Lone Star PHP 2013 - Sysadmin Skills for PHP Developers

Declare Independence from your IT department: SysAdmin skills for PHP developers

Pablo Godel @pgodel - June 29th, 2013Lone Star PHP Conference

http://joind.in/8696

Saturday, June 29, 13

- Why SysAdmin Skills- Introduction to LAMP- Hosting options- Linux distributions- Installing PHP options- Deploying PHP- Various production tips- Monitoring- Backups

Agenda

Who Am I?

⁃ Born in Argentina, living in the US since 1999⁃ PHP & Symfony developer

⁃ Founder of the original PHP mailing list in spanish ⁃ Parrilla Lover

⁃ Co-founder of ServerGrove

⁃ Founded ServerGrove Networks in 2005

⁃ Provider of web hosting specialized in PHP, Symfony, ZendFramework, MongoDB and others

⁃ Servers in USA and Europe!

ServerGrove!

Very active open source supporter through codecontributions and usergroups/conference sponsoring

Community is our teacher

Sysadmin Skills

Who needs them?

IT is busy / Different PrioritiesSaturday, June 29, 13

!Rocket ScienceSaturday, June 29, 13

Lack of controlSaturday, June 29, 13

Less downtimeSaturday, June 29, 13

Better PerformanceSaturday, June 29, 13

What do you prefer?Saturday, June 29, 13

Or this?Saturday, June 29, 13

An example...

I s. I ’ s L. E Cs , .

LAMPWhat is

LAMPSaturday, June 29, 13

LAMP Scott Beale

LNMPSaturday, June 29, 13

LNPPSaturday, June 29, 13

LANMMPPSaturday, June 29, 13

LANMMPPWhy?

Why LANMMPP

Proven

Stable

Why LANMMPP

Secure

Why LANMMPP

Inexpensive

Why LANMMPP

Easily Available

Why LANMMPP

Hosting Options

Hosting OptionsShared Hosting

- Inexpensive- Widely available- Easy to use- No maintenance- No updates- Instant provisioning- DNS/Email services

- Shared resources- No/Limited Shell- Many restrictions- No control- Fixed versions - Multitude of CPs

Hosting OptionsDedicated Servers

- Full control- No sharing- Best performance- Software / Hardware to specs

- Hard to plan- Software updates- SysAdmin skills- Expensive to start- Parts replacements- Control Panel licenses

Hosting OptionsVirtual Servers / VPS

- Shared resources- Software updates- SysAdmin skills- Limited/No CP- Lack of email

Hosting OptionsVirtual Servers / VPS

- Inexpensive- Widely available- Choice of OS- Root access- Full shell- Fast provisioning- Custom software

- Custom configurations- Snapshots- Multiple Envs

Hosting OptionsCloud Hosting

Depends on implementation

Some are a shared hosting with a fancy new name

Some are a shared hosting with a fancy new nameOthers let you start small and scale easily

Some are a shared hosting with a fancy new nameOthers let you start small and scale easilyGets really expensive at scale

Most suffer from some of the shared hosting problems:- vendor lock-in- lack of control- high learning curve- limited environment

Hosting Options

Which one to choose?

Hosting OptionsWhich one to choose?

I T D E P E N D S

Linux Distributions

DistributionsRedHat based

- Fedora- RedHat Enterprise Linux (RHEL)- CentOS- Scientific Linux

DistributionsDebian based

- Debian- Ubuntu

DistributionsOthers

- Gentoo- Slackware- OpenSuse- Archlinux- any many many more!

http://distrowatch.com/http://en.wikipedia.org/wiki/Linux_distribution

DistributionsKey differences- Configuration files- Package Manager- Managing Services- Software versions- Updates

DistributionsKey differences

- Configuration files

CentOS

Ubuntu

/etc/sysconfig/network-scripts/ifcfg-eth0

/etc/network/interfaces

- Package Manager

CentOS

Ubuntu

yum install php-cli

apt-get install php5

- Package Manager

CentOS

Ubuntu

yum search php-cli

apt-cache search php

- Managing Services

CentOS

Ubuntu

service restart httpdchkconfig --list httpdchkconfig httpd on

service restart apache2sudo update-rc.d apache2 enable

- Software versions

CentOS

Ubuntu

httpd-2.2.3

apache-2.2.17

- Updates

CentOS 5.x

Ubuntu 11

PHP 5.1.6

PHP 5.3.5

DistributionsKey similarities

- Based on Linux Kernel

- Screwed up or ancient PHP- Lack of PHP extensions

DistributionsWhich one to choose?

I T D E P E N D S

DistributionsWhich one to choose?

- Best feeling- Previous experience- Workplace selection- Coworker / friend knowledge

First Experience

- Run Linux natively- Mac OSX- Virtual Machine: - VirtualBox - Parallels - VMware- VPS

First Experience#!/bin/bash

Recommended Books:- Learning the bash Shell- bash Cookbook

Most Common Commands:

$ ls -l /path/$ cd /path$ pwd$ cat /etc/passwd$ less /etc/resolv.conf$ tail -f /var/log/*$ last$ lastb$ vi /etc/hosts

User`s config files:

~/.bash_history~/.bash_logout~/.bash_profile PATH=$PATH:$HOME/bin export PATH

~/.bashrc alias rm='rm -i' alias cp='cp -i' alias mv='mv -i'

Most common directories:

/etc /tmp/var/log/var/run/root/home/usr/local/opt

Installing Apache/PHP

Installing Apache/PHP# CentOS$ yum install httpd php-cli mod_php

# Ubuntu$ apt-get install apache2 libapache2-mod-php5

Mac OSX- MAMP- Native Apache + Liip PHP installation- Zend Server CE

Windows- WAMP- IIS + PHP

Installing PHPCentOS

Third Party Repositories- Remi RPMhttp://blog.famillecollet.com/- Webtatichttp://www.webtatic.com/- ServerGrove: PHP 5.3.x / 5.4.x / 5.5.x (always latest)http://repos.servergrove.com

Installing PHPCentOS

Third Party Repositories

cd /etc/yum.repos.d/wget http://repos.servergrove.com/servergrove-centos-5/servergrove-centos-5.repoyum install php53 # or php54

Installing PHPUbuntu

- Dotdeb:http://www.dotdeb.org/- ServerGrove: (always latest)http://repos.servergrove.com

PHP 5.3.x / 5.4.x / 5.5.x

Installing PHPUbuntu

echo “deb http://repos.servergrove.com/servergrove-ubuntu-precise precise main” >> /etc/apt/sources.list.d/servergrove.listapt-get install php53 # or php54

Installing PHPFrom Source

wget http://us2.php.net/get/php-5.4.12.tar.bz2/from/www.php.net/mirrortar jxvf php-5.4.12.tar.bz2cd php-5.4.12./configure make && make install

Installing PHPRecompiling

php -i |grep configure./configure '--with-apxs2=/usr/sbin/apxs' '--prefix=/usr/local/php53' '--with-config-file-scan-dir=/etc/php53/conf.d' '--enable-bcmath' '--enable-ctype' '--enable-exif' '--enable-mbstring' '--enable-ftp' '--enable-intl' '--enable-sockets' '--enable-sysvmsg' '--enable-pcntl' '--with-bz2' '--with-curl' '--with-gettext' '--with-gd' '--enable-gd-native-ttf' '--enable-exif' '--with-freetype-dir=/usr' '--with-jpeg-dir=/usr' '--with-t1lib=/usr' '--with-mcrypt' '--with-openssl' '--with-kerberos' '--with-iconv' '--with-xsl' '--with-xmlrpc' '--with-zlib' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd'make && make install

Installing PHPCompiling for Apache

./configure '--with-apxs2=/usr/sbin/apxs' make && make install

Installing PHPCompiling for Nginx / PHP-FPM

./configure '--enable-fpm' make && make install

Installing PHPCompiling extension

./configure --with-curl --enable-ftpmake && make install

(dynamic)

cd ext/curlphpize./configure make && make installecho “extension=curl.so” >> php.ini

http://pecl.php.net/

(PECL)pecl install apc# orpecl download apctar zxvf APC-3.1.13.tgzcd APC-3.13phpize./configure make && make installecho “extension=apc.so” >> php.ini

Automate!

- Chef- Puppet- ...

Installing PHP

Installing PHPConfiguration

/etc/php/php.ini/etc/php5/cli/php.ini

/usr/local/lib/php.ini

Default location

Other common locations

/etc/php5/apache2/php.ini

php -i | grep php.iniConfiguration File (php.ini) Path => /usr/local/php5/libLoaded Configuration File => /usr/local/php5-20110426-093151/lib/php.iniScan this dir for additional .ini files => /usr/local/php5/php.dAdditional .ini files parsed => /usr/local/php5/php.d/10-extension_dir.ini,

php -i | grep mongo/usr/local/php5/php.d/50-extension-mongo.ini,mongomongo.allow_empty_keys => 0 => 0mongo.allow_persistent => 1 => 1mongo.auto_reconnect => 1 => 1mongo.chunk_size => 262144 => 262144mongo.cmd => $ => $mongo.default_host => localhost => localhostmongo.default_port => 27017 => 27017

[PHP Modules]apcbcmathbz2Corectypecurldatedomereg

php -m

php.iniextension_dir=/usr/lib/php/extensions/no-debug-non-zts-20090626

extension=apc.soextension=mongo.so

php.ini

php -i | grep extension_dirextension_dir => /usr/local/php5/lib/php/extensions/no-debug-non-zts-20090626

php.ini

date.timezone=UTCdisplay_errors = offlog_errors = onerror_log = /var/log/php.log

Securitymemory_limit = 128Mmax_execution_time = 30display_errors = offexpose_php = offmail.log = /var/log/phpmails.logdisable_functions = execallow_url_fopen = off

File uploads on .htaccessphp_value memory_limit 128Mphp_value max_file_uploads 20php_value max_input_time -1php_value post_max_size 8Mphp_value upload_max_filesize 2Mphp_value max_execution_time 0

AllowOverride=All in Apache!Saturday, June 29, 13

Include .htaccess

<Directory /path/to/document/root> Include /path/to/.htaccess</Directory>

AllowOverride=None in Apache!Saturday, June 29, 13

Apache

php_value date.timezone UTCphp_flag display_errors 1php_value memory_limit 128Mphp_value max_execution_time 0

Don’t forget to restart ApacheSaturday, June 29, 13

Installing PHPWeb Server User

- apache- nobody- www-data- ftp / ssh user (sometimes)

Possible users

Permissions issues with clear cache and uploads, Anyone?

Installing PHPWeb Server User

Permissions issues with clear cache and uploads, Anyone?

rm -rf app/cache/*rm -rf app/logs/*

sudo chmod +a "www-data allow delete,write,append,file_inherit,directory_inherit" app/cache app/logssudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs

http://symfony.com/doc/current/book/installation.html

Deploying PHP

Deploying PHPBefore going live

Make sure ntpd is installed and running to ensure accurate server time

yum install ntpchkconfig ntpd onntpdate pool.ntp.org

- Disable PHP in specific directories

<Location /uploads> php_admin_flag engine off</Location>

- Limit access by IP

<Location /admin> Order Deny,Allow Deny from all Allow from 1.2.3.4</Location>

- Add HTTP Authentication

<Location /admin> Require valid-user AuthType Basic AuthName "SG" AuthUserFile /path/users</Location>

- Quiet down Apache

ServerTokens Prod

RewriteEngine On

RewriteRule ^\.htaccess$ - [F]

RewriteCond %{REQUEST_FILENAME} -fRewriteRule ^.*$ - [NC,L]

RewriteCond %{REQUEST_URI} !^/web/.*$RewriteRule ^(.*)$ /web/$1

Move document root with .htaccess

- Case senstive filesystem

IPCheck_Form_Index_Login != IpCheck_Form_Index_Login

/path/to/file/IpCheck_Form_Index_Login.php<?php class IPCheck_Form_Index_Login {...

Deploying PHP- server-side vi- plain old FTP- SFTP- scp- rsync + ssh- git- tar / gzip- rpm / deb packages- capistrano / capifony

Deploying PHPEffing Package Management

https://github.com/jordansissel/fpm

Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.

fpm -s dir -t rpm -n "sfapp" -v 1.0 /var/www/sfapp

fpm -s dir -t deb -a all -n sfapp -v 1.0 /etc/apache2/conf.d/my.conf /var/www/sfapp

Deploying PHPCapistrano / Capifony

- multiple servers- multiple environments- setup shared folders (vendors, cache, logs, etc)- copy files- update vendors- multi versions- rollback- restart apache

Deploying PHPSetting up SSH

$ ssh-keygen -t dsa ~/.ssh/id_dsa.pub

$ ssh-copy-id user@remote-host ~/.ssh/authorized_keys ~/.ssh/authorized_keys2

$ ssh-add

~/.ssh/config

Host * ForwardAgent yes Port 22123

Host gh HostName github.com Port 22 PreferredAuthentications publickey IdentityFile ~/.ssh/me_rsa

/etc/ssh/sshd_config

Port 22 Port 22123 PermitRootLogin no PasswordAuthentication no

Deploying PHP Automate!

https://github.com/pgodel/m-sunshinephp/blob/master/web/deploy.php

exec('/usr/bin/env -i HOME=/var/www/vhosts/m.sunshinephp.com/m-sunshine git pull origin master');

http://m.sunshinephp.com/deploy.php

DNS Tips

DNS Tips The Power of the hosts file

/etc/hosts

10.0.1.1 www.lottery.com

/etc/hosts

10.0.1.1 example1.com example2.com

DNS TipsVirtual Document Root

UseCanonicalName Off

VirtualDocumentRoot /var/www/vhosts/%0/web

<Location /var/www/vhosts> AllowOverride All Options +FollowSymLinks</Location>

example.com => /var/www/vhosts/example.com/webexample2.com => /var/www/vhosts/example2.com/web

DNS TipsNameservers/Expiration

whois servergrove.com...Name Servers: ns1.servergrove.com ns2.servergrove.com ns3.servergrove.com

Creation date: 19 May 2005 23:34:36Expiration date: 19 May 2014 23:34:00

DNS TipsDNS records

dig -t A google.com;; ANSWER SECTION:google.com. 184 IN A 74.125.230.227google.com. 184 IN A 74.125.230.228google.com. 184 IN A 74.125.230.229google.com. 184 IN A 74.125.230.230google.com. 184 IN A 74.125.230.231google.com. 184 IN A 74.125.230.232google.com. 184 IN A 74.125.230.233google.com. 184 IN A 74.125.230.238google.com. 184 IN A 74.125.230.224google.com. 184 IN A 74.125.230.225google.com. 184 IN A 74.125.230.226

DNS TipsDNS records

dig -t A servergrove.eu @ns1.servergrove.com;; ANSWER SECTION:servergrove.eu. 3600 IN A 149.5.47.100

DNS Tips DNS Delegationhttp://www.simpledns.com/lookup-dg.aspx

DNS Tipstraceroute

traceroute google.com

traceroute to google.com (173.194.37.33), 30 hops max, 40 byte packets 1 2.69-195-222.static.servergrove.com (69.195.222.2) 0.360 ms 0.365 ms 0.432 ms 2 t0-1-0-5.br2.mia.terremark.net (66.165.161.45) 1.558 ms 1.546 ms 1.532 ms 3 core1-1-0-0.mia.net.google.com (198.32.124.133) 0.238 ms 0.224 ms 0.230 ms 4 209.85.253.74 (209.85.253.74) 0.266 ms 0.283 ms 0.312 ms 5 209.85.254.252 (209.85.254.252) 12.764 ms 12.757 ms 12.749 ms 6 64.233.175.92 (64.233.175.92) 14.177 ms 14.257 ms 14.359 ms 7 atl14s07-in-f1.1e100.net (173.194.37.33) 13.653 ms 13.606 ms 13.618 ms

DNS Tipshttp://whereisitup.com

DNS Tipsmtr

Monitoring

<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from .your_domain.com</Location>

ExtendedStatus On

Apache Requests

MonitoringApache Requests

Monitoring

- Cacti- Ganglia- Zabbix- collectd- statsd / StatsDBundle- graphite

Monitoringstatsd / StatsDBundle / Graphite

MonitoringCPU / Memory / IO

MonitoringIO

MonitoringNetwork

iptraf

MonitoringHandling logs

- Centralize logs with syslog

error_log = syslog

- Monolog supports syslog- logstash, logster, loggly, logio

MonitoringHandling logs

$ grep POST /var/log/apache2/access_log

Speeding up

- nginx/php-fpm- APC- ZendOptimizer+ (Included in PHP 5.5)- Memcache- nginx reverse proxy cache- Varnish

Backups

- rsync- rdiff-backup- Unison- Bacula- Amanda

Backups

Don’t forget to backup your DB!

http://blog.servergrove.com/2012/01/24/backup-your-mysql-database-using-mysqldump/

Reading List

- Automating UNIX and Linux Administration- Running Linux - Learning the bash Shell: Unix Shell Programming

The End Questions?

Sysadmin skills for PHP developersSaturday, June 29, 13

http://joind.in/8696 Thank you!

Sysadmin skills for PHP developers

Pablo Godel @pgodel Saturday, June 29, 13

Lone Star PHP 2013 - Sysadmin Skills for PHP Developers

Technology

SYSADMIN TNG

Test Driven Sysadmin

sysadmin interviewTechnical

Sysadmin delight

2 Solaris Sysadmin

TDD with PhpSpec - Lone Star PHP 2016

RHCE @Sysadmin Academy :

Ontap 8 sysadmin

Virtualized development - Lone Star PHP

Conscious Decoupling - Lone Star PHP

Windows Sysadmin Interview Questions

Soflophp 2013 - SysAdmin skills for PHP developers

KMS SysAdmin Guide

Intro to-ssdl--lone-star-php-2013

SysAdmin AG v2010EE

Sup Sysadmin

Unix Sysadmin

Vis ma vie de SysAdmin Forum PHP 2013

PHP at Density and Scale (Lone Star PHP 2014)

Data Ontap 8 Sysadmin