1142012-12-17 21:12:48ClintonEbadithis is leftover information from the fyodor -> peer1 transition!1132008-12-03 16:49:37MichaelOlson1122008-07-07 04:27:56localhostconverted to 1.6 markup1112008-05-14 23:50:18MichaelOlsons/mail2/mail/1102008-04-08 12:48:04AdamChlipalaUpdate status1092007-12-15 17:22:10AdamChlipalamembers2 -> members1082007-12-09 02:26:29ClintonEbadibolded note to delete the shared-folders subdir since it is important and easy to miss visually1072007-12-09 01:13:06MichaelOlsonMention removing shared maildir stuff1062007-11-28 18:29:26MichaelOlsonremove link to migrated page, add migration end date1052007-11-25 04:47:47RyanMikulovsky1042007-11-22 22:05:52MichaelOlsonChange day to today1032007-11-21 02:37:10RyanMikulovskyfix a typo1022007-11-21 02:08:39MichaelOlsonCommence the forced migration period!1012007-11-16 23:35:06MichaelOlsonAdd MoinMoin quickie1002007-11-16 23:33:17MichaelOlsonAdd mailman info, remove mailman and moin bugs992007-11-13 17:48:14MichaelOlsonLink to bug reports982007-11-13 17:43:56MichaelOlsonDefine migration status more specifically, and list some known issues that must be addressed972007-11-12 07:36:57MichaelOlsonMinor typos962007-11-12 06:39:58RyanMikulovsky952007-11-12 03:28:30MichaelOlson942007-11-12 03:26:34MichaelOlsonRevamp. Almost ready for forced migration.932007-11-11 22:30:03RyanMikulovsky922007-11-11 22:28:28RyanMikulovskyremove portion that was put into the Manual912007-11-11 19:50:30RyanMikulovskyone too many 'the'902007-11-11 04:57:06RyanMikulovskyclarify fyodor domtool dir892007-11-11 04:38:36RyanMikulovskyexpand a little on migration strategy882007-11-11 03:39:49MichaelOlson872007-11-11 03:38:55MichaelOlson862007-11-11 03:37:44MichaelOlsonno periods in subdomain852007-11-11 03:12:17MichaelOlsonDocument how to try out new servers on a subdomain842007-11-06 06:00:38RyanMikulovskywiki link oops832007-11-06 05:58:59RyanMikulovskyOpenAFS section replaced with link to OpenAFS subpage822007-11-01 21:28:34MichaelOlsonRemove email-specific stuff812007-11-01 19:24:43MichaelOlsonTurn sect numbers off802007-10-26 01:53:3371.179.100.190792007-10-25 17:30:35DavorOcelic782007-10-25 04:40:11MichaelOlson772007-10-24 22:42:49AdamChlipalaUpdate to simplified instructions762007-10-15 11:17:39MichaelOlsonUse listacl/setacl instead of la/sa for consistency752007-10-15 00:42:45MichaelOlsonAdd back accidentally reverted text742007-10-15 00:40:29MichaelOlsonClarify example in "Securing directories" section732007-10-15 00:33:06AdamChlipalaClarify AFS permissions722007-09-30 18:27:11RyanMikulovskythe in the wrong place.712007-09-30 18:23:45RyanMikulovskysmall addition to email section.702007-09-30 18:20:06RyanMikulovskySpamAssassin692007-09-29 19:41:37RyanMikulovskyopenafs...682007-09-20 23:51:01RyanMikulovskyslightly more detail on USER.daemon principle672007-09-20 23:22:45RyanMikulovskymention USER.daemon for Apache662007-09-20 23:11:47AdamChlipalaWeb sites652007-09-17 11:01:44MichaelOlsonFix some typos in Log-In Security and s/he/they/642007-09-17 01:55:45MichaelOlsonMention squirrelmail632007-09-16 16:03:28RyanMikulovsky622007-09-16 15:43:22213.147.110.16612007-09-16 09:47:00213.147.110.16602007-09-15 16:16:01RyanMikulovskymove DenyHosts under SSH Login section592007-09-15 14:35:15AdamChlipalaRemove socket permissions warning582007-09-15 14:16:10MichaelOlsonSpelling and misc. clarifications572007-09-15 13:27:51AdamChlipalapublic_html CGI562007-09-15 13:16:58schmagr1fe07-dmz.mycingular.nets/mire password/New password/; fix some bad text relocations552007-09-15 01:54:56t0rchAdd comment about needing socket permission to do step 5542007-09-14 15:44:03RyanMikulovskyadd info about public_html ACL and expand public_html section532007-09-14 15:30:40RyanMikulovsky522007-09-14 15:26:18adsl-75-7-153-107.dsl.chi2ca.sbcglobal.netremove unnecessary word512007-09-14 15:25:44adsl-75-7-153-107.dsl.chi2ca.sbcglobal.net502007-09-14 15:24:51adsl-75-7-153-107.dsl.chi2ca.sbcglobal.net492007-09-14 13:37:46bzq-84-108-20-56.cablep.bezeqint.net482007-09-14 08:12:28MichaelOlsonMigrate changes472007-08-27 23:32:57RyanMikulovskyupdate status of migration462007-08-27 15:16:31MichaelOlsonClarify that list should be contacted if erroneously added to blacklist452007-08-25 19:24:36RyanMikulovskyhcoop-announcements -> hcoop-announce442007-08-25 18:44:03RyanMikulovskyupdate migration status432007-08-19 04:50:36RyanMikulovskyslight update of current mire situation422007-08-02 20:23:58RyanMikulovskyinclude a status for curious people that may not be subscribed to mailing lists412007-07-08 02:17:33AdamChlipalahcoop-sysadmin -> admins402007-07-05 11:21:58t0rch392007-07-04 19:57:38RyanMikulovskyadd WebDAV382007-07-04 19:39:08RyanMikulovskyreadd ssh section for additional details372007-07-04 19:37:37RyanMikulovskymake denyhost stuff a little less precise...362007-07-04 19:31:45RyanMikulovskymove ssh security to log-in security, add denyhost details352007-07-04 14:51:42MichaelOlsonRe-org slightly, add ssh section342007-07-02 16:12:39AdamChlipaladbtool grant332007-06-26 22:27:45RyanMikulovskymodified to reflect list only default of $HOME322007-06-26 05:49:04RyanMikulovskyextraneous S on ACL312007-06-26 05:48:08RyanMikulovskyadd a detail about UNIX file permissions being useless302007-06-26 05:28:17RyanMikulovskyadd preliminary ACL security stuff.292007-06-25 02:10:27RyanMikulovsky282007-06-24 21:57:29AdamChlipaladropdb272007-06-23 21:04:50AdamChlipalavmail262007-06-22 15:25:46AdamChlipalaBugzilla is ON252007-06-03 18:59:06AdamMegacz242007-06-03 18:58:14AdamMegacz232007-06-03 18:57:44AdamMegacz222007-06-03 18:57:27AdamMegacz212007-06-03 18:56:46AdamMegacz202007-06-03 18:56:03AdamMegacz192007-06-03 01:02:53AdamChlipalaRefactor log-in part182007-06-03 00:57:44AdamChlipalaNo ssh pub key172007-06-03 00:36:52netblock-68-183-25-2.dslextreme.com162007-06-03 00:34:42AdamChlipalaPortal passwords and Bugzilla152007-06-02 19:07:34adsl-70-237-15-244.dsl.chi2ca.sbcglobal.netmysql and psql access to deleuze142007-06-02 19:06:42adsl-70-237-15-244.dsl.chi2ca.sbcglobal.net132007-06-02 15:03:45AdamChlipalaAccount creation122007-05-29 14:59:49MichaelOlsonAdd thunderbird note112007-05-29 14:30:39MichaelOlsonno normal pop3102007-05-29 02:58:22MichaelOlsonFlesh out email section92007-05-29 01:26:25MichaelOlsonAdd note for megacz82007-05-29 00:49:01MichaelOlsonFix typo72007-05-29 00:48:41MichaelOlsonAdd TOC, alphabetize, and add a few sections62007-05-23 03:59:37AdamChlipaladbtool52007-05-18 04:51:50AdamChlipalaRevert to revision 3.42007-05-17 20:35:17AdamChlipalaRevert to revision 2.32007-05-17 18:05:26cpe-76-180-90-92.buffalo.res.rr.comchanged proper nameservers to ns1 and ns322007-05-17 04:47:24RobinTempletonrsync -a12007-05-17 02:21:41AdamChlipalaThis page is historical information from the migration to Peer1 in 2006. For information on migrating to Navajos and Bog, see NavajosBogMigrationGuide instead. This page describes the steps that members using the old machines need to take in order to migrate to the new machines. For the purposes of this page, we'll use the name New to refer to the servers hosted at Peer 1 (which are deleuze, mire, and eventually abulafia and krunk) and Old to refer to any servers that we've used previously.

Everyone has been migrated to the new machines. People who haven't finished this yet are holding up the works and should get their acts together. A deadline of Monday, April 14, was announced by e-mail. If you aren't migrated by then, your service may be degraded arbitrarily.

Having an account on our new machines will allow you to have full access to your space in AFS (currently 400MB per user) and the ability to log in to mire.hcoop.net via ssh. Requesting an account on the new infrastructure will not affect your fyodor account. You will have access to both accounts until after all migration is complete.

ssh to hcoop.net as usual. Run this command line: migrationpw Follow the on-screen directions. Wait for an e-mail from the user creation script. (This stage requires that a human run the script periodically to watch for failures, but one of us should run it several times a day.) The password you set will go into our new Kerberos database, allowing log-in to mire and any other of our servers that we choose to enable for non-admin shell access. You will also use this password for authentication to other services, like e-mail and members-only HCoop web sites. An e-mail will be sent to your HCoop account to let you know that your account has been created. Be sure to memorize your password, as it won't be saved anywhere unencrypted once the account creation script runs!

Now you may attempt to login to mire.hcoop.net using your favorite SSH client or the new AJAX SSH service at . The latter requires a modern browser that cooperates with AJAX.

You can no longer use SSH public key authentication. Kerberos authentication ("ssh -K") is supported, for passwordless log-in. Some day, someone might implement the Kerberos support needed to make SSH public key auth work again. See MemberManual/DistributedSecurity for more information on all of this. That being said, if you've always been typing a password to log in via SSH and don't care to do otherwise, then you don't need to bother reading this section!

If you fail to log in correctly quite a few times, the DenyHosts scripts might lock you out. Currently any blocked IP's are purged after a week, so if you don't want to wait you'll need to submit a ticket, or if you can't access the portal to do this you'll need to send an email to <admins AT hcoop DOT net>.

The new portal uses the same password you use to log in to mire. That is, if you haven't created a New account yet, then you can't access the new portal. You should use the new portal for all administrative requests, except for the specialized request types (e.g., domains, firewall rules, etc.) when they relate to fyodor.

We recommend that you tell fyodor to dual-deliver all of your mail so that one copy goes to deleuze (our new main server) and one copy goes to fyodor. That way you can start reading your email via deleuze, but if anything goes wrong you can just switch back to fyodor. To do this, put the following lines in your ~/.forward file on fyodor. Note that the comment on the first line is mandatory -- it tells exim that this forward file uses special exim features. If your username was fred, you would put this in your ~/.forward: and you mail will be dual-delivered.

You can also copy the contents of your mailboxes from fyodor to mire (actually to our shared AFS filesystem by way of mire). To do this, log in to fyodor and type the following. Then log into mire and remove the ~/Maildir/shared-folders directory, if it exists. Also, change the contents of ~/Maildir/shared-maildirs on mire to:

It is possible to test out your setup on the new servers by making a new subdomin on the old machine that points to the new machine. This way you can hone your new setup until it's as good as the old, while still having access to the old. First, make a directory in your /etc/domains/TLD/DOMAIN folder on the old machine. TLD is the Top-Level Domain of your domain. For example, it might be com, net, us, in etc. DOMAIN is your domain, and SUB is the new subdomain that you would like to use. SUB should not include any of the text in DOMAIN, and should have no periods. In that directory, make a file called .dns with the following contents. Then, run the domtool command to finalize your changes on Fyodor. Now request control of the DOMAIN using the new portal (). When you receive notification of control, you can then log into mire.hcoop.net and configure DomTool so that Apache knows it can serve your SUBdomain. Please take a look at using DomTool, the DomTool user guide, and DomTool examples to learn how to do this. You'll probably want to take a look at the vhost directive.

Be sure to read through the chapters of the MemberManual that interest you. The following are some very quick overviews of things that have changed.

We are purposely not sending any DNS data from Old to New, which means that you need to change domains at your registrar if you want New to be authoritative for them. The proper nameservers are ns1.hcoop.net and ns3.hcoop.net, in that order. Keeping ns.hcoop.net and ns2.hcoop.net will not work.

See the DomTool page for instructions on managing your domains with the new setup. The configuration files are in a vastly different format, but they have a better-defined syntax that should be relatively easy to understand.

Your home directory is now managed by AFS. You will enter it by default when logging in to mire.hcoop.net via ssh. Type pwd to see what the path is. It will look like /afs/hcoop.net/user/u/us/username. Some directories have been created for you already, so that they have the correct permissions for things like serving web pages and delivering mail.

First of all, UNIX permissions carry no weight with AFS -- therefore they are useless to you. Instead, use Access Control Lists (ACL), which are a far more powerful way of restricting access to parts of a file tree. Read MemberManual/GettingStarted for further information on AFS concepts. See the OpenAFS subpage to find installation directions for various operating systems.

See the Mailing Lists page for details, including how to migrate existing lists to the new machines.

See the MoinMoin configuration page for details on how to set up MoinMoin and how to migrate data to match the new version of MoinMoin that we have installed.

If you're using rsync to transfer data to the new servers, the "-a" option by itself won't work properly because rsync attempts to chgrp the transferred files. Use "-a --no-g" instead of "-a".

WebDAV is accessible at . WebDAV is useful when working on a website using systems that cannot mount an AFS share. For details on how to setup WebDAV, take a look at Note that you can only use WebDAV on directories that have system:anyuser rl as part of its ACL. You'll be able to write even if system:anyuser does not.

A Squirrelmail instance for reading your email on the new servers is available at .

Your ~/public_html directory is available via HTTP through http://deleuze.hcoop.net/~USER/. Eventually this will change to http://hcoop.net/~USER/. Due to consequences of AFS authentication, we don't plan to allow dynamic content (CGI, PHP, etc.) via hcoop.net/~you/... on New. If you don't have a domain hosted at HCoop, but want to serve dynamic content, then you can request an hcoop.net subdomain (example: USER.hcoop.net, where USER is your username) via . See the chapter on Serving Websites for more details. CategoryHistorical