|
⇤ ← Revision 1 as of 2018-10-13 16:54:50
Size: 1574
Comment: stub for migration guide
|
Size: 2710
Comment: postgres users unfortunately have to take manual action
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
== Changes Requiring Action on the Part of Members == If you have a crontab, are running any daemons on `bog`, if you use postgresql, or are using the low level `domain` domtool type instead of `dom` you will need to take some manual actions during the migration or your services may break. Migration should be otherwise transparent. |
|
| Line 36: | Line 42: |
| Postgresql is upgraded to 9.6. 9.1 no longer supported, data automatically migrated. | == Postgresql == Postgres user '''must''' take action! Due to our usage of gssapi and ident for authentication, we cannot set up a simple stunnel for secure connections between the datacenters. To ensure the security of your data, connections from one datacenter to the other will require ssl be enabled in postgres. Applications based on `libpq` ought to negotiate ssl automatically, but php applications using the PDO library will not automatically negotiate, and require `sslmode=require` be added to the connection string. Postgresql is also being upgraded to 9.6 as 9.1 is not longer supported. There should be no major compatibility issues, and all databases will be automatically migrated. |
| Line 40: | Line 50: |
| MySQL is still using Percona 5.6. | === MySQL === The MySQL migration should be transparent. We are staying on Percona MySQL 5.6, and are using an stunnel to transparently/securely proxy connections between the datacenters during migration. |
A guide to moving your services to our new virtual infrastructure at digital ocean.
Contents
1. Changes Requiring Action on the Part of Members
If you have a crontab, are running any daemons on bog, if you use postgresql, or are using the low level domain domtool type instead of dom you will need to take some manual actions during the migration or your services may break.
Migration should be otherwise transparent.
2. Important Dates
TBD
- email migration
- database migration
- volumes migration
3. Overview of New Machines
3.1. Networking Change: IPv6 is Supported
Core HCoop services (ssh, email, dns, ...) are now IPv6 enabled. Members with native IPv6 are encouraged to test the new services and report any problems.
By default, domtool will not generate AAAA (IPv6) DNS records for your domains, but this will be enabled for the dom type after all sites are migrated.
4. Using the New Shell Server
5. Moving Web Sites
5.1. PHP
(fastcgi php is mandatory now)
5.2. Proxied Servers
Will need to be moved to marsh, but will still work when connecting from the new webserver to bog. Connections will be going unencrypted over the Internet however!
6. Changes to Databases
7. Postgresql
Postgres user must take action! Due to our usage of gssapi and ident for authentication, we cannot set up a simple stunnel for secure connections between the datacenters. To ensure the security of your data, connections from one datacenter to the other will require ssl be enabled in postgres. Applications based on libpq ought to negotiate ssl automatically, but php applications using the PDO library will not automatically negotiate, and require sslmode=require be added to the connection string.
Postgresql is also being upgraded to 9.6 as 9.1 is not longer supported. There should be no major compatibility issues, and all databases will be automatically migrated.
dbtool commands for postgres will now use version postgres-9 instead of postgres-9.1.
7.1. MySQL
The MySQL migration should be transparent. We are staying on Percona MySQL 5.6, and are using an stunnel to transparently/securely proxy connections between the datacenters during migration.
8. Changes to XMPP
We are now using ejabberd 18.06, which brings ...
9. Features Coming After Migration
Once migration is completed, a few features will be implemented as soon as feasible:
- PHP 7.2 support
- Postgresql 10.x support
Automated integration with letsencrypt in DomTool.