We have an objective to get the squeak.org services moved from the old box2 infrastructure to the new box4 (and box3) servers provided by the SFC. I raised this as a topic at the Squeak board meeting last week, partly because the recent outage of source.squeak.org and other services is a reminder that we need to make some progress on this front.
I made one point to the board, and I want to repeat it clearly here: I am talking about moving our existing squeak.org services from one server to another. We need to accomplish this independently of new development, such as Chris Cunnington's work on a new SqueakMap server. So to use that as an example, we need to get the old SqueakMap service moved from box2 to box4. Development of the new SqueakMap should proceed in parallel with that, but it should not prevent us from moving the old SqueakMap service at the earliest possible opportunity (Chris C, sorry to use this as an example, you just happen to be the person doing active new development, so I am using this to illustrate the point).
Chris Muller offered to move the old SqueakMap from box2 to box4, and I offered to provide whatever interpreter VM may be need to run the old image. If no objections, I will go ahead and install the same VM that is currently installed on box3, and Chris Muller can follow up on the SqueakMap move.
Levente, does this make sense to you? And if so, is it reasonable for Chris Muller and me to move a single service such as SqueakMap, as opposed to moving a larger number of services all at once? I'm afraid I am not very knowledgeable about setting up Apache configurations, so I do not really know how easily this can be done. But if we could get the old SqueakMap service moved, it might be a good start.
And of course, once the old SqueakMap server is running on the newer box4 infrastructure, it should be that much easier to update to Chris Cunnington's new service when the time is right.
Thanks, Dave
On Mon, 9 Jun 2014, David T. Lewis wrote:
We have an objective to get the squeak.org services moved from the old box2 infrastructure to the new box4 (and box3) servers provided by the SFC. I raised this as a topic at the Squeak board meeting last week, partly because the recent outage of source.squeak.org and other services is a reminder that we need to make some progress on this front.
I made one point to the board, and I want to repeat it clearly here: I am talking about moving our existing squeak.org services from one server to another. We need to accomplish this independently of new development, such as Chris Cunnington's work on a new SqueakMap server. So to use that as an example, we need to get the old SqueakMap service moved from box2 to box4. Development of the new SqueakMap should proceed in parallel with that, but it should not prevent us from moving the old SqueakMap service at the earliest possible opportunity (Chris C, sorry to use this as an example, you just happen to be the person doing active new development, so I am using this to illustrate the point).
Chris Muller offered to move the old SqueakMap from box2 to box4, and I offered to provide whatever interpreter VM may be need to run the old image. If no objections, I will go ahead and install the same VM that is currently installed on box3, and Chris Muller can follow up on the SqueakMap move.
Levente, does this make sense to you? And if so, is it reasonable for Chris Muller and me to move a single service such as SqueakMap, as opposed to moving a larger number of services all at once? I'm afraid I am not very knowledgeable about setting up Apache configurations, so I do not really know how easily this can be done. But if we could get the old SqueakMap service moved, it might be a good start.
That's exactly how it should be done. We should migrate the services one by one. The easiest ones are those which use a single image and nothing else (no other services). These are squeaksource (source.squeak.org), squeakmap, and the wiki.
There's no apache on box4, it has nginx instead, which is a lot better imho. To migrate these services we should
- copy the images, and files to box4 - create nginx configurations for them - check if they work properly on box4 - shut down the service on box2 - synchronize the files again if necessary - create tunnels between box4 to box2 (at this point the services should work as expected) - rewrite the dns entries
It may be necessary to change stuff in the image, if they expect that they are running on box2. For example the way email is sent from them.
When these are done, we can migrate the harder serivces, which are mantis, qmail and mailman.
But before migrating any services, it would be good to ensure that 1. we have backups from box4 (and box3) 2. we have a proper firewall set up
I think Randal used to create backups from box2 - and maybe box3, but I don't know if he still does that. I'm fairly sure we have no backups from box4.
For the firewall, we should make sure that only some services are accessible (nginx, ssh, smtp, dns). All other services should be either served through nginx, or accessed over ssh. This goes against the current practice, where people just fire up an image, pick a random port and hack something.
Levente
And of course, once the old SqueakMap server is running on the newer box4 infrastructure, it should be that much easier to update to Chris Cunnington's new service when the time is right.
Thanks, Dave
On Tue, Jun 10, 2014 at 07:26:34PM +0200, Levente Uzonyi wrote:
On Mon, 9 Jun 2014, David T. Lewis wrote:
Chris Muller offered to move the old SqueakMap from box2 to box4, and I offered to provide whatever interpreter VM may be need to run the old image. If no objections, I will go ahead and install the same VM that is currently installed on box3, and Chris Muller can follow up on the SqueakMap move.
Levente, does this make sense to you? And if so, is it reasonable for Chris Muller and me to move a single service such as SqueakMap, as opposed to moving a larger number of services all at once? I'm afraid I am not very knowledgeable about setting up Apache >configurations, so I do not really know how easily this can be done. But if we could get the old SqueakMap service moved, it might be a good start.
That's exactly how it should be done. We should migrate the services one by one. The easiest ones are those which use a single image and nothing else (no other services). These are squeaksource (source.squeak.org), squeakmap, and the wiki.
Thanks Levente,
The squeakmap service sounds like a good place to start. Chris is going to try moving that service some time soon (maybe a couple of weeks from now). I've installed a VM on box3 to support that image, and I will try to help Chris where I can.
If we can get the squeakmap service moved successfully, maybe we can do source.squeak.org next. I have recent experience moving the squeakmap.com service onto box3, so I expect that source.squeak.org should be similar.
There's no apache on box4, it has nginx instead, which is a lot better imho. To migrate these services we should
- copy the images, and files to box4
- create nginx configurations for them
- check if they work properly on box4
- shut down the service on box2
- synchronize the files again if necessary
- create tunnels between box4 to box2 (at this point the services should
work as expected)
- rewrite the dns entries
It may be necessary to change stuff in the image, if they expect that they are running on box2. For example the way email is sent from them.
When these are done, we can migrate the harder serivces, which are mantis, qmail and mailman.
But before migrating any services, it would be good to ensure that
- we have backups from box4 (and box3)
- we have a proper firewall set up
I think Randal used to create backups from box2 - and maybe box3, but I don't know if he still does that. I'm fairly sure we have no backups from box4.
For the firewall, we should make sure that only some services are accessible (nginx, ssh, smtp, dns). All other services should be either served through nginx, or accessed over ssh. This goes against the current practice, where people just fire up an image, pick a random port and hack something.
I do not know how to set up backups or firewalls. Hopefully we can get the squeakmap move under way now even if the backups and firewalls have not been done. Unless you say otherwise, I will assume that Chris and I should proceed with moving the squeakmap service even if the backups and firewall have not been done yet. Is that OK?
Thanks!
Dave
box-admins@lists.squeakfoundation.org