Documentation for Information Management at

Logo

The Jornada IM Manual

View the Project on GitHub jornada-im/documentation

Server administration

The Jornada IM system relies on some cloud servers at DigitalOcean (aka droplets). Generally these are running Ubuntu Server 20.04. Below are some tools and practices for setting up servers, networking between them, managing user access, transferring and securing data, and other administrative tasks.

Cloud server setup tasks

Creating new services at DO is easy - it can be done with the dashboard or an API. Documentation for all DO services is available here, and for droplets see the recommended initial setup docs here and here

  1. Add public key to server - usually you can do this on creation or from an admin control panel. If it needs to be done after the fact see here

  2. Add a non-root user with sudo privilege and allow ssh access. More info here:

    • https://www.digitalocean.com/docs/droplets/tutorials/recommended-setup/
    • https://www.digitalocean.com/community/questions/how-to-enable-ssh-access-for-non-root-users

  3. Configure hostnames (if not already done at creation).

    • https://www.digitalocean.com/community/questions/how-do-i-change-hostname

  4. Install software, which varies depending on server purpose.

    • Metabase server: git, cron, PostgreSQL
    • Web servers: probably the LAMP stack and WordPress, maybe some javascript.

Metabase server config

  1. Clone the LTER-core-metabase and jrn-db-utils (private) repositories to a directory in home.
  2. Create a backups directory and mkdir /home/backups/postgresql. Make sure owner is whoever operates backups for postgres
  3. Add a the jrn-db-utils/sh/pb_backup_rotated.sh script to crontab - nightly.
  4. Make sure incoming connections for SSH (TCP port 22) and PostgreSQL (TCP port 5432) are allowed in the firewall (currently using the DO firewall).

Securing cloud servers

Droplets are behind a DO cloud firewall, but if needed, firewalls can also be set up for individual droplets with UFW. This and other tasks are described in the initial server setup docs above, or:

Unattended updates are a good idea also. For Ubuntu install the unnattended-upgrades package and see setup instructions here.

Scheduled tasks

Some server tasks, like database or website backups, should be scheduled with cron.

NFS and CIFS mounts to remote directories

The JORNADA-NETB1 storage block (sometimes called the R drive) allows CIFS connections (or SMB).

Other: