PayControl Inform. Installation guide — различия между версиями

Материал из PayControl Wiki
Перейти к: навигация, поиск
(Новая страница: «== Install pre-requisits == # Add '''EPEL''' repository and install another necessary '''packages''' (git needed, only if server has ability to connect to git re…»)
 
Строка 1: Строка 1:
 +
=Installation=
 
== Install pre-requisits ==
 
== Install pre-requisits ==
  
Строка 60: Строка 61:
 
psql -h localhost -p 5432 -U <DB_USER> -d <DB_NAME> -W
 
psql -h localhost -p 5432 -U <DB_USER> -d <DB_NAME> -W
 
</source>
 
</source>
Insert and execute SQL from [[../../tasker/blob/master/scripts/db.sql|/pushgate/tasker/scripts/db.sql]].
+
Insert and execute SQL script:
 +
<source lang="sql">
 +
create table tasks (
 +
id serial,
 +
uuid uuid not null unique,
 +
device_token text,
 +
payload text,
 +
callback_url text,
 +
created_at timestamp without time zone not null default (now() at time zone 'utc'),
 +
updated_at timestamp without time zone not null default (now() at time zone 'utc')
 +
);
  
Insert and execute (index creation):
 
  
<source lang="sql">create index ON tasks(created_at);
+
create table task_statuses (
 +
id serial,
 +
uuid uuid references tasks (uuid) on delete cascade,
 +
status smallint not null default 0,
 +
dt timestamp without time zone not null default (now() at time zone 'utc')
 +
);
 +
 
 +
 
 +
create table housekeeping_stat (
 +
total bigint
 +
);
 +
 
 +
insert into housekeeping_stat (total) values (0);
 +
 
 +
create index ON tasks(created_at);
 +
 
 
create index ON task_statuses(uuid);
 
create index ON task_statuses(uuid);
 
</source>
 
</source>
 +
 
Periodically you must reindex DB:
 
Periodically you must reindex DB:
  
Строка 134: Строка 160:
 
pip install aiohttp==2.1.0
 
pip install aiohttp==2.1.0
 
</source>
 
</source>
=== Reinstall (update) services ===
 
  
<source lang="bash">git pull
 
pip install --upgrade -e
 
</source>
 
 
== Configure services ==
 
== Configure services ==
  
Строка 199: Строка 221:
 
systemctl enable housekeeper
 
systemctl enable housekeeper
 
</source>
 
</source>
== Set up NGINX for SSL/TLS-Offload for payloader ==
+
= Reinstall (update) services =
 
 
Use Google, something like this [https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination]
 
  
 +
<source lang="bash">git pull
 +
pip install --upgrade -e
 +
</source>
 +
= Customization =
 
== Optimum services count for 20 CPU ==
 
== Optimum services count for 20 CPU ==
 
 
<source lang="bash">push_secretary workers count = 3
 
<source lang="bash">push_secretary workers count = 3
 
payloader workers count = 3
 
payloader workers count = 3
Строка 212: Строка 235:
 
callbacker@{1..2}```
 
callbacker@{1..2}```
 
</source>
 
</source>
 +
== Set up NGINX for SSL/TLS-Offload for payloader ==
 +
Use Google, something like this [https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination]

Версия 02:29, 30 ноября 2018

Installation

Install pre-requisits

  1. Add EPEL repository and install another necessary packages (git needed, only if server has ability to connect to git repository with pushgate sources):
sudo yum install epel-release
sudo yum install wget libffi-devel openssl-devel gcc git
  1. Install Erlang (for RabbitMQ)
wget https://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm
sudo rpm -Uvh erlang-solutions-1.0-1.noarch.rpm
sudo yum install erlang
  1. Install RabbitMQ, enable and start it
curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | sudo bash
sudo yum install rabbitmq-server
sudo systemctl start rabbitmq-server
sudo systemctl enable rabbitmq-server

Set up user-login for RabbitMQ. Enable Managemet plugin (it wil accessible on HTTP:15672/TCP). Grant access through firewall from Administrator's workstation to management console. 

rabbitmqctl add_user <USERNAME> <PASSWORD>
rabbitmqctl set_user_tags <USERNAME> administrator
rabbitmqctl set_permissions -p / <USERNAME> ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
firewall-cmd --get-active-zones
firewall-cmd --permanent --zone=<ZONE RETURNED BY PREVIOUS COMMAND> --add-rich-rule='
  rule family="ipv4"
  source address="<SOURCE IP/MASK>"
  port protocol="tcp" port="15672" accept'
firewall-cmd --reload
  1. Install, start and enable Redis (apt-get install redis-server)
sudo yum install redis
sudo systemctl start redis
sudo systemctl enable redis
  1. Install PostgreSQL and set up user-login, create database, do not forget to allow remote tcp-connection for user
sudo yum install postgresql postgresql-server
sudo postgresql-setup initdb
sudo systemctl start postgresql
sudo systemctl enable postgresql
sudo vi /var/lib/pgsql/data/postgresql.conf
    listen_addresses = 'localhost' ## Uncomment this string in /var/lib/pgsql/data/postgresql.conf
sudo vi /var/lib/pgsql/data/pg_hba.conf
    host    all             all             127.0.0.1/32            md5 ## Change ident to md5 in /var/lib/pgsql/data/pg_hba.conf
    host    all             all             ::1/128                 md5 ## Change ident to md5 in /var/lib/pgsql/data/pg_hba.conf
sudo -u postgres psql
create database <DB_NAME>;
create user <DB_USER> password '<DB_USER_S_PASSWORD>';
grant all privileges on database <DB_NAME> to <DB_USER>;
\q
psql -h localhost -p 5432 -U <DB_USER> -d <DB_NAME> -W

Insert and execute SQL script: 

create table tasks (
	id serial,
	uuid uuid not null unique,
	device_token text,
	payload text,
	callback_url text,
	created_at timestamp without time zone not null default (now() at time zone 'utc'),
	updated_at timestamp without time zone not null default (now() at time zone 'utc')
);


create table task_statuses (
	id serial,
	uuid uuid references tasks (uuid) on delete cascade,
	status smallint not null default 0,
	dt timestamp without time zone not null default (now() at time zone 'utc')
);


create table housekeeping_stat (
	total bigint
);

insert into housekeeping_stat (total) values (0);

create index ON tasks(created_at);

create index ON task_statuses(uuid);

Periodically you must reindex DB: 

REINDEX DATABASE <DB_NAME>;

Owner of new tables must be <DB_USER>. Else, while housekeeper starts, may occours the error: asyncpg.exceptions.InsufficientPrivilegeError: permission denied for relation tasks. In this case you must set ownership of all tables in <DB NAME> to <DB_USER>: 

ALTER TABLE task_statuses OWNER TO <DB_USER>;
ALTER TABLE tasks OWNER TO <DB_USER>;
ALTER TABLE housekeeping_stat OWNER TO <DB_USER>;
  1. Install Phython 3.6.

For Centos 7 you must install pithon 3.6 from IUS repository (in packages's names added letter "u"): 

sudo yum install https://centos7.iuscommunity.org/ius-release.rpm
sudo yum install python36u python36u-devel python36u-setuptools

Instal virtualenv: 

sudo pip3 install virtualenv

Create vitual environment once for all pushgate services (use python 3.6 only)

mkdir -p /var/app/
virtualenv -p python3.6 /var/app/.env

Install services

cd /var/app
source .env/bin/activate

git clone git@gitlab.paycontrol.org:pushgate/pushgate.git
git clone git@gitlab.paycontrol.org:pushgate/tasker.git
git clone git@gitlab.paycontrol.org:pushgate/push-secretary.git
git clone git@gitlab.paycontrol.org:pushgate/payloader.git
git clone git@gitlab.paycontrol.org:pushgate/apple-pusher.git
git clone git@gitlab.paycontrol.org:pushgate/google-pusher.git
git clone git@gitlab.paycontrol.org:pushgate/callbacker.git
git clone git@gitlab.paycontrol.org:pushgate/status-porter.git
git clone git@gitlab.paycontrol.org:pushgate/housekeeper.git

pip install -e pushgate
pip install -e tasker
pip install -e push-secretary
pip install -e payloader
pip install -e apple-pusher
pip install -e google-pusher
pip install -e callbacker
pip install -e status-porter
pip install -e housekeeper

Errors may occours, during google-pusher installation:
yarl 1.2.4 has requirement multidict>=4.0, but you'll have multidict 2.1.6 which is incompatible.
aiohttp 3.3.1 has requirement multidict<5.0,>=4.0, but you'll have multidict 2.1.6 which is incompatible.

Errors may occours, during callbacker, status-porter and housekeeper installation:
aioxmpp 0.9.1 has requirement multidict~=2.0, but you'll have multidict 4.3.1 which is incompatible.

In this case, you need to: 

pip uninstall multidict
pip uninstall yarl
pip uninstall aiohttp
pip install multidict==2.1.6
pip install aiohttp==2.1.0

Configure services

cd /var/app
git clone git@gitlab.paycontrol.org:pushgate/configuration.git
vim configuration/pushgate.conf
cp -R configuration/services/* /etc/systemd/system

Config DB connection in /var/app/configuration/pushgate.conf 

DB_DSN=postgres://<DB_USER>:<DB_USER_S_PASSWORD>@127.0.0.1/<DB_NAME>

Start services

systemctl start push_secretary
systemctl start payloader
systemctl start apple_pusher@{1..6}
systemctl start google_pusher@{1..8}
systemctl start callbacker@{1..2}
systemctl start status_porter@{1..2}
systemctl start housekeeper

Check services status

systemctl status push_secretary
sleep 1
systemctl status payloader
sleep 1
systemctl status apple_pusher@{1..6}
sleep 1
systemctl status google_pusher@{1..8}
sleep 1
systemctl status callbacker@{1..2}
sleep 1
systemctl status status_porter@{1..2}
sleep 1
systemctl status housekeeper

While housekeeper had not started with error:
"ConnectionRefusedError: [Errno 111] Connection refused",
other services had started, but in status of services contains errors, like:
"ERROR amqp:073 Couldn't connect to RabbitMQ server to consume ([Errno 111] Connection refused)"
add to /etc/systemd/system/*.service file, in [Unit] section, (where * is apple_pusher@, google_pusher@, callbacker, status_porter, housekeeper): 

After=rabbitmq-server.service

While after request to localhost:80/8080 payloader/push_secretary get errors, you need to change current version uvloop to 0.8.1 

pip uninstall uvloop
pip install uvloop==0.8.1

Enable services

systemctl enable push_secretary
systemctl enable payloader
systemctl enable apple_pusher@{1..6}
systemctl enable google_pusher@{1..8}
systemctl enable callbacker@{1..2}
systemctl enable status_porter@{1..2}
systemctl enable housekeeper

Reinstall (update) services

git pull
pip install --upgrade -e

Customization

Optimum services count for 20 CPU

push_secretary workers count = 3
payloader workers count = 3
apple_pusher@{1..6}
google_pusher@{1..8}
status_porter@{1..2}
callbacker@{1..2}```

Set up NGINX for SSL/TLS-Offload for payloader

Use Google, something like this https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination

Источник — «https://repo.paycontrol.org/wiki/index.php?title=PayControl_Inform._Installation_guide&oldid=130»