Setup Data Server

README.md

Create Data Server

• Debian / Ubuntu
• Attach volumes for: MariaDB, MongoDB, NFS
• Remove Public IP (Optional)
• Add SSH Key
• Add SSH Relay namespace and pod to connect to data-server from cluster

Prepare Server

• Create sudoer
• Update apt repos and packages
• mount /var/lib/mysql
• mount /var/lib/mongodb
• mount /var/nfs/general

Install and configure MariaDB

• 50-server.cnf: bind-address = 0.0.0.0
• 70-frappe.cnf: https://github.com/frappe/bench/wiki/MariaDB-conf-for-Frappe

grant all privileges on *.* TO 'root'@'%' identified by 'password';
SELECT `User`, `Grant_priv` FROM `mysql`.`user` WHERE `User` = 'root';
UPDATE `mysql`.`user` SET `Grant_priv` = 'Y' WHERE `User` = 'root';
FLUSH PRIVILEGES;
SELECT `User`, `Grant_priv` FROM `mysql`.`user`;

• Optionally disable socket plugin

sudo mysql -u root

use mysql;
update user set plugin='' where User='root';
flush privileges;
exit

• Restart MariaDB

Install redis

• Install redis using apt-get
• redis.conf
  • supervised systemd
  • bind 0.0.0.0
  • appendonly no
  • #save 900 1
  • #save 300 10
  • #save 60 10000
  • save ""
• rm /var/lib/redis/*.rdb
• Restart Redis

Install MongoDB (Optional)

• Install MongoDB https://docs.mongodb.com/manual/installation
• chown -R mongodb:mongodb /var/lib/mongodb
• restart MongoDB
• Secure MongoDB - DO Tutorial
  • Add root user
    • db.createUser({ user: "root", pwd: passwordPrompt(), roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ] })
  • mongodb.conf
    • security.authorization: "enabled"
    • net.bindIp: 0.0.0.0
• Restart MongoDB

Install nfs-server

• Install NFS Server
• mount /var/nfs/general
• add to /etc/exports: /var/nfs/general *(rw,sync,no_root_squash,no_subtree_check)
• Restart nfs-kernel-server

Configure Security

• Deny All
• Allow from cluster only.
• Lock the server from accidental deletion or restart using ISP Dashboard or API