search

marineenergy / server

server software install using Docker
0 stars 0 forks source link

readme

mhk-env_server-software

server software install using Docker

Contents:

Server software

Development environments

We can edit code in rstudio and access the same database. In cases where the tables change, let's just create new tables or add a column like production = T/F or some such within the existing datase.

And for Shiny apps, we'll just create *_dev symbolic links (ln -s) under /srv/shiny-server/.

Working Development and Production environments

To make changes to the code above (eg either website or Shiny app):

  1. Log into https://rstudio.marineenergy.app
  2. Open the project by 2x-clicking in the Files pane: to {filesystem}/*.Rproj
  3. Create or change to the branch of interest in the Git pane
  4. Make changes, git commit (possibly mentioning the issue #) and push them.
  5. Visit the https://github.com/mhk-env/{repo}
  6. When ready to merge with production, create a new Pull Request selecting the branch. Merge pull request. Visit the production filesystem and do a git pull.

Containerization

Shell into server

Secure shell (SSH), eg for Ben Best on Mac Terminal:

ssh bbest@marineenergy.app

Setup ssh keys

See How To Set Up SSH Keys | DigitalOcean.

ssh-keygen -t rsa
ssh-copy-id bbest@marineenergy.app
# Using password in `~/private/password_mhk-env.us`

Create Server on DigitalOcean

Folks at Integral already handled this, but here's how I handled this for marinebon/iea-server...

Create droplet at https://digitalocean.com with ben@ecoquants.com (Google login):

Add an external disk drive, especially for downloading and consuming the MarineCadastre datasets:

Email recieved with IP and temporary password:

Have to reset password upon first login.

Saved password on my Mac to a local file:

ssh root@157.245.189.38
# enter password from above
# you will be asked to change it upon login

For instance (replace S3cr!tpw with your own password):

echo S3cr!tpw > ~/private/password_mhk-env.us
cat ~/private/password_mhk-env.us

Then you can login via:

sshpass -f ~/My\ Drive/private/password_mhk-env.us ssh bbest@marineenergy.app

Install Docker

Since we used an image with docker and docker-compose already installed, we can skip this step.

References:

sudo apt install apt-transport-https ca-certificates curl software-properties-common

# add the GPG key for the official Docker repository to your system
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# add the Docker repository to APT sources 
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"

# update the package database with the Docker packages from the newly added repo
sudo apt update

# install Docker
sudo apt install docker-ce

docker

# confirm architecture
uname -a
# Linux docker-iea-ne 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

# update packages
sudo apt update

# check that it’s running
sudo systemctl status docker

docker-compose

References:

# check for latest version at https://github.com/docker/compose/releases and update in url
sudo curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

# set the permissions
sudo chmod +x /usr/local/bin/docker-compose

# verify that the installation was successful by checking the version:
docker-compose --version
# docker-compose version 1.25.4, build 8d51620a

Build containers

Test webserver

Reference:

docker run --name test-web -p 80:80 -d nginx

# confirm working
docker ps
curl http://localhost

returns:

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Turn off:

docker stop test-web

Setup domain iea-ne.us

Run docker-compose

References:

First, you will create the environment .env file to specify password and host:

# get latest docker-compose files
git clone https://github.com/mhk-env/mhk-env_server-software.git
cd ~/mhk-env_server-software

# set environment variables
echo "PASSWORD=S3cr!tpw" > .env
# actual password on Ben's laptop: ~/private/password_mhk-env.us_server-software
echo 'HOST=marineenergy.app' >> .env
cat .env

# launch
docker-compose up -d

# Creating network "iea-server_default" with the default driver
# Creating volume "iea-server_postgis-backups" with default driver
# Creating volume "iea-server_geoserver-data" with default driver
# Creating volume "iea-server_postgis-data" with default driver
# Creating volume "iea-server_mysql-data" with default driver
# Creating volume "iea-server_wordpress-html" with default driver
# Creating volume "iea-server_shiny-apps" with default driver
# Creating volume "iea-server_erddap-data" with default driver
# Creating volume "iea-server_erddap-config" with default driver
# Creating volume "iea-server_nginx-html" with default driver
# Pulling postgis (kartoza/postgis:11.0-2.5)...
# 11.0-2.5: Pulling from kartoza/postgis
# 68ced04f60ab: Pull complete
# ...

# OR update
git pull; docker-compose up -d

# OR build if Dockerfile updated in subfolder
git pull; docker-compose up --build -d

# git pull; docker-compose up -d --no-deps --build erddap

# OR reload
docker-compose restart

# OR stop
docker-compose stop

marineenergy.app manual post-docker install steps

TODO: fold into docker-compose.yml

Log into rstudio.marineenergy.app as admin and use the Terminal to:

sudo chown -R 777 /share
cd /share; mkdir github; cd github
git clone https://github.com/mhk-env/mhk-env.github.io.git
git clone https://github.com/mhk-env/mhk-env_shiny-apps.git

On Terminal for docker server with bbest@mhk-data-ubuntu: 

docker exec -it nginx bash

rstudio-shiny

Haven't figured out how to RUN these commands after user admin is created in rstudio-shiny container.

  1. Add shiny to staff so has permission to install libraries into /usr/local/lib/R/site-library.
sudo usermod -aG staff shiny

shiny app symbolic links

cd /srv/shiny-server
sudo su
ln -s /share/github/mhk-env_shiny-apps/datasets datasets
ln -s /share/github/mhk-env_shiny-apps/report report0
ln -s /share/github/mhk-env_shiny-apps/report-gen report
ln -s /share/github/mhk-env_shiny-apps/search_tethys tethys

postgis add postgres superuser

psql -h localhost -p 5432 -U admin -W gis

su postgres
psql

docker-compose up 2>> up_error.txt 1>> up_out.txt
CREATE ROLE postgres LOGIN SUPERUSER;

Docker maintenance

Push docker image

Since rstudio-shiny is a custom image bdbest/rstudio-shiny:s4w, I docker-compose push to bdbest/rstudio-shiny:s4w | Docker Hub.

# login to docker hub
docker login --username=bdbest

# push updated image
docker-compose push

Develop on local host

Note setting of HOST to local vs iea-ne.us:

# get latest docker-compose files
git clone https://github.com/marinebon/iea-server.git
cd ~/iea-server

# set environment variables
echo "PASSWORD=S3cr!tpw" > .env
echo "HOST=iea-ne.us" >> .env
cat .env

# stop all
docker stop $(docker ps -q)

# rename
docker rename nginx nginx_old
docker rename nginx-dev nginx-dev_old
docker rename postgis postgis_old
docker rename postgis postgis_new
docker rename postgis_old postgis
docker rename proxy proxy_old
docker rename rstudio rstudio_old
docker rename rstudio rstudio_new
docker rename rstudio_old rstudio
docker rename letsencrypt letsencrypt_old
docker rename geoserver geoserver_old

# launch
docker-compose up -d

# see all containers
docker ps -a

Then visit http://localhost or http://rstudio.localhost.

TODO: try migrating volumes in /var/lib/docker onto local machine.

Operate on all docker containers

# stop all running containers
docker stop $(docker ps -q)

# remove all containers
docker rm $(docker ps -aq)

# remove all image
docker rmi $(docker images -q)

# remove all volumes
docker volume rm $(docker volume ls -q)

# remove all stopped containers
docker container prune

Inspect docker logs

To tail the logs from the Docker containers in realtime, run:

docker-compose logs -f

docker inspect rstudio-shiny

migrate /share to 500 GB volume

check drives

See drives numbers or id by:

sudo fdisk -l
Disk /dev/vda: 160 GiB, 171798691840 bytes, 335544320 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 02CBFCD2-7495-4A08-A11B-28E7D3872FAA

Device      Start       End   Sectors   Size Type
/dev/vda1  227328 335544286 335316959 159.9G Linux filesystem
/dev/vda14   2048     10239      8192     4M BIOS boot
/dev/vda15  10240    227327    217088   106M Microsoft basic data

Partition table entries are not in disk order.

Disk /dev/sda: 500 GiB, 536870912000 bytes, 1048576000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
lsblk
NAME    MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda       8:0    0   500G  0 disk /run/media/system/Volume
vda     252:0    0   160G  0 disk 
├─vda1  252:1    0 159.9G  0 part /
├─vda14 252:14   0     4M  0 part 
└─vda15 252:15   0   106M  0 part /boot/efi

make space

Since disk is full with Docker volume /share, in rstudio.marineenergy.app Terminal:

du -a /share/data/marinecadastre.gov | sort -n -r | head -n 5
145854040       /share/data/marinecadastre.gov
11557992        /share/data/marinecadastre.gov/AIS Vessel Tracks 2011
8586948 /share/data/marinecadastre.gov/AIS Vessel Tracks 2015
8581012 /share/data/marinecadastre.gov/AIS Vessel Tracks 2016
8516688 /share/data/marinecadastre.gov/AIS Vessel Tracks 2013
rm -rf /share/data/marinecadastre.gov/AIS\ Vessel\ Tracks\ 201*
df -H

Now in SSH terminal, we see enough space:

Filesystem      Size  Used Avail Use% Mounted on
udev            4.2G     0  4.2G   0% /dev
tmpfs           837M  824k  836M   1% /run
/dev/vda1       167G  122G   46G  73% /
tmpfs           4.2G     0  4.2G   0% /dev/shm
tmpfs           5.3M     0  5.3M   0% /run/lock
tmpfs           4.2G     0  4.2G   0% /sys/fs/cgroup
/dev/vda15      110M  3.8M  106M   4% /boot/efi
/dev/sda        533G   76M  506G   1% /mnt/volume_sfo2_01
tmpfs           837M     0  837M   0% /run/user/1000

mount

# mount volume
sudo mount /dev/sda /share

# copy from docker volume /share to host /share
sudo docker cp rstudio-shiny:/share/. /share

# stop all docker containers
docker stop $(docker ps -q)

# rebuild docker
cd ~/mhk-env_server-software
git pull
docker-compose up --build -d

# drop old unused docker volume /share
docker volume prune
Are you sure you want to continue? [y/N] y
Deleted Volumes:
mhkenvserversoftware_share

Total reclaimed space: 104.4GB

Per Setting Up Persistent Mounting - How to Mount Volumes | DigitalOcean:

sudo vi /etc/fstab
LABEL=cloudimg-rootfs   /        ext4   defaults        0 0
LABEL=UEFI      /boot/efi       vfat    defaults        0 0
/dev/sda /share ext4 defaults,nofail,discard,noatime 0 2
# check that /etc/fstab is parsable and usable
findmnt --verify --verbose

SFTP

Download Cyberduck

server: marineenergy.app

Setup

docker exec nginx sh -c "ln -s echo /share/api_out /usr/share/nginx/html/api_out"
docker exec -it nginx bash

To get latest for pdf generation:

# If you see an error message like “tlmgr: Remote repository is newer than local (2018 < 2019)”
tinytex::install_tinytex(force=T)

# If an error occurs when compiling a LaTeX to PDF,
tinytex::tlmgr_update()

# if get something like ! LaTeX Error: File `amsmath.sty' not found.
tinytex::parse_install("report_test_1b114955d523.log")

Remove TexLive in fafor of TinyTex:

installing - How to remove everything related to TeX Live for fresh install on Ubuntu? - TeX - LaTeX Stack Exchange

sudo apt-get purge texlive*

Add user(s)

# setup (once) staff to be shared by admin, and default permissions 775
docker exec rstudio gpasswd -a admin staff
docker exec rstudio sh -c "echo 'umask 002' >> /etc/profile"

# override RStudio's default group read only with group read & write
docker exec rstudio sh -c "echo 'Sys.umask('2')\n' >> /usr/local/lib/R/etc/Rprofile.site"
# vs quick fix in Terminal of rstudio.marineenergy.app: sudo chmod -R g+w *

docker exec -it rstudio bash

# Add shiny to staff so has permission to install libraries into `/usr/local/lib/R/site-library` and write files
usermod -aG staff shiny

# set primary group to staff
usermod -g staff shiny
#confirm primary group set to staff
id shiny
# uid=998(shiny) gid=50(staff) groups=50(staff)

user=cdobbelaere
#user=bbest
#user=cgrant
#user=nswanson
pass=secretp@ssHere

# userdel $user; groupdel $user

# add user inside rstudio docker container from host
useradd -m -p $(openssl passwd -crypt $pass) $user
# echo usermod -p "$pass" $user
# usermod -p $(openssl passwd -crypt $pass) $user

# setup (every user) primary group to staff
usermod -aG staff $user
usermod -aG sudo $user
usermod -aG shiny $user
usermod -g staff $user
groups $user

# setup symbolic links in home dir
ln -s /share                /home/$user/share
ln -s /share/data           /home/$user/data
ln -s /share/github         /home/$user/github
ln -s /srv/shinyapps        /home/$user/shiny-apps
ln -s /var/log/shiny-server /home/$user/shiny-logs

# add user to host
exit
sudo adduser $user
sudo usermod -aG sudo $user

# check in container
docker exec -it rstudio-shiny bash
cat /etc/passwd
exit

Stop, start, restart and list services for rstudio and shiny-server

https://wiki.gentoo.org/wiki/S6

Log into terminal:

ssh bbest@marineenergy.app

Then into docker container:

docker exec -it rstudio bash

Get list of s6 processes:

# list s6 services
ps xf -o pid,ppid,pgrp,euser,args
PID  PPID  PGRP EUSER    COMMAND
505     0   505 root     bash
745   505   745 root      \_ ps xf -o pid,ppid,pgrp,euser,args
  1     0     1 root     s6-svscan -t0 /var/run/s6/services
 34     1     1 root     s6-supervise s6-fdholderd
211     1     1 root     s6-supervise rstudio
213     1     1 root     s6-supervise shiny-server
214   213   214 root      \_ /opt/shiny-server/ext/node/bin/shiny-server /opt/shiny-server/lib/main.js
226   214   214 root          \_ xtail /var/log/shiny-server/
549   214   549 root          \_ su -s /bin/bash --login -p -- shiny -c cd \/srv\/shiny-server\/sample-apps\/hello && R --no-save --slave -f \/opt\/shiny-server\/R\/SockJSAdapter\.R
551   214   551 root          \_ su -s /bin/bash --login -p -- shiny -c cd \/srv\/shiny-server\/sample-apps\/rmd && R --no-save --slave -f \/opt\/shiny-server\/R\/SockJSAdapter\.R

Manage a service:

cd /var/run/s6/services
# stop
s6-svc -d rstudio
# start
s6-svc -u rstudio
# restart
s6-svc -r rstudio

TODO

Web content:

Shiny apps:

Install: