2017 mercury move

(copied from 2013-06 Move

New machine: mercnew.bonmot.ca

Big Picture

1. Get security & authentication running
2. Do hardening
3. Copy /local/ into place, copy everything else into /mercury_old/
4. Bring services on line one by one.
5. mercnew -> mercury, mercury -> mercold

• we'll preserve services running on Bonmot and move without a major outage
• we'll help Moose with $$ for hardware - say, disk, for about $400
• there's no reason to stay with Solaris so we'll move to Debian Linux, virtualization by proxmox, inside an openvz container.

Tasks (roughly in order)

• [x] DAN copy /etc/passwd & /etc/shadow over
• [x] rsync + config files
• [ ] DOUG find and follow some hardening procedures
• [ ] DOUG sudo
• [ ] DAN get the first rsync running in case something horrible happens to the old machine
  • [x] /local
  • [x] everything else gets copied over to /mercury_old/
• [ ] bind9
• [x] Dan: install mysql
• [ ] Dan get $400 to Moose for hosting

To be added to the to-do list maybe

• [ ] Create rsync script venus:/local/etc/copy_to_new.sh to sync old to new
• [ ] Create script mercnew:/usr/local/bin/bonmot_move_fix_uids to fix the UIDs
• [ ] Get the usernames moved over with their new UIDs:
  • 101, 102 etc get mapped to 1001, 1002, etc
  • 10001 --> 1101, 2002 --> 1102
• [ ] Get sudo config moved
• [ ] Change root password
• [ ] begin sync'ing old bonmot /local/ to new one
• [ ] add /local/etc/ to exclude list so we can begin making changes there
• [ ] back up the rest of mercury to /mercury_old/ so we can get to the conf files etc.
• [ ] Get apache2 up, move httpd.conf, serving home directories
• [ ] Configure mysql and test binary database move -- DOESN'T SEEM TO WORK
• [ ] Patch with apt-get update ; apt-get dist-upgrade
• [ ] Harden with fail2ban
• [ ] Move backup source from old to new machine.
• Move DNS
  • [ ] Configure named & copy zone files over
  • [ ] Update glue record for bonmot.ca
  • [ ] get all the name server secondaries checked & fixed - currently a minor mess
• [ ] Decide on an http server -- apache2
• [ ] Move composium.org & paradisecinema.com
• [ ] Move gay.hfxns.org
• [ ] Move shinesre.com and a few more domains
• [ ] Install mysql
• [ ] Install drupal7
• [ ] Test & document procedure for moving a Drupal site over (see below)
• [ ] One by one, move Drupal websites: condominiummana, cygnettrailers, crowfeather, wayves, geoearthing, w2sa
• [ ] Install Oddmuse & its modules
• [ ] Move shinesre.com
• [ ] Move performance.shinesre.com
• [ ] Get mail system running - postfix & dovecot
• [ ] Move rest of bonmot.ca sites - will be intense.
• [ ] Look at fail2ban configuration file & tune it
• [ ] Fix up logs.daily
  • HUP with kill -HUP `cat /var/run/named` etc.

Move Drupal Site

1. somehow lock the site so no changes can be made
2. mysqldump the database to e.g. wayves.ca.sql
3. scp wayves.sql over to mercnew:/tmp/wayves.ca.tar
4. scp both files to mercnew:/tmp
5. unpack the tarfile into /usr/share/drupal7/sites/
6. mysql < /tmp/wayves.ca.sql
7. change the dns and wait for the traffic to move over