Post on 05-Dec-2014
description
Independizate de tu departamento IT: Habilidades sysadmin para PHP devs
Pablo Godel @pgodel - 05/Oct/2013Buenos Aires, Argentina
Saturday, October 5, 13
¿Quién soy?
⁃ Argentino viviendo en Estados Unidos desde 1999⁃ Desarrollador PHP & Symfony
⁃ Fundador de la primera lista de discusión de PHP de habla hispana
- Socio fundador de ServerGrove ⁃ Amante de la parrilla
Saturday, October 5, 13
Saturday, October 5, 13
Saturday, October 5, 13
⁃ Fundada en 2005
⁃ Proveedor de servicios de hosting especializado en PHP, Symfony, ZendFramework, y otros
⁃ Servidores en Estados Unidos y Europa
⁃Work with us! jobs@servergrove.com
ServerGrove!
Saturday, October 5, 13
La comunidad es nuestra guia
⁃Muy activos en la comunidad de Open Source contribuyendo con código o patrocinando eventos y grupos de usuarios
Saturday, October 5, 13
La comunidad es nuestra guia
Saturday, October 5, 13
La comunidad es nuestra guia
Saturday, October 5, 13
Habilidades de Sysadmin
¿Quién las necesita?
Saturday, October 5, 13
Text
IT está ocupado o con otras prioidadesSaturday, October 5, 13
¡No es “Rocket Science”!Saturday, October 5, 13
Falta de controlSaturday, October 5, 13
Menos downtimeSaturday, October 5, 13
Mejor PerformanceSaturday, October 5, 13
¿Qué preferís?Saturday, October 5, 13
¿O esto?Saturday, October 5, 13
Un ejemplo...
I s. I ’ s L. E Cs , .
Saturday, October 5, 13
LAMP¿Qué es?
Saturday, October 5, 13
Saturday, October 5, 13
Saturday, October 5, 13
LAMPSaturday, October 5, 13
LAMPSaturday, October 5, 13
LAMPSaturday, October 5, 13
LAMP Scott Beale
Saturday, October 5, 13
LNMPSaturday, October 5, 13
LNMPSaturday, October 5, 13
LNPPSaturday, October 5, 13
LANMMPPSaturday, October 5, 13
LANMMPP¿Porqué?
Saturday, October 5, 13
¿Porqué LANMMPP?
Probado
Saturday, October 5, 13
Estable
¿Porqué LANMMPP?
Saturday, October 5, 13
Seguro
¿Porqué LANMMPP?
Saturday, October 5, 13
Gratis
¿Porqué LANMMPP?
Saturday, October 5, 13
Gratis*
¿Porqué LANMMPP?
Saturday, October 5, 13
Bajo costo
¿Porqué LANMMPP?
Saturday, October 5, 13
Fácil de obtener
¿Porqué LANMMPP?
Saturday, October 5, 13
Distros de Linux
Saturday, October 5, 13
DistrosBasadas en RedHat
- Fedora- RedHat Enterprise Linux (RHEL)- CentOS- Scientific Linux
Saturday, October 5, 13
Basadas en Debian
- Debian- Ubuntu
Distros
Saturday, October 5, 13
Otras- Gentoo- Slackware- OpenSuse- Archlinux- y muchas más!
http://distrowatch.com/http://en.wikipedia.org/wiki/Linux_distribution
Distros
Saturday, October 5, 13
Diferencias principales
- Archivos de configuración- Administración de Paquetes- Manejo de Servicios- Versiones de software- Actualizaciones
Distros
Saturday, October 5, 13
- Archivos de configuración
CentOS
Ubuntu
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/network/interfaces
DistrosDiferencias principales
Saturday, October 5, 13
- Administración de Paquetes
CentOS
Ubuntu
yum install php-cli
apt-get install php5
DistrosDiferencias principales
Saturday, October 5, 13
CentOS
Ubuntu
yum search php-cli
apt-cache search php
DistrosDiferencias principales
- Administración de Paquetes
Saturday, October 5, 13
- Administración de Servicios
CentOS
Ubuntu
service restart httpdchkconfig --list httpdchkconfig httpd on
service restart apache2sudo update-rc.d apache2 enable
DistrosDiferencias principales
Saturday, October 5, 13
- Versiones de Software
CentOS
Ubuntu
httpd-2.2.3
apache-2.2.17
DistrosDiferencias principales
Saturday, October 5, 13
- Actualizaciones
CentOS 5.x
Ubuntu 11
PHP 5.1.6
PHP 5.3.5
DistrosDiferencias principales
Saturday, October 5, 13
- Basadas en el kernel de Linux- PHP desactualizado- Falta de extensiones de PHP
DistrosDiferencias principales
Saturday, October 5, 13
¿Cuál elegir?
D E P E N D E
Distros
Saturday, October 5, 13
- El que se sienta mejor- Experiencia previa- Elegido en el trabajo- Amigo/compañero de trabajo con conocimiento
Distros¿Cuál elegir?
Saturday, October 5, 13
Primera Experiencia
Saturday, October 5, 13
- Correr Linux nativamente- Mac OSX- Máquina Virtual: - VirtualBox - Parallels - VMware- VPS
Primera Experiencia
Saturday, October 5, 13
Primera Experiencia#!/bin/bash
Saturday, October 5, 13
Primera Experiencia#!/bin/bash
Saturday, October 5, 13
Primera Experiencia#!/bin/bash
Saturday, October 5, 13
Primera Experiencia#!/bin/bash
Saturday, October 5, 13
Primera Experiencia#!/bin/bash
Libros recomendados:- Learning the bash Shell- bash Cookbook
Saturday, October 5, 13
Primera Experiencia#!/bin/bash
Comandos más comunes:
$ ls -l /path/$ cd /path$ pwd$ cat /etc/passwd$ less /etc/resolv.conf$ tail -f /var/log/*$ last$ lastb$ vi /etc/hosts
Saturday, October 5, 13
Primera Experiencia#!/bin/bash
Archivos de configuración del usuario:
~/.bash_history~/.bash_logout~/.bash_profile PATH=$PATH:$HOME/bin export PATH
~/.bashrc alias rm='rm -i' alias cp='cp -i' alias mv='mv -i'
Saturday, October 5, 13
Primera Experiencia#!/bin/bash
Directorios más comunes:
/etc /tmp/var/log/var/run/root/home/usr/local/opt
Saturday, October 5, 13
Instalando Apache/PHP
Saturday, October 5, 13
Instalando Apache/PHP# CentOS$ yum install httpd php-cli mod_php
# Ubuntu$ apt-get install apache2 libapache2-mod-php5
Mac OSX- MAMP- Apache nativo + instalación de PHP de Liip- Zend Server CE
Windows- WAMP- IIS + PHP
Saturday, October 5, 13
CentOSRepositorios de 3ros
- Remi RPMhttp://blog.famillecollet.com/- Webtatichttp://www.webtatic.com/- ServerGrove: PHP 5.3.x / 5.4.x / 5.5.x (siempre lo último)http://repos.servergrove.com
Saturday, October 5, 13
cd /etc/yum.repos.d/wget http://repos.servergrove.com/servergrove-rhel-6/servergrove-rhel-6.repoyum install php55 # or php54
CentOSRepositorios de 3ros
Saturday, October 5, 13
UbuntuRepositorios de 3ros
- Dotdeb:http://www.dotdeb.org/- ServerGrove: (siempre lo último)http://repos.servergrove.com
PHP 5.3.x / 5.4.x / 5.5.x
Saturday, October 5, 13
echo “deb http://repos.servergrove.com/servergrove-ubuntu-precise precise main” >> /etc/apt/sources.list.d/servergrove.listapt-get install php53 # or php54
UbuntuRepositorios de 3ros
Saturday, October 5, 13
Desde código fuente
wget http://us2.php.net/get/php-5.5.4.tar.bz2/from/www.php.net/mirrortar jxvf php-5.5.4.tar.bz2cd php-5.5.4./configure make && make install
Instalando PHP
Saturday, October 5, 13
Recompilando
php -i |grep configure./configure '--with-apxs2=/usr/sbin/apxs' '--prefix=/usr/local/php53' '--with-config-file-scan-dir=/etc/php53/conf.d' '--enable-bcmath' '--enable-ctype' '--enable-exif' '--enable-mbstring' '--enable-ftp' '--enable-intl' '--enable-sockets' '--enable-sysvmsg' '--enable-pcntl' '--with-bz2' '--with-curl' '--with-gettext' '--with-gd' '--enable-gd-native-ttf' '--enable-exif' '--with-freetype-dir=/usr' '--with-jpeg-dir=/usr' '--with-t1lib=/usr' '--with-mcrypt' '--with-openssl' '--with-kerberos' '--with-iconv' '--with-xsl' '--with-xmlrpc' '--with-zlib' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd'make && make install
Saturday, October 5, 13
Compilando para Apache
./configure '--with-apxs2=/usr/sbin/apxs' make && make install
Saturday, October 5, 13
Compilando para PHP-FPM
./configure '--enable-fpm' make && make install
Saturday, October 5, 13
Compilando una extensión
./configure --with-curl --enable-ftpmake && make install
Saturday, October 5, 13
cd ext/curlphpize./configure make && make installecho “extension=curl.so” >> php.ini
Compilando una extensión(dinámicamente)
Saturday, October 5, 13
http://pecl.php.net/
Compilando una extensión
Saturday, October 5, 13
Compilando una extensión(PECL)
pecl install apc# orpecl download apctar zxvf APC-3.1.13.tgzcd APC-3.13phpize./configure make && make installecho “extension=apc.so” >> php.ini
Saturday, October 5, 13
Automatizá!
- Chef- Puppet- Ansible
Instalando PHP
Saturday, October 5, 13
Configuración
/etc/php/php.ini/etc/php5/cli/php.ini
/usr/local/lib/php.ini
Default location
Other common locations
/etc/php5/apache2/php.ini
Saturday, October 5, 13
php -i | grep php.iniConfiguration File (php.ini) Path => /usr/local/php5/libLoaded Configuration File => /usr/local/php5-20110426-093151/lib/php.iniScan this dir for additional .ini files => /usr/local/php5/php.dAdditional .ini files parsed => /usr/local/php5/php.d/10-extension_dir.ini,
Configuración
Saturday, October 5, 13
php -i | grep mongo/usr/local/php5/php.d/50-extension-mongo.ini,mongomongo.allow_empty_keys => 0 => 0mongo.allow_persistent => 1 => 1mongo.auto_reconnect => 1 => 1mongo.chunk_size => 262144 => 262144mongo.cmd => $ => $mongo.default_host => localhost => localhostmongo.default_port => 27017 => 27017
Configuración
Saturday, October 5, 13
[PHP Modules]apcbcmathbz2Corectypecurldatedomereg
php -m
Configuración
Saturday, October 5, 13
Configuraciónphp.ini
extension_dir=/usr/lib/php/extensions/no-debug-non-zts-20090626
extension=apc.soextension=mongo.so
Saturday, October 5, 13
php -i | grep extension_dirextension_dir => /usr/local/php5/lib/php/extensions/no-debug-non-zts-20090626
Configuraciónphp.ini
Saturday, October 5, 13
date.timezone=UTCdisplay_errors = offlog_errors = onerror_log = /var/log/php.log
Configuraciónphp.ini
Saturday, October 5, 13
ConfiguraciónSeguridad
memory_limit = 128Mmax_execution_time = 30display_errors = offexpose_php = offmail.log = /var/log/phpmails.logdisable_functions = execallow_url_fopen = off
Saturday, October 5, 13
ConfiguraciónSubida de archivos
con .htaccessphp_value memory_limit 128Mphp_value max_file_uploads 20php_value max_input_time -1php_value post_max_size 8Mphp_value upload_max_filesize 2Mphp_value max_execution_time 0
AllowOverride=All en Apache!Saturday, October 5, 13
ConfiguraciónInclude .htaccess
<Directory /path/to/document/root> Include /path/to/.htaccess</Directory>
AllowOverride=None en Apache!Saturday, October 5, 13
ConfiguraciónApache
php_value date.timezone UTCphp_flag display_errors 1php_value memory_limit 128Mphp_value max_execution_time 0
No te olvides de reiniciar ApacheSaturday, October 5, 13
Usuario del Servidor Web
- apache- nobody- www-data- ftp / ssh user (a veces)
Posibles usuarios
¿Problemas con permisos?
Saturday, October 5, 13
Solución:rm -rf app/cache/*rm -rf app/logs/*
sudo chmod +a "www-data allow delete,write,append,file_inherit,directory_inherit" app/cache app/logssudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
http://symfony.com/doc/current/book/installation.html
¿Problemas con permisos?
Usuario del Servidor Web
Saturday, October 5, 13
Deployando PHP
Saturday, October 5, 13
Antes de salir al aire
Asegurate que ntpd este instalado y corriendo
yum install ntpchkconfig ntpd onntpdate pool.ntp.org
Saturday, October 5, 13
- Deshabilitar PHP en lugares específicos
<Location /uploads> php_admin_flag engine off</Location>
Antes de salir al aire
Saturday, October 5, 13
- Limitar acceso por IP
<Location /admin> Order Deny,Allow Deny from all Allow from 1.2.3.4</Location>
Antes de salir al aire
Saturday, October 5, 13
- Agregar autenticación HTTP
<Location /admin> Require valid-user AuthType Basic AuthName "SG" AuthUserFile /path/users</Location>
Antes de salir al aire
Saturday, October 5, 13
- Callá Apache
ServerTokens Prod
Antes de salir al aire
Saturday, October 5, 13
RewriteEngine On
RewriteRule ^\.htaccess$ - [F]
RewriteCond %{REQUEST_FILENAME} -fRewriteRule ^.*$ - [NC,L]
RewriteCond %{REQUEST_URI} !^/web/.*$RewriteRule ^(.*)$ /web/$1
Mover document root con .htaccess
Antes de salir al aire
Saturday, October 5, 13
- Mayúsculas/minúsculas
IPCheck_Form_Index_Login != IpCheck_Form_Index_Login
/path/to/file/IpCheck_Form_Index_Login.php<?php class IPCheck_Form_Index_Login {...
Antes de salir al aire
Saturday, October 5, 13
Effing Package Management
https://github.com/jordansissel/fpm
Crear paquetes para múltiples plataformas (deb, rpm, etc) con gran facilidad.
fpm -s dir -t rpm -n "sfapp" -v 1.0 /var/www/sfapp
fpm -s dir -t deb -a all -n sfapp -v 1.0 /etc/apache2/conf.d/my.conf /var/www/sfapp
Saturday, October 5, 13
Capistrano / Capifony
- multiples servidores- multiples entornos (dev/qa/prod)- configura directorios compartidos (vendors, cache, logs, etc)- copia archivos- actualiza vendors- multiples versiones- rollback
Saturday, October 5, 13
Configurando SSH
$ ssh-keygen -t dsa ~/.ssh/id_dsa.pub
$ ssh-copy-id user@remote-host ~/.ssh/authorized_keys ~/.ssh/authorized_keys2
$ ssh-add
Saturday, October 5, 13
~/.ssh/config
Host * ForwardAgent yes Port 22123
Host gh HostName github.com Port 22 PreferredAuthentications publickey IdentityFile ~/.ssh/me_rsa
Configurando SSH
Saturday, October 5, 13
/etc/ssh/sshd_config
Port 22 Port 22123 PermitRootLogin no PasswordAuthentication no
Configurando SSH
Saturday, October 5, 13
Automatizá!
https://github.com/pgodel/m-sunshinephp/blob/master/web/deploy.php
<?php
exec('/usr/bin/env -i HOME=/var/www/vhosts/m.sunshinephp.com/m-sunshine git pull origin master');
http://m.sunshinephp.com/deploy.php
Deployando PHP
Saturday, October 5, 13
Tips de DNS
Saturday, October 5, 13
El poder del archivo hosts
Saturday, October 5, 13
/etc/hosts
10.0.1.1 www.lottery.com
El poder del archivo hosts
Saturday, October 5, 13
/etc/hosts
10.0.1.1 example1.com example2.com
El poder del archivo hosts
Saturday, October 5, 13
Virtual Document Root
UseCanonicalName Off
VirtualDocumentRoot /var/www/vhosts/%0/web
<Location /var/www/vhosts> AllowOverride All Options +FollowSymLinks</Location>
example.com => /var/www/vhosts/example.com/webexample2.com => /var/www/vhosts/example2.com/web
Saturday, October 5, 13
Nameservers/Expiración
whois servergrove.com...Name Servers: ns1.servergrove.com ns2.servergrove.com ns3.servergrove.com
Creation date: 19 May 2005 23:34:36Expiration date: 19 May 2014 23:34:00
Saturday, October 5, 13
Registros DNS
dig -t A google.com;; ANSWER SECTION:google.com. 184 IN A 74.125.230.227google.com. 184 IN A 74.125.230.228google.com. 184 IN A 74.125.230.229google.com. 184 IN A 74.125.230.230google.com. 184 IN A 74.125.230.231google.com. 184 IN A 74.125.230.232google.com. 184 IN A 74.125.230.233google.com. 184 IN A 74.125.230.238google.com. 184 IN A 74.125.230.224google.com. 184 IN A 74.125.230.225google.com. 184 IN A 74.125.230.226
Saturday, October 5, 13
dig -t A servergrove.eu @ns1.servergrove.com;; ANSWER SECTION:servergrove.eu. 3600 IN A 149.5.47.100
Registros DNS
Saturday, October 5, 13
Delegación DNShttp://www.simpledns.com/lookup-dg.aspx
Saturday, October 5, 13
traceroute
traceroute google.com
traceroute to google.com (173.194.37.33), 30 hops max, 40 byte packets 1 2.69-195-222.static.servergrove.com (69.195.222.2) 0.360 ms 0.365 ms 0.432 ms 2 t0-1-0-5.br2.mia.terremark.net (66.165.161.45) 1.558 ms 1.546 ms 1.532 ms 3 core1-1-0-0.mia.net.google.com (198.32.124.133) 0.238 ms 0.224 ms 0.230 ms 4 209.85.253.74 (209.85.253.74) 0.266 ms 0.283 ms 0.312 ms 5 209.85.254.252 (209.85.254.252) 12.764 ms 12.757 ms 12.749 ms 6 64.233.175.92 (64.233.175.92) 14.177 ms 14.257 ms 14.359 ms 7 atl14s07-in-f1.1e100.net (173.194.37.33) 13.653 ms 13.606 ms 13.618 ms
Saturday, October 5, 13
mtr
Saturday, October 5, 13
Monitoreo
Saturday, October 5, 13
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from .your_domain.com</Location>
ExtendedStatus On
Requests de Apache
Saturday, October 5, 13
Requests de Apache
Saturday, October 5, 13
- Cacti- Ganglia- Zabbix- collectd- statsd / StatsDBundle- graphite
Saturday, October 5, 13
statsd / StatsDBundle / Graphite
Saturday, October 5, 13
CPU / Memory / IO
top
Saturday, October 5, 13
IO
iotop
Saturday, October 5, 13
Tráfico de Rediptraf
Saturday, October 5, 13
$ grep POST /var/log/apache2/access_log
Manejando logs
Saturday, October 5, 13
Manejando logs
- Centralizar logs con syslog
error_log = syslog
- Monolog soporta syslog- logstash, logster, loggly, logio
Saturday, October 5, 13
Acelerando
Saturday, October 5, 13
Acelerando
- nginx/php-fpm- APC (PHP 5.4 y anterior)- ZendOptimizer+ (incluido in PHP 5.5)- Memcache- nginx reverse proxy cache- Varnish
Saturday, October 5, 13
Backups
Saturday, October 5, 13
Backups
- rsync- rdiff-backup- Unison- Bacula- Amanda
Saturday, October 5, 13
Backups
No te olvides de backupear tu DB!
http://blog.servergrove.com/2012/01/24/backup-your-mysql-database-using-mysqldump/
Saturday, October 5, 13
Reading List
- Automating UNIX and Linux Administration- Running Linux - Learning the bash Shell: Unix Shell Programming
Saturday, October 5, 13
The End ¿Preguntas?
Habilidades sysadmin para PHP devsSaturday, October 5, 13
Gracias!Habilidades sysadmin para PHP devs
Pablo Godel @pgodel
Saturday, October 5, 13