Editing revision 3 of 2017 mercury move

(copied from [[2013-06 Move]] New machine: mercnew.bonmot.ca ==Big Picture== # Get security & authentication running # Do hardening # Copy /local/ into place, copy everything else into /mercury_old/ # Bring services on line one by one. # mercnew -> mercury, mercury -> mercold * we'll preserve services running on Bonmot and move without a major outage * we'll help Moose with $$ for hardware - say, disk, for about $400 * there's no reason to stay with Solaris so we'll move to Debian Linux, virtualization by proxmox, inside an openvz container. ==Tasks (roughly in order)== * [x] DAN copy /etc/passwd & /etc/shadow over * [x] rsync + config files * [ ] DOUG find and follow some hardening procedures * [ ] DOUG sudo * [ ] DAN get the first rsync running in case something horrible happens to the old machine ** [x] /local ** [x] everything else gets copied over to /mercury_old/ * [ ] bind9 * [x] Dan: install mysql * [ ] Dan get $400 to Moose for hosting ===To be added to the to-do list maybe=== * [ ] Create rsync script venus:/local/etc/copy_to_new.sh to sync old to new * [ ] Create script mercnew:/usr/local/bin/bonmot_move_fix_uids to fix the UIDs * [ ] Get the usernames moved over with their new UIDs: ** 101, 102 etc get mapped to 1001, 1002, etc ** 10001 --> 1101, 2002 --> 1102 * [ ] Get sudo config moved * [ ] Change root password * [ ] begin sync'ing old bonmot /local/ to new one * [ ] add /local/etc/ to exclude list so we can begin making changes there * [ ] back up the rest of mercury to /mercury_old/ so we can get to the conf files etc. * [ ] Get apache2 up, move httpd.conf, serving home directories * [ ] Configure mysql and test binary database move -- DOESN'T SEEM TO WORK * [ ] Patch with apt-get update ; apt-get dist-upgrade * [ ] Harden with fail2ban * [ ] Move backup source from old to new machine. * Move DNS ** [ ] Configure named & copy zone files over ** [ ] Update glue record for bonmot.ca ** [ ] get all the name server secondaries checked & fixed - currently a minor mess * [ ] Decide on an http server -- apache2 * [ ] Move composium.org & paradisecinema.com * [ ] Move gay.hfxns.org * [ ] Move shinesre.com and a few more domains * [ ] Install mysql * [ ] Install drupal7 * [ ] Test & document procedure for moving a Drupal site over (see below) * [ ] One by one, move Drupal websites: condominiummana, cygnettrailers, crowfeather, wayves, geoearthing, w2sa * [ ] Install Oddmuse & its modules * [ ] Move shinesre.com * [ ] Move performance.shinesre.com * [ ] Get mail system running - postfix & dovecot * [ ] Move rest of bonmot.ca sites - will be intense. * [ ] Look at fail2ban configuration file & tune it * [ ] Fix up logs.daily ** HUP with kill -HUP `cat /var/run/named` etc. ===Move Drupal Site=== # somehow lock the site so no changes can be made # mysqldump the database to e.g. wayves.ca.sql # scp wayves.sql over to mercnew:/tmp/wayves.ca.tar # scp both files to mercnew:/tmp # unpack the tarfile into /usr/share/drupal7/sites/ # mysql < /tmp/wayves.ca.sql # change the dns and wait for the traffic to move over

Summary:

This change is a minor edit.

Username: