welcome: please sign in

The following 561 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
ability   able   abulafia   access   Access   accessible   account   accounts   acts   actually   admin   administrative   admins   affect   afs   after   again   all   allow   allowing   already   Also   also   always   an   An   and   announced   any   anything   anyuser   anywhere   Apache   April   arbitrarily   are   aren   as   Assassin   at   attempt   attempts   auth   authentication   authoritative   available   back   Be   be   because   been   being   berkeley   better   blocked   Bog   both   bother   browser   bugzilla   but   by   called   can   cannot   care   carry   Category   change   changed   changes   chapter   chapters   chgrp   choose   client   com   command   comment   complete   concepts   configuration   configure   consequences   content   contents   Contents   control   Control   Coop   cooperates   copy   Copy   correct   correctly   created   creation   cs   Currently   currently   data   database   dav   day   deadline   default   Default   defined   degraded   deleuze   deliver   delivered   delivering   Deny   describes   details   different   directions   directive   directories   directory   Distributed   dns   do   doc   does   Dom   domain   Domain   domains   Domains   Domtool   domtool   don   dual   Due   dynamic   easy   edu   email   Email   enable   enter   etc   even   Eventually   eventually   Everyone   exactly   example   Examples   examples   except   Exim   exim   existing   exists   fail   failures   far   favorite   features   few   file   Files   files   filesystem   filter   finalize   find   finished   firewall   First   first   folder   folders   Follow   following   For   for   format   forward   fred   from   full   further   Fyodor   fyodor   get   Get   Getting   go   goes   going   good   guide   Guide   has   have   Have   haven   Having   having   hcoop   here   historical   Historical   holding   Home   home   hone   hosted   Hosts   how   html   http   https   human   If   if   implement   In   in   include   including   information   infrastructure   installation   installed   instance   instead   Instead   instructions   interest   into   is   it   It   its   itself   just   Keeping   Kerberos   Key   key   know   knows   krunk   latter   learn   let   Level   lib   like   line   lines   Lists   lists   ll   local   lock   log   logging   login   longer   look   machine   machines   mail   Mail   mailboxes   Maildir   maildirs   Mailing   Mailman   main   make   making   Making   managed   managing   mandatory   Manual   match   may   means   Member   members   memorize   might   migrate   migrated   migrating   migration   Migration   migrationpw   mire   mkdir   modern   Monday   more   mount   name   nameservers   Navajos   need   needed   net   new   New   no   non   not   Note   notification   Now   now   ns   ns1   ns2   ns3   Obsoleted   Of   of   Old   old   on   once   one   only   Open   operating   option   or   order   other   otherwise   our   out   overviews   page   pages   part   parts   password   passwordless   path   Peer   Peer1   People   per   periodically   periods   permissions   plan   Please   pointing   points   portal   possible   powerful   previously   Primary   probably   progress   proper   properly   public   Public   purged   purposely   purposes   put   pwd   quick   Quickies   quite   re   read   Read   reading   receive   recommend   refer   registrar   relate   relatively   remove   request   Requesting   requests   requires   research   restricting   rl   rsync   rules   Run   run   runs   said   same   saved   screen   script   scripts   section   Security   See   see   send   sending   sent   serve   server   servers   service   services   serving   Serving   set   setup   several   share   shared   shell   should   sites   so   some   Some   someone   space   Spam   spamd   special   specialized   Squirrelmail   ssh   stage   start   started   Started   Status   Step   steps   still   strategy   subdomain   subdomin   submit   subpage   Summary   support   supported   sure   switch   syntax   system   systems   Table   take   tell   tells   test   text   that   That   The   the   their   them   Then   then   therefore   they   things   this   This   through   ticket   times   to   To   together   Tool   Top   transfer   transferred   Transferring   tree   Try   type   Type   types   typing   understand   unencrypted   until   up   us   use   Use   used   useful   useless   user   User   username   uses   Using   using   usual   var   various   vastly   ve   verbose   version   very   vhost   via   Visit   wait   Wait   want   warning   was   watch   way   We   we   Web   web   webmail   website   Websites   week   weight   what   When   when   where   which   while   who   wiki   will   with   won   work   working   works   would   write   wrong   yet   You   you   Your   your  

Clear message
Edit

MemberManual / MigrationGuide

This page is historical information from the migration to Peer1 in 2006. For information on migrating to Navajos and Bog, see NavajosBogMigrationGuide instead.

This page describes the steps that members using the old machines need to take in order to migrate to the new machines.

For the purposes of this page, we'll use the name New to refer to the servers hosted at Peer 1 (which are deleuze, mire, and eventually abulafia and krunk) and Old to refer to any servers that we've used previously.

Contents

  1. Status of Migration
  2. Summary of what exactly is going on here
  3. Getting started
    1. Step 1: Get a New account
    2. Step 2: Try logging in
      1. SSH Public Key is Obsoleted
      2. DenyHosts
    3. Step 3: Visit the new portal
    4. Step 4: Have your mail dual-delivered
    5. Step 5: Copy your existing email
  4. Migration strategy
    1. Making a subdomain on fyodor and pointing it at mire
  5. Quickies
    1. DNS
    2. Domains
    3. Home
    4. OpenAFS and permissions
    5. Mailman
    6. MoinMoin
    7. rsync
    8. WebDAV
    9. webmail
    10. Web sites

Status of Migration

Everyone has been migrated to the new machines. People who haven't finished this yet are holding up the works and should get their acts together. A deadline of Monday, April 14, was announced by e-mail. If you aren't migrated by then, your service may be degraded arbitrarily.

Summary of what exactly is going on here

Having an account on our new machines will allow you to have full access to your space in AFS (currently 400MB per user) and the ability to log in to mire.hcoop.net via ssh.

Requesting an account on the new infrastructure will not affect your fyodor account. You will have access to both accounts until after all migration is complete.

Getting started

Step 1: Get a New account

  1. ssh to hcoop.net as usual.

  2. Run this command line: migrationpw

  3. Follow the on-screen directions.
  4. Wait for an e-mail from the user creation script. (This stage requires that a human run the script periodically to watch for failures, but one of us should run it several times a day.)

The password you set will go into our new Kerberos database, allowing log-in to mire and any other of our servers that we choose to enable for non-admin shell access. You will also use this password for authentication to other services, like e-mail and members-only HCoop web sites.

An e-mail will be sent to your HCoop account to let you know that your account has been created. Be sure to memorize your password, as it won't be saved anywhere unencrypted once the account creation script runs!

Step 2: Try logging in

Now you may attempt to login to mire.hcoop.net using your favorite SSH client or the new AJAX SSH service at http://ssh.hcoop.net/. The latter requires a modern browser that cooperates with AJAX.

SSH Public Key is Obsoleted

You can no longer use SSH public key authentication. Kerberos authentication ("ssh -K") is supported, for passwordless log-in. Some day, someone might implement the Kerberos support needed to make SSH public key auth work again. See MemberManual/DistributedSecurity for more information on all of this.

That being said, if you've always been typing a password to log in via SSH and don't care to do otherwise, then you don't need to bother reading this section!

DenyHosts

If you fail to log in correctly quite a few times, the DenyHosts scripts might lock you out. Currently any blocked IP's are purged after a week, so if you don't want to wait you'll need to submit a ticket, or if you can't access the portal to do this you'll need to send an email to <admins AT hcoop DOT net>.

Step 3: Visit the new portal

The new portal uses the same password you use to log in to mire. That is, if you haven't created a New account yet, then you can't access the new portal.

You should use the new portal for all administrative requests, except for the specialized request types (e.g., domains, firewall rules, etc.) when they relate to fyodor.

Step 4: Have your mail dual-delivered

We recommend that you tell fyodor to dual-deliver all of your mail so that one copy goes to deleuze (our new main server) and one copy goes to fyodor. That way you can start reading your email via deleuze, but if anything goes wrong you can just switch back to fyodor.

To do this, put the following lines in your ~/.forward file on fyodor. Note that the comment on the first line is mandatory -- it tells exim that this forward file uses special exim features. If your username was fred, you would put this in your ~/.forward: 

  # Exim filter
  deliver fred
  deliver fred@deleuze.hcoop.net

and you mail will be dual-delivered.

Step 5: Copy your existing email

You can also copy the contents of your mailboxes from fyodor to mire (actually to our shared AFS filesystem by way of mire). To do this, log in to fyodor and type the following. 

  rsync -are ssh --no-g --progress --verbose ~/Maildir/ mire.hcoop.net:Maildir/

Then log into mire and remove the ~/Maildir/shared-folders directory, if it exists. Also, change the contents of ~/Maildir/shared-maildirs on mire to: 

SpamAssassin    /var/local/lib/spamd/Maildir

Migration strategy

Making a subdomain on fyodor and pointing it at mire

It is possible to test out your setup on the new servers by making a new subdomin on the old machine that points to the new machine. This way you can hone your new setup until it's as good as the old, while still having access to the old.

First, make a directory in your /etc/domains/TLD/DOMAIN folder on the old machine. TLD is the Top-Level Domain of your domain. For example, it might be com, net, us, in etc. DOMAIN is your domain, and SUB is the new subdomain that you would like to use. SUB should not include any of the text in DOMAIN, and should have no periods. 

mkdir /etc/domains/TLD/DOMAIN/SUB

In that directory, make a file called .dns with the following contents. 

Primary         ns      ns
Default         69.90.123.68

Then, run the domtool command to finalize your changes on Fyodor.

Now request control of the DOMAIN using the new portal (http://members.hcoop.net). When you receive notification of control, you can then log into mire.hcoop.net and configure DomTool so that Apache knows it can serve your SUBdomain. Please take a look at using DomTool, the DomTool user guide, and DomTool examples to learn how to do this. You'll probably want to take a look at the vhost directive.

Quickies

Be sure to read through the chapters of the MemberManual that interest you. The following are some very quick overviews of things that have changed.

DNS

We are purposely not sending any DNS data from Old to New, which means that you need to change domains at your registrar if you want New to be authoritative for them. The proper nameservers are ns1.hcoop.net and ns3.hcoop.net, in that order. Keeping ns.hcoop.net and ns2.hcoop.net will not work.

Domains

See the DomTool page for instructions on managing your domains with the new setup. The configuration files are in a vastly different format, but they have a better-defined syntax that should be relatively easy to understand.

Home

Your home directory is now managed by AFS. You will enter it by default when logging in to mire.hcoop.net via ssh. Type pwd to see what the path is. It will look like /afs/hcoop.net/user/u/us/username. Some directories have been created for you already, so that they have the correct permissions for things like serving web pages and delivering mail.

OpenAFS and permissions

First of all, UNIX permissions carry no weight with AFS -- therefore they are useless to you. Instead, use Access Control Lists (ACL), which are a far more powerful way of restricting access to parts of a file tree. Read MemberManual/GettingStarted for further information on AFS concepts.

See the OpenAFS subpage to find installation directions for various operating systems.

Mailman

See the Mailing Lists page for details, including how to migrate existing lists to the new machines.

MoinMoin

See the MoinMoin configuration page for details on how to set up MoinMoin and how to migrate data to match the new version of MoinMoin that we have installed.

rsync

If you're using rsync to transfer data to the new servers, the "-a" option by itself won't work properly because rsync attempts to chgrp the transferred files. Use "-a --no-g" instead of "-a".

WebDAV

WebDAV is accessible at https://dav.hcoop.net/. WebDAV is useful when working on a website using systems that cannot mount an AFS share. For details on how to setup WebDAV, take a look at http://research.cs.berkeley.edu/doc/dav/

Note that you can only use WebDAV on directories that have system:anyuser rl as part of its ACL. You'll be able to write even if system:anyuser does not.

webmail

A Squirrelmail instance for reading your email on the new servers is available at https://mail.hcoop.net/.

Web sites

Your ~/public_html directory is available via HTTP through http://deleuze.hcoop.net/~USER/. Eventually this will change to http://hcoop.net/~USER/.

Due to consequences of AFS authentication, we don't plan to allow dynamic content (CGI, PHP, etc.) via hcoop.net/~you/... on New. If you don't have a domain hosted at HCoop, but want to serve dynamic content, then you can request an hcoop.net subdomain (example: USER.hcoop.net, where USER is your username) via http://bugzilla.hcoop.net/. See the chapter on Serving Websites for more details.

CategoryHistorical

MemberManual/MigrationGuide (last edited 2012-12-17 21:12:48 by ClintonEbadi)