diff --git a/admin_manual/conf.py b/admin_manual/conf.py index e8e3a7295..b8a1b97b2 100644 --- a/admin_manual/conf.py +++ b/admin_manual/conf.py @@ -286,3 +286,4 @@ epub_copyright = u'2012-2016, The ownCloud developers' # Include todos? todo_include_todos = True + diff --git a/deployment_recommendations/Create HTML.lnk b/deployment_recommendations/Create HTML.lnk new file mode 100644 index 000000000..0dd9e1c91 Binary files /dev/null and b/deployment_recommendations/Create HTML.lnk differ diff --git a/deployment_recommendations/Create PDF.lnk b/deployment_recommendations/Create PDF.lnk new file mode 100644 index 000000000..f7c0969bc Binary files /dev/null and b/deployment_recommendations/Create PDF.lnk differ diff --git a/deployment_recommendations/Makefile b/deployment_recommendations/Makefile new file mode 100644 index 000000000..74c47b133 --- /dev/null +++ b/deployment_recommendations/Makefile @@ -0,0 +1,173 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = _build + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " pdf to make PDF files" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + +clean: + -rm -rf $(BUILDDIR)/* + +html: html-org + +html-all: html-release html-org html-com + +html-release: + $(SPHINXBUILD) -b html -D html_theme='owncloud_release' $(ALLSPHINXOPTS) $(BUILDDIR)/html/release + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html/release." + +html-org: + $(SPHINXBUILD) -b html -D html_theme='owncloud_org' $(ALLSPHINXOPTS) $(BUILDDIR)/html/org + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html/org." + +html-com: + $(SPHINXBUILD) -b html -D html_theme='owncloud_com' $(ALLSPHINXOPTS) $(BUILDDIR)/html/com + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html/com." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/OwncloudDocumentation.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/OwncloudDocumentation.qhc" + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/OwncloudDocumentation" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/OwncloudDocumentation" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +pdf: + $(SPHINXBUILD) -b pdf $(ALLSPHINXOPTS) $(BUILDDIR)/pdf + @echo + @echo "build finished. the text files are in $(BUILDDIR)/pdf." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "build finished. the text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." diff --git a/deployment_recommendations/conf.py b/deployment_recommendations/conf.py new file mode 100644 index 000000000..20df10d2e --- /dev/null +++ b/deployment_recommendations/conf.py @@ -0,0 +1,296 @@ +# -*- coding: utf-8 -*- +# +# ownCloud Documentation documentation build configuration file, created by +# sphinx-quickstart on Mon Oct 22 23:16:40 2012-2014. +# +# This file is execfile()d with the current directory set to its containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys, os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +#sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ----------------------------------------------------- + +# If your documentation needs a minimal Sphinx version, state it here. +#needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = ['sphinx.ext.todo', 'rst2pdf.pdfbuilder'] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['../_shared_assets/templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'contents' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = '1.0' +# The full version, including alpha/beta/rc tags. +release = '1.0' + +# General information about the project. +project = u'ownCloud Deployment Recommendations' +copyright = u'2012-2016, The ownCloud developers' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +#language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + + +# -- Options for HTML output --------------------------------------------------- + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +html_theme_path = ['../_shared_assets/themes'] + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'owncloud_org' +html_theme_options = { +# "rightsidebar": "true", +} +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +html_short_title = "ownCloud Deployment Recommendations" + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['../_shared_assets/static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +html_show_sphinx = False + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = 'ownCloudDeploymentRecommendations' + + +# -- Options for LaTeX output -------------------------------------------------- + +latex_elements = { +# The paper size ('letterpaper' or 'a4paper'). +#'papersize': 'letterpaper', + +# The font size ('10pt', '11pt' or '12pt'). +#'pointsize': '10pt', + +# Additional stuff for the LaTeX preamble. +#'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, documentclass [howto/manual]). +latex_documents = [ + ('contents', 'ownCloud_Deployment_Recommendations.tex', u'ownCloud Deployment Recommendations', + u'The ownCloud developers', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +latex_logo = '../_shared_assets/static/logo-blue.pdf' + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + +# -- Options for pdf page output ----------------------------------------------- + +pdf_documents = [('contents', u'ownCloudDeploymentRecommendations', u'ownCloud Deployment Recommendations', u'The ownCloud developers'),] + +# -- Options for manual page output -------------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('contents', 'ownCloudDeploymentRecommendations', u'ownCloud Deployment Recommendations', + [u'The ownCloud developers'], 1) +] + +# If true, show URL addresses after external links. +#man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------------ + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ('contents', 'ownCloudDeploymentRecommendations', u'ownCloud Deployment Recommendations', + u'The ownCloud developers', 'ownCloud', 'ownCloud Deployment Recommendations.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + + +# -- Options for Epub output --------------------------------------------------- + +# Bibliographic Dublin Core info. +epub_title = u'ownCloud Deployment Recommendations' +epub_author = u'The ownCloud developers' +epub_publisher = u'The ownCloud developers' +epub_copyright = u'2012-2016, The ownCloud developers' + +# The language of the text. It defaults to the language option +# or en if the language is not set. +#epub_language = '' + +# The scheme of the identifier. Typical schemes are ISBN or URL. +#epub_scheme = '' + +# The unique identifier of the text. This can be a ISBN number +# or the project homepage. +#epub_identifier = '' + +# A unique identification for the text. +#epub_uid = '' + +# A tuple containing the cover image and cover page html template filenames. +#epub_cover = () + +# HTML files that should be inserted before the pages created by sphinx. +# The format is a list of tuples containing the path and title. +#epub_pre_files = [] + +# HTML files shat should be inserted after the pages created by sphinx. +# The format is a list of tuples containing the path and title. +#epub_post_files = [] + +# A list of files that should not be packed into the epub file. +#epub_exclude_files = [] + +# The depth of the table of contents in toc.ncx. +#epub_tocdepth = 3 + +# Allow duplicate toc entries. +#epub_tocdup = True + +# Include todos? +todo_include_todos = True + +# substitutions go here +rst_epilog = '.. |version| replace:: %s' % version diff --git a/deployment_recommendations/contents.rst b/deployment_recommendations/contents.rst new file mode 100644 index 000000000..52d419ce3 --- /dev/null +++ b/deployment_recommendations/contents.rst @@ -0,0 +1,10 @@ +.. _contents: + +================= +Table of Contents +================= + +.. toctree:: + :maxdepth: 2 + + index diff --git a/deployment_recommendations/images/deprecs-1.png b/deployment_recommendations/images/deprecs-1.png new file mode 100644 index 000000000..b80961460 Binary files /dev/null and b/deployment_recommendations/images/deprecs-1.png differ diff --git a/deployment_recommendations/images/deprecs-2.png b/deployment_recommendations/images/deprecs-2.png new file mode 100644 index 000000000..9bd1438af Binary files /dev/null and b/deployment_recommendations/images/deprecs-2.png differ diff --git a/deployment_recommendations/images/deprecs-3.png b/deployment_recommendations/images/deprecs-3.png new file mode 100644 index 000000000..d6bfc2b4d Binary files /dev/null and b/deployment_recommendations/images/deprecs-3.png differ diff --git a/deployment_recommendations/index.rst b/deployment_recommendations/index.rst new file mode 100644 index 000000000..a386419be --- /dev/null +++ b/deployment_recommendations/index.rst @@ -0,0 +1,529 @@ +=================================== +ownCloud Deployment Recommendations +=================================== + +What is the best way to install and maintain ownCloud? The answer to that is +*"it depends"* because every ownCloud customer has their own +particular needs and IT infrastructure. ownCloud and the LAMP stack are +highly-configurable, so we will present three typical scenarios and make +best-practice recommendations for both software and hardware. + +General Recommendations +----------------------- + +.. note:: Whatever the size of your organization, always keep one thing in mind: + the amount of data stored in ownCloud will only grow. Plan ahead. + +The amount of data stored in an ownCloud instance continually grows. Plan ahead. +Consider setting up a scale-out deployment, or using Federated Cloud Sharing to +keep individual ownCloud instances to a manageable size. + +.. comment: Federating instances seems the best way to grow organically in + an enterprise. A lookup server to tie all the instances together under a + single domain is being worked on. + +* Operating system: Linux. +* Webserver: Apache 2.4. +* Database: MySQL/MariaDB. +* PHP 5.5+. PHP 5.4 is the minimum supported version; note that it reached + end-of-life in September 2015 and is no longer supported by the PHP team. + Some Linux vendors, such as Red Hat, still support PHP 5.4. + 5.6+ is recommended. ``mod_php`` is the recommended Apache module because it + provides the best performance. + +.. comment: mod_php is easier to set up, php-fpm with apache event MPM seems to + scale better under load and limited RAM restrictions: + http://blog.bitnami.com/2014/06/performance-enhacements-for-apache-and.html + +Small Workgroups or Departments +------------------------------- + +* Number of users + Up to 150 users. + +* Storage size + 100 GB to 10TB. + +* High availability level + Zero-downtime backups via Btrfs snapshots, component failure leads to + interruption of service. Alternate backup scheme on other filesystems: + nightly backups with service interruption. + +Recommended System Requirements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +One machine running the application server, Webserver, database server and +local storage. + +Authentication via an existing LDAP or Active Directory server. + +.. figure:: images/deprecs-1.png + :scale: 75% + :alt: Network diagram for small enterprises. + +* Components + One server with at least 2 CPU cores, 16GB RAM, local storage as needed. + +* Operating system + Enterprise-grade Linux distribution with full support from OS vendor. We + recommend Red Hat Enterprise Linux or SUSE Linux Enterprise Server 12. + +* SSL Configuration + The SSL termination is done in Apache. A standard SSL certificate is + needed, installed according to the Apache documentation. + +* Load Balancer + None. + +* Database + MySQL, MariaDB or PostgreSQL. We currently recommend MySQL / MariaDB, as our + customers have had good experiences when moving to a Galera cluster to + scale the DB. + +* Backup + Install owncloud, ownCloud data directory and database on Btrfs filesystem. + Make regular snapshots at desired intervals for zero downtime backups. + Mount DB partitions with the "nodatacow" option to prevent fragmentation. + + Alternatively, make nightly backups with service interruption: + + * Shut down Apache. + * Create database dump. + * Push data directory to backup. + * Push database dump to backup. + * Start Apache. + + Then optionally rsync to a backup storage or tape backup. (See the + `Maintenance`_ section of the Administration manual for tips on backups + and restores.) + +* Authentication + User authentication via one or several LDAP or Active Directory servers. (See + `User Authentication with LDAP`_ for information on configuring ownCloud to + use LDAP and AD.) + +* Session Management + Local session management on the application server. PHP sessions are stored + in a tmpfs mounted at the operating system-specific session storage + location. You can find out where that is by running ``grep -R + 'session.save_path` /etc/php5`` and then add it to the ``/etc/fstab`` file, + for example: + ``echo "tmpfs /var/lib/php5/pool-www tmpfs defaults,noatime,mode=1777 0 0" + >> /etc/fstab``. + +* Memory Caching + A memcache speeds up server performance, and ownCloud supports four + memcaches; refer to `Configuring Memory Caching`_ for information on + selecting and configuring a memcache. + +* Storage + Local storage. + +* ownCloud Edition + Standard Edition. (See `ownCloud Server or Enterprise Edition`_ for + comparisons of the ownCloud editions.) + +Mid-sized Enterprises +--------------------- + +* Number of users + 150 to 1,000 users. + +* Storage size + Up to 200TB. + +* High availability level + Every component is fully redundant and can fail without service interruption. + Backups without service interruption + +Recommended System Requirements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +2 to 4 application servers. + +A cluster of two database servers. + +Storage on an NFS server. + +Authentication via an existing LDAP or Active Directory server. + +.. figure:: images/deprecs-2.png + :alt: Network diagram for mid-sized enterprise. + +* Components + * 2 to 4 application servers with 4 sockets and 32GB RAM. + * 2 DB servers with 4 sockets and 64GB RAM. + * 1 HAproxy load balancer with 2 sockets and 16GB RAM. + * NFS storage server as needed. + +* Operating system + Enterprise grade Linux distribution with full support from OS vendor. Red + Hat Enterprise Linux or SUSE Linux Enterprise Server 12 are recommended. + +* SSL Configuration + The SSL termination is done in the HAProxy load balancer. A standard SSL + certificate is needed, installed according to the `HAProxy documentation`_. + +* Load Balancer + HAProxy running on a dedicated server in front of the application servers. + Sticky session needs to be used because of local session management on the + application servers. + +.. comment: (please add configuration details here) +.. comment: why sticky sessions? the nice thing about haproxy is that it can + send requests to the application server with the least load. redis or + memcached seem more appropriate. this is mid size already. the software + stack should be the same as for L`_ + Frank: Yes. But this only works if haproxy can read the http stream which + means that we have to terminate SSL in the haproxy instead of the webserver. + Totally possible. Whatever you prefer :-) + Jörn: AFAIK you need to do SSL offloading to do sticky sessions, because the + load balancer has to look into the http stream or rely on the client IP to + determine the web server for the session. Not doing SSL offloading instead + requires you to use a shared session (via memcached or redis) because the + requests are distributed via round robin or least load. It allows you to + scale out the ssl load by adding more applicaton servers. So ... I think it + is exactly the other way round. + +* Database + MySQL/MariaDB Galera cluster with master-master replication. + +* Backup + Minimum daily backup without downtime. All MySQL/MariaDB statements should + be replicated to a backup MySQL/MariaDB slave instance. + + * Create a snapshot on the NFS storage server. + * At the same time stop the MySQL replication. + * Create a MySQL dump of the backup slave. + * Push the NFS snapshot to the backup. + * Push the MySQL dump to the backup. + * Delete the NFS snapshot. + * Restart MySQL replication. + +* Authentication + User authentication via one or several LDAP or Active Directory servers. + (See `User Authentication with LDAP`_ for information on configuring + ownCloud to use LDAP and AD.) + +* LDAP + Read-only slaves should be deployed on every application server for + optimal scalability + +* Session Management + Session management on the application server. PHP sessions are stored + in a tmpfs mounted at the operating system-specific session storage + location. You can find out where that is by running ``grep -R + 'session.save_path` /etc/php5`` and then add it to the ``/etc/fstab`` file, + for example: + ``echo "tmpfs /var/lib/php5/pool-www tmpfs defaults,noatime,mode=1777 0 0" + >> /etc/fstab``. + +* Memory Caching + A memcache speeds up server performance, and ownCloud supports four + memcaches; refer to `Configuring Memory Caching`_ for information on + selecting and configuring a memcache. + +* Storage + Use an off-the-shelf NFS solution, such as IBM Elastic Storage or RedHat + Ceph. + +* ownCloud Edition + Enterprise Edition. (See `ownCloud Server or Enterprise Edition`_ for + comparisons of the ownCloud editions.) + +Large Enterprises and Service Providers +--------------------------------------- + +* Number of users + 5,000 to >100,000 users. + +* Storage size + Up to 1 petabyte. + +* High availabily level + Every component is fully redundant and can fail without service interruption. + Backups without service interruption + +Recommended System Requirements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +4 to 20 application/Webservers. + +A cluster of two or more database servers. + +Storage is an NFS server, or an object store that is S3 compatible. + +Cloud federation for a distributed setup over several data centers. + +Authentication via an existing LDAP or Active Directory server, or SAML. + +.. figure:: images/deprecs-3.png + :scale: 60% + :alt: Network diagram for large enterprise. + +* Components + * 4 to 20 application servers with 4 sockets and 64GB RAM. + * 4 DB servers with 4 sockets and 128GB RAM + * 2 Hardware load balancer, for example BIG IP from F5 + * NFS storage server as needed. + +* Operating system + RHEL 7 with latest service packs. + +* SSL Configuration + The SSL termination is done in the load balancer. A standard SSL certificate + is needed, installed according to the load balancer documentation. + +* Load Balancer + A redundant hardware load-balancer with heartbeat, for example `F5 Big-IP`_. + This runs two load balancers in front of the application servers. + +* Database + MySQL/MariaDB Galera Cluster with 4x master -- master replication. + +* Backup + Minimum daily backup without downtime. All MySQL/MariaDB statements should + be replicated to a backup MySQL/MariaDB slave instance. + + * Create a snapshot on the NFS storage server. + * At the same time stop the MySQL replication. + * Create a MySQL dump of the backup slave. + * Push the NFS snapshot to the backup. + * Push the MySQL dump to the backup. + * Delete the NFS snapshot. + * Restart MySQL replication. + +* Authentication + User authentication via one or several LDAP or Active Directory + servers, or SAML/Shibboleth. (See `User Authentication with LDAP`_ and + `Shibboleth Integration`_.) + +* LDAP + Read-only slaves should be deployed on every application server for + optimal scalability. + +* Session Management + Redis should be used for the session management storage. + +* Caching + Redis for distributed in-memory caching (see `Configuring Memory + Caching`_). + +* Storage + An off-the-shelf NFS solution should be used. Examples are IBM Elastic + Storage or RedHAT Ceph. Optionally, an S3 compatible object store can also + be used. + +* ownCloud Edition + Enterprise Edition. (See `ownCloud Server or Enterprise Edition`_ for + comparisons of the ownCloud editions.) + +Hardware Considerations +----------------------- + +* Solid-state drives (SSDs) for I/O. +* Separate hard disks for storage and database, SSDs for databases. +* Multiple network interfaces to distribute server synchronisation and backend + traffic across multiple subnets. + +Single Machine / Scale-Up Deployment +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The single-machine deployment is widely used in the community. + +Pros: + +* Easy setup: no session storage daemon, use tmpfs and memory caching to + enhance performance, local storage. +* No network latency to consider. +* To scale buy a bigger CPU, more memory, larger hard drive, or additional hard + drives. + +Cons: + +* Fewer high availability options. +* The amount of data in ownCloud tends to continually grow. Eventually a + single machine will not scale; I/O performance decreases and becomes a + bottleneck with multiple up- and downloads, even with solid-state drives. + +Scale-Out Deployment +^^^^^^^^^^^^^^^^^^^^ + +Provider setup: + +* DNS round robin to HAProxy servers (2-n, SSL offloading, cache static + resources) +* Least load to Apache servers (2-n) +* Memcached/Redis for shared session storage (2-n) +* Database cluster with single Master, multiple slaves and proxy to split + requests accordingly (2-n) +* GPFS or Ceph via phprados (2-n, 3 to be safe, Ceph 10+ nodes to see speed + benefits under load) + +Pros: + +* Components can be scaled as needed. +* High availability. +* Test migrations easier. + +Cons: + +* More complicated to setup. +* Network becomes the bottleneck (10GB Ethernet recommended). +* Currently DB filecache table will grow rapidly, making migrations painful in + case the table is altered. + +What About Nginx / PHP-FPM? +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Could be used instead of HAproxy as the load balancer. +But on uploads stores the whole file on disk before handing it over to PHP-FPM. + +A Single Master DB is Single Point of Failure, Does Not Scale +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +When master fails another slave can become master. Multi-master has the risk of +split brain and is more complicated. Can run into deadlocks which ownCloud tries +to solve with high-level file locking. + +Software Considerations +----------------------- + +Operating System +^^^^^^^^^^^^^^^^ + +We are dependent on distributions that offer an easy way to install the various +components in up-to-date versions. ownCloud has a partnership with RedHat +and SUSE for customers who need commercial support. Canonical, the parent +company of Ubuntu Linux, also offers enterprise service and support. Debian +and Ubuntu are free of cost, and include newer software packages. CentOS is the +community-supported free-of-cost Red Hat Enterprise Linux clone. openSUSE is +community-supported, and includes many of the same system administration tools +as SUSE Linux Enterprise Server. + +Webserver +^^^^^^^^^ + +Taking Apache and Nginx as the contenders, Apache with mod_php is currently the +best option, as Nginx does not support all features necessary for enterprise +deployments. Mod_php is recommended instead of PHP_FPM, because in scale-out +deployments separate PHP pools are simply not necessary. + + +.. comment: Nginx currently does not integrate with Shibboleth, which prevents + SSO. Nevertheless, the Shibboleth community seems to be investigating how to + integrate with Nginx. + +.. comment: Nginx stores uploaded files on disk before handing them to php-fpm + which is a performance problem with GB-sized files. There seems to be an + Nginx fork from China that handles that better. + +.. comment from carla: We shouldn't recommend forks unless they are proven, + well-supported and dependable. + +Relational Database +^^^^^^^^^^^^^^^^^^^ + +More often than not the customer already has an opinion on what database to +use. In general, the recommendation is to use what their database administrator +is most familiar with. Taking into account what we are seeing at customer +deployments, we recommend MySQL/MariaDB in a master-slave deployment with a +MySQL proxy in front of them to send updates to master, and selects to the +slave(s). + +.. comment: MySQL locks tables for schema updates and might even have to copy + the whole table. That is pretty much a non-starter for migrations unless you + are using a scale out deployment where you can apply the schema changes to + each slave individually. Even then each migration might take several hours. + Make sure you have enough disk space. You have been warned. + +.. comment: Currently, ownCloud uses the utf8 character set with utf8_bin + collation on MySQL installations. As a result 4 byte UTF characters like + emojis cannot be used. This can be fixed by [moving to + utf8mb4/utf8mb4_bin](https://github.com/owncloud/core/issues/7030). + +The second best option is PostgreSQL (alter table does not lock table, which +makes migration less painful) although we have yet to find a customer who uses a +master-slave setup. + +.. comment: PostgreSQL may produce excessive amounts of dead tuples due to + owncloud transactions preventing the execution of the autovacum process. + +What about the other DBMS? + +* Sqlite is adequate for simple testing, and for low-load single-user + deployments. It is not adequate for production systems. +* MSSQL is not automatically tested. +* Oracle is expensive, but is the de facto standard at large enterprises. + Developers need to be aware of the 30 char identifier limit, empty string + equals null and varchar2 can only be made 4000 chars wide. + +File Storage +------------ + +Our main use case is up- and download of files. Sooner or later, that requires +scale-out storage. Currently, the options are GPFS or an object store like +Ceph/s3 or Openstack/Swift. GPFS is expensive, and our s3 and Swift +implementations use temp files which prevents them from scaling adequately. + +.. comment: A proof of concept implementation based on + [phprados](https://github.com/ceph/phprados) that talks directly to a + [ceph](http://ceph.com/) cluster without having to use temp files is [in + development](https://github.com/owncloud/objectstore/pull/26). + +.. comment: NFS can be used but needs to be micro-managed to distribute users + on multiple storages. If you want to go that route configure ldap to provide + a custom home folder location. That allows you to move each users data + folder to different nfs mounts. + +Session Storage +--------------- + +* Redis: provides persistence, nice graphical inspection tools available, + supports ownCloud high-level file locking. + +* If Shibboleth is a requirement you must use Memcached, and it can also be + used to scale-out shibd session storage (see `Memcache StorageService`_). + +.. comment: High Availability / Failover deployment + Use Case: site replication -> different problem + +References +---------- + +`Database High Availability`_ + +`Performance enhancements for Apache and PHP`_ + +`How to Set Up a Redis Server as a Session Handler for PHP on Ubuntu 14.04`_ + + +.. _Maintenance: + https://doc.owncloud.org/server/9.0/admin_manual/maintenance/index.html +.. _User Authentication with LDAP: + https://doc.owncloud.org/server/9.0/admin_manual/configuration_user/ + user_auth_ldap.html +.. _Configuring Memory Caching: + https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/ + caching_configuration.html +.. _ownCloud Server or Enterprise Edition: + https://owncloud.com/owncloud-server-or-enterprise-edition/ +.. _F5 Big-IP: https://f5.com/products/big-ip/ + +.. _Shibboleth Integration: + https://doc.owncloud.org/server/9.0/admin_manual/enterprise_user_management/ + user_auth_shibboleth.html +.. _Memcache StorageService: + https://wiki.shibboleth.net/confluence/display/SHIB2/ + NativeSPStorageService#NativeSPStorageService-MemcacheStorageService + +.. _Database High Availability: + http://www.severalnines.com/blog/become-mysql-dba-blog-series-database-high- + availability +.. _Performance enhancements for Apache and PHP: + http://blog.bitnami.com/2014/06/performance-enhacements-for-apache-and.html +.. _How to Set Up a Redis Server as a Session Handler for PHP on Ubuntu 14.04: + https://www.digitalocean.com/community/tutorials/how-to-set-up-a-redis-server + -as -a-session-handler-for-php-on-ubuntu-14-04 +.. _HAProxy documentation: + http://www.haproxy.org/#docs \ No newline at end of file diff --git a/deployment_recommendations/make.bat b/deployment_recommendations/make.bat new file mode 100644 index 000000000..3fbb57f5d --- /dev/null +++ b/deployment_recommendations/make.bat @@ -0,0 +1,199 @@ +@ECHO OFF + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set BUILDDIR=_build +set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% . +set I18NSPHINXOPTS=%SPHINXOPTS% . +if NOT "%PAPER%" == "" ( + set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS% + set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS% +) + +if "%1" == "" goto help + +if "%1" == "help" ( + :help + echo.Please use `make ^` where ^ is one of + echo. html to make standalone HTML files + echo. dirhtml to make HTML files named index.html in directories + echo. singlehtml to make a single large HTML file + echo. pdf to make a PDF file with rst2pdf + echo. pickle to make pickle files + echo. json to make JSON files + echo. htmlhelp to make HTML files and a HTML help project + echo. qthelp to make HTML files and a qthelp project + echo. devhelp to make HTML files and a Devhelp project + echo. epub to make an epub + echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter + echo. text to make text files + echo. man to make manual pages + echo. texinfo to make Texinfo files + echo. gettext to make PO message catalogs + echo. changes to make an overview over all changed/added/deprecated items + echo. linkcheck to check all external links for integrity + echo. doctest to run all doctests embedded in the documentation if enabled + goto end +) + +if "%1" == "clean" ( + for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i + del /q /s %BUILDDIR%\* + goto end +) + +if "%1" == "html" ( + %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/html. + goto end +) + +if "%1" == "dirhtml" ( + %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml. + goto end +) + +if "%1" == "singlehtml" ( + %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml. + goto end +) + +if "%1" == "pdf" ( + %SPHINXBUILD% -b pdf %ALLSPHINXOPTS% %BUILDDIR%/pdf + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The PDF file is in %BUILDDIR%/pdf. + goto end +) + +if "%1" == "pickle" ( + %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can process the pickle files. + goto end +) + +if "%1" == "json" ( + %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can process the JSON files. + goto end +) + +if "%1" == "htmlhelp" ( + %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can run HTML Help Workshop with the ^ +.hhp project file in %BUILDDIR%/htmlhelp. + goto end +) + +if "%1" == "qthelp" ( + %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can run "qcollectiongenerator" with the ^ +.qhcp project file in %BUILDDIR%/qthelp, like this: + echo.^> qcollectiongenerator %BUILDDIR%\qthelp\OwncloudDocumentation.qhcp + echo.To view the help file: + echo.^> assistant -collectionFile %BUILDDIR%\qthelp\OwncloudDocumentation.ghc + goto end +) + +if "%1" == "devhelp" ( + %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. + goto end +) + +if "%1" == "epub" ( + %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The epub file is in %BUILDDIR%/epub. + goto end +) + +if "%1" == "latex" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; the LaTeX files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "text" ( + %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The text files are in %BUILDDIR%/text. + goto end +) + +if "%1" == "man" ( + %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The manual pages are in %BUILDDIR%/man. + goto end +) + +if "%1" == "texinfo" ( + %SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo. + goto end +) + +if "%1" == "gettext" ( + %SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The message catalogs are in %BUILDDIR%/locale. + goto end +) + +if "%1" == "changes" ( + %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes + if errorlevel 1 exit /b 1 + echo. + echo.The overview file is in %BUILDDIR%/changes. + goto end +) + +if "%1" == "linkcheck" ( + %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck + if errorlevel 1 exit /b 1 + echo. + echo.Link check complete; look for any errors in the above output ^ +or in %BUILDDIR%/linkcheck/output.txt. + goto end +) + +if "%1" == "doctest" ( + %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest + if errorlevel 1 exit /b 1 + echo. + echo.Testing of doctests in the sources finished, look at the ^ +results in %BUILDDIR%/doctest/output.txt. + goto end +) + +:end