[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [274] MigrationChecklist: re-organize items
|
From: |
assafgordon |
|
Subject: |
[Savannah-cvs] [274] MigrationChecklist: re-organize items |
|
Date: |
Sun, 6 Nov 2016 19:09:51 +0000 (UTC) |
Revision: 274
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=274
Author: agn
Date: 2016-11-06 19:09:48 +0000 (Sun, 06 Nov 2016)
Log Message:
-----------
MigrationChecklist: re-organize items
Modified Paths:
--------------
trunk/sviki/MigrationChecklist.mdwn
Modified: trunk/sviki/MigrationChecklist.mdwn
===================================================================
--- trunk/sviki/MigrationChecklist.mdwn 2016-10-28 01:31:34 UTC (rev 273)
+++ trunk/sviki/MigrationChecklist.mdwn 2016-11-06 19:09:48 UTC (rev 274)
@@ -1,12 +1,17 @@
Migration Check List
====================
-Things to do before going live with the new VMs.
+Last-minute tasks before going live
+-----------------------------------
+### All Servers
-For frontend/web interface
---------------------------
+* After updating DNS entries, update nginx/apache server names,
+ and re-issue LetsEncrypt certificates for old names
+ (e.g. `frontend.sv.gnu.org`).
+### FrontEnd0
+
* Copy project-submissions and tracker-attachments from
`frontend` to `frontend0` one last time, see
`frontend:/root/agn/sync-sv-uploads-to-frontend0.sh`.
@@ -30,6 +35,34 @@
$sys_debug_email_override_address = "address@hidden";
+
+### Internal0
+
+* Copy MySQL database `savane` from `internal` to `internal0`.
+
+* Copy `internal:/etc/bind/master/savane.*` to `internal0`,
+ and install/configure DNS, to make it work as described
+ in [[DNS]].
+
+* Activate DNS server on Internal0, ensure top-level GNU DNS points to
Internal0
+ (not old internal).
+
+* Rename machines (e.g. `frontend0` to `frontend`).
+
+* Keep old machines accesible (e.g. `frontend0` to `frontend-old`??).
+
+
+### VCS0
+
+* Disable cronjobs on old vcs, enable them on `vcs0` (such as `sv_groups`
+ which modified the NFS-shared code repositories. Only one server should
+ run the at a given time.
+
+
+
+Remaining setup tasks - frontend0
+---------------------------------
+
* Ensure `cgitrepos` is updated on `vcs0`, and copied
to `frontend0:/etc/savane/cgitrepos`.
Search for `cgitrepos` in [[SavannahInternals]] for details.
@@ -49,8 +82,6 @@
# Deprecated but still works, not a show stopper
# PHP Deprecated: Function mysql_numrows() is deprecated in
/home/agn/savannah/savane/frontend /php/include/database.php on line 300
-* Apache configuration: rename all mentions of `frontend0` to `frontned`.
-
* *DONE* - Updated apache configuration by Bob Proulx.
SSL Certificates: Ensure shortcut domains (e.g. 'sv.gnu.org') work
and redirect successfully with HTTPS, and provide unredirected `.well-known`
@@ -60,57 +91,81 @@
See [[FrontEndHostRedirection]] for redirection details and apache example.
See [[https]] for certbot/ssl informaiton.
-* Sviki - *DONE*. See [[HowToAdminThisWiki]].
+* *DONE* Sviki - See [[HowToAdminThisWiki]].
-vcs0
-----
+Remaining setup tasks - vcs0
+----------------------------
-* Update cronjobs in `/etc/cron.d/sv` - especially `sv_groups` to create
- repositories for new projects.
+* CronJobs `vcs0:/etc/cron.d/sv`:
+ * `sv_groups`,
+ * `/usr/src/infra/git/refresh-project-list.sh`
+ * `/usr/src/infra/git/sv_cgit.pl`
* Check for special permissions for gnu webmasters?
see "GNU webpages repository access for www members"
section in [[UserAuthentication]] and also here:
<http://lists.gnu.org/archive/html/savannah-hackers-public/2016-05/msg00031.html>
-* xinetd daemons (see [[SavannahServices]]): rsync, cvs-pserver, bzr,svn
+* xinetd daemons:
+ * git-daemon
+ * cvs-pserver (+webcvs)
+ * svn-daemon
+ * bzr-daemon
-* source-code browsers: hg, svn, cvs, bzr. (cgit/gitweb: working).
+* rsync access
-* disable OpenSSH password method when ssh-pubkey is rejected.
+* *DONE* - SSH read/write access;
+
+* *DONE* - source-code web browsers:
+ * cgit - DONE
+ * gitweb - DONE
+ * hg - DONE
+ * cvs - DONE
+ * cvsweb - DONE
+ * bzr - DONE
+ * svn - DONE
+
+* (*WONTFIX* keeping password access, as we don't have console access)
+ disable OpenSSH password method when ssh-pubkey is rejected.
(`PasswordAuthentication no` in `sshd_config`)
-Download0
----------
+Remaining setup tasks - Download0
+---------------------------------
-* DONE - libnss-mysql access / ssh for savannah users (like on vcs).
- ensure sftp works.
+* libnss-mysql access / ssh for savannah users (like on vcs).
+ * check savannah user access (e.g. `ssh address@hidden ls` -
+ should allow login but reject `ls` command)
+ * ensure sftp works.
* rsync xinetd daemon
* mirmon
-* GNU Arch repositories
+* ftpmirror0.sv.gnu.org - ftp.gnu.org mirror-multiplexer
+* Ensure TCP ports are open: 22/80/443/873 .
+
* cron jobs (see [[SavannahInternals]])
-* disable OpenSSH password method when ssh-pubkey is rejected.
+* *DONE* - GNU Arch repositories
+* (*WONTFIX* keeping password access, as we don't have console access)
+ disable OpenSSH password method when ssh-pubkey is rejected.
(`PasswordAuthentication no` in `sshd_config`)
-* Ensure TCP ports are open: 22/80/443/873 .
+* *DONE* - audio-video
+* *DONE* - download0.sv.gnu.org (mirror-redirection downloads)
-Internal0 (MySQL + DNS)
------------------------
+* *DONE* - download-mirror0.sv.gnu.org (non-redirecting downloads)
-* Copy MySQL database `savane` from `internal` to `internal0`.
-* Copy `internal:/etc/bind/master/savane.*` to `internal0`,
- and install/configure DNS, to make it work as described
- in [[DNS]].
+
+Remaining setup tasks - Internal0 (MySQL + DNS)
+-----------------------------------------------
+
* Update access privileges for the MySQL users (e.g. `savannahscripts`),
grant them from hosts 'frontend','vcs' (in addition to
'frontend0','vcs0',etc.).
@@ -122,9 +177,11 @@
* verify mailing list creating works (with SSH to lists.gnu.org).
-All Servers
------------
+
+Remaining setup tasks - All Servers
+-----------------------------------
+
* The savane git repository on the new VMs is tracking
the `nextgen` branch, as explained in [[BackEndSetup]].
The `master` branch contains the 'old' code as running
@@ -134,6 +191,8 @@
`master` branch on all servers.
+
+
Wiki and Documentation
----------------------
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [274] MigrationChecklist: re-organize items,
assafgordon <=