Migrating to the Cloud

Steadfast.net, the company from whom I’ve had excellent VPS service for years, recently announced the release of a Cloud Platform.  The Cloud Platform offering from Steadfast supports Debian Linux, just like the VPS that I’ve had, and it appears as though the cloud offering enables a more appropriate allocation of resources.  For example, I need more RAM but less disk but the VPS plan I was on had 60GB disk, of which only about 5GB was used.  All things considered I should be able to save some money by switching to Steadfast’s Cloud Platform.

I decided to migrate and herein are the notes from my migration.  All told it took about 3 to 4 hours over an evening to switch from a Debian 5-based VPS to a Debian 6 VPS running the same services.

Most of these are just rambling notes in case I need to migrate again in the future.

After ssh’ing in, I ran:

apt-get update

and then apt-get -u upgrade

The problem is that the updater wanted to update the kernel image to the same kernel that I was on.  This failed.  So I decided to pin the kernel so that it wouldn’t get updated.

Pin kernel:

echo “<kernel image> hold” | dpkg –set-selections

Now running apt-get -u upgrade just indicates that there are 2 packages that have been kept back.

I needed to install several software packages to provide the same services as before.  This is not a comprehensive list because Debian’s dependency checker is so robust.  These are the packages as I typed them and let the dependency checker do the rest:

less mutt vim postfix postfix-policyd amavisd-new mysql-server php5-mysql php5-gd php5-imap php5 apache2 libapache2-mod-perl2 vsftpd libhtml-mason-perl spamassassin dnsutils postfix-mysql procmail dovecot-imapd ntpdate vim whois libxml-rss-perl libdate-manip-perl monit rsync screen subversion

With those basics out of the way, I enabled the firewall.  As someone who revised and wrote part of a book on Linux Firewalls, I have a custom script for iptables so I ported that to the new server and started it up.

Next, time to install Apache.  Gotta enable SSL:

a2enmod ssl

Copy certificatess from /etc/ssl/certs and keys from /etc/ssl/private on the old server too, and move those to new server.

Stop MySQL on source server and tar it up:

/etc/init.d/mysql stop ; cd /var/lib ; tar -zcvpf sourcemysql.tgz mysql

Stop MySQL on destination:

/etc/init.d/mysql stop ; cd /var/lib

Copy over password for MySQL debian-sys-maint from source, it’s in /etc/mysql/debian.cnf

May need to run mysql_upgrade.  MySQL was crabby with “cannot process because system event table…” something or other.  By the time I found a solution to run mysql_upgrade, MySQL indicated that it had already run it.  Not sure what’s up there but it appears to be working now and I don’t have time (or really care) to investigate further right now.

Edit Apache vhost configs to change IPs to the new server.  Also, don’t forget to symlink from sites-available to sites-enabled!

Needed to add the apache logging line to /etc/apache2/apache2.conf:

LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %T %v” full

Needed to edit /etc/apache2/ports.conf to add NameVirtualHosts for each IP and port, including 443.

Restart Apache.

I had and have relatively low TTLs on many popular A records on the DNS for my primary domains.  Therefore, I switched the A record over once I verified that things were working.

Now that the web server is running, time to work on mail.  I use Postfix+Amavisd-new+Spamassassin+postfix-policyd.

I was unable to get postfix-policyd to start through its init script.  Had to edit its config file /etc/postfix-policyd.conf to change LOG_INFO to LOG_ERR due to a LOG_IFOO error in the logs.  Not sure why, but it still wouldn’t start [[see note about this later]].  Since postfix-policyd wouldn’t start, I commented it out of /etc/postfix/main.cf so that it wouldn’t try to check the policy service for the time being.

mkdir /var/mail/braingia.org and chown it to <user>.mail.  Touch the mailbox in the directory and chmod it 660, owned by <user> and mail group.

Change IP-related settings in /etc/postfix/main.cf and master.cf.  Also, change myhostname (hostname-related variables) in main.cf

Ugh.  Amavis started checking headers must more stringently between versions, so things like the friendly date and from headers being missing were causing messages to be silently discarded.  Changed bad_header to D_PASS instead of D_BOUNCE and got a test message through.

Switched over the MX record around this time.  Now time to get IMAP/SSL working.

Copy dovecot info over.  Had to update dovecot.conf by hand due to larger scale changes in the file between versions.

Move /var/spool/cron/crontabs/<user> as appropriate.  Check the scripts to make sure they run.  Had some perl stuff that needed libraries, as one would expect.

Move stuff from /usr/local/bin/*

Edit crontab  to add ntpdate.

Edit /etc/monit/monitrc as appropriate.

Set timezone:

dpkg-reconfigure tzdata

Rsync’ed home directories and root’s home.

Migrating mailman:

tarred up /var/lib/mailman/data, /var/lib/mailman/lists, /var/lib/mailman/archives.  Made backups as appropriate on the destination.  Edit mm_cfg.py in /etc/mailman (and possibly find one in /var/lib/mailman hierarchy too).  Change and/or add virtualhost related items to change the URLs for the lists.  Ran:

withlist -l -r fix_url trivia

Change to VIM for editing cron, etc:

update-alternatives –config editor

[[Update on policyd]]  For some reason, policyd started working.  I ran the init script and it started.  Weird, but I’ll take it.

Getting nagios to work involved installing nagios-plugins so that remote checks over ssh would work.  Also added accounts as appropriate.

Hope this helps someone, somewhere, someday… or at least helps me.  Now, I do need to get this information extracted in case this server goes down and is the one needing to be migrated!