[Box-Admins] Moving services from box2 to box4

Tue Jun 10 17:26:34 UTC 2014

On Mon, 9 Jun 2014, David T. Lewis wrote:

> We have an objective to get the squeak.org services moved from the old box2 infrastructure
> to the new box4 (and box3) servers provided by the SFC. I raised this as a topic at the
> Squeak board meeting last week, partly because the recent outage of source.squeak.org and
> other services is a reminder that we need to make some progress on this front.
>
> I made one point to the board, and I want to repeat it clearly here: I am talking about
> moving our existing squeak.org services from one server to another. We need to
> accomplish this independently of new development, such as Chris Cunnington's work on
> a new SqueakMap server. So to use that as an example, we need to get the old SqueakMap
> service moved from box2 to box4. Development of the new SqueakMap should proceed in
> parallel with that, but it should not prevent us from moving the old SqueakMap service
> at the earliest possible opportunity (Chris C, sorry to use this as an example, you
> just happen to be the person doing active new development, so I am using this to illustrate
> the point).
>
> Chris Muller offered to move the old SqueakMap from box2 to box4, and I offered to
> provide whatever interpreter VM may be need to run the old image. If no objections,
> I will go ahead and install the same VM that is currently installed on box3, and
> Chris Muller can follow up on the SqueakMap move.
>
> Levente, does this make sense to you? And if so, is it reasonable for Chris Muller and
> me to move a single service such as SqueakMap, as opposed to moving a larger number
> of services all at once? I'm afraid I am not very knowledgeable about setting up Apache
> configurations, so I do not really know how easily this can be done. But if we could get
> the old SqueakMap service moved, it might be a good start.

That's exactly how it should be done. We should migrate the services one 
by one. The easiest ones are those which use a single image and nothing 
else (no other services). These are squeaksource (source.squeak.org), 
squeakmap, and the wiki.

There's no apache on box4, it has nginx instead, which is a lot better 
imho. To migrate these services we should

- copy the images, and files to box4
- create nginx configurations for them
- check if they work properly on box4
- shut down the service on box2
- synchronize the files again if necessary
- create tunnels between box4 to box2 (at this point the services should 
work as expected)
- rewrite the dns entries

It may be necessary to change stuff in the image, if they expect that they 
are running on box2. For example the way email is sent from them.

When these are done, we can migrate the harder serivces, which are mantis, 
qmail and mailman.

But before migrating any services, it would be good to ensure that
1. we have backups from box4 (and box3)
2. we have a proper firewall set up

I think Randal used to create backups from box2 - and maybe box3, but I 
don't know if he still does that. I'm fairly sure we have no backups from 
box4.

For the firewall, we should make sure that only some services are 
accessible (nginx, ssh, smtp, dns). All other services should be either served 
through nginx, or accessed over ssh. This goes against the current 
practice, where people just fire up an image, pick a random port and hack 
something.

Levente

>
> And of course, once the old SqueakMap server is running on the newer box4 infrastructure,
> it should be that much easier to update to Chris Cunnington's new service when the time
> is right.
>
> Thanks,
> Dave
>
>