1, Security Hardening
-------------------
a, Compare the version of PHP,MySQL,Apache on both servers. Unless there is any special requirement from the client, keep the same version on both servers.Also verify php is running as apache or cgi on both servers
b, Install CSF and do the normal security hardening.
c, Make cpanel to a stable version and run forceful update.
/scripts/upcp --force
d, check the available IPs in the new server and domains having dedicated SSL certs.
Update the client for new additional IPs if required.
e, Check the PHP and Apache modules in the old server and enable them.
2, Migration
Once the configurations are identical, we can start the migration. Enable SSH key access to the new server from the old server so we can avoid prompting password each time.
copy the contents of /root/.ssh/id_dsa.pub and paste it on /root/.ssh/authorized_keys of the new server
If there is no /root/.ssh/id_dsa.pub, create a SSH Key
ssh-keygen -t dsa
Press enter for all options, so SSH key is created with default values. Copy the key and paste on file " /root/.ssh/authorized_keys " of the new server.This will create a passwordless key authentication between the the servers.
Make a list of all the accounts in the old server.
cat /etc/trueuserdomains | awk {'print $2'} > /root/transferlist
Take the backups of the accounts using cpanel's pkgacct method with skip home directory option and copy account to the new server.
for i in `cat /root/transferlist`
do
#echo $i
/scripts/pkgacct --skiphomedir $i >> /home/pkgfile
acc=$(ls /home/cpmove*$1*)
scp -P 2411 $acc root@65.98.85.226:/home
wait
ls -lh $acc
rm -rf $acc
done
Copy the domain list (/root/transferlist) to the new server and start restoring the accounts.
for i in `cat /root/transferlist`; do /scripts/restorepkg $i >> /home/restorefile; done
Rsync the home directories once the restore process is completed. Run the following from the old server,
rsync -avz -e "ssh -p 2411" /home/* root@65.98.85.226:/home/
Migrate all the packages (/var/cpanel/packages) from old server to the new one
3, Post Migration.
Compare whether all the accounts are restored in the new server.
-----------------------------------------------
1. Copy the file /etc/trueuserdomains from the old server to the new server. Eg copy to the location /backup/trueuserdomains.
2. Run this script from the new server to check the domains that are not found in the /etc/trueuserdomains file of the new server.
for i in `cat /backup/trueuserdomains | awk {'print $1'}| cut -d: -f 1`; do if grep -q $i /etc/trueuserdomains; then echo "FOUND $i"; else echo "$i NOT FOUND";fi; done | grep NOT > /root/missingtrueuserdomains
If the above result does not give any output, it means all accounts are copied over from old server to new server.
If we are using rsync of /home, to see if any home directory has failed to copy over to the new server, use the following steps.
1.Make a list of home directories from the OLD server.
ls -d /home/*/ | cut -d/ -f 3 > /root/olddirs
2. scp this to the /backup folder of the NEW server. So the file lies at /backup/olddirs
3. Make a list of current home directory in the NEW server.
ls -d /home/*/ | cut -d/ -f 3 > /root/newdirs
4. Compare from the NEW server
for i in `cat /backup/olddirs`; do if grep -q $i /root/newdirs ; then echo "FOUND $i"; else echo "$i NOT FOUND";fi; done | grep NOT > /root/missinghomedirs
This will give the list of those home directores that are present in the OLD server but absent in the NEW server.
Check if all accounts inside /etc/trueuserdomains are there in httpd.conf file
for i in `cat /etc/trueuserdomains | awk {'print $1'}| cut -d: -f 1`; do if grep -q $i /usr/local/apache/conf/httpd.conf; then echo "FOUND $i"; else echo "$i NOT FOUND";fi; done | grep NOT > /root/missingapacheentries
Check if all accounts inside /etc/trueuserdomains are there in /etc/named.conf file
for i in `cat /etc/trueuserdomains | awk {'print $1'}| cut -d: -f 1`; do if grep -q $i /etc/named.conf ; then echo "FOUND $i"; else echo "$i NOT FOUND";fi; done | grep NOT > /root/missingnamedentries
Assign dedicated IPs to domains that had on the old server and copy SSL cert from the old server.
To check domains have dedicated IPs -- cat /etc/domainips
To check domains have private SSL installed -- cat /etc/ssldomains
Categories for this entry
Awesome one..keep it up.. :)
ReplyDelete