Meza/Install on multiple servers

Jump to navigation Jump to search

Below is the basic procedure for setting up a multi-server environment using MediaWiki. I other words, rather than putting all components of a MediaWiki setup on a single monolithic server, this will split them out split them out over two or more servers. This means you can have separate servers for database master, database replicas, Memcached, Parsoid, Elasticsearch, load balancers, and MediaWiki itself. After some initial setup, Meza handles the orchestration of all of the servers for you.


  • Controller: The server running the commands telling other servers what to do
  • Minions: The other servers. These will end up being MediaWiki application servers, database servers, Node.js servers, Elasticsearch servers, etc.

Setup controller[edit]

At this time it is recommended that your controller also be an app-server. This recommendation will be removed eventually.

sudo yum install -y git
sudo git clone /opt/meza
sudo bash /opt/meza/src/scripts/

On each minion[edit]

curl -Lf > minion
sudo bash minion

Back on the controller[edit]

sudo bash /opt/meza/src/scripts/ssh-users/
# See *Troubleshooting* below if the transfer shows 'Permission denied' errors.
sudo meza setup env <your env name>

# Edit your inventory (aka "hosts") file as required
sudo vim /opt/conf-meza/secret/<your env name>/hosts

# Edit your secret config as required. This is more complicated because it
# is encrypted automatically. You're editing using the `ansible-vault`
# command making use of the password file that was generated in user
# `meza-ansible`'s home directory. Note: any users created by meza do not
# have their home directory under `/home` to avoid collision with Active
# Directory and such.
meza_env=<your env name>
sudo ansible-vault edit "/opt/conf-meza/secret/$meza_env/secret.yml" --vault-password-file "/opt/conf-meza/users/meza-ansible/.vault-pass-$meza_env.txt"

sudo meza deploy <your env name>


If the `sudo bash /opt/meza/src/scripts/ssh-users/` gives you something like `Permission denied (publickey,gssapi-keyex,gssapi-with-mic).` It may have to do with ssh-agent forwarding and access to the minion. Assuming you can `ssh` to the minion, here's how to perform this step manually.

# on the controller
sudo su - meza-ansible
cat .ssh/
#highlight that text and copy it to your clipboard
# on each minion
sudo su - meza-ansible
sudo vi .ssh/authorized_keys
# paste content from clipboard; save file
sudo chmod go-w .ssh/authorized_keys
# back on the controller
# test SSH as the meza-ansible user
ssh meza-ansible@<minion-ip>
<Ctrl+D> to logout
# re-run the transfer script because it ALSO is responsible for removing the password for the meza-ansible user
sudo bash /opt/meza/src/scripts/ssh-users/