Currently, during installation of Aegir, we create a web_server node and a db_server node. This is a source of much confusion among newer users, and fairly unintuitive.

All that seems to be needed here is to pass in the server's fqdn to --aegir_db_host for the hostmaster-install command. The mysql config also has to not bind exclusively to 127.0.0.1. For testing, this amounted to commenting out the appropriate line in /etc/mysql/my.cnf:

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address   = 127.0.0.1

Then restarting the mysql service. This is already what we suggest in our manual install docs: http://community.aegirproject.org/installing/manual#Database_configuration

I'm not sure what the best practice would be here though. Presumably, we could override this in a [mysqld] block in /etc/mysql/conf.d. 'bind-address' can take an IP address or a hostname (ref: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld...).

Anyway, hostmaster.install already supports this, so we'd need to alter the hostmaster-install defaults, the .deb and puppet-aegir to use the same hostname for --aegir_db_host as we currently do for --aegir_host.

Comments

helmo’s picture

+1 for merging it to one server by default. I've always disliked the looks of it.

ergonlogic’s picture

It has always been suggested to me that installing with 2 server nodes avoided some complications. It would be helpful to better understand what the reasons were for this design decision.

Anonymous’s picture

Two tickets for the history on this:

#952144: support local socket connexions for mysql
#977024: make "localhost" the default db host

The premise was that the majority of Hostmaster installations are 'local' e.g not making use of remote servers. As I recall, it seemed simpler to keep it this way at the time as we wanted to avoid telling users to edit their bind-address settings in MySQL, firewall recommendations etc, as these changes are 'wider' in terms of implication than just for Aegir.

A side-effect of this was the two separate nodes, I think we have just put up with that cosmetic issue to date.

anarcat’s picture

Yes, this is to avoid having to modify the mysql configuration, something that was generating significant support requests...

If we change this, we need to think about how we'll avoid such problems in the future.

ergonlogic’s picture

One problem with this approach is that platforms deployed to remote web servers/clusters will fail if they point to the default 'localhost' db server. We've seen a couple support requests along those lines lately.

Jon Pugh’s picture

I agree with changing this to one server. I don't think asking users to change one line of MySQL config is a huge ask, especially if it's automatic, as long as steps are taken to ensure security of the server.