Apache-Rails-Passenger App Server (v13.5 LTS) - Tutorial
Table of Contents
| Table of Contents | |||
|
Long Term Support
Stable, tested ServerTemplate assets |
|
Objective
To set up a combined Rails and Apache application server running Phusion Passenger in a public or private cloud environment.
Prerequisites
The following are prerequisites for completing this tutorial:
- Required user roles: 'actor', 'designer', and 'library'
- For Amazon EC2, CloudStack, and other clouds that support security groups, you must have a security group defined with TCP port 22 open for SSH access, the default application port (8000) open to applicable load balancer servers/service, and any other port and protocol access required by your application. Also, remember that iptables is installed and enabled by default on all servers.
- We strongly recommend that you set up credentials for password values and any other sensitive data included as Chef recipe inputs. See the "Create Credentials" section below.
- This tutorial assumes that you are setting up application servers that will function as part of a three-tier architecture that includes both back-end MySQL database servers and front-end load balancer servers (e.g. HAProxy or aiCache) or services (e.g. Amazon Elastic Load Balancing (ELB) or Rackspace Cloud Load Balancers (CLB)). For information on setting up your database servers, see Database Manager for MySQL 5.1/5.5 (v13.5 LTS) - Tutorial.
Overview
This tutorial describes the steps for launching one or more application servers in the cloud.
For a technical overview of this ServerTemplate, see Apache-Rails-Passenger App Server (v13.5 LTS).
Create Credentials
In order to use the default input values in the ServerTemplate, you must set up credentials with the following names. For more information on setting up credentials, see Create a New Credential.
- DBAPPLICATION_PASSWORD - Password of a database user with user-level privileges.
- DBAPPLICATION_USER - Username of a database user with user-level privileges.
- SSH_KNOWN_HOST_KEY (Optional) - Create a credential with a valid SSH key which will be appended to the /root/.ssh/known_hosts file. Creating and using this credential is optional but highly recommended to prevent MiTM attacks.
Set up the appropriate set of authentication credentials based upon where the application code will be retrieved.
Software Repositories
Source Control Management (SVN, GitHub, FTP, rsync)
If you are using a source control management (SCM) system to host your application code, you will need to create the appropriate credentials to retrieve your source code from the specified repository.
-
GIT_SSH_KEY - A valid SSH Key for accessing a private repository hosted on GitHub.com. Use this credential for the "Account credential" input.
- SVN_USERNAME - The SVN username that has access to the specified repository. Use this credential for the "Account name" input.
- SVN_PASSWORD - Password for SVN_USERNAME. Use this credential for the "Account credential" input.
- FTP_USERNAME - The username that you use to log into the FTP server to access your software repository. Use this credential for the "Account name" input.
- FTP_PASSWORD - Password for FTP_USERNAME. Use this credential for the "Account credential" input.
You can also download application source code from rsync sources.
- RSYNC_USERNAME - The username to log into the remote host. Use this credential for the "Account name" input.
- RSYNC_SSH_KEY - If the remote host supports SSH key authentication, create an SSH Key for rsyncing data between servers. Use this credential for the "Account credential" input.
Remote Object Storage (ROS)
ServerTemplates published by RightScale have built-in support for several remote object storage (ROS) solutions. Valid cloud credentials are required to retrieve "private" files from an ROS container, create a new container, or store files in a container (such as a binary database backup files).
Set up your desired ROS service(s) and create the recommended user-defined credentials, which you will use when you define inputs for your deployments.
Steps
Prepare Application Code
PHP App Server (v14 Infinity) - Tutorial
Sample Application
If you need an example application for testing purposes, you can use the application code from the following git repository.
- Account Credential - Set to "Inherit: No value to inherit" because the sample application is located in a 'public-read' repository.
- Repository Provider - repo_git
- Repository URL/ROS Container - git://github.com/rightscale/examples.git
- Repository Branch/Tag/Commit - unified_rails
Add a Server
Follow these steps to add an application server to the deployment.
- Go to the MultiCloud Marketplace (Design > MultiCloud Marketplace > ServerTemplates) and import the most recently published revision of the following ServerTemplate into the RightScale account.
- (Optional) If you expect to make changes to the ServerTemplate, you will need to clone it to create an editable copy. Click the Clone button and rename the ServerTemplate accordingly. (e.g. My App Server) Before you make any changes to the ServerTemplate, click the Commit button so that the first revision of the ServerTemplate matches the original revision, which will make it easier to perform differentials in the future to see what changes were made to the "original" version. When committing the ServerTemplate you can use a simple commit message. (e.g. Original version. No changes.) If you are actively developing the ServerTemplate, you may find it useful to use the HEAD version of the ServerTemplate to create the application server tier. However, for production environments, you should always use static, committed revisions of a ServerTemplate to launch servers.
- From the imported ServerTemplate's show page, click the Add Server button.
- Select the cloud for which you will configure a server.
- Select the deployment for the new server.
- Next, the Add Server Assistant wizard will walk you through the remaining steps that are required to create a server based on the selected cloud.
- Server Name - Provide a nickname for your new database server (e.g., mysql-db1). Do not include "master" or "slave" in the name, because a database server's role can change in the future.
- Select the appropriate cloud-specific resources (e.g. SSH Key, Security Group, etc.) that are required in order to launch a server into the chosen cloud. The required cloud resources may differ depending on the type of cloud infrastructure. If the cloud supports multiple datacenters/zones, select a specific zone. Later, when you create the other database server you will use a different datacenter/zone to ensure high-availability. For more information, see Add Server Assistant.
- Important! If you are not using volumes to store the database, you must select an instance type that has disk space that's at least twice as large as your database because LVM snapshots are performed locally on the instance before they are gzipped and saved to the specified ROS location. Also, although these ServerTemplates will work with any instance size, you may experience degraded performance with small instance sizes (such as EC2 micro, Rackspace 256MB etc) due to lack of system resources. We do not recommend smaller instance types for production use.
- Click Confirm, review the server's configuration and click Finish to create the server.
- If you are setting up a multi-tier deployment, it's strongly recommended that you create at least two application servers for high availability purposes.
- The easiest way to create the second server is to clone the first one. Be sure to change the name of the server accordingly (e.g. app2) and its availability zone (if available) under the the Info tab. You can either add application servers directly into a deployment or create an server array of application servers for autoscaling.
Configure Inputs
The next step is to define the properties of your application server by entering values for inputs. It is best to do this at the deployment level. For a detailed explanation of how inputs are defined and used in Chef recipes and RightScripts, see Inputs and their Hierarchy.
To enter inputs for the Chef recipes that will run on your application servers, open the deployment's Inputs tab and click Edit, then follow the directions below to configure input values. We recommend that you set up credentials for password values and any other sensitive data as shown in the examples.
Note: Some inputs referenced in this tutorial are considered "advanced" are not initially displayed in the Dashboard. If you are unable to find an input in the Dashboard, be sure to use the "Show advanced inputs" option to view all related inputs of a particular input category.
Important! The ServerTemplate supports multiple configuration permutations. Read each input description carefully. You must provide appropriate values depending on your chosen configuration.
APP
| Input Name | Description | Example Value |
| Database Schema Name | Enter the name of the database schema to which applications will connect to. The database schema should have been created when the initial database was first set up. This input will be used to set the application server's database configuration file so that applications can connect to the correct schema within the database. This input is also used for database dump backups in order to determine which schema will be backed up. | text: my_db_schema
For the 'app_test-201109010029.gz' MySQL dump file: text: app_test |
| Application ip type given to loadbalancer | Specify the type of IP address that the application service will listen on. Before making this selection, make sure your firewall permissions are properly configured to accept requests on its public or private IP address.
| text: private |
| Application Listen Port | The port that the application service listens on to accept requests from the load balancer. If you specify another port than the 8000 (default), be sure to add the port to the "Firewall Rule Port" input and make sure that the security group's settings also allow access (if applicable). | text: 8000 |
APP_PASSENGER
To set other inputs related to a Rails Passenger application, expand out the "Advanced Inputs" section to change any of the default values.
| Input Name | Description | Example Value |
| Rails spawn method | The spawn method that Phusion Passenger will use.
| text: conservative |
DB
| Input Name | Description | Example Value |
| Database Application Password Database Application Username | Database username and password to add to the MySQL database server for application access. | cred: DBAPPLICATION_USER cred: DBAPPLICATION_PASSWORD |
| Database Master FQDN | Fully qualified domain name for the master MySQL database server. Application servers use this input to locate the "master" database server. | text: master-db.example.com |
| Database Provider type | The type of database that the application will connect to on the client side. Select one of the predefined options in the dropdown menu or use the "Override" option to specify a custom option. The value must be a string that contains the name of the cookbook that contains the matching provider resource and version of the database (optional).
| text: db_mysql_5.5 |
LB
| Input Name | Description | Example Value |
| Load Balance Provider | Select the type of load balancer (or service) that the application server(s) will connect to.
| text: lb_client |
| Load Balance Pools | Specify the load balancing pool(s) to which the application server belongs. Typically, an application server will belong to one load balancing pool, however an HAProxy load balancing server can service multiple pools. An application server can also connect to multiple load balancing pools, if desired. Specify the load balancing pool that the application server will connect to or disconnect from by using one of the following types:
| text: default |
| Load Balance Service ID Load Balance Service Secret | For CLB, specify the Rackspace username and API key to use for authentication purposes. For ELB, specify the Amazon access key ID and secret access key for authentication purposes. Note: For HAProxy, aiCache, and other load balancers launched with ServerTemplates, set to 'ignore'. | cred: RACKSPACE_USERNAME cred: AWS_ACCESS_KEY_ID |
| Load Balance Service Name | The name of the Amazon Elastic Load Balancer (ELB) or Rackspace Cloud Load Balancer (CLB). Note: For HAProxy, aiCache, and other load balancers launched with ServerTemplates, set to 'ignore'. | text: my-lb-name |
| Load Balance Service Region | Note: Input only applies to a Rackspace Cloud Load Balancer (CLB). For a CLB, select the Rackspace region of the Cloud Load Balancer. It's recommended that you create your CLB in a region as close to your application servers as possible.
| text: ORD |
REPO
The values that you use for the repository inputs will depend on where the application code will be retrieved from. The selection for the Repository Provider input will determine which inputs will be used to retrieve the application. Unrelated inputs are ignored.
-ALL Repositories (ROS, Git, SVN, FTP)
The following inputs are used to retrieve the application from either a Git/SVN software repository or an ROS location. Specify the appropriate inputs based upon the selection for the 'Repository Provider' input.
| Input Name | Description | Example Value |
| Repository Provider | Specify where the application code should be checked out from.
| text: repo_ros For the provided sample application: |
| Repository URL/ROS Container | The name of the Remote Object Storage (ROS) container where a tarball (.tgz) of the application code will be retrieved from or the URI that points to the location of the application code repository.
| text: my-container For the provided sample application: |
| Project App root | The destination location where the application code will be placed on the local instance. If you want the application code to be placed in the root directory, use a forward slash (/) otherwise you will need to specify the full path (e.g. /path/to/code). If set to 'ignore' the default location (/home/webapps) will be used. The 'Application Name' input is used to name the destination folder into which the application code will be placed. Apache and Tomcat will look for the application in the specified path. | text: /home/webapps For the provided sample application: |
| Action | Specify how the application code will be pulled from the specified repository.
| text: pull For the provided sample application: |
| Known Hosts SSH Key | Use the credential you created earlier in the tutorial. This input will allow verification of the destination host by comparing its IP, FQDN and SSH-RSA with the record in the /root/.ssh/known_hosts file. This input provides improved security by preventing MiTM attacks. | cred:SSH_KNOWN_HOST_KEY |
Git Repository
Important!
If you are checking out code from a Git repository, specify values for the following inputs.
| Input Name | Description | Example Value |
| Account credential | In order to check out application code from a private (not public) Git repository, you must provide the repository's SSH key (e.g. Git SSH Key) for authentication purposes. Set to 'ignore' if you are using an application in a repository that allows 'public-read' access. | cred: GIT_SSH_KEY For the provided sample application: |
| Repository Branch/Tag/Commit | The specific branch/tag/SHA of the specified Git repository that the application code should be checked out from. (e.g. mybranch) Use "master" to retrieve the master branch from the repository. | text: mybranch For the provided sample application: |
SVN Repository
Important!
If you are checking out code from a SVN repository, specify values for the following inputs.
| Input Name | Description | Example Value |
| Account Name Account Credential | The username and password required to access and retrieve the application code from the specified SVN repository. | cred: SVN_USER cred: SVN_PASSWORD |
| Repository Branch/Tag/Commit | The specific branch or tag of the specified SVN repository that the application code should be checked out from. (e.g. mybranch) Use "trunk" to retrieve the main branch from the repository. | text: mybranch |
Remote Object Storage (ROS)
Important!
If you are checking out code from a Remote Object Storage (ROS) location, specify values for the following inputs.
| Input Name | Description | Example Value |
| ROS Prefix | The prefix that will be used to locate the correct tarball of the application. For example, if you're using 'myapp.tgz' specify 'myapp' as the ROS Prefix. | text: myapp |
| Account name | In order to retrieve a tarball of the application code that's a "private" object within the specified Remote Object Storage (ROS) location, you must provide proper cloud authentication credentials. For security reasons, it's recommended that you create and use credentials for these values instead of entering the text value.
| text: AWS_ACCESS_KEY_ID |
| Account credential | In order to retrieve a tarball of the application code that's a "private" object within the specified Remote Object Storage (ROS) location, you must provide proper cloud authentication credentials. For security reasons, it's recommended that you create and use credentials for these values instead of entering the text value.
| cred: AWS_SECRET_ACCESS_KEY |
| ROS Storage Account Provider | The Remote Object Storage (ROS) service where the tarball of the application code will be retrieved from.
| text: s3 |
WEB_APACHE
| Input Name | Description | Example Value |
| Application Name | On your application servers, the server subdirectory where your application code files are stored. If you are using dedicated load balancer servers launched with RightScale's "Load Balancer with HAProxy" ServerTemplate, this value must match the Application Name input for your load balancer servers. | text: myapp |
| Multi-Processing Module | Set to "worker" for a Rails application server. | text: worker |
Launch the Server
After configuring your inputs, launch all of the Rails application servers. Refer to the instructions in Launch a Server if you are not already familiar with this process.
- © Copyright 2015 RightScale Technical Support