Moving SME to new Hardware

From SME Server
Jump to: navigation, search

PythonIcon.png Skill level: Advanced
The instructions on this page may require deviations from standard procedures. A good understanding of linux and Koozali SME Server is recommended.

Is this article helpful to you?
Please consider donating or volunteering
Thank you!


Contents

Introduction

There are many ways to move a SME Server installation to new hardware and also new versions of the SME Server software.

This document describes a method using the Affa V3 contrib.

Affa gives 3 possibilities to move to new hardware, depending of the available hardware (1,2 or 3 servers, an usb disk) and on the acceptable downtime:

  • Using the "rise" feature will convert the backup server into the new production server => 2 machines are needed - short downtime.
  • Using the normal backup and restore functions:
  • with 2 machines (production server and backup server - long downtime) or 3 machines (old production server, backup server and new production server - short downtime)
  • with only 1 machine and an usb external disk (long downtime)


These 3 methods can also be used to upgrade from a lower version to a higher version of the SME software. This also work from SME 8.1 to 9.

In the following it is assumed that prodIP is the IP address of your production server and newIP is the IP address of the new server hardware. Replace both placeholders by your real IP addresses.

Using the "rise" feature

Preparation

Production server

Enable remote administration ssh access in the server-manager of prodIP. This involves setting both the 'Secure shell access' for the local network, and the 'Allow administrative command line access over secure shell' setting, which must be set to 'Yes'. Also, you may have to set "Allow secure shell access using standard passwords" to 'Yes' as well.
Log into the prodIP box and run an update

yum update

If packages were updated signalling post-upgrade and reboot events is required.

New hardware

Install SME Server from the latest CDROM/ISO. Assign an unused IP address (newIP) and disable DHCP.
Enable remote ssh access in the server-manager on the newIP box.

Note: From now on all further steps can be done remotely via ssh login.

Log into the newIP box and run an update

yum update

Signalling post-upgrade and reboot events is required.


Install the Affa RPM

Follow the latest instructions here: Affa Installation

Please remember to manually create directory for archive files:

mkdir /var/affa


Important.png Note:
During the transition from SME8 to SME9, contrib packages will be migrated to the SME9 contrib repository. If the contrib is not yet in the SME9 Contrib repository and an entry in the Q&A suggests it will install properly then you will need to install the contrib from the SME8 repository See: http://wiki.contribs.org/SME9.0_Contribs_QA#Setup.



Important.png Note:
During the transition from SME7 to SME8, contrib packages will be migrated to the SME8 contrib repository. If the contrib is not yet in the SME8 Contrib repository and an entry in the Q&A suggests it will install properly then you will need to install the contrib from the SME7 repository See: http://wiki.contribs.org/SME8.0_Contribs_QA#Setup.

Configure Affa

db affa set AffaGlobalDisable yes
db affa set prodserv job
db affa setprop prodserv remoteHostName prodIP
db affa setprop prodserv RPMCheck yes
affa --make-cronjobs

In this example you have an SME production server (prodIP) with IP 192.168.0.2.
You have a second SME box as your backup server (newIP) with IP 192.168.0.10.
The affa backup job will be called 'prodserv'.

Login to your newIP as root and edit/create the file /etc/affa/prodserv.conf . Using e.g. editor nano, add the following example job configuration text for jobname prodserv and adapt Include=XXXXX according the supplementary folders that must be backuped, e.g. due to installed contribs that works with /opt):

[prodserv]
remoteHostName=192.168.0.2
SMEServer=yes
Watchdog=yes
RPMCheck=yes
ConnectionCheckTimeout=120
Debug=no
Description=Backup of 192.168.0.2 smeserver.athome.xx
DiskSpaceWarn=strict
RootDir=/var/affa
Include=/each/folder/to/save
Include=/another/folder/to/save
TimeSchedule=0630
localNice=15
remoteNice=15
rsync--inplace=yes
rsyncCompress=no
rsyncTimeout=900
scheduledKeep=1
dailyKeep=7
weeklyKeep=4
monthlyKeep=12
yearlyKeep=1
status=disabled

Then save your job configuration file.

If you have a Letsencrypt certificate on the production server, then you should also include

Include=/etc/dehydrated

Now check that your configuration is OK:

affa --configcheck

This should throw out no errors.

Generate DSA keys and send the public key to the prodIP server

affa --send-key prodserv

The answer from ProdIP server will be

Job prodserv: root@ProdIP's password:

enter the root ProdIP password. The answer will be:

Public key sent to prodIP

Copying data

Run the Affa job on the newIP box

affa --run prodserv

Depending on the amount of data and the speed of hardware and network this first job run can take a really long time.

Now view the file /var/affa/prodserv/rpms-missing.txt

less /var/affa/prodserv/rpms-missing.txt

You will find a list of RPMs which are installed on prodIP but not on this server (newIP) and also RPMs installed with different versions. Install or update the listed RPMs. To verify, you can run the steps of this chapter again. Finally the rpms-missing.txt should not list any RPMs.

In case you are upgrading the SME operating system to a higher version you may not only find the contribs installed in this list but all changes between the 2 systems - in this case you need to run this command on prodIP

 /sbin/e-smith/audittools/newrpms

To find out what contribs are installed on prodIP.

Final data synchronization

Ask your users to log off.
Log into the prodIP box and stop all services that can modify data.

SVC='qpsmtpd sqpsmtpd crond pop3 dovecot pop3s ftp httpd-e-smith atalk smb qmail' 
for s in $SVC; do service $s stop; done

Note: Downtime of the production server starts here

Log into the newIP box and run the Affa job again

affa --run prodserv

This run will complete very quickly as only differences since the the last run needs to be synchronsized.

Switch over to the new hardware

Log into the prodIP box and power it off

poweroff


Log into the newIP box and rise this server to your production server

affa --rise --all prodserv

This action will complete very quickly as only hardlinks are used and no data is physically moved.

Note: Do not be scared if your prompt looks different!

Now do a reboot

reboot

Note: Downtime of the production server ends here


You now have an identical copy of your old production server running on the new hardware. Your users can now log on.

Cleaning up

Remove the Affa archives

/bin/rm -rf /var/affa

Remove the Affa packages and all status and configuration data

yum remove smeserver-affa perl-Filesys-DiskFree
rm -f /etc/cron.d/affa-status /etc/cron.d/affa
rm -rf /home/e-smith/db/affa /home/e-smith/db/affa-report
rm -rf /var/log/affa 

Note: Don't forget to clean up /var/affa. Otherwise you will waste disk space and see strange quota reports. See this forum thread for details.

Additional information

Performance

With this method you should be able to move a typical 500 Gbyte sized server to new hardware with downtime less than 20 minutes. The final sync and the rise time does not really depend on the total files size, but on the number of files and directories.


Using the backup and restore fonctions

The general working way is to make a backup of the old SME and to restore it on the new SME (upgraded or not). The fonction "RPMCheck" can be used indirectly with the backup server (compare the list with the old and with the new hardware) to get the list of rpm's that are missing on the new hardware but it is not available for a backup on the external usb disk.

Preparation

Take a backup of the running old 'prod server' (see the above conf file /etc/affa/prodserv.conf ).

Important.png Note:
Like using the way based on "rise", your can take the first backup (takes long time) without stopping the services and the last one (is quick) after the logout of the users and the stop of the services

After the backup, set a temporary IP into the conf file of the backup job:

remoteHostName=tem.po.ra.ry.IP

For a backup on an external usb disk, set:

remoteHostName=localhost
RootDir=/the/mount/point/of/the/disk

and mount the disk. You should make a list of the installed rpm's too.

Install SME on the new hardware

Install at least the same version of SME you were running on the old hardware or a more recent one (e.g. from SME8 to SME9).

For the method based on a backup server:
  • Set the temporary IP as internal address of the new hardware
  • From the backup server create the ssh connection between the backup server and the new hardware by sending the ssh key:
 affa --send-key prodserv

The answer from Prod-temp-IP server will be

Job prodserv: root@Prod-temp-IP's password:

enter the root Prod-temp-IP password. The answer will be:

Public key sent to prod-temp-IP
External usb disk:
  • Install "smeserver-affa" on the new hardware
  • mount the usb disk on the same mountpoint than for the backup
  • go into the archive and copy the .ini file into /etc/affa as conf file:
cd /mount/point/prodserv/scheduled.0
ls -a   ### to see the ini file
cp .prodserv.ini /etc/affa/
mv /etc/affa/.prodserv.ini /etc/affa/prodserv.conf
In case of upgrade SME8 to SME9

The restoration of the default data (parameter "SMEServer=yes" into the conf file of the job) will configure yum repos for SME8 on the new server SME9!

In order to avoid this there are 2 possibilities:

  • make a copy of both folders /etc/yum.repos.d and /etc/yum.smerepos.d before the restore. It will be helpful for reconfiguring by hand the repos for SME9 after the restore.
  • add following into the conf file of the backup job:
Exclude=/etc/yum.repos.d
Exclude=/etc/yum.smerepos.d

before the last backup (of course if you will restore from the last backup - scheduled.0 - and not from an older one like weekly.2!)

Restore the data

From the backup server (or from the new production server in case of restoring from external usb disk) run:

affa --full-restore [--preserve-newer=no] [--delete=yes]  prodserv

To get 1:1 the state of the backup.

Keep in mind that:

[--preserve-newer=no]: files on the remote server with modification time newer than on the backup are overwritten through the older ones of the backup.
[--delete=yes]: all files on the remote server, which are not in the backup, are deleted.


Warning.png Warning:
A full restore with --preserve-newer no and --delete yes reconstructs the server as it was at the time of the backup. That means, that all files created or server configuration changes made before the restore will be lost!

After the restore, the new prodserver will reboot.

Note for the case of 3 machines: Make sure that the old hardware is switched off or no more connect to the network before the new hardware reboots because the new hardware will take its IP after the reconfiguration.

Tasks post restore

  • If the backup job should be used for further backups of the new hardware, don't forget to replace the temporary IP of "Remotehost" through the previus set IP of the old server into the conf file of the affa job.
  • In case of an OS upgrade, check and if necessary reconfigure the repositories of yum for the new version.

Personal tools
Koozali SME Server wiki