This is an old revision of the document!


wiki.opennic.org infrastructure

The wiki.opennic.org website runs on Amazon Web Services (AWS) infrastructure and uses various services offered by AWS:

The EFS service is used to store all wiki pages, configurations, attachments, etc. on a scalable, shared filesystem using NFS as protocol.

  • Endpoint: fs-ee48faa7.efs.us-east-1.amazonaws.com

ElastiCache stores all PHP sessions in a single Memcached instance to ensure session and login-state persistency and reliability across all floating wiki.opennic.org webserver instances.

  • Endpoint: prod-wiki-sess.xqtznt.cfg.use1.cache.amazonaws.com:11211

To automatically scale the wiki instances to the desired performance and to ensure reliability even on instance failures, we use an Auto Scaling group which handles automatic scaling at your desire.

  • Auto Scaling Group: prod-wiki
  • Launch Configuration: prod-wiki-20170506-4
  • Load Balancers: -
  • Target Groups: prod-wiki
  • Desired: 2
  • Min: 2
  • Max: 20
  • Health Check Type: ELB
  • Health Check Grace Period: 180
  • Termination Policies: OldestLaunchConfiguration, ClosestToNextInstanceHour, Default
  • Creation Time: Fri Apr 21 21:26:39 GMT+000 2017
  • Availability Zone(s): us-east-1a, us-east-1b, us-east-1d, us-east-1e
  • Subnet(s): subnet-da5ebb80,subnet-94dd05dc,subnet-5f440563,subnet-74fc1258
  • Default Cooldown: 180
  • Placement Group: -
  • Suspended Processes: -
  • Enabled Metrics: GroupPendingInstances, GroupTotalInstances, GroupInServiceInstances, GroupDesiredCapacity, GroupMaxSize, GroupTerminatingInstances, GroupMinSize, GroupStandbyInstances
  • Instance Protection: -

prod-wiki-high

  • Policy type: Simple scaling
  • Execute policy when: prod-wiki-high (breaches the alarm threshold: TargetResponseTime >= 1 for 300 seconds for the metric dimensions LoadBalancer = app/prod-wiki/0ec4b8b4601b350c)
  • Take the action: Add 2 instances
  • And then wait: 180 seconds before allowing another scaling activity

prod-wiki-low

  • Policy type: Simple scaling
  • Execute policy when: prod-wiki-low (breaches the alarm threshold: TargetResponseTime ⇐ 0.5 for 300 seconds for the metric dimensions LoadBalancer = app/prod-wiki/0ec4b8b4601b350c)
  • Take the action: Remove 1 instances
  • And then wait: 180 seconds before allowing another scaling activity
Key Value Tag New Instances
Name prod-wiki Yes
  • AMI: ami-80861296
  • Instance type: t2.nano (t2.nano (Variable ECUs, 1 vCPUs, 2.4 GHz, Intel Xeon Family, 0.5 GiB memory, EBS only))
  • Name: prod-wiki-20170506-4
  • Request Spot Instances - Request Spot Instances: No
  • IAM role: None
  • Monitoring - Enable CloudWatch detailed monitoring: No
  • Kernel ID: Use default
  • RAM Disk ID: Use default
  • User data (As text): prod-wiki-asg-user-data.txt
  • IP Address Type: Assign a public IP address to every instance.
  • Storage
    • Volume Type: Root
    • Device: /dev/sda1
    • Snapshot: snap-066a4d67938024381
    • Size (GiB): 8
    • Volume Type: Magnetic
    • IOPS: N/A
    • Throughput: N/A
    • Delete on Termination: Yes
    • Encrypted: No
  • Security group: sg-3eccfc41

An Elastic Load Balancer distributes HTTP queries to wiki.opennic.org across all instances in the auto scaling group.

  • Basic Configuration
    • Name: prod-wiki
    • ARN: arn:aws:elasticloadbalancing:us-east-1:110568221216:loadbalancer/app/prod-wiki/0ec4b8b4601b350c
    • DNS name: prod-wiki-1538888183.us-east-1.elb.amazonaws.com
    • Scheme: internet-facing
    • Type: application
    • Availability Zones: subnet-5f440563 - us-east-1e, subnet-74fc1258 - us-east-1d, subnet-94dd05dc - us-east-1a, subnet-da5ebb80 - us-east-1b
    • Creation time: April 21, 2017 at 09:21:32 PM UTC+0
    • Hosted zone: Z35SXDOTRQ7X7K
    • State: active
    • VPC: vpc-64c5d102
    • IP address type: dualstack
    • AWS WAF Web ACL: -
  • Security
    • Security groups: sg-095e6d76
  • Attributes
    • Deletion protection: Disabled
    • Idle timeout: 60 seconds
    • Access logs: Disabled
  • Listeners
    • Listener 1
      • ARN: arn:aws:elasticloadbalancing:us-east-1:110568221216:listener/app/prod-wiki/0ec4b8b4601b350c/7ce4c2f1d63a6d38
      • Protocol: HTTP
      • Port: 80
      • Default target group: prod-wiki
    • Listener 2
      • ARN: arn:aws:elasticloadbalancing:us-east-1:110568221216:listener/app/prod-wiki/0ec4b8b4601b350c/1d209761648cd7dc
      • Protocol: HTTPS (Secure HTTP)
      • Port: 443
      • Default target group: prod-wiki
      • Certificate type: Choose an existing certificate from AWS Certificate Manager (ACM)
      • Certificate name: wiki.opennic.org (arn:aws:acm:us-east-1:110568221216:certificate/0184f12e-ae11-4e74-8ba6-ad7a3bd7c846)
      • Security policy: ELBSecurityPolicy-TLS-1-2-2017-01
  • Monitoring - CloudWatch alarms
    • prod-wiki-high
      • ELBSecurityPolicy-TLS-1-2-2017-01: -
      • Whenever: Average Latency
      • Is: >= 1,000
      • For at least: 1 consecutive period(s) of 5 Minutes
    • prod-wiki-low
      • ELBSecurityPolicy-TLS-1-2-2017-01: -
      • Whenever: Average Latency
      • Is: 500
      • For at least: 1 consecutive period(s) of 5 Minutes

The entire web root directory is synced to GitHub approximately every 30 minutes using this simple bash script. Some files are not synced to the repository, for example the conf/users.auth.php file containing all users with their email addresses and passwords until LDAP authentication is up and running.

  • /wiki/data/attic/opennic/infra/wiki.1501401852.txt.gz
  • Last modified: 3 years ago
  • by fusl