From: Joe Presbrey <presbrey@mit.edu>
Date: Thu, 25 Sep 2008 11:37:23 +0000 (+0000)
Subject: config fixes
X-Git-Url: http://andersk.mit.edu/gitweb/sql.git/commitdiff_plain/27a83527716127f7ed6ae592cd53bf1f9711a919

config fixes

git-svn-id: svn://presbrey.mit.edu/sql@163 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---

diff --git a/etc/kitchen-sink/my.cnf b/etc/kitchen-sink/my.cnf
new file mode 100644
index 0000000..905549d
--- /dev/null
+++ b/etc/kitchen-sink/my.cnf
@@ -0,0 +1,73 @@
+[client]
+socket=/srv/mysql/mysql.sock
+ssl-ca=/etc/pki/tls/certs/ca.pem
+
+[mysql]
+socket=/srv/mysql/mysql.sock
+
+[mysqld]
+datadir=/srv/mysql
+log_slow_queries
+long_query_time=4
+max_connections=256
+max_connect_errors=0
+wait_timeout=300
+interactive_timeout=300
+connect_timeout=10
+local_infile=0
+ft_min_word_len=3
+expire_logs_days=7
+
+# Bump the max open files (*grumble* esp)
+# 2008-09-24 -- quentin
+open_files_limit=8192
+
+log-bin=sql-bin
+log-bin-index=sql-bin.index
+relay-log=kitchen-sink-relay-bin
+relay-log-index=kitchen-sink-relay-bin.index
+
+query_cache_limit=1M
+query_cache_size=128M
+query_cache_type=1
+thread_cache_size=8
+table_cache=512
+key_buffer=384M
+join_buffer=1M
+record_buffer=1M
+max_allowed_packet=16M
+sort_buffer_size=2M
+read_buffer_size=2M
+read_rnd_buffer_size=8M
+tmp_table_size=32M
+thread_concurrency=4
+myisam_sort_buffer_size=64M
+
+innodb_buffer_pool_size=512M
+innodb_additional_mem_pool_size=20M
+innodb_log_file_size=256M
+innodb_log_buffer_size=8M
+innodb_lock_wait_timeout=50
+innodb_thread_concurrency=4
+innodb_log_group_home_dir=/srv/zebra/
+innodb_file_per_table
+
+old_passwords=1
+server-id=1
+
+ssl_ca=/etc/pki/tls/certs/ca.pem
+ssl_cert=/etc/pki/tls/certs/sql.pem
+ssl_key=/etc/pki/tls/private/sql.pem
+
+skip-bdb
+skip-merge
+skip-name-resolve
+
+# Disable the "data directory" option:
+# <quentin> 2008-07-14
+skip-symbolic-links
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
diff --git a/etc/lighttpd/lighttpd.conf b/etc/lighttpd/lighttpd.conf
index 84d5db8..8b20f3b 100644
--- a/etc/lighttpd/lighttpd.conf
+++ b/etc/lighttpd/lighttpd.conf
@@ -29,11 +29,11 @@ fastcgi.server              = ( ".php" =>
                               )
 
 server.document-root = "/srv/sql/web/home/"
-alias.url = ( "/~sql/" => "/srv/sql/web/" )
-alias.url += ( "/main/" => "/srv/sql/web/main/" )
-alias.url += ( "/dev/" => "/srv/sql/web/dev/" )
-alias.url += ( "/tools/" => "/srv/sql/web/tools/" )
-alias.url += ( "/" => "/srv/sql/web/home/" )
+alias.url = ( "/~sql" => "/srv/sql/web" )
+alias.url += ( "/main" => "/srv/sql/web/main" )
+alias.url += ( "/dev" => "/srv/sql/web/dev" )
+alias.url += ( "/tools" => "/srv/sql/web/tools" )
+#alias.url += ( "/" => "/srv/sql/web/home" )
 url.rewrite-once = ( "^/tools/([^\?]+)(\??.*)" => "/tools/$1.php$2" )
 url.rewrite-once += ( "^/~sql/main/do/([^\?]+)(\??.*)" => "/~sql/main/$1.php$2" )
 url.rewrite-once += ( "^/~sql/dev/do/([^\?]+)(\??.*)" => "/~sql/dev/$1.php$2" )
@@ -43,7 +43,7 @@ url.redirect = ( "^/phpMyAdmin(.*)" => "http://scripts.mit.edu/~sql/phpMyAdmin$1
 ssl.verifyclient.username  = "SSL_CLIENT_S_DN_emailAddress"
 $SERVER["socket"] == "0.0.0.0:443" {
     ssl.engine = "enable"
-    ssl.pemfile = "/etc/lighttpd/sql-mit-edu.pem"
+    ssl.pemfile = "/etc/lighttpd/sql.mit.edu.pem"
     ssl.ca-file = "/etc/lighttpd/mitCAclient.pem"
     ssl.verifyclient.activate   = "enable"
     ssl.verifyclient.enforce    = "disable"
diff --git a/etc/my.cnf b/etc/my.cnf
index 6df5596..905549d 100644
--- a/etc/my.cnf
+++ b/etc/my.cnf
@@ -1,5 +1,6 @@
 [client]
 socket=/srv/mysql/mysql.sock
+ssl-ca=/etc/pki/tls/certs/ca.pem
 
 [mysql]
 socket=/srv/mysql/mysql.sock
@@ -7,50 +8,64 @@ socket=/srv/mysql/mysql.sock
 [mysqld]
 datadir=/srv/mysql
 log_slow_queries
-long_query_time=2
-max_connections=5000
-#max_connect_errors=10
-wait_timeout=600
-interactive_timeout=600
+long_query_time=4
+max_connections=256
+max_connect_errors=0
+wait_timeout=300
+interactive_timeout=300
 connect_timeout=10
+local_infile=0
+ft_min_word_len=3
+expire_logs_days=7
+
+# Bump the max open files (*grumble* esp)
+# 2008-09-24 -- quentin
+open_files_limit=8192
 
 log-bin=sql-bin
 log-bin-index=sql-bin.index
 relay-log=kitchen-sink-relay-bin
 relay-log-index=kitchen-sink-relay-bin.index
 
-skip-locking
-#skip-external-locking
-
 query_cache_limit=1M
 query_cache_size=128M
 query_cache_type=1
 thread_cache_size=8
-table_cache=1024
-key_buffer=400M
+table_cache=512
+key_buffer=384M
 join_buffer=1M
 record_buffer=1M
 max_allowed_packet=16M
 sort_buffer_size=2M
 read_buffer_size=2M
 read_rnd_buffer_size=8M
-tmp_table_size=35M
+tmp_table_size=32M
 thread_concurrency=4
-myisam_sort_buffer_size=8M
+myisam_sort_buffer_size=64M
 
 innodb_buffer_pool_size=512M
 innodb_additional_mem_pool_size=20M
-innodb_log_file_size=200M
-innodb_log_buffer_size=2M
-#innodb_lock_wait_timeout=50
-
+innodb_log_file_size=256M
+innodb_log_buffer_size=8M
+innodb_lock_wait_timeout=50
+innodb_thread_concurrency=4
+innodb_log_group_home_dir=/srv/zebra/
 innodb_file_per_table
 
 old_passwords=1
 server-id=1
 
+ssl_ca=/etc/pki/tls/certs/ca.pem
+ssl_cert=/etc/pki/tls/certs/sql.pem
+ssl_key=/etc/pki/tls/private/sql.pem
+
 skip-bdb
-#skip-networking
+skip-merge
+skip-name-resolve
+
+# Disable the "data directory" option:
+# <quentin> 2008-07-14
+skip-symbolic-links
 
 [mysqldump]
 quick
diff --git a/etc/sysconfig/iptables b/etc/sysconfig/iptables
index 08d1b9b..c58ec03 100644
--- a/etc/sysconfig/iptables
+++ b/etc/sysconfig/iptables
@@ -11,17 +11,20 @@
 -A Firewall -p 51 -j ACCEPT
 -A Firewall -p icmp --icmp-type any -j ACCEPT
 -A Firewall -m state --state RELATED,ESTABLISHED -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -d 18.181.0.52 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 18.181.0.47 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 18.181.0.56 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -d 172.21.0.52 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 172.21.0.47 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 172.21.0.56 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 4949 -s 18.187.1.128 -j ACCEPT 
--A Firewall -m state --state NEW -m tcp -p tcp --dport 5666 -s 18.187.1.128 -j ACCEPT 
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 22,80,443 -j ACCEPT 
+
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 3306,33306 -d 18.181.0.52 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 3306,33306 -d 172.21.0.52 -j ACCEPT
+
+-A Firewall -m state --state NEW -p tcp --dport 3306 -s 18.181.0.47 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp --dport 3306 -s 172.21.0.47 -j ACCEPT
+
+-A Firewall -m state --state NEW -p tcp --dport 3306 -s 18.181.0.56 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp --dport 3306 -s 172.21.0.56 -j ACCEPT
+
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 4949,5666 -s 18.181.0.65 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 4949,5666 -s 18.187.1.128 -j ACCEPT
+
 -A Firewall -j REJECT --reject-with icmp-host-prohibited
 COMMIT
 # Completed on Wed Aug 29 23:33:53 2007
diff --git a/libexec/cron-daily-local.sh b/libexec/cron-daily-local.sh
index 643f5d2..7746deb 100755
--- a/libexec/cron-daily-local.sh
+++ b/libexec/cron-daily-local.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 if [[ -s /srv/mysql/master.info ]]; then
-    NEWBF=/srv/backup/daily/sql.mit.edu_`date +%m-%d-%Y`.sql.gz
+    NEWBF=/srv/backup/daily/sql.mit.edu_`date +%Y-%m-%d`.sql.gz
     /usr/bin/mysqldump -umit-backup -efqQK --all-databases | gzip > $NEWBF
     if [[ -s $NEWBF && `ls /srv/backup/daily/ | wc -l` -ge 4 ]]; then
         rm -f /srv/backup/daily/`ls -t /srv/backup/daily/ | tail -n1`