Hi everybody,
Finally we have been able to buy a new server for our Moodle (the one we had was very old and weak).
So now we have the oportunity to build our Moodle server from scratch and I would like some advice from people with more experience.
First, the SO. Our server administrator is thinking about installing Ubuntu (before we had Red Hat). I imagine that the particular distribution of Linux one chooses is not all that important (they all have, I assume, the same Linux kernel). If there is anything we should bear in mind, however, please let me know.
Now as for the rest of LAMP components, my question is: is it advisable to install the LATEST versions of PHP, MySQL and Apache? Or are there some issues with the latest versions and Moodle that we should know about?
And last but not least, PHP accelerators. Any recommendations? Should we go for Turck, eAccelerator ... some other or pay some money to get Zend (I assume Zend is proprietary and not free)?
We have more and more courses to handle in our Moodle, I would appreciate all the help you can give us in order to get the best possible installation.
Thanks,
Josep M.
In reply to Josep M. Fontana
Re: In search of the killer Moodle server instal·lation
by Josep M. Fontana -
Nobody has answered me yet but I already have more questions 
. From what I'm told, an important consideration when deciding what version of PHP to install is the compatibility with existing PHP accelerators. I see (in its official page) that Turck MMCache has been only tested with PHP versions up to 4.3. One of my colleagues says that eAccelerator can run with PHP up to version 4.6.
So the question is, what do you think is the best possible combination? Is it more advisable to prioritize the accelerator over the higher PHP version or instead choose any accelerator that can work with the highest PHP version you can install. From what I understand, Moodle doesn't use features available in PHP versions higher than 4.6. So I guess it is really not worth it to install any version higher than that. But is it worth it to "downgrade" PHP down to version 4.3 so that you can use Turck MMCache over eAccelerator?
How about MySQL?. I saw somewhere that "MySQL 4.1.16 is the minimum version for Moodle 1.6". But I see that MySQL is already in version 5.0. Is there any problem with installing the latest version?
Again, thanks very much for any help you can give us.
Josep M.
. From what I'm told, an important consideration when deciding what version of PHP to install is the compatibility with existing PHP accelerators. I see (in its official page) that Turck MMCache has been only tested with PHP versions up to 4.3. One of my colleagues says that eAccelerator can run with PHP up to version 4.6. So the question is, what do you think is the best possible combination? Is it more advisable to prioritize the accelerator over the higher PHP version or instead choose any accelerator that can work with the highest PHP version you can install. From what I understand, Moodle doesn't use features available in PHP versions higher than 4.6. So I guess it is really not worth it to install any version higher than that. But is it worth it to "downgrade" PHP down to version 4.3 so that you can use Turck MMCache over eAccelerator?
How about MySQL?. I saw somewhere that "MySQL 4.1.16 is the minimum version for Moodle 1.6". But I see that MySQL is already in version 5.0. Is there any problem with installing the latest version?
Again, thanks very much for any help you can give us.
Josep M.
In reply to Josep M. Fontana
Re: In search of the killer Moodle server instal·lation
by D.I. von Briesen -
Josep... you're up early! Time travel from my end.
What kind of load is your box going to be carrying? I can't help but think that the ramping of one server under moderate loads is less critical than the simplicity of your setup... as hardware will be faster each year, and may ramp just as quickly or more so than your user base.
I'll leave the tweak suggestions to the experts here, but remember that with IT, the only constant is change, and whatever you do now is likely to change quite soon... I'm a big fan of just giving it a whirl.
D.I.
What kind of load is your box going to be carrying? I can't help but think that the ramping of one server under moderate loads is less critical than the simplicity of your setup... as hardware will be faster each year, and may ramp just as quickly or more so than your user base.
I'll leave the tweak suggestions to the experts here, but remember that with IT, the only constant is change, and whatever you do now is likely to change quite soon... I'm a big fan of just giving it a whirl.
D.I.
In reply to D.I. von Briesen
Re: In search of the killer Moodle server instal·lation
by Josep M. Fontana -
Thanks for your answers D.I and Visvanath,
Well, the answer to your questions (D.I) is that the number of users is not very large now (I calculate we have around 500 right now) but this is going to change soon and I calculate we could have between 1500 and 2000 users very soon (maybe my predictions are a bit exaggerate but I prefer to err on the side of caution). Also, it is impossible to calculate how many users will be using Moodle concurrently but I predict the load will be pretty high at some points during the day. The server we have acquired looks pretty powerful:
HP ProLiant ML350 G4 model Array. Xeon 3.2 GHz processor
6 GB RAM
Smart Array 641 controller
This is why our server administrator is sugesting that perhaps it would be better to install the newest versions of PHP and MySQL so that we can benefit from any improvements in security that might have been introduced in these new versions and forget about any PHP accelerators because we won't really need them for the loads we have.
My reasoning and that of other colleagues is different. Even if the machine looks powerful enough for our load, since the improvements in versions of PHP above 4.6 are not really relevant for Moodle and, as far as I know, security in version 4.6 is pretty tight, it might be worth it to emphasize the use of some PHP accelerator so that we ease the CPU load. In other words, if security or functionality is not compromised anyway, why not have our server running even a little faster if we can?
Josep M.
P.S. Actually D.I, I wasn't up early, I was up late. The times of the postings in Moodle are misleading :-} You have to do some calculation to translate between time zones.
Well, the answer to your questions (D.I) is that the number of users is not very large now (I calculate we have around 500 right now) but this is going to change soon and I calculate we could have between 1500 and 2000 users very soon (maybe my predictions are a bit exaggerate but I prefer to err on the side of caution). Also, it is impossible to calculate how many users will be using Moodle concurrently but I predict the load will be pretty high at some points during the day. The server we have acquired looks pretty powerful:
HP ProLiant ML350 G4 model Array. Xeon 3.2 GHz processor
6 GB RAM
Smart Array 641 controller
This is why our server administrator is sugesting that perhaps it would be better to install the newest versions of PHP and MySQL so that we can benefit from any improvements in security that might have been introduced in these new versions and forget about any PHP accelerators because we won't really need them for the loads we have.
My reasoning and that of other colleagues is different. Even if the machine looks powerful enough for our load, since the improvements in versions of PHP above 4.6 are not really relevant for Moodle and, as far as I know, security in version 4.6 is pretty tight, it might be worth it to emphasize the use of some PHP accelerator so that we ease the CPU load. In other words, if security or functionality is not compromised anyway, why not have our server running even a little faster if we can?
Josep M.
P.S. Actually D.I, I wasn't up early, I was up late
. The times of the postings in Moodle are misleading :-} You have to do some calculation to translate between time zones.
In reply to Josep M. Fontana
Re: In search of the killer Moodle server instal·lation
by Visvanath Ratnaweera -
> our server administrator is sugesting ... perhaps it would be better ... we can benefit from any improvements in security ... that might have been ..."
Doesn't sound very self-sure, eh?
We too have this kind of "server adminstrators". They will tell you to use only HTTPS over HTTP, you know that S stands for secure. Configure the firewalls to block all "text" protokolls, SMTP, POP, NEWS, FTP. Oh yes FTP, that is very special: if you can't avoid then allow only _aktive_ FTP. The client on the net must open _all_ of its high ports to catch the incoming data connection.
I've suggested a solid security concept for our institution: Deep freeze all the servers, push them in to a deep mine shaft and seal the whole thing in Tchernobyl style.
This is the desease the "closed IT" has spread all over us. Rather than opening the fundamentals, they want you to live in their "make believe" world. I hope the renewed interest in the Unix OS will bring up a new generation of more aware IT specialists.
Doesn't sound very self-sure, eh?
We too have this kind of "server adminstrators". They will tell you to use only HTTPS over HTTP, you know that S stands for secure. Configure the firewalls to block all "text" protokolls, SMTP, POP, NEWS, FTP. Oh yes FTP, that is very special: if you can't avoid then allow only _aktive_ FTP. The client on the net must open _all_ of its high ports to catch the incoming data connection.
I've suggested a solid security concept for our institution: Deep freeze all the servers, push them in to a deep mine shaft and seal the whole thing in Tchernobyl style.
This is the desease the "closed IT" has spread all over us. Rather than opening the fundamentals, they want you to live in their "make believe" world. I hope the renewed interest in the Unix OS will bring up a new generation of more aware IT specialists.
In reply to Visvanath Ratnaweera
Re: In search of the killer Moodle server instal·lation
by Jonathan Moore -
I will play devils advocate here. I think it is a reasonable discussion whether the newest php, etc is more secure. I agree that security needs to be balanced against usability, however from what has been shared so far, the user doesn't seem to be having to choose between the two.
I suggest a compromise.
1) Determine if moodle is going to run cleanly on the latest greatest versions being suggested.
2) Install some kind of server monitoring (I like cacti). Agree on a certain performance benchmark where php acceleration will take precedent over the modest security benefits of the later versions. Consider that by the time this is really an issue you can probably get the acceleration you want with the versions in question.
3) Look at all the acceleration options. I think APC will work with the latest php but I may be wrong.
Keep in mind these are the same people who will be having the finger pointed at them if the server goes offline because it was cracked. On the flip side if the security is so bad you can't use the systm, then it is pointless.
I suggest a compromise.
1) Determine if moodle is going to run cleanly on the latest greatest versions being suggested.
2) Install some kind of server monitoring (I like cacti). Agree on a certain performance benchmark where php acceleration will take precedent over the modest security benefits of the later versions. Consider that by the time this is really an issue you can probably get the acceleration you want with the versions in question.
3) Look at all the acceleration options. I think APC will work with the latest php but I may be wrong.
Keep in mind these are the same people who will be having the finger pointed at them if the server goes offline because it was cracked. On the flip side if the security is so bad you can't use the systm, then it is pointless.
In reply to Jonathan Moore
Re: In search of the killer Moodle server instal·lation
by Josep M. Fontana -
Hi Jonathan,
What you say is very sensible. The question is, though, is a server with PHP 5.1 really more secure than a server with PHP 4.6? If the answer were affirmative, then I would not hesitate so much.
But, yes, your point is well taken. I will also look into APC. If it is compatible with the latest versions of PHP, then problem solved.
Josep M.
What you say is very sensible. The question is, though, is a server with PHP 5.1 really more secure than a server with PHP 4.6? If the answer were affirmative, then I would not hesitate so much.
But, yes, your point is well taken. I will also look into APC. If it is compatible with the latest versions of PHP, then problem solved.
Josep M.
In reply to Josep M. Fontana
Re: In search of the killer Moodle server instal·lation
by Iñaki Arenaza -
What you say is very sensible. The question is, though, is a server with PHP 5.1 really more secure than a server with PHP 4.6? If the answer were affirmative, then I would not hesitate so much.
In my humble opinion, it isn't neither more secure nor less secure. If both versions are supported by the PHP team (and I would say so), security issues are resolved in both versions simultaneously.
On the other hand, if you are talking about PHP 2.x, that is another story
Saludos. Iñaki.
In reply to Iñaki Arenaza
Re: In search of the killer Moodle server instal·lation
by Josep M. Fontana -
Good. Thanks for your humble (but informed) opinion . So, I guess this means the best compromise is to go for the highest PHP version that is compatible with a decent accelerator.
Josep M.
. So, I guess this means the best compromise is to go for the highest PHP version that is compatible with a decent accelerator.Josep M.
In reply to Josep M. Fontana
Re: In search of the killer Moodle server instal·lation
by Jonathan Moore -
If security policy is your emphasis, another tact to take is load what is included in a modern linux OS that includes security updates. The nice thing about this is then your security updates can be automated, and hence more likely to be performed prior to a breach. In this case you can't go by just the version numbers because a lot of the big players will back port patches so that they get the security fixes, but a more stable, less changed base platform.
Debian stable offers a security updates source
Redhat uses up2date network,
so on and so forth. These are normally the versions I would go with and then the system security patches are less of an issue of my reading up on every security alert that comes out.
Debian stable offers a security updates source
Redhat uses up2date network,
so on and so forth. These are normally the versions I would go with and then the system security patches are less of an issue of my reading up on every security alert that comes out.
In reply to Josep M. Fontana
Re: In search of the killer Moodle server instal·lation
by Visvanath Ratnaweera -
> First, the SO. Our server administrator is thinking about installing Ubuntu (before we had Red Hat). I imagine that the particular distribution of Linux one chooses is not all that important (they all have, I assume, the same Linux kernel). If there is anything we should bear in mind, however, please let me know.
Did you go through the discussions here, for example http://moodle.org/mod/forum/discuss.php?d=40709 ?
The short answer is, take the distribution which your sysadmin is most familier with.
> Now as for the rest of LAMP components, my question is: is it advisable to install the LATEST versions of PHP, MySQL and Apache? Or are there some issues with the latest versions and Moodle that we should know about?
AFAIK MySQL 5 is not a problem. I'm not so sure about PHP5. At least as far as PHP accelerators are concerned. continue below
> And last but not least, PHP accelerators. Any recommendations? Should we go for Turck, eAccelerator ... some other or pay some money to get Zend (I assume Zend is proprietary and not free)?
My understanding is, at least if you are going to use Turck or any other mmcache based accelerator, 32 bit kernel and PHP 4 is the proven stable combination.
See http://moodle.org/mod/forum/discuss.php?d=39903&parent=193045
Did you go through the discussions here, for example http://moodle.org/mod/forum/discuss.php?d=40709 ?
The short answer is, take the distribution which your sysadmin is most familier with.
> Now as for the rest of LAMP components, my question is: is it advisable to install the LATEST versions of PHP, MySQL and Apache? Or are there some issues with the latest versions and Moodle that we should know about?
AFAIK MySQL 5 is not a problem. I'm not so sure about PHP5. At least as far as PHP accelerators are concerned. continue below
> And last but not least, PHP accelerators. Any recommendations? Should we go for Turck, eAccelerator ... some other or pay some money to get Zend (I assume Zend is proprietary and not free)?
My understanding is, at least if you are going to use Turck or any other mmcache based accelerator, 32 bit kernel and PHP 4 is the proven stable combination.
See http://moodle.org/mod/forum/discuss.php?d=39903&parent=193045
In reply to Josep M. Fontana
Re: In search of the killer Moodle server instal·lation
by Haithem Kouki -
But is it worth it to "downgrade" PHP down to version 4.3 so that you can use Turck MMCache over eAccelerator?
I've successfully tested eAccelerator 0.9.5 beta 1 under PHP 5.1.2.But still, as a beta version, I don't know if it's a good choice in terms of security and/or performance.
In reply to Haithem Kouki
Re: In search of the killer Moodle server instal·lation
by Jonathan Moore -
I wonder about that too. However it seems to be more secure and stable than Turke since it started from the code base and at least fixed some of its more obvious bugs and I have seen lots and lots of folks who seem to know what they are doing recommending it.
One caviet I have discovered recently is that one both rhel4 and debian sarge installs is that apachectl graceful seems to be an issue with eaccelerator. May just be something I am doing. I built on three systems from the source eaccel file and against the standard apache/php packages for each OS and all the systems die when the logrotator kicks in. It leaves 1-2 apache processes running but they dont' respond. This is bad because it is kind of hard to detect by just watching the process list. Just an fyi.
One caviet I have discovered recently is that one both rhel4 and debian sarge installs is that apachectl graceful seems to be an issue with eaccelerator. May just be something I am doing. I built on three systems from the source eaccel file and against the standard apache/php packages for each OS and all the systems die when the logrotator kicks in. It leaves 1-2 apache processes running but they dont' respond. This is bad because it is kind of hard to detect by just watching the process list. Just an fyi.