elefante-borneu-yul-{01,02,03} (#45), mongodb (#48), redis (#51): ins…

…talado MongoDB e Redis em 02 e 03; explicitado que Redis NÃO opera em Cluster (veja comentarios)

logbook/aguia-pescadora-bravo/etc/haproxy/haproxy.cfg

@@ -56,7 +56,7 @@ listen MongoDB-TestFakeCluster
 	server elefante-borneu-yul-02 149.56.130.66:27017 maxconn 25 check weight 10
 	server elefante-borneu-yul-03 149.56.130.178:27017 maxconn 25 check weight 10
 
-listen Redis-TestFakeCluster
+listen 'Redis01'
 	bind 127.0.0.1:6379
 	balance leastconn
 	option tcp-check
@@ -67,9 +67,39 @@ listen Redis-TestFakeCluster
 	#tcp-check expect string role:master
 	tcp-check send QUIT\r\n
 	tcp-check expect string +OK
-	server elefante-borneu-yul-01 149.56.130.19:6379 maxconn 25 check weight 10
-	server elefante-borneu-yul-02 149.56.130.66:6379 maxconn 25 check weight 10
-	server elefante-borneu-yul-03 149.56.130.178:6379 maxconn 25 check weight 10
+	server elefante-borneu-yul-01 149.56.130.19:6379 maxconn 100 check weight 10
+	#server elefante-borneu-yul-02 149.56.130.66:6379 maxconn 100 check weight 10
+	#server elefante-borneu-yul-03 149.56.130.178:6379 maxconn 100 check weight 10
+
+listen 'Redis02'
+	bind 127.0.0.1:6379
+	balance leastconn
+	option tcp-check
+	tcp-check connect
+	tcp-check send PING\r\n
+	tcp-check expect string +PONG
+	#tcp-check send info\ replication\r\n
+	#tcp-check expect string role:master
+	tcp-check send QUIT\r\n
+	tcp-check expect string +OK
+	#server elefante-borneu-yul-01 149.56.130.19:6379 maxconn 100 check weight 10
+	server elefante-borneu-yul-02 149.56.130.66:6379 maxconn 100 check weight 10
+	#server elefante-borneu-yul-03 149.56.130.178:6379 maxconn 100 check weight 10
+
+listen 'Redis03'
+	bind 127.0.0.1:6379
+	balance leastconn
+	option tcp-check
+	tcp-check connect
+	tcp-check send PING\r\n
+	tcp-check expect string +PONG
+	#tcp-check send info\ replication\r\n
+	#tcp-check expect string role:master
+	tcp-check send QUIT\r\n
+	tcp-check expect string +OK
+	#server elefante-borneu-yul-01 149.56.130.19:6379 maxconn 100 check weight 10
+	#server elefante-borneu-yul-02 149.56.130.66:6379 maxconn 100 check weight 10
+	server elefante-borneu-yul-03 149.56.130.178:6379 maxconn 100 check weight 10
 
 listen stats
 	bind 127.0.0.1:1936

logbook/elefante-borneu-yul-01.sh

@@ -395,7 +395,7 @@ sudo systemctl enable mongod
 
 #------------------------------------------------------------------------------#
 # SEÇÃO REDIS: 1. INSTALAÇÃO E CONFIGURAÇÃO INICIAL                            #
-# TL;DR: ...                                                                   #
+# TL;DR: Explica como instalar um Redis simples, sem modo cluster habilitado   #
 #------------------------------------------------------------------------------#
 # @see https://github.com/fititnt/cplp-aiops/issues/51
 # @see https://redis.io/topics/quickstart
@@ -411,7 +411,7 @@ sudo vim /etc/redis/redis.conf
 #    supervised systemd
 
 sudo systemctl restart redis.service
-sudo systemctl enable redis.service
+#sudo systemctl enable redis #Bug: Failed to enable unit: Refusing to operate on linked unit file redis.service
 
 sudo systemctl status redis
 
@@ -424,5 +424,17 @@ ping
 set test "It's working!"
 get test
 # Resposta deve ser "It's working!"
+exit
 
-exit
+#------------------------------------------------------------------------------#
+# SEÇÃO REDIS: 1. INICIALIZAÇÃO DE CLUSTER REDIS                               #
+# TL;DR:                                                                       #
+#------------------------------------------------------------------------------#
+# @see https://redis.io/topics/cluster-tutorial
+
+# TODO: ler com calma o https://redis.io/topics/cluster-tutorial. Porém
+#       comparado a um banco de dados SQL tradicional mesmo se bem configurado
+#       existem casos em que Redis não tem consitência nos writes. Ou seja, nós
+#       não temos como prometer algo que nem os desenvolvedores garantem. Por
+#       isso podemos deixar ajutes de fato no Redis apenas quando houver uso
+#       em alguma aplicação de usuário (fititnt, 2019-05-28 20:51)

logbook/elefante-borneu-yul-02.sh

@@ -193,6 +193,23 @@ sudo ufw allow mosh comment "Mosh, *, [TODO: restringir SSH no Cluster Elefante
 sudo ufw allow from 104.167.109.226 to any port 3306 comment "MariaDB, aguia-pescadora-alpha.etica.ai"
 sudo ufw allow from 192.99.247.117 to any port 3306 comment "MariaDB, aguia-pescadora-bravo.etica.ai"
 
+#### MongoDB -------------------------------------------------------------------
+## Sites de aplicação tem direito de acessar as porta específicas do MongoDB
+# @see https://docs.mongodb.com/manual/reference/default-mongodb-port/
+# @see https://docs.mongodb.com/manual/administration/security-checklist/
+# @see https://docs.mongodb.com/manual/security/
+
+sudo ufw allow from 104.167.109.226 to any port 27017 comment "MongoDB, aguia-pescadora-alpha.etica.ai"
+sudo ufw allow from 192.99.247.117 to any port 27017 comment "MongoDB, aguia-pescadora-bravo.etica.ai"
+
+#### Redis -------------------------------------------------------------------
+## Sites de aplicação tem direito de acessar as porta específicas do Redis
+# @see https://redis.io/topics/security
+# @see http://antirez.com/news/96 (Leia isso)
+
+sudo ufw allow from 104.167.109.226 to any port 6379 comment "Redis, aguia-pescadora-alpha.etica.ai"
+sudo ufw allow from 192.99.247.117 to any port 6379 comment "Redis, aguia-pescadora-bravo.etica.ai"
+
 ##### Firewall, ativação _______________________________________________________
 sudo ufw enable
 
@@ -298,4 +315,67 @@ sudo systemctl stop mysql
 ### vantagem de que os clientes finais (que acessam via o HAProxy) não saberão
 ### se algum servidor ficou fora do ar. É lindo!
 
-# @TODO: documentar o dia a dia no gerenciamento de um cluster (fititnt, 2019-05-27 20:19 BRT)
+# @TODO: documentar o dia a dia no gerenciamento de um cluster (fititnt, 2019-05-27 20:19 BRT)
+
+#------------------------------------------------------------------------------#
+# SEÇÃO MONGODB: 1. INSTALAÇÃO E CONFIGURAÇÃO INICIAL                          #
+# TL;DR: ...                                                                   #
+#------------------------------------------------------------------------------#
+# @see https://github.com/fititnt/cplp-aiops/issues/48
+
+# @see https://www.mongodb.com/
+# @see https://www.hostinger.com.br/tutoriais/instalar-mongodb-ubuntu
+# @see https://www.digitalocean.com/community/tutorials/how-to-install-mongodb-on-ubuntu-18-04
+# @see https://docs.mongodb.com/manual/core/replica-set-high-availability/
+# @see https://computingforgeeks.com/how-to-setup-mongodb-replication-on-ubuntu-18-04-lts/
+# @see https://docs.mongodb.com/manual/tutorial/backup-and-restore-tools/
+# @see https://medium.com/@vvangemert/mongodb-cluster-haproxy-and-the-failover-issue-285c1523628f
+# @see https://www.mongodb.com/blog/post/active-active-application-architectures-with-mongodb
+
+# TODO: adicionar no issue do GitHub:
+# @see https://docs.mongodb.com/manual/administration/security-checklist/
+# @see https://docs.mongodb.com/manual/security/
+
+## Configurar pacotes
+# @see https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/#install-mongodb-community-edition-using-deb-packages
+sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
+echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
+sudo apt update
+
+sudo apt install mongodb-org
+
+sudo systemctl start mongod
+sudo systemctl enable mongod
+
+#------------------------------------------------------------------------------#
+# SEÇÃO REDIS: 1. INSTALAÇÃO E CONFIGURAÇÃO INICIAL                            #
+# TL;DR: ...                                                                   #
+#------------------------------------------------------------------------------#
+# @see https://github.com/fititnt/cplp-aiops/issues/51
+# @see https://redis.io/topics/quickstart
+
+# @see https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-redis-on-ubuntu-18-04
+sudo apt update
+sudo apt install redis-server
+
+sudo vim /etc/redis/redis.conf
+# Altere
+#    supervised no
+# Para:
+#    supervised systemd
+
+sudo systemctl restart redis
+#sudo systemctl enable redis #Bug: Failed to enable unit: Refusing to operate on linked unit file redis.service
+
+sudo systemctl status redis
+
+### Testar Redis (simples, sem ser cluster) ____________________________________
+# Por padrão, redis-cli tentará conectar na instância instalada localmente
+
+redis-cli
+ping
+# Resposta deve ser: PONG
+set test "It's working!"
+get test
+# Resposta deve ser "It's working!"
+exit

logbook/elefante-borneu-yul-02/etc/mongod.conf

@@ -0,0 +1,51 @@
+# mongod.conf
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+# Where and how to store data.
+storage:
+  dbPath: /var/lib/mongodb
+  journal:
+    enabled: true
+#  engine:
+#  mmapv1:
+#  wiredTiger:
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  path: /var/log/mongodb/mongod.log
+
+## AVISO DE SEGURANCA: a alteracao de "bindIp: 127.0.0.1" para "bindIp: 0.0.0.0"
+##                     requer especial atencao e depende de protecao a nivel de
+##                     firewall e, adicionalmente, usuario e senha. Esteja ciente
+##                     que a alteração definica aqui DEPENDE de protecoes adicionais
+##                     que deveriam ser implementadas mesmo em projetos que nao
+##                     estao divugladas publicamente (fititnt, 2019-05-28 17:59 BRT)
+# @see https://docs.mongodb.com/manual/administration/security-checklist/
+
+# network interfaces
+net:
+  port: 27017
+#  bindIp: 127.0.0.1
+  bindIp: 0.0.0.0
+
+# how the process runs
+processManagement:
+  timeZoneInfo: /usr/share/zoneinfo
+
+#security:
+
+#operationProfiling:
+
+#replication:
+
+#sharding:
+
+## Enterprise-Only Options:
+
+#auditLog:
+
+#snmp: