Tips for Fedora 28 on Digital Ocean

I’m moving again, from an Ubuntu 16.04 droplet with a rather complex deployment (in Brexit-land) to Docker containers on a Fedora 28 droplet (in Europe-land).

These are some tips I wanted to share along the way. But First..

$100 Free Credit on Digital Ocean

Now that’s out of the way lets talk about our new droplet. Its a $5 per month beast with 1 vCPU a whole 1 Gigabyte of RAM, 25 Gigs of SSD storage for the OS drive. I also added another 20 Gigs of block storage for Nextcloud.

Tip 1: Create a swap file

Performance on this droplet was great, until the memory usage climbed above 60%, then the performance was far from ideal. Sometimes fast, sometimes slow, occasionally stuttering.

Fedora has its swappiness set to 60%. This means when RAM is consumed above 60% the kernel should try and move some data out to swap. The problem is by default the droplet has no swap enabled. You could change the swappiness value to 1% if you wanted, but what happens when you do run out of RAM? Yea the kernel will kill a random process that is consuming RAM (in my case it likes to go for my database more often than not).

Instead I suggest to create, enable and mount on boot a swapfile:

# dd if=/dev/zero of=/swap bs=1024 count=1048576
# chown root:root /swap
# chmod 0600 /swap
# mkswap /swap
# swapon /swap
# echo "/swap none swap sw 0 0" >> /etc/fstab

This will stabilize our performance and if we do consume too much RAM, things will slow down, but continue to run.

Tip 2: Install Cockpit

Cockpit is a nice web based admin console. You can install it with
# dnf install cockpit

Once you have enable the socket and opened the firewall you will be able to log into your server on port 9090 using your local Linux account. This will be helpful later if you install Docker, or wish to troubleshoot SELinux issues.

It also has a built in terminal so if you disable ssh access or it is blocked for some reason (some public WiFi does this) then you can still manage your server.

Tip 3: Put SELinux in permissive mode while you deploy your apps

SELinux is helpful in production, but can be a right pain during development. Placing SELinux in permissive mode will allow you to work as if it was disabled, however you can open the SELinux panel in Cockpit and view both the rules that would be broken and how to allow the required access.

Once you’ve applied all the rules you can safely put SELinux in enforcing mode knowing it won’t break anything.

Moving from Arch Linux to FreeBSD..

..and from a local web-server to a cloud based virtual machine.

So I’ve been running this site on an old Dell D400 laptop for a while.  Arch Linux has been the operating system of choice.  This machine has performed admirably as a web server for many months now.  But its single core 1.6 Ghz processor and 5400 RPM hard disk are limiting factors for performance and expansion.  Lets migrate it to the Cloud…

First step was to select a place to host the site from.

I went with a Digital Ocean droplet, I was able to quickly sign up for a single core machine with 512Mb of RAM and 20 Gigs of SSD storage  for $5 per month ($6 with weekly backups).  The lower amount of memory was not such an issue as Arch was using maximum of around 400Mb and that is running more services that just the website.  I could pick a data-center in London and speeds to and from droplet are clearly faster than my broadband’s 240 down and 24 up.

Operating System:

I’m a big fan of Arch Linux, but at this time Digital Ocean don’t offer it and to be honest I’d never expect them too.  CentOS is a solid choice and familiar to an R.H.C.E. like me, Ubuntu is also available but while I’ve used it a lot I just don’t enjoy some of the problems that crop up and how you need to solve them.  So in the end I decided to go with FreeBSD.  The choice came down to this, I can work with that operating system faster and the base install seems to be more memory efficient which should not be a factor, but its always better to have more RAM than you think you’ll need.

Deployment:

So the droplet was created very quickly, I had to generate an ssh key and associate it with the droplet first.  Then I still had some trouble logging in.  This came down to the fact that its not very clear that you need to use that key to login as the user FreeBSD then use ‘su’ and ‘sudo’ as needed, I eventually found out through Digital Oceans blog, would be nice if it said so on the creation screens.  Once that was out of the way we quickly install our web-server/database/language stack setup each component and wrote some test pages to make everything worked.

Finally I moved across this WordPress blog in about 2 minutes, using tar, gzip and ftp and it worked pretty much straight away.  Its so nice when your planned migration even a small one like this actually goes like clockwork!

Next:

So I will be blogging more instead of maintaining the servers, next I want to see what the state of MongoDB is on FreeBSD I’ve a feeling it isn’t going to be pretty, but time will tell.