Differenze tra le versioni di "Server/lessema/Technical documentation"
m |
(info from CiviCRM 2022/Technical documentation) |
||
| Riga 1: | Riga 1: | ||
{{Inglese}} | {{Inglese}} | ||
| + | == Unix users with sudo == | ||
| + | |||
| + | Current enabled users with sudo: | ||
| + | |||
| + | * emerald-stefano ({{Fornitore link|eme}}) | ||
| + | * civihost-samuele ({{Fornitore link|civih}}) | ||
| + | * civihost-stefano ({{Fornitore link|civih}}) | ||
| + | * civihost-alessio ({{Fornitore link|civih}}) | ||
| + | * valerio-bozzolan (volunteer) | ||
| + | |||
| + | Password authentication is not allowed. | ||
| + | |||
| + | == Add Unix user == | ||
| + | |||
| + | <pre> | ||
| + | # fill | ||
| + | USERNAME="" | ||
| + | SSH_PUB_KEY="" | ||
| + | |||
| + | # add the user without password and set SSH public key | ||
| + | sudo /root/scripts/add-user-with-ssh-key.sh "$USERNAME" "$SSH_PUB_KEY" | ||
| + | |||
| + | # add user in sudoers | ||
| + | sudo adduser "$USERNAME" sudo | ||
| + | </pre> | ||
| + | |||
| + | Source code: | ||
| + | |||
| + | * https://gist.github.com/valerio-bozzolan/70e0184478fa0ffa52a37745ac04f333 | ||
| + | |||
| + | ;Important | ||
| + | : After creation, mark the related user page in this website with: | ||
| + | :: {{Tl|Accesso server wmit|lessema|sistemisti}} | ||
| + | |||
== On-site backup == | == On-site backup == | ||
Versione delle 10:39, 9 mag 2023
Unix users with sudo
Current enabled users with sudo:
- emerald-stefano (
💼 eme) - civihost-samuele (
💼 civih) - civihost-stefano (
💼 civih) - civihost-alessio (
💼 civih) - valerio-bozzolan (volunteer)
Password authentication is not allowed.
Add Unix user
# fill USERNAME="" SSH_PUB_KEY="" # add the user without password and set SSH public key sudo /root/scripts/add-user-with-ssh-key.sh "$USERNAME" "$SSH_PUB_KEY" # add user in sudoers sudo adduser "$USERNAME" sudo
Source code:
- Important
- After creation, mark the related user page in this website with:
- {{Accesso server wmit|lessema|sistemisti}}
On-site backup
At 23:00 an on-site copy of all databases and webserver files are saved in this location:
/var/backups/wmi/lessema.wikimedia.it
Note: the permissions of the parent directory MUST be set to 750 root:root to keep the backups not accessible by untrusted users (note: the www-data is considered not trusted).
The execution time can be edited with
crontab -e
Note: the backup script prevents duplicate executions caused by daylight saving or standard time changeover.
The backup instructions can be configured here:
/opt/micro-backup-script/backup-instructions.conf
This is the source code of our dummy backup script in use:
https://gitpull.it/source/micro-backup-script/
Off-site backups
The same script that does #On-site backup also push the backup on server ⚙️ horror in this position:
/var/backups/wmi/lessema.wikimedia.it
The users are authorized to access this location:
💼 civih(preferred professional contact)💼 eme(secondary professional contact)- User:Valerio Bozzolan (emergency volunteer contact)
The exact data retention is documented on server ⚙️ horror.
Other on-site backups
There is also this location with additional backups handled by 💼 civih:
/mnt/backup/databases
Script:
/root/mysql_db_backup.sh
Usually they are executed at 11:00, 15:00, 18:00. If you notice slowness in the application in these hours, consider changing or disabling this backup entry.