Page MenuHomePhabricator
Create Task
Maniphest T384037

Dismiss WMCH-mores-donate01 server from CentOS (!) and migrate to new server with latest Debian stable
Closed, ResolvedPublic
Actions

Description

I noticed that WMCH has a server that hosts donations and that runs ancient CentOS 7, who is classified as End Of Life since at least June 2024.

Let's understand what runs, and if we can migrate to something else.

Current Services

  • ✅ httpd
    • mod_php
    • mod_ssl
    • mod_autoindex
    • mod_welcome
  • ✅ zabbix_agent
  • vsftpd
  • mariadb
    • test database
      • 2025-01-17: the test database was... just a test. Nuked.
    • matomo database
      • 2025-01-17: it seems to have data only about 2020 and 2022. Dumped with mysqldump matomo > /root/matomo-2025-01-17.sql.gz
    • service:
      • 2025-01-17: stopped
  • ...?

Current Resources

  • /var/www/donate.wikimedia.ch

Current Specifications

WhatCurrentAVG Used in 6 monthsProposed
CPU2 cores1%2 cores
RAM3.7GB< 1G2GB
/home4 GB300MNO /home separated
/var15 GB5GNO /var separated. Note that 1GB is for legacy Matomo to be nuked.
/20G3GFull disk - swap
swap4294 MB1GB
/dev/sda48.3 GB< 9G20GB

Raw info

$ fdisk -l
Disk /dev/sda: 48.3 GB, 48318382080 bytes, 94371840 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000b101f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048     9422847     4198400   8e  Linux LVM
/dev/sda3         9422848    94371839    42474496   8e  Linux LVM

Disk /dev/mapper/vg1-root: 21.5 GB, 21470642176 bytes, 41934848 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/vgswap-swap: 4294 MB, 4294967296 bytes, 8388608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/vg1-var: 16.1 GB, 16106127360 bytes, 31457280 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/vg1-tmp: 1619 MB, 1619001344 bytes, 3162112 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/vg1-home: 4290 MB, 4290772992 bytes, 8380416 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
$ df -lh
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg1-root   20G  2,1G   18G  11% /
/dev/mapper/vg1-home  4,0G  264M  3,8G   7% /home
/dev/sda1             497M  268M  229M  54% /boot
/dev/mapper/vg1-tmp   1,5G   33M  1,5G   3% /tmp
/dev/mapper/vg1-var    15G  5,3G  9,8G  36% /var

TODO

  • VPS creation
  • after-installation checks
  • install packages
  • transfer old data with rsync /var/www/donate.wikimedia.ch
  • reduce DNS TTL
  • configure default web page
  • setup HTTP virtualhosts in new server
  • copy SSL certificates as-is in the new server (that has not a public IP)
  • setup HTTPs virtualhosts in the new server
  • setup ssl
  • do a test donation poisoning /etc/hosts using PayPal
  • setting up HTTP Proxy from old server to the new one to minimize downtime
  • 2024-02-06 5:35 PM detach the public IP from the old VPS, attach to the new one
  • test Let's Encrypt renewal in the new server
  • test
  • switch-off old server
  • test
  • wait
  • 2025-04-04 restore DNS ttl
  • 2025-04-04 decommission old server

Related Objects
Search...

Event Timeline

ValerioBoz-WMCH created this task.Jan 17 2025, 4:30 PM
ValerioBoz-WMCH updated the task description. (Show Details)Jan 17 2025, 4:41 PM
ValerioBoz-WMCH closed subtask T384038: WMCH-mores-donate01: harden vsftp (security) as Resolved.Jan 17 2025, 4:46 PM
ValerioBoz-WMCH claimed this task.Jan 17 2025, 5:10 PM
ValerioBoz-WMCH triaged this task as Medium priority.
ValerioBoz-WMCH updated the task description. (Show Details)
ValerioBoz-WMCH renamed this task from Upgrade WMCH-mores-donate01 server from CentOS (!) to latest Debian stable to Dismiss WMCH-mores-donate01 server from CentOS (!) and migrate to new server with latest Debian stable.Jan 17 2025, 5:19 PM

Will proceed next week. Authorized by Ilario ✅

ValerioBoz-WMCH moved this task from Backlog to Triage / Work On on the WMCH-Infrastructure board.Jan 17 2025, 5:39 PM
ValerioBoz-WMCH added a comment.Jan 31 2025, 11:59 AM

P.S. The new VPS was created last week thanks to Moresi. I've then fixed APT sources (had only CDROM), run initial APT upgrade, installed PHP, prepared virtual hosts, still needs Let's Encrypt (no public IP).

This new VPS uses just 150M~ RAM instead of 900M.

I propose the migration for next Thursday, January 6th, after 3 P.M. Nobody should notice anything. The migration will be totally transparent for end-users.

ValerioBoz-WMCH updated the task description. (Show Details)Jan 31 2025, 12:03 PM
ValerioBoz-WMCH updated the task description. (Show Details)Feb 6 2025, 4:21 PM
ValerioBoz-WMCH updated the task description. (Show Details)Feb 6 2025, 4:54 PM
ValerioBoz-WMCH lowered the priority of this task from Medium to Low.Feb 7 2025, 12:40 PM
ValerioBoz-WMCH updated the task description. (Show Details)

The HTTP proxy is in place. Done the IP detach/attach trick yesterday. Stopped httpd in CentOS 7 yesterday night. Shutdown server tomorrow morning. Tested again. Still works.

Ready for the decommission. Lowering priority.

valerio.bozzolan raised the priority of this task from Low to High.Apr 2 2025, 1:05 PM
valerio.bozzolan subscribed.

We have an OK from Ilario for this.

ValerioBoz-WMCH closed this task as Resolved.Apr 4 2025, 1:51 PM
ValerioBoz-WMCH updated the task description. (Show Details)
ValerioBoz-WMCH added a comment.Apr 4 2025, 1:54 PM

The VPS donate01 was nuclearized some minutes ago. Adios CentOS 7, welcome Debian 12.

Updated our internal reference.

https://members.wikimedia.ch/wiki/Infrastructure/Servers/List

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits