)
 +
* [[User:Valerio Bozzolan]] (emergency volunteer contact)
 +
 +
The exact data retention is documented on server {{Server link|horror}}.
 +
 +
=== Other on-site backups ===
 +
 +
There is also this location with additional backups handled by {{Fornitore link|prr}}:
 +
 +
/mnt/backup/databases
 +
 +
Script:
 +
 +
/root/mysql_db_backup.sh
 +
 +
Usually they are executed at 11:00, 15:00, 18:00. If you notice slowness in the application in these hours, consider changing or disabling this backup entry.
 +
 +
[[Categoria:Documentazione tecnica]]

Versione attuale delle 15:21, 29 gen 2024

Unix users with sudo

Current enabled users with sudo:

  • civihost-samuele (💼 prr) - for CiviCRM development
  • civihost-stefano (💼 prr) - for CiviCRM development
  • civihost-alessio (💼 prr) - for CiviCRM development
  • emerald-stefano (💼 eme) - tu support CiviCRM
  • valerio-bozzolan (volunteer)
  • anylink-davide-cuteri (💼 anylk) - in charge of operating system updates, backups, etc.

Password authentication is not allowed.

Add Unix user

Don't create Unix users with passwords.

Create Unix users with public SSH keys.

Shortcut:

/root/scripts/add-user.sh

Source code from Server/Setup

Important
After creation, mark the related user page in this website with:
{{Accesso server wmit|lessema|sistemisti}}

Backups

On-site backup

At 23:00 an on-site copy of all databases and webserver files are saved in this location:

/var/backups/wmi/lessema.wikimedia.it

Note: the permissions of the parent directory MUST be set to 750 root:root to keep the backups not accessible by untrusted users (note: the www-data is considered not trusted).

The execution time can be edited with

crontab -e

Note: the backup script prevents duplicate executions caused by daylight saving or standard time changeover.

The backup instructions can be configured here:

/opt/micro-backup-script/backup-instructions.conf

This is the source code of our dummy backup script in use:

https://gitpull.it/source/micro-backup-script/

Off-site backups

The same script that does #On-site backup also push the backup on server ⚙️ horror in this position:

/var/backups/wmi/lessema.wikimedia.it

The users are authorized to access this location:

The exact data retention is documented on server ⚙️ horror.

Other on-site backups

There is also this location with additional backups handled by 💼 prr:

/mnt/backup/databases

Script:

/root/mysql_db_backup.sh

Usually they are executed at 11:00, 15:00, 18:00. If you notice slowness in the application in these hours, consider changing or disabling this backup entry.