[Act] Act services moving on a new server
sebastien at aperghis.net
Fri Apr 8 01:12:24 CEST 2016
Philippe Bruhat wrote:
> Salve J Nilsen wrote:
> > 1) Do the $NEW_TTL change right now, so people with $CURRENT_TTL
> > can have time to update their DNS cache. Then wait with any
> > migration until $CURRENT_TTL time has passed. :)
> This only works for the domains we control.
> I know of a few that point to the address of spectre, and still
> will after the move until we can reach the owners and let them
> know the new address. If we don't know the affected domains, then
> I think the only solution is to put up a static page with some
> contact info asking specifically for the URL used to reach the
> now-broken site. Then we can use whois to try and contact the
> domain owner, so that they point to the real site.
> We can find some of those domains by looking in the Act config
> for the "main" url of each conference, and get a list of all
> the vanity domains that we don't control.
That's why we always asked people to make CNAME to the resource
conferences.mongueurs.net, in order to handle server migrations.
I now remember that when we moved from profane to spectre, several
domains remained unchanged and therefore broken. So yes, there
are certainly some domains that directly point to spectre.
> To mitigate the downtime caused by DNS propagation, what about:
> - setup the Act database on phantom
> - dump and shutdown the Act database on spectre
> - restore that last copy of the spectre db on phantom
> - point the spectre Act config to the db on phantom (this might
> add some latency, but that's only for people connected to spectre)
> - at this stage, we have two Act servers on different boxes
> pointing to the same database instance
> - reconfigure the DNS to point to phantom
> - wait for at least $CURRENT_TTL, until every domain points to
> - shut down spectre
> This way, both the old and new IP point to a working Act instance.
I'm really not keen with such a solution for the following reasons:
- requires to modify the configuration
- PostgreSQL over the internets
- the first step (setup the Act database on phantom) is useless
because restoring databases requires Act to be down
Stefan Seifert wrote:
> As an alternative you could set up a forwarding proxy on spectre
> so updates on Act's code or static files will be covered, too.
> Instead of a proxy, one could even forward port 80 to phantom
> using iptables and destination NAT. I've successfully used both
> strategies for server migrations in the past.
Both spectre and phantom are running FreeBSD, so pf instead of
iptables, but as far as I know, spectre lacks pf support.
French Perl monger Richard suggested a proxy-based solution as
well. I quite prefer this approach, as it can also be used to
prepare the maintenance pages.
While reading & writing these mails, I also realised that instead
of migrating everything at the same time, we can first migrate
the static sites, to check that Apache works. Then migrate the Act
test instance, so you can all check that it works, and it's a
database we can trash with no regrets. This will also be useful to
see how phantom performs when actually used, this server being
clearly less powerful than spectre.
Close the world, txEn eht nepO.
More information about the Act