Quick setup notes for Debian Servers

Make sure that /data/project/<environment> exists. On WMF servers, this is provided by setting mount_nfs: true in the instance Hiera configuration.

Docker Swarm

If you are feeling trustworthy, go ahead and pipe our script directly into a root shell on your server. What's the worst that could happen?

sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/WikipediaLibrary/TWLight/production/bin/debian_swarm_deploy.sh)"

You should at least check the source at bin/debian_swarm_deploy.sh

Email

SPF

an SPF dns record is domain-wide and not-server specific. It should already be created, but is documented here for posterity:

twl.wmflabs.org.	60	IN	TXT	"v=spf1 a:mx-out03.wmcloud.org a:mx-out04.wmcloud.org ~all"

DKIM

The deployment script will create all of the key material and print out the information needed to create the appropriate DNS record.

<environment>._domainkey.twl.wmflabs.org. 60 IN TXT	"v=DKIM1;t=s;p=************************************************************************************************************************************************************************************************************************;adkim=s;"

note that:

• <environment> must match the DKIM_SELECTOR environment variable defined in conf/<environment>.twlight.env
• DKIM_SELECTOR should match the deployment environment
• In the case of a staging server, all of these should be staging

Housekeeping

• Restore state from a backup docker exec -t $(docker ps -q -f name=staging_twlight) /app/bin/virtualenv_restore.sh /app/backup/dd.hh.tar.gz
• Setup weekly log rotation truncate docker logs $ sudo vim /etc/logrotate.d/twl_docker_container_logs

/var/lib/docker/containers/*/*-json.log {
    rotate 0
    weekly
    missingok
    copytruncate
    postrotate
        rm "${1}.1"
    endscript
}