Project 3 ‐ Web Application and Database Redundancy - jacobwilliams100/sec-440 GitHub Wiki

Part 1: Database Redundancy

u1-3 Setup

Connect adapter to LAN Network {0C6C9104-A931-40DD-A17A-EFC382DD59BD}

Edit configuration manually with sudo nano /etc/netplan/00-installer-config.yaml

{59EE83BF-F041-4350-966A-25250C429D58}

and apply with sudo netplan apply

Install MariaDB with sudo apt update and sudo apt install mariadb-server

Now shut it down while we configure it, do sudo systemctl stop mariadb

and Configure as Galera cluster

https://www.linuxbabe.com/mariadb/galera-cluster-ubuntu

sudo nano /etc/mysql/mariadb.conf.d/60-galera.cnf

We will edit the file in some major ways for the setup we want to accomplish.

image

image

We must modify one more file: sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

and set bind-address to 0.0.0.0

image

Open necessary ufw ports with sudo ufw allow 3306,4444,4567,4568/tcp

sudo ufw allow 4567/udp

sudo ufw enable

Repeat config for u2 and u3. Make sure to adjust the IP values for each box.

Turning on the cluster and Testing

on u1 ONLY:

run sudo galera_new_cluster

and turn MariaDB back on with sudo systemctl start MariaDB

Wait a minute, and turn MariaDB on on u2&3.

It should be working now. Test the cluster on u1 with sudo mysql -u root -p

and enter the query SHOW STATUS LIKE 'wsrep_cluster_size';

and ```SHOW STATUS LIKE 'wsrep_cluster_status';'''

The results should look like this on the primary (u1 for now)

image

If it doesn't work, start by rebooting every machine and restarting the cluster

secure-installation

Now we can do sudo mariadb-secure-installation (u1 only) to set up security for the database

image

haproxy for MariaDB

Perform these steps on ha1+ha2

sudo nano /etc/haproxy/haproxy.cfg

and add these lines:

image

then systemctl restart haproxy on both

Testing from lan

image

Part 2: Tiered Web Application

Database and Remote User for application

web1&2

Update SELinux policy with

setsebool -P httpd_can_network_connect_db on

image

Installing PHP

sudo yum install php

sudo yum install php-mysqlnd

sudo systemctl restart httpd.service

Installing MariaDB Client

sudo yum install mariadb

web01/02 should now be able to log into the galera cluster using the opt VRRP and the remote user we will create in the next step.

image

MediaWiki implementation

I will be implementing MediaWiki, a wiki platform. web01 and web02 will each run an instance of mediawiki serving content from a shared database running on the u1/u2/u3 Galera cluster. With this setup changes made on on MediaWiki server will replicate to the other, and any one webserver or database server can fail without affecting the operation of the Wiki

Creating mediawiki database and granting permissions on u1

On u1, access mariadb terminal with

mysql -u root -p

Create a database for the MediaWiki

CREATE DATABASE mediawiki;

CREATE USER 'remote'@'%' IDENTIFIED BY 'password';

The % means connections will be allowed from all IP addresses, since there will be 2 mediawiki servers

GRANT ALL PRIVILEGES ON mediawiki.* TO 'renite'@'%';

FLUSH PRIVILEGES;

EXIT;

Since I could not figure out how to install a newer version of PHP on CentOS 7, we will use a slightly older version of MediaWiki (version 1.34) that supports PHP 7.2.

Pre-setup configuration

start with sudo yum update -y

install required dependencies with:

sudo yum install php-xml php-mbstring php-intl php-json php-zip php-gd -y

systemctl restart httpd

image

Installing MediaWiki Proper

install wget

sudo yum install wget -y

We need to download this old version manually

cd /var/www/html

sudo wget https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.0.tar.gz

image

sudo tar -xvzf mediawiki-1.34.0.tar.gz

sudo mv mediawiki-1.34.0 mediawiki

sudo chown -R apache:apache mediawiki

Apache settings

We need to create a config file for mediawiki to make it work properly

sudo nano /etc/httpd/conf.d/mediawiki.conf

and add these lines

We must edit another config file as well.

sudo nano /etc/httpd/conf/httpd.conf

and change this line from "None" to "All"

image

image

and restart apache once more for good measure

systemctl restart httpd

MediaWiki Installer

on xubuntu-wan, use the browser to navigate to 10.0.5.100 (or 10.0.5.101 for web02, we need to do both.)

image

We will use the browser to complete the installation. For expediency's sake, we will keep most settings default.

The database step is very important.

Set the database host to 10.0.6.10 (the HAProxy for the Galera Cluster)

Set the database name to mediawiki (we configured this on u1)

No need for Database table prefix

username and password should be the remote user added for the mediawiki databse on u1

image

Make sure you set a name, root account, and password

image

Finishing installation will give you the file: LocalSettings.php

Move it to the respective web host using scp:

image

and back on the web server, make sure to rename the file if it is called anything other than LocalSettings.php

make apache the owner of LocalSettings.php with

sudo chown apache:apache /var/www/html/mediawiki/LocalSettings.php

and adjust SELinux policy with

sudo chcon -R -t httpd_sys_rw_content_t /var/www/html/mediawiki

image

Lastly, since we will be using this through the VRRP and HAProxies, we must modify a value in LocalSettings.php on both webservers

sudo nano /var/www/html/mediawiki/LocalSettings.php

image

and change this line to http://10.0.17.107

and restart apache once more for good measure

systemctl restart httpd

Testing

To test access, go on xubuntu-WAN and open a web browser

connect to the virtual IP at http://10.0.17.107/mediawiki

image

It will work as long as at least one of the web servers is running. Turn web1 off and try connecting to the page again

image

Notice its running on the web-02 node now.

But it serves the same content. This is redundancy.

Reflection

This project was the most challenging yet, but also the most constructive. Part 1 was relatively smooth, and I mostly relied on web resources to learn how to set my configurations. My major issue with this step was that I didn't realize I needed to start the cluster with sudo galera_new_cluster before it would work. After this, the cluster worked as expected. For Part 2, I decided to challenge myself by using the Galera cluster, Apache, and PHP (essentially a LAMP STACk) to implement a redundant open-source CMS called MediaWiki. I spent a really long time trying to figure out how to update PHP from CentOS 7's PHP 7.2 but nothing was working so instead I just decided to install an older version of MediaWiki that supported PHP 7.2. The last and perhaps most frustrating issue I encountered was that my MediaWiki was only functional from the LAN side. From the WAN side, the redirects were not working properly so I could not use the site. After much troubleshooting, I realized my issue was that in LocalSettings.php, I needed to set $wgServer to the virtual IP. I needed to do this on both machines. Without doing this, MediaWiki didn't know what FQDN to redirect the client to. This all took me a very long time, but I feel that I learned a lot from this project.