Difference between revisions of "Moving SME to new Hardware"
(7 intermediate revisions by 3 users not shown) | |||
Line 3: | Line 3: | ||
{{usefulnote}} | {{usefulnote}} | ||
+ | {{Warning box| 1st Sept 2022 A recent fix to rsync in rsync-3.1.2-11.el7_9.x86_64 causes Affa to silently fail. You will need to downgrade to an earlier version to use Affa v3. Affa 4 has fixes for this}} | ||
=== Introduction === | === Introduction === | ||
Line 9: | Line 10: | ||
This document describes a method using the '''[[Affa|Affa V3]]''' contrib. | This document describes a method using the '''[[Affa|Affa V3]]''' contrib. | ||
− | + | Affa gives 3 possibilities to move to new hardware, depending of the available hardware (1,2 or 3 servers, an usb disk) and on the acceptable downtime: | |
+ | * Using the "rise" feature will convert the backup server into the new production server => 2 machines are needed - short downtime. | ||
+ | * Using the normal backup and restore functions: | ||
+ | :* with 2 machines (production server and backup server - long downtime) or 3 machines (old production server, backup server and new production server - short downtime) | ||
+ | :* with only 1 machine and an usb external disk (long downtime) | ||
− | + | ||
+ | These 3 methods can also be used to upgrade from a lower version to a higher version of the SME software. This also work from SME 8.1 to 9.<br> | ||
In the following it is assumed that <code>'''prodIP'''</code> is the IP address of your '''production server''' and <code>'''newIP'''</code> is the IP address of the new '''server hardware'''. Replace both placeholders by your real IP addresses. | In the following it is assumed that <code>'''prodIP'''</code> is the IP address of your '''production server''' and <code>'''newIP'''</code> is the IP address of the new '''server hardware'''. Replace both placeholders by your real IP addresses. | ||
− | === Preparation === | + | === Using the "rise" feature === |
− | ==== Production server ==== | + | ==== Preparation ==== |
+ | ===== Production server ===== | ||
Enable remote administration ssh access in the server-manager of <code>prodIP</code>. This involves setting both the 'Secure shell access' for the local network, and the 'Allow administrative command line access over secure shell' setting, which must be set to 'Yes'. Also, you may have to set "Allow secure shell access using standard passwords" to 'Yes' as well.<br> | Enable remote administration ssh access in the server-manager of <code>prodIP</code>. This involves setting both the 'Secure shell access' for the local network, and the 'Allow administrative command line access over secure shell' setting, which must be set to 'Yes'. Also, you may have to set "Allow secure shell access using standard passwords" to 'Yes' as well.<br> | ||
Log into the <code>prodIP</code> box and run an update<br> | Log into the <code>prodIP</code> box and run an update<br> | ||
Line 24: | Line 31: | ||
If packages were updated signalling post-upgrade and reboot events is required. | If packages were updated signalling post-upgrade and reboot events is required. | ||
− | ==== New hardware ==== | + | ===== New hardware ===== |
Install SME Server from the latest CDROM/ISO. Assign an unused IP address (<code>newIP</code>) and disable DHCP.<br> | Install SME Server from the latest CDROM/ISO. Assign an unused IP address (<code>newIP</code>) and disable DHCP.<br> | ||
Enable remote ssh access in the server-manager on the newIP box. | Enable remote ssh access in the server-manager on the newIP box. | ||
Line 64: | Line 71: | ||
The affa backup job will be called 'prodserv'.<br><br> | The affa backup job will be called 'prodserv'.<br><br> | ||
− | Login to your <code>newIP</code> as root and edit/create the file ''/etc/affa/prodserv.conf'' . Using e.g. editor ''nano'', add the following example job configuration text for jobname ''prodserv'' : | + | Login to your <code>newIP</code> as root and edit/create the file '''/etc/affa/prodserv.conf''' . Using e.g. editor ''nano'', add the following example job configuration text for jobname '''prodserv''' and adapt '''Include=XXXXX''' according the supplementary folders that must be backuped, e.g. due to installed contribs that works with /opt): |
[prodserv] | [prodserv] | ||
remoteHostName=192.168.0.2 | remoteHostName=192.168.0.2 | ||
Line 75: | Line 82: | ||
DiskSpaceWarn=strict | DiskSpaceWarn=strict | ||
RootDir=/var/affa | RootDir=/var/affa | ||
+ | Include=/each/folder/to/save | ||
+ | Include=/another/folder/to/save | ||
TimeSchedule=0630 | TimeSchedule=0630 | ||
localNice=15 | localNice=15 | ||
Line 104: | Line 113: | ||
Public key sent to prodIP | Public key sent to prodIP | ||
− | === Copying data === | + | ==== Copying data ==== |
Run the Affa job on the <code>newIP</code> box | Run the Affa job on the <code>newIP</code> box | ||
Line 121: | Line 130: | ||
To find out what contribs are installed on <code>prodIP</code>. | To find out what contribs are installed on <code>prodIP</code>. | ||
− | === Final data synchronization === | + | ==== Final data synchronization ==== |
Ask your users to log off.<br> | Ask your users to log off.<br> | ||
Log into the <code>prodIP</code> box and stop all services that can modify data. | Log into the <code>prodIP</code> box and stop all services that can modify data. | ||
− | SVC='qpsmtpd sqpsmtpd crond pop3 dovecot pop3s ftp httpd-e-smith | + | For SME8 and SME7 |
+ | |||
+ | SVC='qpsmtpd sqpsmtpd crond pop3 imap imaps pop3s ftp httpd-e-smith atalk smb qmail' | ||
+ | for s in $SVC; do service $s stop; done | ||
+ | |||
+ | For SME9 | ||
+ | |||
+ | SVC='qpsmtpd sqpsmtpd crond pop3 dovecot pop3s ftp httpd-e-smith smb qmail' | ||
for s in $SVC; do service $s stop; done | for s in $SVC; do service $s stop; done | ||
Line 136: | Line 152: | ||
This run will complete very quickly as only differences since the the last run needs to be synchronsized. | This run will complete very quickly as only differences since the the last run needs to be synchronsized. | ||
− | === Switch over to the new hardware === | + | ==== Switch over to the new hardware ==== |
Log into the <code>prodIP</code> box and power it off | Log into the <code>prodIP</code> box and power it off | ||
Line 148: | Line 164: | ||
This action will complete very quickly as only hardlinks are used and no data is physically moved.<br> | This action will complete very quickly as only hardlinks are used and no data is physically moved.<br> | ||
− | '''''Note:''' Do not be scared if your prompt looks different!<br><br> | + | '''''Note:''' Do not be scared if your prompt looks different!<br><br>'' |
Now do a reboot | Now do a reboot | ||
Line 158: | Line 174: | ||
You now have an identical copy of your old production server running on the new hardware. Your users can now log on. | You now have an identical copy of your old production server running on the new hardware. Your users can now log on. | ||
− | === Cleaning up === | + | ==== Cleaning up ==== |
Remove the Affa archives | Remove the Affa archives | ||
Line 172: | Line 188: | ||
'''Note:''' Don't forget to clean up /var/affa. Otherwise you will waste disk space and see strange quota reports. See this [http://forums.contribs.org/index.php?topic=40737.msg198064#msg198064 forum thread] for details. | '''Note:''' Don't forget to clean up /var/affa. Otherwise you will waste disk space and see strange quota reports. See this [http://forums.contribs.org/index.php?topic=40737.msg198064#msg198064 forum thread] for details. | ||
− | === Additional information === | + | ==== Additional information ==== |
− | ==== Performance ==== | + | ===== Performance ===== |
With this method you should be able to move a typical 500 Gbyte sized server to new hardware with downtime less than 20 minutes. The final sync and the rise time does not really depend on the total files size, but on the number of files and directories. | With this method you should be able to move a typical 500 Gbyte sized server to new hardware with downtime less than 20 minutes. The final sync and the rise time does not really depend on the total files size, but on the number of files and directories. | ||
+ | |||
+ | |||
+ | === Using the backup and restore functions === | ||
+ | The general working way is to make a backup of the old SME and to restore it on the new SME (upgraded or not). | ||
+ | The function "RPMCheck" can be used indirectly with the backup server (compare the list with the old and with the new hardware) to get the list of rpm's that are missing on the new hardware but it is not available for a backup on the external usb disk. | ||
+ | |||
+ | ==== Preparation ==== | ||
+ | Take a backup of the running old 'prod server' (see the above conf file ''/etc/affa/prodserv.conf'' ). | ||
+ | {{Note box| Like using the way based on "rise", your can take the first backup (takes long time) without stopping the services and the last one (is quick) after the logout of the users and the stop of the services }} | ||
+ | After the backup, set a temporary IP into the conf file of the backup job: | ||
+ | remoteHostName=tem.po.ra.ry.IP | ||
+ | |||
+ | For a backup on an external usb disk, set: | ||
+ | remoteHostName=localhost | ||
+ | RootDir=/the/mount/point/of/the/disk | ||
+ | and mount the disk. You should make a list of the installed rpm's too. | ||
+ | |||
+ | ==== Install SME on the new hardware ==== | ||
+ | Install at least the same version of SME you were running on the old hardware or a more recent one (e.g. from SME8 to SME9). | ||
+ | |||
+ | ===== For the method based on a backup server: ===== | ||
+ | * Set the '''temporary IP''' as internal address of the new hardware | ||
+ | * From the backup server create the ssh connection between the backup server and the new hardware by sending the ssh key: | ||
+ | affa --send-key prodserv | ||
+ | |||
+ | The answer from Prod-temp-IP server will be<br> | ||
+ | Job prodserv: root@Prod-temp-IP's password: | ||
+ | enter the root Prod-temp-IP password. The answer will be:<br> | ||
+ | Public key sent to prod-temp-IP | ||
+ | |||
+ | ===== External usb disk: ===== | ||
+ | * Install "smeserver-affa" on the new hardware | ||
+ | * mount the usb disk on the same mountpoint than for the backup | ||
+ | * go into the archive and copy the .ini file into /etc/affa as conf file: | ||
+ | cd /mount/point/prodserv/scheduled.0 | ||
+ | ls -a ### to see the ini file | ||
+ | cp .prodserv.ini /etc/affa/ | ||
+ | mv /etc/affa/.prodserv.ini /etc/affa/prodserv.conf | ||
+ | |||
+ | ===== In case of upgrade SME8 to SME9 ===== | ||
+ | The restoration of the default data (parameter "SMEServer=yes" into the conf file of the job) will configure yum repos for SME8 on the new server SME9! | ||
+ | |||
+ | In order to avoid this there are 2 possibilities: | ||
+ | * make a copy of both folders ''/etc/yum.repos.d'' and ''/etc/yum.smerepos.d'' before the restore. It will be helpful for reconfiguring by hand the repos for SME9 after the restore. | ||
+ | * add following into the conf file of the backup job: | ||
+ | Exclude=/etc/yum.repos.d | ||
+ | Exclude=/etc/yum.smerepos.d | ||
+ | before the last backup (of course if you will restore from the last backup - scheduled.0 - and not from an older one like weekly.2!) | ||
+ | |||
+ | ==== Restore the data ==== | ||
+ | |||
+ | From the backup server (or from the new production server in case of restoring from external usb disk) run: | ||
+ | affa --full-restore [--preserve-newer=no] [--delete=yes] prodserv | ||
+ | To get 1:1 the state of the backup. | ||
+ | |||
+ | '''Keep in mind that:''' | ||
+ | :[--preserve-newer=no]: files on the remote server with modification time newer than on the backup are overwritten through the older ones of the backup. | ||
+ | :[--delete=yes]: all files on the remote server, which are not in the backup, are deleted. | ||
+ | |||
+ | {{Warning box|A full restore with --preserve-newer no and --delete yes reconstructs the server as it was at the time of the backup. That means, that all files created or server configuration changes made before the restore will be lost! }} | ||
+ | |||
+ | After the restore, the new prodserver will reboot. | ||
+ | |||
+ | '''Note for the case of 3 machines:''' Make sure that the old hardware is switched off or no more connect to the network before the new hardware reboots because the new hardware will take its IP after the reconfiguration. | ||
+ | |||
+ | ==== Tasks post restore ==== | ||
+ | |||
+ | * If the backup job should be used for further backups of the new hardware, don't forget to replace the temporary IP of "Remotehost" through the previus set IP of the old server into the conf file of the affa job. | ||
+ | * In case of an OS upgrade, check and if necessary reconfigure the repositories of yum for the new version. | ||
[[Category: Howto]] | [[Category: Howto]] | ||
[[Category: Backup]] | [[Category: Backup]] | ||
---- | ---- |
Latest revision as of 14:00, 4 October 2024
Is this article helpful to you?
Please consider donating or volunteering
Thank you!
Introduction
There are many ways to move a SME Server installation to new hardware and also new versions of the SME Server software.
This document describes a method using the Affa V3 contrib.
Affa gives 3 possibilities to move to new hardware, depending of the available hardware (1,2 or 3 servers, an usb disk) and on the acceptable downtime:
- Using the "rise" feature will convert the backup server into the new production server => 2 machines are needed - short downtime.
- Using the normal backup and restore functions:
- with 2 machines (production server and backup server - long downtime) or 3 machines (old production server, backup server and new production server - short downtime)
- with only 1 machine and an usb external disk (long downtime)
These 3 methods can also be used to upgrade from a lower version to a higher version of the SME software. This also work from SME 8.1 to 9.
In the following it is assumed that prodIP
is the IP address of your production server and newIP
is the IP address of the new server hardware. Replace both placeholders by your real IP addresses.
Using the "rise" feature
Preparation
Production server
Enable remote administration ssh access in the server-manager of prodIP
. This involves setting both the 'Secure shell access' for the local network, and the 'Allow administrative command line access over secure shell' setting, which must be set to 'Yes'. Also, you may have to set "Allow secure shell access using standard passwords" to 'Yes' as well.
Log into the prodIP
box and run an update
yum update
If packages were updated signalling post-upgrade and reboot events is required.
New hardware
Install SME Server from the latest CDROM/ISO. Assign an unused IP address (newIP
) and disable DHCP.
Enable remote ssh access in the server-manager on the newIP box.
Note: From now on all further steps can be done remotely via ssh login.
Log into the newIP
box and run an update
yum update
Signalling post-upgrade and reboot events is required.
Install the Affa RPM
Follow the latest instructions here: Affa Installation
Please remember to manually create directory for archive files:
mkdir /var/affa
Configure Affa
db affa set AffaGlobalDisable yes db affa set prodserv job db affa setprop prodserv remoteHostName prodIP db affa setprop prodserv RPMCheck yes affa --make-cronjobs
In this example you have an SME production server (prodIP
) with IP 192.168.0.2.
You have a second SME box as your backup server (newIP
) with IP 192.168.0.10.
The affa backup job will be called 'prodserv'.
Login to your newIP
as root and edit/create the file /etc/affa/prodserv.conf . Using e.g. editor nano, add the following example job configuration text for jobname prodserv and adapt Include=XXXXX according the supplementary folders that must be backuped, e.g. due to installed contribs that works with /opt):
[prodserv] remoteHostName=192.168.0.2 SMEServer=yes Watchdog=yes RPMCheck=yes ConnectionCheckTimeout=120 Debug=no Description=Backup of 192.168.0.2 smeserver.athome.xx DiskSpaceWarn=strict RootDir=/var/affa Include=/each/folder/to/save Include=/another/folder/to/save TimeSchedule=0630 localNice=15 remoteNice=15 rsync--inplace=yes rsyncCompress=no rsyncTimeout=900 scheduledKeep=1 dailyKeep=7 weeklyKeep=4 monthlyKeep=12 yearlyKeep=1 status=disabled
Then save your job configuration file.
If you have a Letsencrypt certificate on the production server, then you should also include
Include=/etc/dehydrated
Now check that your configuration is OK:
affa --configcheck
This should throw out no errors.
Generate DSA keys and send the public key to the prodIP
server
affa --send-key prodserv
The answer from ProdIP server will be
Job prodserv: root@ProdIP's password:
enter the root ProdIP password. The answer will be:
Public key sent to prodIP
Copying data
Run the Affa job on the newIP
box
affa --run prodserv
Depending on the amount of data and the speed of hardware and network this first job run can take a really long time.
Now view the file /var/affa/prodserv/rpms-missing.txt
less /var/affa/prodserv/rpms-missing.txt
You will find a list of RPMs which are installed on prodIP
but not on this server (newIP
) and also RPMs installed with different versions. Install or update the listed RPMs. To verify, you can run the steps of this chapter again. Finally the rpms-missing.txt should not list any RPMs.
In case you are upgrading the SME operating system to a higher version you may not only find the contribs installed in this list but all changes between the 2 systems - in this case you need to run this command on prodIP
/sbin/e-smith/audittools/newrpms
To find out what contribs are installed on prodIP
.
Final data synchronization
Ask your users to log off.
Log into the prodIP
box and stop all services that can modify data.
For SME8 and SME7
SVC='qpsmtpd sqpsmtpd crond pop3 imap imaps pop3s ftp httpd-e-smith atalk smb qmail' for s in $SVC; do service $s stop; done
For SME9
SVC='qpsmtpd sqpsmtpd crond pop3 dovecot pop3s ftp httpd-e-smith smb qmail' for s in $SVC; do service $s stop; done
Note: Downtime of the production server starts here
Log into the newIP
box and run the Affa job again
affa --run prodserv
This run will complete very quickly as only differences since the the last run needs to be synchronsized.
Switch over to the new hardware
Log into the prodIP
box and power it off
poweroff
Log into the newIP
box and rise this server to your production server
affa --rise --all prodserv
This action will complete very quickly as only hardlinks are used and no data is physically moved.
Note: Do not be scared if your prompt looks different!
Now do a reboot
reboot
Note: Downtime of the production server ends here
You now have an identical copy of your old production server running on the new hardware. Your users can now log on.
Cleaning up
Remove the Affa archives
/bin/rm -rf /var/affa
Remove the Affa packages and all status and configuration data
yum remove smeserver-affa perl-Filesys-DiskFree rm -f /etc/cron.d/affa-status /etc/cron.d/affa rm -rf /home/e-smith/db/affa /home/e-smith/db/affa-report rm -rf /var/log/affa
Note: Don't forget to clean up /var/affa. Otherwise you will waste disk space and see strange quota reports. See this forum thread for details.
Additional information
Performance
With this method you should be able to move a typical 500 Gbyte sized server to new hardware with downtime less than 20 minutes. The final sync and the rise time does not really depend on the total files size, but on the number of files and directories.
Using the backup and restore functions
The general working way is to make a backup of the old SME and to restore it on the new SME (upgraded or not). The function "RPMCheck" can be used indirectly with the backup server (compare the list with the old and with the new hardware) to get the list of rpm's that are missing on the new hardware but it is not available for a backup on the external usb disk.
Preparation
Take a backup of the running old 'prod server' (see the above conf file /etc/affa/prodserv.conf ).
After the backup, set a temporary IP into the conf file of the backup job:
remoteHostName=tem.po.ra.ry.IP
For a backup on an external usb disk, set:
remoteHostName=localhost RootDir=/the/mount/point/of/the/disk
and mount the disk. You should make a list of the installed rpm's too.
Install SME on the new hardware
Install at least the same version of SME you were running on the old hardware or a more recent one (e.g. from SME8 to SME9).
For the method based on a backup server:
- Set the temporary IP as internal address of the new hardware
- From the backup server create the ssh connection between the backup server and the new hardware by sending the ssh key:
affa --send-key prodserv
The answer from Prod-temp-IP server will be
Job prodserv: root@Prod-temp-IP's password:
enter the root Prod-temp-IP password. The answer will be:
Public key sent to prod-temp-IP
External usb disk:
- Install "smeserver-affa" on the new hardware
- mount the usb disk on the same mountpoint than for the backup
- go into the archive and copy the .ini file into /etc/affa as conf file:
cd /mount/point/prodserv/scheduled.0 ls -a ### to see the ini file cp .prodserv.ini /etc/affa/ mv /etc/affa/.prodserv.ini /etc/affa/prodserv.conf
In case of upgrade SME8 to SME9
The restoration of the default data (parameter "SMEServer=yes" into the conf file of the job) will configure yum repos for SME8 on the new server SME9!
In order to avoid this there are 2 possibilities:
- make a copy of both folders /etc/yum.repos.d and /etc/yum.smerepos.d before the restore. It will be helpful for reconfiguring by hand the repos for SME9 after the restore.
- add following into the conf file of the backup job:
Exclude=/etc/yum.repos.d Exclude=/etc/yum.smerepos.d
before the last backup (of course if you will restore from the last backup - scheduled.0 - and not from an older one like weekly.2!)
Restore the data
From the backup server (or from the new production server in case of restoring from external usb disk) run:
affa --full-restore [--preserve-newer=no] [--delete=yes] prodserv
To get 1:1 the state of the backup.
Keep in mind that:
- [--preserve-newer=no]: files on the remote server with modification time newer than on the backup are overwritten through the older ones of the backup.
- [--delete=yes]: all files on the remote server, which are not in the backup, are deleted.
After the restore, the new prodserver will reboot.
Note for the case of 3 machines: Make sure that the old hardware is switched off or no more connect to the network before the new hardware reboots because the new hardware will take its IP after the reconfiguration.
Tasks post restore
- If the backup job should be used for further backups of the new hardware, don't forget to replace the temporary IP of "Remotehost" through the previus set IP of the old server into the conf file of the affa job.
- In case of an OS upgrade, check and if necessary reconfigure the repositories of yum for the new version.