Skip to content

Instantly share code, notes, and snippets.

@revant
Last active Dec 9, 2021
Embed
What would you like to do?
Setup Data Server

Create Data Server

  • Debian / Ubuntu
  • Attach volumes for: MariaDB, MongoDB, NFS
  • Remove Public IP (Optional)
  • Add SSH Key
  • Add SSH Relay namespace and pod to connect to data-server from cluster

Prepare Server

  • Create sudoer
  • Update apt repos and packages
  • mount /var/lib/mysql
  • mount /var/lib/mongodb
  • mount /var/nfs/general

Install and configure MariaDB

grant all privileges on *.* TO 'root'@'%' identified by 'password';
SELECT `User`, `Grant_priv` FROM `mysql`.`user` WHERE `User` = 'root';
UPDATE `mysql`.`user` SET `Grant_priv` = 'Y' WHERE `User` = 'root';
FLUSH PRIVILEGES;
SELECT `User`, `Grant_priv` FROM `mysql`.`user`;
  • Optionally disable socket plugin
sudo mysql -u root
use mysql;
update user set plugin='' where User='root';
flush privileges;
exit
  • Restart MariaDB

Install redis

  • Install redis using apt-get
  • redis.conf
    • supervised systemd
    • bind 0.0.0.0
    • appendonly no
    • #save 900 1
    • #save 300 10
    • #save 60 10000
    • save ""
  • rm /var/lib/redis/*.rdb
  • Restart Redis

Install MongoDB (Optional)

  • Install MongoDB https://docs.mongodb.com/manual/installation
  • chown -R mongodb:mongodb /var/lib/mongodb
  • restart MongoDB
  • Secure MongoDB - DO Tutorial
    • Add root user
      • db.createUser({ user: "root", pwd: passwordPrompt(), roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ] })
    • mongodb.conf
      • security.authorization: "enabled"
      • net.bindIp: 0.0.0.0
  • Restart MongoDB

Install nfs-server

  • Install NFS Server
  • mount /var/nfs/general
  • add to /etc/exports: /var/nfs/general *(rw,sync,no_root_squash,no_subtree_check)
  • Restart nfs-kernel-server

Configure Security

  • Deny All
  • Allow from cluster only.
  • Lock the server from accidental deletion or restart using ISP Dashboard or API
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment