2017 mercury move

(copied from 2013-06 Move

New machine: mercnew.bonmot.ca

Big Picture

1. Get security & authentication running
2. Do hardening - guide here: https://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html
3. Copy /local/ into place, copy everything else into /mercury_old/
4. Bring services on line one by one.
5. mercnew -> mercury, mercury -> mercold

• we'll preserve services running on Bonmot and move without a major outage
• we'll help Moose with $$ for hardware - say, disk, for about $400
• there's no reason to stay with Solaris so we'll move to Debian Linux, virtualization by proxmox, inside an openvz container.

Tasks (roughly in order)

• [x] DAN copy /etc/passwd & /etc/shadow over
• [x] rsync + config files
• [x] begin sync'ing old bonmot /local/ to new one
• [ ] DOUG hardening from Debian guide (above)
• [x] DOUG sudo
• Move DNS
  • [x] Configure named & copy zone files over, begin serving
  • [x] Notify our secondary to being updating from new
  • [x] Update glue record for bonmot.ca
• [x] DAN rsync script
  • [x] /local --> /local
  • [x] everything else --> /mercury_old/
• [x] bind9
• [x] Dan: install mysql
• [x] DOUG Change root password
• [x] Get apache2 up, move httpd.conf, serving home directories
• [x] Drupal 7
• [x] Drupal 8
• [x] make sure that only apache2 is coming up

In progress

• [ ] Dan get $400 to Moose for hosting

To be added to the to-do list maybe

• [x] Patch with apt-get update ; apt-get dist-upgrade
• [ ] Harden with fail2ban
• [x] Move backup source from old to new machine.
• [x] Decide on an http server -- apache2
• [x] Move composium.org & paradisecinema.com
• [-] Move gay.hfxns.org
• [x] Move shinesre.com and a few more domains
• [x] Test & document procedure for moving a Drupal site over (see below)
• [x] One by one, move Drupal websites: condominiummana, cygnettrailers, crowfeather, wayves, geoearthing, w2sa
• [x] Install Oddmuse & its modules
• [-] Move shinesre.com
• [-] Move performance.shinesre.com
• [x] Get mail system running - postfix & dovecot
• [x] Move rest of bonmot.ca sites - will be intense.
• [x] Look at fail2ban configuration file & tune it
• [ ] Fix up logs.daily
• Move non-drupal databases: archives CycleMaint GayHalifax LayoutMachine

Unexpected Stuff

• rrd didn't come up for the graphs
  • apt-get install rrdtool
  • apt-get install librrds-perl
  • cpan force install RRD::Simple (because the tests fail)
• rrd complained about the database changing architecture
  • rrdtool dump the old databases on the old machine
  • rrdtool restore to the new one
• /bin/perl didn't exist on the new machine so had to change to /usr/bin/perl in lots of places
• Perl wouldn't read libraries in the same directories so had to add
  • use lib './' ; # in a variety of places
• MariaDB password format has changed so had to update: using mysql:
  • SET PASSWORD for 'cyclemaint_web'@'localhost' = PASSWORD('xxxxxx') ;

Move Drupal Site

1. somehow lock the site so no changes can be made
2. mysqldump the database to e.g. wayves.ca.sql
3. scp wayves.sql over to mercnew:/tmp/wayves.ca.tar
4. scp both files to mercnew:/tmp
5. unpack the tarfile into /usr/share/drupal7/sites/
6. mysql < /tmp/wayves.ca.sql
7. change the dns and wait for the traffic to move over