CentOs 8.x Migrate commonhosting from one machine to another

From Notes_Wiki
Revision as of 13:43, 30 September 2021 by Saurabh (talk | contribs)

<yambe:breadcrumb self="Migrate commonhosting from one machine to another">CentOS 8.x New machine configuration|New machine configuration</yambe:breadcrumb>

CentOs 8.x Migrate commonhosting from one machine to another

Initialize machine

To migrate commonhosting from one machine (eg VM) to another use following steps:

  1. Create a new VM with static IP (IPv4 and IPv6)
  2. Enable following ports in cloud firewall: 22, 25, 80, 443, 465 and 8080 for both IPv4 and IPv6
  3. ssh to VM using public key
  4. Install vim 
    sudo su -
    

    dnf -y install epel-release vim
    

    dnf -y install byobu rsync bzip2 tar gdisk
  5. Allow direct root access via personal key by editing '~/.ssh/authorized_keys'
  6. Upgrade OS to CentOS-8-Stream, if launched with CentOS 8 
    dnf -y swap centos-linux-repos centos-stream-repos
    

    dnf -y distro-sync
  7. Add swap space using CentOS 7.x adding swap space using file
  8. Add history date/time recording using Storing date / time along with commands in history
  9. set desired hostname using: 
    hostnamectl set-hostname <new-hostname>
  10. Set correct time zone CentOS 8.x Change system timezone
  11. Disable SELinux (setenforce 0, edit /etc/sysconfig/selinux and set SELINUX=disabled)
  12. Fully update system, if not done already 
    dnf -y update --skip-broken
  13. Reboot the machine 
    shutdown -r now


Configure access to both old and new machines

  1. Connect to machine using personal key directly as root
  2. Create /etc/hosts entry on personal laptop for
    • old-commonhosting pointing to old-commonhosting server
    • new-commonhosting pointing to new-commonhosting server
  3. Create /etc/hosts entry on old-commonhosting server for
    • new-commonhosting
  4. Run following to generate ssh-keys (on old-commonhosting server) 
    hostnamectl set-hostname old-commonhosting
    

    ssh-keygen
  5. Copy keys from old-commonhosting to new-commonhosting as authorized.
    • Also copy keys of rekallcm1 backup to new-commonhosting VM
  6. Test key based ssh from to new-commonhosting (on old-commonhosting server) 
    ssh root@new-commonhosting
  7. Start copying home folder from old server to new server: (on old-commonhosting server) 
    rsync -aHz --delete /home/ root@new-commonhosting:/home/


Configure firewalld, fail2ban and lets-encrypt on new server

  1. Install firewalld using: (on new-commonhosting server) 
    dnf -y install firewalld
    

    #In /etc/sysconfig/network-scripts/ifcfg-eth0 append ZONE=public
    

    nmcli networking off; nmcli networking on
    

    systemctl restart firewalld
    

    systemctl enable firewalld
    

    

    firewall-cmd --zone=public --add-port=25/tcp --permanent  #SMTP
    

    firewall-cmd --zone=public --add-port=80/tcp --permanent  #HTTP
    

    firewall-cmd --zone=public --add-port=443/tcp --permanent #HTTPS
    

    firewall-cmd --zone=public --add-port=465/tcp --permanent #SMTPS
    

    firewall-cmd --zone=public --add-port=8080/tcp --permanent #Alt-HTTP
    

    firewall-cmd --reload
    

    firewall-cmd --list-all
  2. Install and configure fail2ban by referring CentOS 7.x fail2ban (on new-commonhosting server)
  3. Migreate lets-encrypt data from old to new
    1. Copy letsencrypt data from old server to new using: (On old server) 
      rsync -a /etc/letsencrypt/ root@new-commonhosting:/etc/letsencrypt/
    2. Install certbot on new server using: (On new server) 
      dnf -y install certbot python3-certbot-apache
    3. Check cron configuration on old server (On old server) 
      crontab -l
    4. Configure cron entries for automatic SSL renewal same as old server on new server using crontab -e (On new server) 
      crontab -e


Configure apache, user accounts and postfix on new server

  1. Install apache on new server (on-new server) 
    dnf -y install httpd mod_ssl php php-pdo php-mbstring php-xml php-json php-cli php-mysqlnd
  2. copy apache config from old to new (on-old server) 
    rsync -aHz /etc/httpd/ root@new-commonhosting:/etc/httpd/
    

    rsync -a /etc/php.ini root@new-commonhosting:/etc/php.ini
  3. Copy user account information from old server to new
    1. cat /etc/passwd
    2. Copy all lines for UID >=500 and append corresponding lines to /etc/passwd on new server.
      • The number of lines should match 'ls -1 /home | grep -v lost | wc -l'
      • Be watchful for IDs <500 which might appear in between (eg nscd, dovecot)
      • Only two users would match (ecc, sbarjatiya) 
        ecc:x:501:501::/home/ecc:/bin/bash
        

        sbarjatiya:x:500:500::/home/sbarjatiya:/bin/bash
    3. Copy /etc/shadow lines of corresponding users from old server to new server
    4. Copy /etc/group lines of corresponding users from old server to new server
    5. Do ls -l /home and all user and group names should appear properly (On new server)
      • The output should match old server. Only ecc, centos, sbarjatiya would appear properly
  4. Install postfix and configure aliases (On new server) 
    dnf -y install logwatch postfix postfix-pcre
    

    dnf -y install bind-utils telnet nc
  5. Copy custom aliases from /etc/aliases to new server and update root alias appropriately
    • root to saurabh [at] rekallsoftware.com
  6. newaliases
  7. In /etc/hosts add new-commonhosting commonhosting against 127.0.0.1
  8. dnf -y install wget
  9. Copy postfix data from old server to new server (On old server) 
    rsync -a /etc/postfix/ root@new-commonhosting:/etc/postfix/
  10. Start and enable services (on new server) 
    systemctl enable postfix
    

    systemctl start postfix
    

    systemctl status postfix
    

    

    cd /etc/httpd/conf.d/
    

    mv -f ssl.conf old-ssl-conf
    

    systemctl enable httpd
    

    systemctl start httpd
    

    systemctl status httpd
  11. Add /etc/hosts entry for sbarjatiya.com www.sbarjatiya.com pointing to new server (In admin machine)


Configure mariadb

  1. Install mariadb and restore mariadb database from old server to new 
    dnf -y install mariadb mariadb-server
    

    

    systemctl enable mariadb
    

    systemctl start mariadb
    

    systemctl status mariadb
    

    

    mysql_secure_installation   #Avoid setting root password
    

    

    cd /home/sbarjatiya/public_html_ssqdws
    

    cat import*
    

    

    mysql
    

    > create database notes_wiki;
    

    > grant all on notes_wiki.* to notes_wiki@'localhost' identified by '<secret>';  #Secret is part of cat output
    

    > flush privileges;
    

    > \q
    

    

    dnf -y install sshpass
    

    ./import_*.sh
  2. Again try to open https://www.sbarjatiya.com/notes_wiki/
    • This time it should open properly
  3. Install erlang for erlangcentral.com 
    dnf -y install erlang
    

    cd
    

    wget http://yaws.hyber.org/download/yaws-2.0.6.tar.gz  #Or more updated version
    

    tar xzf yaws-2.0.6.tar.gz
    

    dnf -y install gcc autoconf automake pam-devel make
    

    cd yaws-2.0.6
    

    ./configure
    

    make
    

    make install
  4. Fix yaws interpreter by validating path and recompiling erlang code with current compiler 
    su - sbarjatiya
    

    cd erlang/erlangcentral.com
    

    vim start_yaws.sh
    

    # Validate hostname commonhosting for path /home/sbarjatiya/erlang/erlangcentral.com
    

    ./start_yaws.sh
    

    sleep 5
    

    yaws --ls
    

    cd /home/sbarjatiya/erlang/applications/interpreter
    

    erlc *.erl
    

    

    cd
    

    cd erlang/applications/interpreter/
    

    yaws --ls
    

    yaws --stop --id application
    

    rm -rf Mnesia.nonode\@nohost/
    

    cd ../../erlangcentral.com/
    

    rm -rf Mnesia.yaws\@*
    

    cd sasl_error_logs/
    

    rm -f *
    

    cd ..
    

    

    vim start_applications.erl
    

    #Validate "commonhosting" -> code:add_patha("/home/sbarjatiya/erlang/applications/interpreter");
    

    

    erlc start_applications.erl
    

    ./start_yaws.sh
    

    sleep 5
    

    yaws --ls


DNS changes and finalize migration

  1. DNS entry updation
    1. Change production public DNS entries to point to new server. If organization has local private DNS, then perhaps that may also require changes.
      • sbarjatiya.com - @ - IPv4 and IPv6
      • erlangcentral.com - @ - IPv4 and IPv6
      • pbarjatiya.com - @ - IPv4 and IPv6
      • energyconservationclub.in - @ - IPv4 and IPv6
      • rekallsoftwarae.com - @ -
    2. Check updated entries via public DNS servers after waiting for a minute or two
    3. Manually copy entries from /root/.ssh/authorized_keys of old server to new server (root@rekallcm1 for backup)
      • From rekallcm1 ensure that following work 
        ssh root@sbarjatiya.com  #As saurabh user
        

        cd /documents/public_html; ./update.sh  #As saurabh user
        

        ssh root@sbarjatiya.com  #As root user for rsnapshot backups
    4. Comment /etc/hosts entry in laptop after DNS entry has been changed (sbarjatiya.com, www.sbarjatiya.com)
  2. Shutdown old server and test following sites
  3. In case of Linode:
  4. In case of AWS:
  5. Add reminder to terminate old server after a few days.



Not migrated awstats

Note steps for installing awstats and moving awstats configuration from old machine to new machine are missing. Incomplete steps for setting up awstats are:

  1. Install awstatus using: 
    dnf -y install awstats http://mirror.centos.org/centos/8/PowerTools/x86_64/os/Packages/perl-Switch-2.17-10.el8.noarch.rpm
    /pre.
  2. Copy /etc/awstats and /var/lib/awstats from old server to new
  3. Open https://sbarjatiya.com/awstats/awstats.pl?config=www.sbarjatiya.com and check



Refer:



<yambe:breadcrumb self="Migrate commonhosting from one machine to another">CentOS 8.x New machine configuration|New machine configuration</yambe:breadcrumb>

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=CentOs_8.x_Migrate_commonhosting_from_one_machine_to_another&oldid=5347"