GoFAST : Prerequisites and Server installation

User computer

Optional applications and configurations

Prerequisites and server installation

Architecture

GoFAST3
OS CentOS 7 64bits
CMS Drupal 7
Web Server & Reverse Proxy Apache 2.4 (php-fpm)
Database MySQL 5.7
Directory OpenLDAP 2.4
DMS Alfresco 5.2 Community
Search Apache Solr 5
API server Apache Tomcat 7
Workflow (GoFAST 3.6+) Bonitasoft Community 7
Workflow (<GoFAST 3.6+) Bonitasoft Community 6
../_images/Tag-Enterprise.png
GoFAST Comm-Server
Collaborative edition OnlyOffice 5
Instant messaging eJabberd 16
Webconference Jitsi Meet 1.0
Reverse Proxy nginx 1.12

Server prerequisites

The GoFAST platform is an enterprise application that requires a high-performing architecture to deliver good scalability and response times.

Caution

GoFAST is particularly sensitive to the performance of inputs/outputs (I/O) and correct size of random access memory (RAM)

Caution

As a consequence of sensitivity to I / O, special attention should be paid to remote storage. It must give priority to the SAN type. Avoid any remote WAN and NFS type storage.

Note

GoFAST v3 requires 2 VMs by default.

Virtual Machine Prerequisites

La plate-forme GoFAST est prévue pour fonctionner sur les Hyperviseurs (n’ayant pas atteint leur EOL) 64 bits suivant :

  • VMWare ESX
  • HyperV
  • KVM
  • HVM (Amazon Web Services)

and without operating experience feedback, XEN 6+

Note

Pas possible d’import actuellement par images dans un HypeV (ou sous Azure). Une installation par script est effectuée

Caution

  • The GoFAST VM must have a dedicated datastore (LUN).
  • Under VMWARE, choose “RedHat Enterprise” and “paravirtualized SCSI adapter” from CentOS 7.4 / GoFAST v3.1.1

*VM 2 (GF-COMM) is only included in the Enterprise offer/edition

  VM 1 (GF) VM 2 (GF-COMM)*
Cores 4+ 2+
RAM 10GB+ 6GB
Storage 200GB+ 50GB
IOPS(FIO) 500+  
Network 100Mpbs 100Mpbs

Note

A webconference with 6 users (including 5 with video) consumes 12Mbps (outgoing), 3Mbps (incoming), 50% CPU

Evaluation of storage requirements

  • 15 GB of disk space for application and system (partition /)
  • Data storage space (partition / var)

Normal use

  • 2 - 3 GB of disk space for personal content of new users
  • 4 - 6 GB for groups and organizations

Intensive use

  • 5 - 10 GB of disk space for the personal content of new users
  • 10 - 20 GB for Groups and Organizations

Simulation of disk space for 100 users (x5GB), 10 organizations (x10GB), 15 groups (x10GB) for a total of 765 GB

Optional partition

Most of the data is stored in /var. A daily backup is done in /var/backup. If the current image does not have sufficient partitions, we recommend you to do it.

Note

It is highly recommended but not required to create a partition for `` / var``

Caution

If the `` / var`` partition is on a remote storage (NAS / NFS …) this should not cause a strong performance degradation (IOPS) compared to local storage. Any WAN storage should be avoided

Caution

It is recommended but not required to create a partition for /var/backup for application data backup and this mount point should be deported

Caution

The swap partition must be at least 50% of the physical memory of the server

Networks and Security

Certificate

The GoFAST platform only works with a « server » certificate issued by a certification authority (CA). The certificate must be in .pem, or.crt and .key format

Caution

The certificate must be of « wildcard » type

Note

If GoFAST is only accessible in Intranet, the certificate can be generated by the Active Directory Certificate Services.

Network architecture

The GoFAST platform can be installed:

  • preferably on a DMZ so that the platform is accessible from the outside (extranet, mobile use, …)
  • on the company’s network (LAN)
  • also another network is accessible by Internet (in such case pay attention to performances, flow, routing, …)

Caution

If the organization uses a Proxy server for Internet access, special configurations must be made

List of ports

Here is the list of ports that must be accessible in and out.

  VM1 VM2 Incoming ports Outgoing ports
Platform installation, update, external RSS feeds, Web page import, supervision x     80
Access to the platform in HTTPS and WebDav x   443  
Access to the platform in IMAPS x   993  
Optional: import of external emails x   25  
Access to the GoFAST LDAP directory by the company’s SI and VM2 x   636  
Sending of notification emails x     25 | 465
Collection of supervision x x   443
Remote Administration (SSH) x x 22  
Zabbix Supervision x x   10051
Optional: import from AD to GoFAST and / or AD authentication x x   636
OnlyOffice (Co-edition)   x 443  
Instant Messaging / Webconference   x 443  
x 5222/TCP
x 3478/TCP**
(x) 80/TCP*
x 10000/UDP
* si les ports udp ne peuvent être ouverts
** pour la video/desktopsharing dans le chat

Caution

If the participant is not on the LAN, his Internet access must allow the traffic to pass on the 10000 / udp port. This can cause problems on some InternetPro networks such as remote sites connected to the headquarters where the GoFAST server is located. Note that it is rare that this problem is found on 4G networks.

WebRTC resources (Enterprise only)

Enterprise only

The Webrtc operation is described here: https://developer.mozilla.org/en/docs/Web/Guide/API/WebRTC/WebRTC_architecture

Diagnostic of the network is possible here: https://www.netscan.co/ (click on “Scan my Network”, the diagnosis is stored as a URL https://www.netscan.co/r/ayiIL)

Note

Unlike videochat, jitsi-meet does not require a STUN server.

Installation

Installation by VM import

CEO-Vision can provide an image of the VM in OVA form (universal format). For other formats contact us.

In the case of the OVA format, a virtual machine with standard prerequisites is provided.

Caution

For VMWare, check that the “PVSCSI adapter” is well used

In some cases, the virtual machine may have more disk space than the partition of the VM. In this case the following operations have to be performed:

# fdisk -l /dev/sda
Disk /dev/sda: 68.7 GB, 68719476736 bytes
255 heads, 63 sectors/track, 10443 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 8354 66999082+ 8e Linux LVM

# fdisk /dev/sda
n                                       {new partition}
p                                       {primary partition}
3                                       {new partition number}
t                                       {change partition id}
8e                                      {Linux LVM partition}
w

reboot

# fdisk -l /dev/sda
Disk /dev/sda: 85.8 GB, 85899345920 bytes
255 heads, 63 sectors/track, 10443 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 8354 66999082+ 8e Linux LVM
/dev/sda3 8355 10443 16779892+ 8e Linux LVM

# pvcreate /dev/sda3
# vgdisplay
# vgextend VolGroup00 /dev/sda3 {change VolGroup00 by vgdisplay result
# lvextend /dev/VolGroup00/LogVol00 /dev/sda3 {change accordingly by vgdisplay result

# resize2fs /dev/VolGroup00/LogVol00 {for ext4 and change VolGroup00 accordingly by vgdisplay result}
**OR**
# xfs-growthfs /dev/VolGroup00/LogVol00 {for xfs and change VolGroup00 accordingly by vgdisplay result}

Caution

the last operation can take between 30min and 1h30 for an increase of 1To

Script Installation (Enterprise only)

Enterprise only

Note that this type of installation generates an additional cost (billing in the control room).

In this case, a VM with Centos 7 x64 Minimal is available for CEO-Vision who then makes a script installation.

Post-installation of the VM (Enterprise only)

Enterprise only

Network Configuration (by the Operator)

  • Login in console mode to the VM and run nmtui
  • Choose Edit a connection then the interface, generally ems33
  • Click `` Show`` at `` IP v4 Configuration``
  • Fill in the information (Manual, Addresses, Gateway, DNS servers)

Note

If your GoFAST is accessible from the Internet, the address is a public IP

Note

In a virtualized environment, the gateway is the IP address of the host with the end replaced by .254

  • Select `` OK``
  • Choose Set system hostname generally the same name as that filled in the DNS
  • Quit the application
  • reboot
  • After reboot, check that the internet is accessible by entering ping 8.8.8.8

Note

Dans le cas ESX, vérifier que l’adresse MAC correspond à l’adresse IP publique configurée

Configuration / Setup (by the Operator)

Note

These steps are very important and should be done as soon as possible by the hosting service provider

  • Upload the SSL certificate “wildcard” to the server (public and private key corresponding to * .mydomain.tld, eg gofast.ceo-vision.com)
  • Enter the IP address and domain name of GoFAST in the company’s DNS
  • Create DNS entries:
    • For VM1 IP
      • gofast.mydomain.tld (ex. : gofast.ceo-vision.com)
      • gofast-mobile.mydomain.tld (ex. : gofast-mobile.ceo-vision.com)
    • For IP VM2
      • gofast-comm.mydomain.tld (ex. : gofast-comm.ceo-vision.com)
  • Check that the GoFAST platform has Internet access
  • Check that all interconnections between the VM are working on the ports listed in the “List of Ports” section
  • Provide remote administration of access information (SSH, SMTP gateway …) to CEO-Vision

Configuration / Setting by CEO-Vision

  • Verification of pre-requisites
  • Benchmark
  • OPTIONAL: Proxy settings
  • OPTIONAL: Coupling of the OpenLDAP directory or ActiveDirectory (optional)
  • OPTIONAL: Configuration of delegation authentication
  • SMTP Configuration
  • Installation of the graphic charter
  • Configuration of Zabbix Supervisory Probes
  • Installation of APM probes (XXL edition)

CEO-Vision Post-Installation Checks

Basic verification of performances

Installation of the tool:

GoFAST v1.x et 2.x
$ sudo yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

GoFAST v3.x et +
$ sudo yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

$ sudo yum install sysbench

Commands to obtain the software and hardware environment during the benchmark:

# sudo dmidecode | egrep -i 'product name'
# lscpu
# more /etc/centos-release
# df -T
# sudo lshw -class disk -class storage
# lsblk
CPU

Measure the performance of your CPU by performing the following:

Pour sysbench 1.0+:
sysbench cpu --time=0 --events=10000 --threads=4 run

Example of the result (in seconds, the smaller the better):

execution time (avg/stddev): 21.4200/0.00
File IO Benchmark

To measure the performance of the I / O (input / output) it is necessary to create a much larger file than the available random access memory (RAM) because otherwise the system uses the memory as cache which distorts the results - 150GB is a good value not always usable (lack of disk space):

sysbench --test=fileio --file-total-size=50G prepare

Then run the benchmark:

Pour sysbench 1.0+:
sysbench fileio --file-total-size=50G --file-test-mode=rndrw --time=300 --max-requests=0 --threads=4 run

Example of the result:

Read 595.16Mb Written 396.77Mb Total transferred 991.92Mb (3.3056Mb/sec)211.56 Requests/sec executed

Then you can delete the test file:

sysbench --test=fileio --file-total-size=50G cleanup
File IO Benchmark (FIO)
yum install fio

fio -filename=/var/TESTIO -iodepth=64 -ioengine=libaio -direct=1 -rw=randrw -bs=4k -size=5G -numjobs=4 -runtime=30 -group_reporting -name=test-randwrite --rwmixread=30

Nb: ajouter --unified_rw_reporting=1 si l'on veut un résultat aggloméré pour Read et Write
MySQL Benchmark

To measure the performance of the MySQL database, we must first create a test table in the test database (manually created) with 1,000,000 rows of data:

sudo mysql -u root -p -e "CREATE DATABASE test;"

Pour sysbench 1.0+:
sysbench --test="/usr/share/sysbench/tests/include/oltp_legacy/oltp.lua" --db-driver=mysql --oltp-table-size=1000000 --mysql-db=test --mysql-user=root --mysql-password=mypassword prepare

Then run the benchmark:

sysbench --test="/usr/share/sysbench/tests/include/oltp_legacy/oltp.lua" --db-driver=mysql --oltp-table-size=1000000 --mysql-db=test --mysql-user=root --mysql-password=YOURDBPWD --time=90 --oltp-read-only=off --max-requests=0 --threads=4 run

Example of the result:

transactions:                       28235 (871.01 per sec.)

MySQL indicators in normal operation

gofast.ceo-vision.com ~# mysqltuner -u root

>> MySQLTuner 1.1.1 - Major Hayden <major@mhtx.net>
>> Bug reports, feature requests, and downloads at http://mysqltuner.com/
>> Run with '--help' for additional options and output filtering
Please enter your MySQL administrative login: root
Please enter your MySQL administrative password:

-------- General Statistics --------------------------------------------------
[--] Skipped version check for MySQLTuner script
[OK] Currently running supported MySQL version 5.5.28-log
[OK] Operating on 64-bit architecture

-------- Storage Engine Statistics -------------------------------------------
[--] Status: -Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[--] Data in InnoDB tables: 84M (Tables: 298)
[--] Data in PERFORMANCE_SCHEMA tables: 0B (Tables: 17)
[!!] Total fragmented tables: 301

-------- Security Recommendations -------------------------------------------

[OK] All database users have passwords assigned

-------- Performance Metrics -------------------------------------------------
[--] Up for: 9m 6s (83K q [153.229 qps], 143 conn, TX: 69M, RX: 21M)
[--] Reads / Writes: 81% / 19%
[--] Total buffers: 544.0M global + 15.5M per thread (150 max threads)
[OK] Maximum possible memory usage: 2.8G (49% of installed RAM)
[OK] Slow queries: 0% (12/83K)
[OK] Highest usage of available connections: 6% (9/150)
[OK] Key buffer size / total MyISAM indexes: 128.0M/1.5M
[OK] Key buffer hit rate: 100.0% (56K cached / 0 reads)
[OK] Query cache efficiency: 74.0% (25K cached / 34K selects)
[OK] Query cache prunes per day: 0
[OK] Sorts requiring temporary tables: 0% (0 temp sorts / 2K sorts)
[!!] Joins performed without indexes: 8
[!!] Temporary tables created on disk: 39% (217 on disk / 550 total)
[OK] Thread cache hit rate: 93% (9 created / 143 connections)
[OK] Table cache hit rate: 98% (455 open / 462 opened)
[OK] Open file limit used: 6% (263/4K)
[OK] Table locks acquired immediately: 100% (27K immediate / 27K locks)
[OK] InnoDB data size / buffer pool: 84.8M/150.0M

-------- Recommendations -----------------------------------------------------

General recommendations:
    Run OPTIMIZE TABLE to defragment tables for better performance
    MySQL started within last 24 hours - recommendations may be inaccurate
    Adjust your join queries to always utilize indexes
    When making adjustments, make tmp_table_size/max_heap_table_size equal
    Reduce your SELECT DISTINCT queries without LIMIT clauses

Variables to adjust:
    join_buffer_size (> 10.0M, or always use indexes with joins)
    tmp_table_size (> 200M)
    max_heap_table_size (> 200M)

ANNEXE I : Common problems

Problems with sending of technical mails

Configure the SMTP relay in sendmail (`` /etc/postfix/main.cf``)

relayhost = smtp.myorganisation.xxx # nom du relais

Impossible to connect to GoFAST by email (IMAPS)

The following test should work (end of message “** * OK IMAP4rev1 Server GreenMail ready **”) from an internal or external server if the GoFAST is on a DMZ

# openssl s_client -connect gofast.mydomain.tld:993

If it does not, check that:

  • port 993 is correctly opened (see § on checking open ports)
  • that the « stunnel » process works