libravatar-fans team mailing list archive

Thread
Date

Re: The migration plan

To: libravatar-fans@xxxxxxxxxxxxxxxxxxx
From: Francois Marier <francois@xxxxxxxxxxxxxx>
Date: Wed, 6 Feb 2019 19:37:43 -0800
In-reply-to: <CAGqZTUv=FncLVpuVbM=0DNwtsZW31oBahj8Fb36GeVRMhwOUKg@mail.gmail.com>
Openpgp: id=8C470B2A0B31568E110D432516281F2E007C98D1; preference=signencrypt

Overall, that sounds good to me. Here are a few comments.

On 2019-02-06 at 19:45:27, clime wrote:
> There is section "Preparing the new server" in the beginning, which I would
> imagine happens on 17th Feb Sunday. What I need there is:
> 
> 1) ssl httpd certificates copied to /mnt/data/libravatar-certs at the new
> server (libravatar.fedorainfracloud.org) so that I can prepare httpd
> configs** with them that will be switched for the current ones a while
> before the actual DNS switch happens on 18th Feb
> 
> 2) data exported by
> https://git.linux-kernel.at/oliver/ivatar/blob/libravatar_export/exportaccounts.py
> present in /mnt/data/libravatar-export - i will try to import them on 17th
> to test things out and the similar procedure should then happen for real
> during the migration (section "Migrating the servers") on 18th Feb

Do you have root access on the existing server? I know that ofalk does, if
you don't, you should get it now so that you can extract the data you need
ahead of time. I would suggest you test this out in the next week or so in
order to find and resolve any problems.

Just to be extra clear: clime or ofalk will be responsible for this part.

> **also postfix configs for email encryption

What exactly do you mean? Emails are not encrypted or DKIM-signed currently.

> When the migration starts on 18th, the old server will be switched to
> read-only mode, I should get a fresh dump of libravatar's data that I will
> import and I will switch (or have it switched already) all the configs to
> use the current libravatar ssl certs and the libravatar.org URL.

My plan here is to switch the old server to maintenance mode before I go to
sleep on the 17th. Which means that by the time you wake up to start the
migration, you'll be able to do a final dump of the data and prepare/test
everything.

> I imagine fmarier will be then responsible for the actual DNS switch of A
> record to the new instance at the right time.

I'm happy to do that after I wake up on the 18th and confirm with you that
the new server is go. I'll get the old server proxying to the new one as
well to help with DNS servers that insist on ignoring TTLs.

> There is no public AAAA IP for the new server so I guess we will drop IPv6
> record. The public IPv4 for the new server is: 209.132.184.237.

Ok, I will purge the AAAA IP address ahead of time to help clear DNS caches.

> When the migration is done, we will continue with the domain transfer to
> the shared Gandi account.

Sounds good to me.

Thanks for getting our planning started early!

Francois

-- 
https://fmarier.org/

Follow ups

Re: The migration plan
From: clime, 2019-02-07

References

The migration plan
From: clime, 2019-02-06