-
Notifications
You must be signed in to change notification settings - Fork 0
202_Automated Aegir Setup
The scripts may not run successfully since VPSs are configured in specific ways at JMA Consulting. For example, certain steps will cat a root password stored in a text file somewhere on the VPS since it was configured to automatically generate using another Ansible playbook. If you would like to use these scripts, you will have to take the time to make adjustments to certain lines of the playbook to suit your own VPS configuration.
This page provides instructions for setting up and Aegir front end for bulk hosting of WordPress + CiviCRM sites connected to the CiviPress infrastructure. Each step includes an identity that indicates which application should be used for the instructions that proceed. Examples are also provided for steps that have varying parameters depending on the context (server names, usernames, passwords, etc).
Note: Even though each new step indicates shelling into the server, it is not necessary often as you can continue on a previously open terminal that is already shelled into the server. The goal is to provide ease of understanding if a specific portion needs to be configured or changed in contrast from going through start to finish.
The following values will be used for the examples:
| Parameter | Value |
|---|---|
| User on VPS servers | luke |
| Primary Percona Server | d4.jmaconsulting.biz |
| Secondary Percona Server | d5.jmaconsulting.biz |
| Active Vault Server | d1.jmaconsulting.biz |
| Front End Server | d6.jmaconsulting.biz |
- 6 VPS's configured
Clone the repository from here
Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [primary_percona_server] ./aegir_1.yml -i production -K
# enter the following:
# front_end_host
# Follow the prompts on the terminal after the script is finished
# ===== example ===== #
$ ansible-playbook -l d4.jmaconsulting.biz ./aegir_1.yml -i production -K
- d6.jmaconsulting.bizIdentity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [front_end_server] ./aegir_2.yml -i production -K
# enter the following:
# certbot email
# primary percona host
# seconday percona host
# primary percona host with no domain (d4, d5, etc)
# proxysql db user password located on primary percona server
# orchestrator db user password located on primary percona server
# aegir root user password located on primary percona server
# Follow the prompts on the terminal after the script is finished
# ===== example ===== #
$ ansible-playbook -l d6.jmaconsulting.biz ./aegir_2.yml -i production -K
- [email protected]
- d4.jmaconsulting.biz
- d5.jmaconsulting.biz
- d4
- password
- password
- password
Identity: Local Machine, Terminal
# You might get an error with the ansible script. Shell into front end server
$ ssh [user]@[host]
# ===== example =====
$ ssh [email protected]
Identity: Front End Server, Terminal
# Remove the aegir directory
$ rm -R /var/aegir
# recreate the directory and config folder
$ sudo mkdir /var/aegir
$ mkdir /var/aegir/config
# install aegir again. You will need to manually put in the aegir root db user password when prompted
$ apt-get install aegir3Identity: Local Machine, Terminal
# navigate to ansible script root directory
$ ansible-playbook -l [front_end_server] ./aegir_3.yml -i production -KIdentity: Local Machine, Terminal
$ ssh [user]@[host]
# ===== example =====
$ ssh [email protected]
Identity: Front End Server, Terminal
# run the drush command to get a one time reset password link
$ sudo su aegir -c 'drush @hm uli'
# Copy the link into the browser and reset password
# Navigate to the 'Hostmaster' tab located at the top right of the site
# Click on the database server (it should be the primary percona server)
# Click on the 'Edit' tab
# Change server hostname from the primary percona server to '127.0.0.1'
# Click on the 'Database' tab
# Click on the 'MySQL' radio button
# Change the port from 3306 to 6033
# Get the aegir root password from the primary percona server
# Type in the aegir root password
# SaveIdentity: Local Machine, Terminal
$ ssh [user]@[host]
# ===== example =====
$ ssh [email protected]
Apply the following github changes for the aegir drush commands
Apply the following github changes for the hosting_wordpress module
Identity: Local Machine, Terminal
$ ssh [user]@[host]
# ===== example =====
$ ssh [email protected]
Identity: Front End Server, Terminal
# get the main aegir site database credentials
$ nano /var/aegir/hostmaster-7.x-3.x/sites/[aegir_site]/drushrc.php
Identity: Front End Server, Terminal
# log into proxysql
$ mysql -u admin -p -h 127.0.0.1 -P 6032
Identity: Front End Server, ProxySQL Admin Terminal
mysql> INSERT INTO mysql_users(username,password,default_hostgroup) VALUES ('[db_user]', '[db_passwd]', 1);
mysql> LOAD MYSQL USERS TO RUNTIME;
mysql> SAVE MYSQL USERS FROM RUNTIME;
mysql> SAVE MYSQL USERS TO DISK;Identity: Local Machine, Terminal
# shell into primary Percona server to change aegir site user password plugin
$ ssh [user]@[host]
# ===== example =====
$ ssh [email protected]
Identity: Primary Percona Server, Terminal
# log into mysql
$ mysql -uroot -p
Identity: Front End Server, MySQL Terminal
mysql> DROP USER '[db_user]'@'[db_host]';
mysql> CREATE USER '[db_user]'@'[db_host]' IDENTIFIED WITH mysql_native_password BY '[db_passwd]';
mysql> GRANT ALL PRIVILEGES ON '[db_name]'.* to '[db_user]'@'[db_host]';
Identity: Local Machine, Terminal
$ ssh [user]@[host]
# ===== example =====
$ ssh [email protected]
Identity: Front End Server, Terminal
# get the main aegir site database credentials
$ nano /var/aegir/hostmaster-7.x-3.x/includes/database/mysql/database.inc
Identity: database.inc
# comment out the following line
sql_mode .= ',NO_AUTO_CREATE_USER';
Identity: Front End Server, Terminal
# Change the database host and port
$ nano /var/aegir/hostmaster-7.x-3.x/sites/[aegir_site]/drushrc.php
Identity: drushrc.php
# Change the existing db_host and db_port values to ProxySQL
$options['db_host'] = '127.0.0.1';
$options['db_port'] = '6033';
Go to the Aegir Site GUI and run the Verify task on the Aegir site again.
Identity: Local Machine, Terminal
$ ssh [user]@[host]
# ===== example =====
$ ssh [email protected]
Identity: Front End Server, Terminal
# Add SSL certificate to Aegir Site
$ nano /var/aegir/hostmaster-7.x-3.x/sites/[aegir_site]/settings.php
Identity: settings.php
# add the following to the end of the array stored in $databases['default']['default']
'pdo' => [
PDO::MYSQL_ATTR_SSL_CA => dirname(__DIR__) . '/d6.jmaconsulting.biz/cacert.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
],