简体繁体 English

将wso2服务器部署到生产环境的部署步骤

[英]deployment steps for deploying a wso2 server to a production environment

原文 2014-06-20 05:57:27 6 1 wso2

I would like to understand the steps for deploying a WSO2 server to a production environment. 我想了解将WSO2服务器部署到生产环境的步骤。

Using WSO2 ESB as an example, I have seen instructions for extracting the binary and running the startup script , but just these steps don't seem robust enough for a production environment - in a production environment, I would expect to see some additional steps: 以WSO2 ESB为例，我已经看到了提取二进制文件和运行启动脚本的说明，但是这些步骤对于生产环境似乎不够健壮-在生产环境中，我希望看到一些其他步骤：

what directory is the normally used for installing? 通常用于安装的目录是什么？ /opt , /usr/local , something else? /opt ， /usr/local其他？
create a unix user account and unix group for running the service 创建用于运行服务的UNIX用户帐户和UNIX组
setting up ulimits - are ulimits normally configured for wso2 services? 设置ulimits-通常为wso2服务配置ulimit吗？
creating init.d scripts for starting the service automatically (there is a blog here , but as discussed in the blog comments, the blog seems to go against a warning in the official ESB document not to install the service as a daemon) 创建用于自动启动服务的init.d脚本（此处有一个博客，但正如博客注释中所述，该博客似乎违反了ESB官方文档中的警告，即不要将服务安装为守护程序）
to security harden the service: 为了加强服务质量：
- eg replace self signed certificates - which certificates? 例如，替换自签名证书-哪些证书？
- eg change default passwords - which user accounts? 例如，更改默认密码-哪个用户帐户？
- what else needs to be security hardened? 还有什么需要加强安全性的？
configuring clustering (this seems to be documented here ) 配置集群（这似乎在此处记录）
configuring the credential store: 配置凭证存储：
- production database credential store (this seems to be documented here ), or 生产数据库凭证存储（似乎在此处记录），或者
- ldap credential store ldap凭证存储

Question : What are the steps required to deploy a WSO2 server to a production environment? 问：将WSO2服务器部署到生产环境需要什么步骤？

Question: I've also seen some puppet scripts . 问题：我还看过一些人偶剧本。 Are these scripts production ready? 这些脚本已准备就绪吗？

NOTE: I've previously posted this question on the wso2 mailing lists which is primarily attended by WSO2 employees. 注意：我以前已经在wso2邮件列表上发布了该问题，该列表主要由WSO2员工参加。 I'm also posting here to the user community who hopefully have put some wso2 servers into production. 我还将在这里发布给希望将一些wso2服务器投入生产的用户社区。

1 个解决方案

what directory is the normally used for installing? 通常用于安装的目录是什么？ /opt, /usr/local, something else? / opt，/ usr / local，还是其他？

/opt /选择

create a unix user account and unix group for running the service 创建用于运行服务的UNIX用户帐户和UNIX组

Have an Admin user to install/run the server. 拥有一个管理员用户来安装/运行服务器。

setting up ulimits - are ulimits normally configured for wso2 services? 设置ulimits-通常为wso2服务配置ulimit吗？

You need to define ulimits at OS level 您需要在操作系统级别定义ulimit

to security harden the service: eg replace self signed certificates - which certificates? 加强服务安全性：例如，替换自签名证书-哪些证书？ eg change default passwords - which user accounts? 例如，更改默认密码-哪个用户帐户？ what else needs to be security hardened? 还有什么需要加强安全性的？

You need to change self signed default server certs (certs are in wso2carbon.jks) Have an strong admin password and encrypt it in all config files using cipher tool 您需要更改自签名的默认服务器证书（证书在wso2carbon.jks中）具有强大的管理员密码，并使用密码工具在所有配置文件中对其进行加密

You can check the documentation for further info. 您可以查看文档以获取更多信息。