Difference between revisions of "CentOs 8.x Migrate commonhosting from one machine to another"
From Notes_Wiki
(Created page with "<yambe:breadcrumb self="Migrate commonhosting from one machine to another">CentOS 8.x New machine configuration|New machine configuration</yambe:breadcrumb> =CentOs 8.x Migrat...") |
m |
||
Line 2: | Line 2: | ||
=CentOs 8.x Migrate commonhosting from one machine to another= | =CentOs 8.x Migrate commonhosting from one machine to another= | ||
==Initialize machine== | |||
To migrate commonhosting from one machine (eg VM) to another use following steps: | |||
# Create a new VM with static IP (IPv4 and IPv6) | |||
# Enable following ports in cloud firewall: 22, 25, 80, 443, 465 and 8080 for both IPv4 and IPv6 | |||
# ssh to VM using public key | |||
# Install vim | |||
#:<pre> | |||
#:: sudo su - | |||
#:: dnf -y install epel-release vim | |||
#:: dnf -y install byobu rsync bzip2 tar gdisk | |||
#:</pre> | |||
# Allow direct root access via personal key by editing '<tt>~/.ssh/authorized_keys</tt>' | |||
# Upgrade OS to CentOS-8-Stream, if launched with CentOS 8 | |||
#:<pre> | |||
#:: dnf -y swap centos-linux-repos centos-stream-repos | |||
#:: dnf -y distro-sync | |||
#:</pre> | |||
# Add swap space using [[CentOS 7.x adding swap space using file]] | |||
# Add history date/time recording using [[Storing date / time along with commands in history]] | |||
# set desired hostname using: | |||
#:<pre> | |||
#:: hostnamectl set-hostname <new-hostname> | |||
#:</pre> | |||
# Set correct time zone [[CentOS 8.x Change system timezone]] | |||
# Disable SELinux (setenforce 0, edit /etc/sysconfig/selinux and set SELINUX=disabled) | |||
# Fully update system, if not done already | |||
#:<pre> | |||
#:: dnf -y update --skip-broken | |||
#:</pre> | |||
# Reboot the machine | |||
#:<pre> | |||
#:: shutdown -r now | |||
#:</pre> | |||
==Configure access to both old and new machines== | |||
# Connect to machine using personal key directly as root | |||
# Create /etc/hosts entry on personal laptop for | |||
#* old-commonhosting pointing to old-commonhosting server | |||
#* new-commonhosting pointing to new-commonhosting server | |||
# Create /etc/hosts entry on old-commonhosting server for | |||
#* new-commonhosting | |||
# Run following to generate ssh-keys '''(on old-commonhosting server)''' | |||
#:<pre> | |||
#:: hostnamectl set-hostname old-commonhosting | |||
#:: ssh-keygen | |||
#:</pre> | |||
# Copy keys from old-commonhosting to new-commonhosting as authorized. | |||
#* Also copy keys of rekallcm1 backup to new-commonhosting VM | |||
# Test key based ssh from to new-commonhosting '''(on old-commonhosting server)''' | |||
#:<pre> | |||
#:: ssh root@new-commonhosting | |||
#:</pre> | |||
# Start copying home folder from old server to new server: '''(on old-commonhosting server)''' | |||
#:<pre> | |||
#:: rsync -aHz --delete /home/ root@new-commonhosting:/home/ | |||
#:</pre> | |||
==Configure firewalld, fail2ban and lets-encrypt on new server== | |||
# Install firewalld using: '''(on new-commonhosting server)''' | |||
#:<pre> | |||
#:: dnf -y install firewalld | |||
#:: #In /etc/sysconfig/network-scripts/ifcfg-eth0 append ZONE=public | |||
#:: nmcli networking off; nmcli networking on | |||
#:: systemctl restart firewalld | |||
#:: systemctl enable firewalld | |||
#:: | |||
#:: firewall-cmd --zone=public --add-port=25/tcp --permanent #SMTP | |||
#:: firewall-cmd --zone=public --add-port=80/tcp --permanent #HTTP | |||
#:: firewall-cmd --zone=public --add-port=443/tcp --permanent #HTTPS | |||
#:: firewall-cmd --zone=public --add-port=465/tcp --permanent #SMTPS | |||
#:: firewall-cmd --zone=public --add-port=8080/tcp --permanent #Alt-HTTP | |||
#:: firewall-cmd --reload | |||
#:: firewall-cmd --list-all | |||
#:</pre> | |||
# Install and configure fail2ban by referring [[CentOS 7.x fail2ban]] '''(on new-commonhosting server)''' | |||
# Migreate lets-encrypt data from old to new | |||
## Copy letsencrypt data from old server to new using: '''(On old server)''' | |||
##:<pre> | |||
##:: rsync -a /etc/letsencrypt/ root@new-commonhosting:/etc/letsencrypt/ | |||
##:</pre> | |||
## Install certbot on new server using: '''(On new server)''' | |||
##:<pre> | |||
##:: dnf -y install certbot python3-certbot-apache | |||
##:</pre> | |||
## Check cron configuration on old server '''(On old server)''' | |||
##:<pre> | |||
##:: crontab -l | |||
##:</pre> | |||
## Configure cron entries for automatic SSL renewal same as old server on new server using crontab -e '''(On new server)''' | |||
##:<pre> | |||
##:: crontab -e | |||
##:</pre> | |||
==Configure apache, user accounts and postfix on new server== | |||
# Install apache on new server '''(on-new server)''' | |||
#:<pre> | |||
#:: dnf -y install httpd mod_ssl php php-pdo php-mbstring php-xml php-json php-cli php-mysqlnd | |||
#:</pre> | |||
# copy apache config from old to new '''(on-old server)''' | |||
#:<pre> | |||
#:: rsync -aHz /etc/httpd/ root@new-commonhosting:/etc/httpd/ | |||
#:: rsync -a /etc/php.ini root@new-commonhosting:/etc/php.ini | |||
#:</pre> | |||
# Copy user account information from old server to new | |||
## cat /etc/passwd | |||
## Copy all lines for UID >=500 and append corresponding lines to /etc/passwd on new server. | |||
##* The number of lines should match 'ls -1 /home | grep -v lost | wc -l' | |||
##* Be watchful for IDs <500 which might appear in between (eg nscd, dovecot) | |||
##* Only two users would match (ecc, sbarjatiya) | |||
##*:<pre> | |||
##*:: ecc:x:501:501::/home/ecc:/bin/bash | |||
##*:: sbarjatiya:x:500:500::/home/sbarjatiya:/bin/bash | |||
##*:</pre> | |||
## Copy /etc/shadow lines of corresponding users from old server to new server | |||
## Copy /etc/group lines of corresponding users from old server to new server | |||
## Do ls -l /home and all user and group names should appear properly '''(On new server)''' | |||
##* The output should match old server. Only ecc, centos, sbarjatiya would appear properly | |||
# Install postfix and configure aliases '''(On new server)''' | |||
#:<pre> | |||
#:: dnf -y install logwatch postfix postfix-pcre | |||
#:: dnf -y install bind-utils telnet nc | |||
#:</pre> | |||
# Copy custom aliases from /etc/aliases to new server and update root alias appropriately | |||
#* root to saurabh [at] rekallsoftware.com | |||
# newaliases | |||
# In /etc/hosts add new-commonhosting commonhosting against 127.0.0.1 | |||
# dnf -y install wget | |||
# Copy postfix data from old server to new server '''(On old server)''' | |||
#:<pre> | |||
#:: rsync -a /etc/postfix/ root@new-commonhosting:/etc/postfix/ | |||
#:</pre> | |||
# Start and enable services '''(on new server)''' | |||
#:<pre> | |||
#:: systemctl enable postfix | |||
#:: systemctl start postfix | |||
#:: systemctl status postfix | |||
#:: | |||
#:: cd /etc/httpd/conf.d/ | |||
#:: mv -f ssl.conf old-ssl-conf | |||
#:: systemctl enable httpd | |||
#:: systemctl start httpd | |||
#:: systemctl status httpd | |||
#:</pre> | |||
# Add /etc/hosts entry for sbarjatiya.com www.sbarjatiya.com pointing to new server ('''In admin machine''') | |||
#* Open https://www.sbarjatiya.com/ and it should open properly. | |||
#* Open https://www.sbarjatiya.com/notes_wiki and it should fail to open due to missing DB | |||
==Configure mariadb== | |||
#Install mariadb and restore mariadb database from old server to new | |||
#:<pre> | |||
#:: dnf -y install mariadb mariadb-server | |||
#:: | |||
#:: systemctl enable mariadb | |||
#:: systemctl start mariadb | |||
#:: systemctl status mariadb | |||
#:: | |||
#:: mysql_secure_installation #Avoid setting root password | |||
#:: | |||
#:: cd /home/sbarjatiya/public_html_ssqdws | |||
#:: cat import* | |||
#:: | |||
#:: mysql | |||
#:: > create database notes_wiki; | |||
#:: > grant all on notes_wiki.* to notes_wiki@'localhost' identified by '<secret>'; #Secret is part of cat output | |||
#:: > flush privileges; | |||
#:: > \q | |||
#:: | |||
#:: dnf -y install sshpass | |||
#:: ./import_*.sh | |||
#:</pre> | |||
# Again try to open https://www.sbarjatiya.com/notes_wiki/ | |||
#* This time it should open properly | |||
# Install erlang for erlangcentral.com | |||
#:<pre> | |||
#:: dnf -y install erlang | |||
#:: cd | |||
#:: wget http://yaws.hyber.org/download/yaws-2.0.6.tar.gz #Or more updated version | |||
#:: tar xzf yaws-2.0.6.tar.gz | |||
#:: dnf -y install gcc autoconf automake pam-devel make | |||
#:: cd yaws-2.0.6 | |||
#:: ./configure | |||
#:: make | |||
#:: make install | |||
#:</pre> | |||
# Fix yaws interpreter by validating path and recompiling erlang code with current compiler | |||
#:<pre> | |||
#:: su - sbarjatiya | |||
#:: cd erlang/erlangcentral.com | |||
#:: vim start_yaws.sh | |||
#:: # Validate hostname commonhosting for path /home/sbarjatiya/erlang/erlangcentral.com | |||
#:: ./start_yaws.sh | |||
#:: sleep 5 | |||
#:: yaws --ls | |||
#:: cd /home/sbarjatiya/erlang/applications/interpreter | |||
#:: erlc *.erl | |||
#:: | |||
#:: cd | |||
#:: cd erlang/applications/interpreter/ | |||
#:: yaws --ls | |||
#:: yaws --stop --id application | |||
#:: rm -rf Mnesia.nonode\@nohost/ | |||
#:: cd ../../erlangcentral.com/ | |||
#:: rm -rf Mnesia.yaws\@* | |||
#:: cd sasl_error_logs/ | |||
#:: rm -f * | |||
#:: cd .. | |||
#:: | |||
#:: vim start_applications.erl | |||
#:: #Validate "commonhosting" -> code:add_patha("/home/sbarjatiya/erlang/applications/interpreter"); | |||
#:: | |||
#:: erlc start_applications.erl | |||
#:: ./start_yaws.sh | |||
#:: sleep 5 | |||
#:: yaws --ls | |||
#:</pre> | |||
==DNS changes and finalize migration== | |||
# DNS entry updation | |||
## Change production public DNS entries to point to new server. If organization has local private DNS, then perhaps that may also require changes. | |||
##* sbarjatiya.com - @ - IPv4 and IPv6 | |||
##* erlangcentral.com - @ - IPv4 and IPv6 | |||
##* pbarjatiya.com - @ - IPv4 and IPv6 | |||
##* energyconservationclub.in - @ - IPv4 and IPv6 | |||
##* rekallsoftwarae.com - @ - | |||
## Check updated entries via public DNS servers after waiting for a minute or two | |||
## Manually copy entries from /root/.ssh/authorized_keys of old server to new server (root@rekallcm1 for backup) | |||
##* From rekallcm1 ensure that following work | |||
##*:<pre> | |||
##*:: ssh root@sbarjatiya.com #As saurabh user | |||
##*:: cd /documents/public_html; ./update.sh #As saurabh user | |||
##*:: ssh root@sbarjatiya.com #As root user for rsnapshot backups | |||
##*:</pre> | |||
## Comment /etc/hosts entry in laptop after DNS entry has been changed (sbarjatiya.com, www.sbarjatiya.com) | |||
# Shutdown old server and test following sites | |||
#* https://www.sbarjatiya.com/ | |||
#* https://www.sbarjatiya.com/notes_wiki/index.php/Main_Page | |||
#* https://pbarjatiya.com/ | |||
#* https://erlangcentral.com/ | |||
#* https://energyconservationclub.in/website/ | |||
#* https://rekallsoftware.com/ | |||
# In case of Linode: | |||
#* Create rDNS entry for mail.sbarjatiya.com to linode IPv4 and IPv6 IPs | |||
#* As per https://www.linode.com/docs/email/running-a-mail-server/#sending-email-on-linode open support ticket using https://cloud.linode.com/support/tickets?type=closed&drawerOpen=true for removing outgoing email restrictions. | |||
# In case of AWS: | |||
#* Fill form at https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request for elastic IP mapping to mail.sbarjatiya.com | |||
#*: Fill the form with barjatiya.saurabh@gmail.com address so that email communication is not dependent upon sbarjatiya.com VM | |||
# Add reminder to terminate old server after a few days. | |||
==Not migrated awstats== | |||
Note steps for installing awstats and moving awstats configuration from old machine to new machine are missing. Incomplete steps for setting up awstats are: | |||
# Install awstatus using: | |||
#:<pre> | |||
#:: dnf -y install awstats http://mirror.centos.org/centos/8/PowerTools/x86_64/os/Packages/perl-Switch-2.17-10.el8.noarch.rpm | |||
#:/pre. | |||
# Copy /etc/awstats and /var/lib/awstats from old server to new | |||
# Open https://sbarjatiya.com/awstats/awstats.pl?config=www.sbarjatiya.com and check | |||
Line 13: | Line 280: | ||
*[[CentOS 8.x migrate CentOS 7.x postfix, dovecot, squirrelmail server]] | *[[CentOS 8.x migrate CentOS 7.x postfix, dovecot, squirrelmail server]] | ||
*[[Migrating mail server from one machine to another]] | *[[Migrating mail server from one machine to another]] | ||
Revision as of 13:43, 30 September 2021
<yambe:breadcrumb self="Migrate commonhosting from one machine to another">CentOS 8.x New machine configuration|New machine configuration</yambe:breadcrumb>
CentOs 8.x Migrate commonhosting from one machine to another
Initialize machine
To migrate commonhosting from one machine (eg VM) to another use following steps:
- Create a new VM with static IP (IPv4 and IPv6)
- Enable following ports in cloud firewall: 22, 25, 80, 443, 465 and 8080 for both IPv4 and IPv6
- ssh to VM using public key
- Install vim
- sudo su -
- dnf -y install epel-release vim
- dnf -y install byobu rsync bzip2 tar gdisk
- Allow direct root access via personal key by editing '~/.ssh/authorized_keys'
- Upgrade OS to CentOS-8-Stream, if launched with CentOS 8
- dnf -y swap centos-linux-repos centos-stream-repos
- dnf -y distro-sync
- Add swap space using CentOS 7.x adding swap space using file
- Add history date/time recording using Storing date / time along with commands in history
- set desired hostname using:
- hostnamectl set-hostname <new-hostname>
- Set correct time zone CentOS 8.x Change system timezone
- Disable SELinux (setenforce 0, edit /etc/sysconfig/selinux and set SELINUX=disabled)
- Fully update system, if not done already
- dnf -y update --skip-broken
- Reboot the machine
- shutdown -r now
Configure access to both old and new machines
- Connect to machine using personal key directly as root
- Create /etc/hosts entry on personal laptop for
- old-commonhosting pointing to old-commonhosting server
- new-commonhosting pointing to new-commonhosting server
- Create /etc/hosts entry on old-commonhosting server for
- new-commonhosting
- Run following to generate ssh-keys (on old-commonhosting server)
- hostnamectl set-hostname old-commonhosting
- ssh-keygen
- Copy keys from old-commonhosting to new-commonhosting as authorized.
- Also copy keys of rekallcm1 backup to new-commonhosting VM
- Test key based ssh from to new-commonhosting (on old-commonhosting server)
- ssh root@new-commonhosting
- Start copying home folder from old server to new server: (on old-commonhosting server)
- rsync -aHz --delete /home/ root@new-commonhosting:/home/
Configure firewalld, fail2ban and lets-encrypt on new server
- Install firewalld using: (on new-commonhosting server)
- dnf -y install firewalld
- #In /etc/sysconfig/network-scripts/ifcfg-eth0 append ZONE=public
- nmcli networking off; nmcli networking on
- systemctl restart firewalld
- systemctl enable firewalld
- firewall-cmd --zone=public --add-port=25/tcp --permanent #SMTP
- firewall-cmd --zone=public --add-port=80/tcp --permanent #HTTP
- firewall-cmd --zone=public --add-port=443/tcp --permanent #HTTPS
- firewall-cmd --zone=public --add-port=465/tcp --permanent #SMTPS
- firewall-cmd --zone=public --add-port=8080/tcp --permanent #Alt-HTTP
- firewall-cmd --reload
- firewall-cmd --list-all
- Install and configure fail2ban by referring CentOS 7.x fail2ban (on new-commonhosting server)
- Migreate lets-encrypt data from old to new
- Copy letsencrypt data from old server to new using: (On old server)
- rsync -a /etc/letsencrypt/ root@new-commonhosting:/etc/letsencrypt/
- Install certbot on new server using: (On new server)
- dnf -y install certbot python3-certbot-apache
- Check cron configuration on old server (On old server)
- crontab -l
- Configure cron entries for automatic SSL renewal same as old server on new server using crontab -e (On new server)
- crontab -e
- Copy letsencrypt data from old server to new using: (On old server)
Configure apache, user accounts and postfix on new server
- Install apache on new server (on-new server)
- dnf -y install httpd mod_ssl php php-pdo php-mbstring php-xml php-json php-cli php-mysqlnd
- copy apache config from old to new (on-old server)
- rsync -aHz /etc/httpd/ root@new-commonhosting:/etc/httpd/
- rsync -a /etc/php.ini root@new-commonhosting:/etc/php.ini
- Copy user account information from old server to new
- cat /etc/passwd
- Copy all lines for UID >=500 and append corresponding lines to /etc/passwd on new server.
- The number of lines should match 'ls -1 /home | grep -v lost | wc -l'
- Be watchful for IDs <500 which might appear in between (eg nscd, dovecot)
- Only two users would match (ecc, sbarjatiya)
- ecc:x:501:501::/home/ecc:/bin/bash
- sbarjatiya:x:500:500::/home/sbarjatiya:/bin/bash
- Copy /etc/shadow lines of corresponding users from old server to new server
- Copy /etc/group lines of corresponding users from old server to new server
- Do ls -l /home and all user and group names should appear properly (On new server)
- The output should match old server. Only ecc, centos, sbarjatiya would appear properly
- Install postfix and configure aliases (On new server)
- dnf -y install logwatch postfix postfix-pcre
- dnf -y install bind-utils telnet nc
- Copy custom aliases from /etc/aliases to new server and update root alias appropriately
- root to saurabh [at] rekallsoftware.com
- newaliases
- In /etc/hosts add new-commonhosting commonhosting against 127.0.0.1
- dnf -y install wget
- Copy postfix data from old server to new server (On old server)
- rsync -a /etc/postfix/ root@new-commonhosting:/etc/postfix/
- Start and enable services (on new server)
- systemctl enable postfix
- systemctl start postfix
- systemctl status postfix
- cd /etc/httpd/conf.d/
- mv -f ssl.conf old-ssl-conf
- systemctl enable httpd
- systemctl start httpd
- systemctl status httpd
- Add /etc/hosts entry for sbarjatiya.com www.sbarjatiya.com pointing to new server (In admin machine)
- Open https://www.sbarjatiya.com/ and it should open properly.
- Open https://www.sbarjatiya.com/notes_wiki and it should fail to open due to missing DB
Configure mariadb
- Install mariadb and restore mariadb database from old server to new
- dnf -y install mariadb mariadb-server
- systemctl enable mariadb
- systemctl start mariadb
- systemctl status mariadb
- mysql_secure_installation #Avoid setting root password
- cd /home/sbarjatiya/public_html_ssqdws
- cat import*
- mysql
- > create database notes_wiki;
- > grant all on notes_wiki.* to notes_wiki@'localhost' identified by '<secret>'; #Secret is part of cat output
- > flush privileges;
- > \q
- dnf -y install sshpass
- ./import_*.sh
- Again try to open https://www.sbarjatiya.com/notes_wiki/
- This time it should open properly
- Install erlang for erlangcentral.com
- dnf -y install erlang
- cd
- wget http://yaws.hyber.org/download/yaws-2.0.6.tar.gz #Or more updated version
- tar xzf yaws-2.0.6.tar.gz
- dnf -y install gcc autoconf automake pam-devel make
- cd yaws-2.0.6
- ./configure
- make
- make install
- Fix yaws interpreter by validating path and recompiling erlang code with current compiler
- su - sbarjatiya
- cd erlang/erlangcentral.com
- vim start_yaws.sh
- # Validate hostname commonhosting for path /home/sbarjatiya/erlang/erlangcentral.com
- ./start_yaws.sh
- sleep 5
- yaws --ls
- cd /home/sbarjatiya/erlang/applications/interpreter
- erlc *.erl
- cd
- cd erlang/applications/interpreter/
- yaws --ls
- yaws --stop --id application
- rm -rf Mnesia.nonode\@nohost/
- cd ../../erlangcentral.com/
- rm -rf Mnesia.yaws\@*
- cd sasl_error_logs/
- rm -f *
- cd ..
- vim start_applications.erl
- #Validate "commonhosting" -> code:add_patha("/home/sbarjatiya/erlang/applications/interpreter");
- erlc start_applications.erl
- ./start_yaws.sh
- sleep 5
- yaws --ls
DNS changes and finalize migration
- DNS entry updation
- Change production public DNS entries to point to new server. If organization has local private DNS, then perhaps that may also require changes.
- sbarjatiya.com - @ - IPv4 and IPv6
- erlangcentral.com - @ - IPv4 and IPv6
- pbarjatiya.com - @ - IPv4 and IPv6
- energyconservationclub.in - @ - IPv4 and IPv6
- rekallsoftwarae.com - @ -
- Check updated entries via public DNS servers after waiting for a minute or two
- Manually copy entries from /root/.ssh/authorized_keys of old server to new server (root@rekallcm1 for backup)
- From rekallcm1 ensure that following work
- ssh root@sbarjatiya.com #As saurabh user
- cd /documents/public_html; ./update.sh #As saurabh user
- ssh root@sbarjatiya.com #As root user for rsnapshot backups
- From rekallcm1 ensure that following work
- Comment /etc/hosts entry in laptop after DNS entry has been changed (sbarjatiya.com, www.sbarjatiya.com)
- Change production public DNS entries to point to new server. If organization has local private DNS, then perhaps that may also require changes.
- Shutdown old server and test following sites
- In case of Linode:
- Create rDNS entry for mail.sbarjatiya.com to linode IPv4 and IPv6 IPs
- As per https://www.linode.com/docs/email/running-a-mail-server/#sending-email-on-linode open support ticket using https://cloud.linode.com/support/tickets?type=closed&drawerOpen=true for removing outgoing email restrictions.
- In case of AWS:
- Fill form at https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request for elastic IP mapping to mail.sbarjatiya.com
- Fill the form with barjatiya.saurabh@gmail.com address so that email communication is not dependent upon sbarjatiya.com VM
- Fill form at https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request for elastic IP mapping to mail.sbarjatiya.com
- Add reminder to terminate old server after a few days.
Not migrated awstats
Note steps for installing awstats and moving awstats configuration from old machine to new machine are missing. Incomplete steps for setting up awstats are:
- Install awstatus using:
- /pre.
- Copy /etc/awstats and /var/lib/awstats from old server to new
- Open https://sbarjatiya.com/awstats/awstats.pl?config=www.sbarjatiya.com and check
Refer:
- Migrate sbarjatiya.com VM
- CentOS 8.x migrate CentOS 7.x postfix, dovecot, squirrelmail server
- Migrating mail server from one machine to another
<yambe:breadcrumb self="Migrate commonhosting from one machine to another">CentOS 8.x New machine configuration|New machine configuration</yambe:breadcrumb>