Editing 2014 Server Migration

This page is to collect information about our current configuration and options for switching to a new server going forward.  Please feel free to edit to add missing information or correct errors.

== Server selection ==

On 2014-06-24, the WPLUG board decided to go with the $10/month [https://www.linode.com/pricing?r=30335eb136f2c5f7fa3429dce9f15bea836f81d3 Linode] plan, locating in their Atlanta datacenter.  This plan will approximately halve our current costs and still provide sufficient resources.

== OS selection ==

The WPLUG server currently runs on CentOS 5.  This is still supported, but it would make sense to choose a newer distro while we're doing the server switch.

=== Service enumeration ===

Services that are currently running on the WPLUG Linode server.  These should include things that are user-facing only, not infrastructure.

* E-mail (Postfix)
* Mailing lists (Mailman)
* Wiki (MediaWiki)
* Blog (Wordpress)
* Monkeybot IRC bot (infobot) - maybe consider different bot software that can import monkeybot's database?
* RSS aggregator (Tiny Tiny RSS, tt-rss)

Infrastructure software which supports the services above.

* Web server (Apache) - it would be possible to use Nginx instead, but I (Vance) am not familiar with setting it up
* PHP (Apache mod_php) for MediaWiki, Wordpress, and TT-RSS
* Python for Mailman
* Perl for Monkeybot
* MySQL for MediaWiki, Wordpress, and TT-RSS - likely possible to use MariaDB instead, other DBMS [http://www.mediawiki.org/wiki/Compatibility#Database not recommended] for use with MediaWiki
* Greylisting daemon (Postgrey)
* Fail2ban - could maybe use denyhosts instead
* Aide - could be used for intrusion detection

=== Support lifetime ===

* CentOS 6 - [http://wiki.centos.org/FAQ/General#head-fe8a0be91ee3e7dea812e8694491e1dde5b75e6d 2020-11-30]
* CentOS 7 - will probably match RHEL 7 support deadline of [https://access.redhat.com/site/support/policy/updates/errata/#Life_Cycle_Dates 2024-06-30]
* Debian 7 "wheezy" - [http://en.wikipedia.org/wiki/Debian#Security_updates one year after release of v. 8 "jessie"] ([http://ostatic.com/blog/early-plans-for-debian-8-0-jessie-emerge anticipated mid-2015]), possible [http://www.debian.org/News/2014/20140424.en.html unofficial long-term support] available after that
* Ubuntu 14.04 LTS - [http://en.wikipedia.org/wiki/Ubuntu_(operating_system)#Releases 2019-04-17]

=== Software availability ===

This table is to track, for the different distros under consideration, whether the software we need is available within its repositories.  We want to minimize the number of applications which have to be maintained manually.

Key:
* B: in distro's base repository
* A: in an additional repository provided by the distro
* T: in a third-party repository
* ~: not available in any known repository
* ?: availability unknown

{| border="1"
!
!CentOS 6
!CentOS 7
!Debian 7
!Ubuntu 14.04
|-
|postfix
|B 2.6
|B 2.10
|B 2.9
|B 2.11
|-
|mailman
|B 2.1
|B 2.1
|B 2.1
|B 2.1
|-
|postgrey
|T 1.34<sup>rf, EPEL</sup>
|T 1.34<sup>EPEL</sup>
|B 1.34
|A 1.34
|-
|mediawiki
|T 1.19<sup>EPEL</sup>
|~
|B 1.19
|A 1.19
|-
|wordpress
|T 3.9<sup>EPEL</sup>
|T 3.9<sup>EPEL</sup>
|B 3.6
|A 3.8
|-
|infobot
|~
|~
|? (not B or A)
|~
|-
|tt-rss
|~
|~
|? (not B or A)
|A 1.11
|-
|apache
|B 2.2 / A 2.4
|B 2.4
|B 2.2
|B 2.4
|-
|nginx
|A 1.4
|?
|B 1.2
|B/A 1.4
|-
|php5
|B 5.3 / A 5.4, 5.5
|B 5.4, T 5.5.14<sup>Remi</sup>
|B 5.4
|B 5.5
|-
|python2
|B 2.6 / A 2.7
|B 2.7.5
|B 2.7
|B 2.7
|-
|python3
|A 3.3
|?
|B 3.2
|B 3.4
|-
|perl5
|B 5.10
|B 5.16
|B 5.14
|B 5.18
|-
|mysql
|B 5.1 / A 5.5
|?
|B 5.5
|B 5.5 / A 5.6
|-
|mariadb
|A 5.5
|B 5.5
|? (not B or A)
|A 5.5
|-
|fail2ban
|T 0.8.7<sup>rf</sup>, 0.8.11<sup>EPEL</sup>
|T 0.9<sup>EPEL</sup>, 0.8.7<sup>rf</sup>
|B 0.8.6
|A 0.8.11
|-
|denyhosts
|T 2.6<sup>rf, EPEL</sup>
|T 2.6<sup>rf</sup>
|B 2.6
|[https://launchpad.net/ubuntu/trusty/amd64/denyhosts ~]
|-
|aide
|B 0.14
|B 0.15.1
|?
|0.16a2
|}

Third-party repositories:
* EPEL - [http://fedoraproject.org/wiki/EPEL Extra Packages for Enterprise Linux]
* rf - [http://repoforge.org/ RepoForge] (formerly RPMForge/Dag Wieers)
* Remi - [http://dev.antoinesolutions.com/remi-repository Remi Repository]

== Migration steps ==

* Obtain [https://library.linode.com/networking/ipv6#sph_ipv6-address-pools IPv6 address pool] from Linode (support ticket needed)
* Explore what software to use to help harden up the installation (fail2ban, etc.)
* <strike>Deploy new CentOS 7 instance</strike>
* (optional) Set up [https://library.linode.com/remote-access#sph_adding-private-ip-addresses private IPv4 addresses] for transfer between old and new VPS (avoids bandwidth charges)
* Set up SSH (edit sshd_config to tighten up security)
* <strike>Migrate current users to new server</strike>
* <strike>Ensure NTP is running, and set timezone to EDT</strike>
* <strike>Set up the firewall (either using firewalld, or else [https://fedoraproject.org/wiki/FirewallD?rd=FirewallD/#Using_static_firewall_rules_with_the_iptables_and_ip6tables_services installing iptables and using the old rules])</strike>
* Install Apache, and edit httpd.conf appropriately
* <strike>Install PHP</strike>, edit php.ini appropriately, and make sure all needed modules are installed
* <strike>Install MariaDB</strike>, add appropriate user(s)/permissions, and edit my.cnf appropriately
* Install/configure Postfix
* Install/configure Mailman
* Install/configure monkeybot
* Set up Tiny Tiny RSS
* Migrate any other files that must be moved
* Export current MySQL and import into new MariaDB
* Install/configure MediaWiki
* Set up repeating jobs (log rotation, etc.) via systemd/cron
* Cut over DNS (or [https://library.linode.com/remote-access#sph_swapping-ip-addresses swap IPv4 addresses])
* Other steps not mentioned above

=== Nice-to-haves ===

We have an archive of static web pages from the pre-2007 server "penguin" - it would be nice to make this history available somehow.

=== Installation Notes ===
[https://www.centos.org/forums/viewtopic.php?f=48&t=47284 Installing fail2ban on CentOS 7]

[[Category:Migration]]