2014 Server Migration: Difference between revisions
(Initial migration steps) |
(Add a couple of migration steps) |
||
Line 167: | Line 167: | ||
* Explore what software to use to help harden up the installation (fail2ban, etc.) |
* Explore what software to use to help harden up the installation (fail2ban, etc.) |
||
* Migrate current users to new server |
* Migrate current users to new server |
||
* Set up SSH (edit sshd_config to tighten up security) |
|||
* Set up the firewall (either using firewalld, or else installing iptables and using the old rules) |
* Set up the firewall (either using firewalld, or else installing iptables and using the old rules) |
||
* Install Apache, and edit httpd.conf appropriately |
* Install Apache, and edit httpd.conf appropriately |
||
Line 176: | Line 177: | ||
* Migrate any other files that must be moved |
* Migrate any other files that must be moved |
||
* Export current MySQL and import into new MariaDB |
* Export current MySQL and import into new MariaDB |
||
* Set up repeating jobs (log rotation, etc.) via systemd/cron |
|||
* Other steps |
|||
* Other steps not mentioned above |
|||
=== Nice-to-haves === |
=== Nice-to-haves === |
Revision as of 11:45, 16 July 2014
This page is to collect information about our current configuration and options for switching to a new server going forward. Please feel free to edit to add missing information or correct errors.
Server selection
On 2014-06-24, the WPLUG board decided to go with the $10/month Linode plan, locating in their Atlanta datacenter. This plan will approximately halve our current costs and still provide sufficient resources.
OS selection
The WPLUG server currently runs on CentOS 5. This is still supported, but it would make sense to choose a newer distro while we're doing the server switch.
Service enumeration
Services that are currently running on the WPLUG Linode server. These should include things that are user-facing only, not infrastructure.
- E-mail (Postfix)
- Mailing lists (Mailman)
- Wiki (MediaWiki)
- Blog (Wordpress)
- Monkeybot IRC bot (infobot) - maybe consider different bot software that can import monkeybot's database?
- RSS aggregator (Tiny Tiny RSS, tt-rss)
Infrastructure software which supports the services above.
- Web server (Apache) - it would be possible to use Nginx instead, but I (Vance) am not familiar with setting it up
- PHP (Apache mod_php) for MediaWiki, Wordpress, and TT-RSS
- Python for Mailman
- Perl for Monkeybot
- MySQL for MediaWiki, Wordpress, and TT-RSS - likely possible to use MariaDB instead, other DBMS not recommended for use with MediaWiki
- Greylisting daemon (Postgrey)
- Fail2ban - could maybe use denyhosts instead
Support lifetime
- CentOS 6 - 2020-11-30
- CentOS 7 - will probably match RHEL 7 support deadline of 2024-06-30
- Debian 7 "wheezy" - one year after release of v. 8 "jessie" (anticipated mid-2015), possible unofficial long-term support available after that
- Ubuntu 14.04 LTS - 2019-04-17
Software availability
This table is to track, for the different distros under consideration, whether the software we need is available within its repositories. We want to minimize the number of applications which have to be maintained manually.
Key:
- B: in distro's base repository
- A: in an additional repository provided by the distro
- T: in a third-party repository
- ~: not available in any known repository
- ?: availability unknown
CentOS 6 | CentOS 7 | Debian 7 | Ubuntu 14.04 | |
---|---|---|---|---|
postfix | B 2.6 | B 2.10 | B 2.9 | B 2.11 |
mailman | B 2.1 | B 2.1 | B 2.1 | B 2.1 |
postgrey | T 1.34rf, EPEL | T 1.34EPEL | B 1.34 | A 1.34 |
mediawiki | T 1.19EPEL | ? | B 1.19 | A 1.19 |
wordpress | T 3.9EPEL | T 3.9EPEL | B 3.6 | A 3.8 |
infobot | ~ | ? (not B or A) | ? (not B or A) | ~ |
tt-rss | ~ | ? (not B or A) | ? (not B or A) | A 1.11 |
apache | B 2.2 / A 2.4 | B 2.4 | B 2.2 | B 2.4 |
nginx | A 1.4 | ? | B 1.2 | B/A 1.4 |
php5 | B 5.3 / A 5.4, 5.5 | B 5.4, T 5.5.14Remi | B 5.4 | B 5.5 |
python2 | B 2.6 / A 2.7 | B 2.7.5 | B 2.7 | B 2.7 |
python3 | A 3.3 | ? | B 3.2 | B 3.4 |
perl5 | B 5.10 | B 5.16 | B 5.14 | B 5.18 |
mysql | B 5.1 / A 5.5 | ? | B 5.5 | B 5.5 / A 5.6 |
mariadb | A 5.5 | B 5.5 | ? (not B or A) | A 5.5 |
fail2ban | T 0.8.7rf, 0.8.11EPEL | T 0.8.7rf | B 0.8.6 | A 0.8.11 |
denyhosts | T 2.6rf, EPEL | T 2.6rf | B 2.6 | ~ |
Third-party repositories:
- EPEL - Extra Packages for Enterprise Linux
- rf - RepoForge (formerly RPMForge/Dag Wieers)
- Remi - Remi Repository
Migration steps
- Explore what software to use to help harden up the installation (fail2ban, etc.)
- Migrate current users to new server
- Set up SSH (edit sshd_config to tighten up security)
- Set up the firewall (either using firewalld, or else installing iptables and using the old rules)
- Install Apache, and edit httpd.conf appropriately
- Install PHP, edit php.ini appropriately, and make sure all needed modules are installed
- Install MariaDB, add appropriate user(s)/permissions, and edit my.cnf appropriately
- Install/configure Postfix
- Install/configure Mailman
- Install/configure monkeybot
- Migrate any other files that must be moved
- Export current MySQL and import into new MariaDB
- Set up repeating jobs (log rotation, etc.) via systemd/cron
- Other steps not mentioned above
Nice-to-haves
We have an archive of static web pages from the pre-2007 server "penguin" - it would be nice to make this history available somehow.