The Northern Spy: going the new server route
TweetFollow Us on Twitter

The Northern Spy: going the new server route

Under another hat, the Spy runs WebNameHost, which is a small hosting company in business for a decade now, and offering professional hosting in a safe environment for Christian, authors, small businesses, and personal sites. This is less than a living business, but much more than a hobby, as his teaching demands that he be able to discourse with students on all manner of computing technology without seeming too much a fool or irrelevant. It also needs to break even.

Though he is otherwise Mac-centric, the commercial hosting environment of choice is a CentOS machine running Cpanel/WHM, with billing and help desk provided by WHMCS, previously a separate company, but as of this month a WHM partner. Cork, the machine he was using for everything was a dual opteron of several years seniority running CentOS 4, and therefore his version of CPanel (11.32) was the last he could use without upgrading as future versions would no longer support CentOS 4. Since it is as much work to upgrade the OS as it is to set up a new server, and somewhat less likely of success, he opted for the new server route.

After obtaining several quotes, he elected to stay with his current data centre Atjeu, move company and personal accounts (including this column) to Tara, a virtual server, and all customers to Mayo, a new dedicated. What follows is a step by step that if successfully followed should achieve such a move with little or no down time (except for the inevitable glitches, which will be mentioned at the end.) Some of this material was adapted from several existing guides, but with many additional steps and comments.

Step 0: Optimize things with respect to the old server
This should be done a few weeks before the prospective move. Any hosting service that has been in business for more than a year or two has fossils on its servers. These may be accounts not properly deleted by the supposedly completely automated billing system for the failing memory of the aging sysop, freebies or test accounts no longer being used, dead databases forgotten by their owners, or email accounts never read or forwarded (they only host; mail is elsewhere) that have accumulated thousands of junk emails.

The less you transfer to the new machines, the shorter the time taken. Paying attention to these details allowed the Spy to remove some 4G of unnecessary data. It's also important to check the backup logs to ensure that process has been functioning without errors.

The Spy also found two corrupt databases in need of repair (customers hadn't noticed -- go figure) and these had to be fixed, as an account transfer will fail in such cases.

Finally check to ensure all accounts do indeed have their DNS correctly resolving and that you have access to the registry for that account (not needed if the nameserver names will remain the same and just change IP numbers).

Step 1: Provision the new server(s)

A week or more before planning to move accounts, cut the deal with the data centre to set up the new servers (one at a time). Once they are up and running with at least some of the IPs you need (if staying in the same DC, others can be moved) there is much work to do before it is ready to accept accounts.

First, the server needs to be securely locked down. Whatever such facilities the DC has installed, go immediately to ConfigServer, and buy their whole meal deal for $150, having them set up the firewall, mailscanner, and several other WHM plugins. Configure these, and tweak the WHM and firewall settings as needed to match your security policies. Use the php settings to forbid some of the more dangerous php functions, copy your server-wide email and firewall black and white lists from the old server, configure exim, get the backup routines going with a test account, and generally watch what goes on for a week.

Chances are there will be issues to solve, possibly involving the partitioning of the disk space. For cPanel, most of the space has to be in /home, not in /root, and a dedicated should have a second drive for /backup, which must be mounted and functioning.

Second, you may have other software you need to install. In past times, for instance, Fantastico was usually provisioned (sometimes as a DC throw-in) for customers to install their own scripts. Now, Softaculous may be a better choice (still being tested by the Spy). However, any such tools, skins, etc, must be installed and tested on the new server before any accounts are moved. In some cases you may have to have licenses reissued with the new server IP, but with companies such as WHMCS, this process can be undertaken by the licensee directly.

In addition, there are probably Perl or other modules that you installed at one time or another on the old box that need to be installed on the new. Compare lists and refresh the new accordingly. Your customers will be sure to let you know later when something fails.

Step 2: Reset the TTL much lower on all DNS zones

When a request is made to any website, data concerning the location of website, mail, etc. is pulled from the DNS. To cut down on the frequency of such requests, they are cached locally and by intermediate machines. Because this information can and does change from time to time, each record (line) of the DNS announces a number of seconds the data can live in the cache (TTL or Time to Live) before it has to be replaced by a new query.

Since you don't want old data sending queries to the old server for a long time after the move to the new, this TTL must be set to a fairly low values. Do this at least three days before the move by an SSH to the old server as root and issuing the commands:
cd /var/named
perl -pi.bak -e "s/14400/314/g" *.db
/etc/rc.d/init.d/named restart

This will change all the domain database files line by line from a 14400 to 314 TTL time and back up each .db file as it goes. The Spy picked 314 because it is the first three digits of pi, is unlikely to occur in any of the DNS records, and gives a TTL of just over five minutes. 300 or 399 will do as well. Do not use a value below 256. (Test question: why not?) Why three days? Because some machines don't respect the TTL all that well, and there needs to be time to inform them of the change.

Step 3: Cluster the old and new server

In WHM for both the old and new server, select Configure Cluster, and with the key from the other server, add it to a cluster. Activate clustering. This will cause the DNS records to synchronize between the two. Check the new server to ensure that it has the copies.

Post a sticky on your monitor as a reminder to self not to delete a DNS zone as it will delete on both machines. Deleting an account would delete it on the one machine and the DNS zone for it on both.

Step 4: Move accounts

A few days before moving a group of accounts, warn the reseller or if you are the reseller, warn all account holders that there could be outages in mail, ftp, and cpanel on the day of the move. If there are no glitches, this should not actually happen. But when Murphy strikes, you won't be exorciated for not telling them.

Moving should be done on a per reseller basis, to cut down on later corrections after you mess up the first few times. Do this using the "copy multiple accounts and packages from another server" function on the new server. Use Express move all the time. This will ensure that the account on the old machine is suspended so no new traffic goes there. Leave the window showing the move results open until it is finished or the move will abort. Check the log of the move to ensure all was OK.

Of course, as each account is moved and its DNS is changed to reflect the new environment, the clustering will ensure that the old DNS is changed too, pointing any would be traffic to the new machine. And, at this point, it is the DNS on the old machine that is the live one, not the one on the new, even though the latter is a copy and is where the changes are happening.

The first time, you might want to copy only the packages. While in the process moving accounts, it may be a good idea to stop the mail and ftp services, and cpanel as well if you are particularly paranoid about not wanting data to appear on the old server and not get moved.

Move the reseller account first, ensuring it gets its dedicated IP as needed, and that appropriate IPs are delegated to it for creation of accounts (main shared and any dedicateds).

Sign on to the new machine as that reseller and make another trip to the Move multiple accounts section, select all that resellers customers and again express move them all. The nameservers should stay the same, the new delegated shared IP should be attached, and any that had dedicated IPs should get new ones, SPF records should be updated, databases moved, mail and cron jobs also, the works—all this reflected in the DNS.

However, the move routine does have a bug. If the DNS FTP record is a CNAME, all will be well. If it was the IP of the old box, it will not be changed. This has to be fixed after the fact, probably by the root as most reseller accounts are not given access to DNS editing. Don't forget that DNS changes happen on both machines. While you are at it, scan all the DNS records to ensure they are otherwise correct, but do not change the TTL. Restart any stopped services on the old machine until you are ready to move the next reseller.

For each account with a dedicated IP, go to the data centre control panel (or put in a ticket as needed) and ensure that the DC has a correct reverse pointer to the new IP. If you were having mail announce using the the data in /etc/mailips and /etc/mailhelo that data and /etc/mail_reverse_dns must be edited and saved according to the new IPs, these settings tweaked in whm, and exim restarted. If you had a global setting for such announcing, these files are populated automatically.

Repeat for each reseller until done. Note that if you are moving within the same DC, you may elect to keep your IP numbers. In this case, you may find yourself deleting some from the old box and adding them to the new as you go. If so, don't forget to have the DC move them from your one account to the other. You cannot delete an IP if it is still being used, so at the end of the day there will still be some to add to the new box.

Step 5: Re-number the nameservers

The nameservers for the main box and those various resellers that also have them all have to be edited, first on the new server, then at the registrar.

Change the nameserver IP for each nameserver you use t your domain registrar. This may require a ticket, but at Enom, this is quite simple. Just go the the main (top) menu selecting Domains-Advanced Tools-Register A Name Server, then Update. Enter the nameserver and its new number on the new box. Do this for both nameservers for each account that has them. After this is complete, on the new server, edit the dns zones for those nameservers to reflect the new numbers you will be using.

Important: Do not try to do this change earlier in the process, though you can do it on a per reseller basis after each reseller is moved. The DNS on a machine points to web files relatively. Thus, the new machine cannot, prior to an account move, point back to the old, but because the DNS does have IP numbers updated, once the account is on the new, it is pointed to there locally.

Step 6: Wait several days before declustering

Unlike your DNS records, which currently have a low TTL, those at the registrar have a high one. Thus, there will be a few days before you can assume all the cached DNS records have been refreshed with the new ones. Only then can you decluster the two machines.

Step 7: Reset the new DNS

After a few days more have gone by and you have made any further corrections, SSH to the old server as root and issue the commands:
cd /var/named
perl -pi.bak -e "s/314/14400/g" *.db
/etc/rc.d/init.d/named restart

This will change all the domain database files line by line back from a TTL of 314 to 14400, and as before, making backups. You may need to make global changes to the SPF records to remove the surviving mention of the old server's IP as a correct sender, and to clean up the ftp records if this hasn't already been done. If you are unsure of what command needs to be issued here, practice on the old box, as it is now decoupled from the new.

Step 8: Inform customers that all is complete
and, of course invite them to test things. Note that all mailman lists must now be accessed at the new box, not the old one.

Step 9: Decommission the old box

After yet a few more days more have gone by and you have solved the additional problems that arose reqarding email not working, software settings not being correct, Perl modules your customers needed not being installed, etc. it is time to let the old DC know that its box is no longer needed and can be decommissioned. If staying in the same DC and keeping IPs this is the time to add the last of the old numbers to the new box and have the DC move them between the defunct account and the new one. Congratulations. Except for troubleshooting the problems that customers only now bring you, you're done.

--The Northern Spy

Opinions expressed here are entirely the author's own, and no endorsement is implied by any community or organization to which he may be attached. Rick Sutcliffe, (a.k.a. The Northern Spy) is professor and chair of Computing Science and Mathematics at Canada's Trinity Western University. He has been involved as a member or consultant with the boards of several organizations, including in the corporate sector, and participated in industry standards at the national and international level.

He is a long time technology author and has written two textbooks and six novels, one named best ePublished SF novel for 2003. His columns have appeared in numerous magazines and newspapers (paper and online), and he's a regular speaker at churches, schools, academic meetings, and conferences. He and his wife Joyce have lived in the Aldergrove/Bradner area of BC since 1972.

Want to discuss this and other Northern Spy columns? Surf on over to ArjayBB.com. Participate and you could win free web hosting from the WebNameHost.net subsidiary of Arjay Web Services. Rick Sutcliffe's fiction can be purchased in various eBook formats from Fictionwise, and in dead tree form from Amazon's Booksurge.

URLs for Rick Sutcliffe's Arjay Enterprises:
The Northern Spy Home Page: http://www.TheNorthernSpy.com
opundo : http://opundo.com
Sheaves Christian Resources : http://sheaves.org
WebNameHost : http://www.WebNameHost.net
WebNameSource : http://www.WebNameSource.net
nameman : http://nameman.net

General URLs for Rick Sutcliffe's Books:
Author Site: http://www.arjay.ca
Publisher's Site: http://www.writers-exchange.com/Richard-Sutcliffe.html

URLs for items mentioned in this column
CPanel:: http://www.cpanel.net
Atjeu:: http://www.atjeu.com
WHMCS:: http://www.whmcs.com
Configserver:: http://www.configserver.com
One source:: http://forums.cpanel.net/f5/guide-transferring-all-accounts-new-server-1...

 
AAPL
$103.30
Apple Inc.
+0.80
MSFT
$45.09
Microsoft Corpora
-0.34
GOOG
$577.33
Google Inc.
+5.73

MacTech Search:
Community Search:

Software Updates via MacUpdate

TextSoap 7.4.0 - Flexible text editing u...
TextSoap is for people who work with text. TextSoap effortlessly cleans up text from endlessly different formats. Wash away unwanted characters, spaces, tabs. Fix paragraphs with hard returns at the... Read more
NetShade 6.0.2 - Browse privately using...
NetShade is an Internet security tool that conceals your IP address on the web. NetShade routes your Web connection through either a public anonymous proxy server, or one of NetShade's own dedicated... Read more
Mac DVDRipper Pro 5.0 - Copy, backup, an...
Mac DVDRipper Pro is the DVD backup solution that lets you protect your DVDs from scratches, save your batteries by reading your movies from your hard disk, manage your collection with just a few... Read more
pwSafe 3.1 - Secure password management...
pwSafe provides simple and secure password management across devices and computers. pwSafe uses iCloud to keep your password databases backed-up and synced between Macs and iOS devices. It is... Read more
StatsBar 1.8 - Monitor system processes...
StatsBar gives you a comprehensive and detailed analysis of the following areas of your Mac: CPU usage Memory usage Disk usage Network and bandwidth usage Battery power and health (MacBooks only)... Read more
Path Finder 6.5.5 - Powerful, award-winn...
Path Finder is a file browser that combines the familiar Finder interface with the powerful utilities and innovative features. Just a small selection of the Path Finder 6 feature set: Dual pane... Read more
QuarkXPress 10.2.1 - Desktop publishing...
With QuarkXPress, you can communicate in all the ways you need to -- and always look professional -- in print and digital media, all in a single tool. Features include: Easy to Use -- QuarkXPress is... Read more
Skype 6.19.0.450 - Voice-over-internet p...
Skype allows you to talk to friends, family and co-workers across the Internet without the inconvenience of long distance telephone charges. Using peer-to-peer data transmission technology, Skype... Read more
Capo 3.1.2 - Slow down and learn to play...
Capo lets you slow down your favorite songs so you can hear the notes and learn how they are played. With Capo, you can quickly tab out your songs atop a highly-detailed OpenCL-powered spectrogram... Read more
VueScan 9.4.41 - Scanner software with a...
VueScan is a scanning program that works with most high-quality flatbed and film scanners to produce scans that have excellent color fidelity and color balance. VueScan is easy to use, and has... Read more

Latest Forum Discussions

See All

Modern Combat 5 Gets a Major Multiplayer...
Modern Combat 5 Gets a Major Multiplayer Update Posted by Jessica Fisher on September 2nd, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Alien Creeps TD Review
Alien Creeps TD Review By Jennifer Allen on September 2nd, 2014 Our Rating: :: EXPENSIVE DEFENSESUniversal App - Designed for iPhone and iPad Alien Creeps TD would be a fun if unremarkable Tower Defense game, but its heavy focus on... | Read more »
The Journey Down: Chapter Two Review
The Journey Down: Chapter Two Review By Jennifer Allen on September 2nd, 2014 Our Rating: :: DARK YET ENTICINGUniversal App - Designed for iPhone and iPad It’s a little dark, in every sense of the word, but The Journey Down:... | Read more »
Function Space, a Social Network App for...
Function Space, a Social Network App for Science, Launches on iOS Posted by Ellis Spice on September 2nd, 2014 [ permalink ] | Read more »
Stupidfast – How Taylor Martinez Switche...
How do you make an Endless Running game more than just another Endless Running game? By adding real life prizes to it, of course! That’s the thinking behind StupidFast: a game designed for football enthusiasts, and the brainchild of former college... | Read more »
Little Raiders: Robin’s Revenge Review
Little Raiders: Robin’s Revenge Review By Jennifer Allen on September 2nd, 2014 Our Rating: :: CASUAL RAIDINGUniversal App - Designed for iPhone and iPad Combining simple combat with village building is a potent combination for... | Read more »
Treasure Tombs: Ra Deal Coming from Bulk...
Treasure Tombs: Ra Deal Coming from Bulkypix and Dark Tonic This Fall Posted by Jessica Fisher on September 2nd, 2014 [ permalink ] Dark Tonic and | Read more »
Pirate Bash Review
Pirate Bash Review By Nadia Oxford on September 2nd, 2014 Our Rating: :: BAD PIRATES, GOOD TIMESUniversal App - Designed for iPhone and iPad Pirate Bash’s turn-based battles add an intriguing twist to a typical physics game.   | Read more »
Tiny Tower Vegas Review
Tiny Tower Vegas Review By Jennifer Allen on September 2nd, 2014 Our Rating: :: STEADY DEVELOPMENTUniversal App - Designed for iPhone and iPad Build a huge tower again but Vegas-style in Tiny Tower Vegas.   | Read more »
The Manhattan Project Review
The Manhattan Project Review By Andrew Fisher on September 2nd, 2014 Our Rating: :: ROCKET SCIENCEUniversal App - Designed for iPhone and iPad The Manhattan Project offers a great Euro-style gameplay experience, but it is totally... | Read more »

Price Scanner via MacPrices.net

Apple Cuts iPad mini Prices; Non-apple Vendor...
Digitimes’ Max Wang and Joseph Tsai report that Apple is cooperating with US-based retailers including Best Buy and Amazon to cut iPad mini prices, and that channel retailers believe other brand... Read more
Apple refurbished iPads available for up to $...
Apple is offering Certified Refurbished iPad Airs for up to $140 off MSRP. Apple’s one-year warranty is included with each model, and shipping is free. Stock tends to come and go with some of these... Read more
Are We Now In The Post-Post-PC Era?
A longtime and thoroughgoing laptop aficionado, I was more than a little dismayed by Steve Jobs’s declaration back in 2010 when he sprang the iPad on an unsuspecting world. that we’d entered a “post-... Read more
PC Outlook Improves, But 2014 Shipments Still...
According to the International Data Corporation (IDC) Worldwide Quarterly PC Tracker, worldwide PC shipments are expected to fall by -3.7 percent in 2014. To hat’s actually an improvement from the... Read more
IDC Lowers Tablet Sales Projections for 2014...
Following a second consecutive quarter of softer than expected demand, International Data Corporation (IDC) has lowered its worldwide tablet plus 2-in-1 forecast for 2014 to 233.1 million units. The... Read more
Apple now offering refurbished 21-inch 1.4GHz...
The Apple Store is now offering Apple Certified Refurbished 21″ 1.4GHz iMacs for $929 including free shipping plus Apple’s standard one-year warranty. Their price is $170 off the cost of new models,... Read more
Save $50 on the 2.5GHz Mac mini, on sale for...
B&H Photo has the 2.5GHz Mac mini on sale for $549.99 including free shipping. That’s $50 off MSRP, and B&H will also include a free copy of Parallels Desktop software. NY sales tax only. Read more
Save up to $300 on an iMac with Apple refurbi...
The Apple Store has Apple Certified Refurbished iMacs available for up to $300 off the cost of new models. Apple’s one-year warranty is standard, and shipping is free. These are the best prices on... Read more
The Rise of Phablets
Carlisle & Gallagher Consulting Group, a businesses and technology consulting firm focused solely on the financial services industry, has released an infographic depicting the convergence of... Read more
Bad Driver Database App Allows Good Drivers t...
Bad Driver Database 1.4 by Facile Group is a new iOS and Android app that lets users instantly input and see how many times a careless, reckless or just plain stupid driver has been added to the... Read more

Jobs Board

*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Senior Event Manager, *Apple* Retail Market...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global event strategy. Delivering an overarching brand story; in-store, Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.