Server Migration Guide - thebaulab/onramp GitHub Wiki
Server Migration Guide
This page documents the process for migrating infrastructure servers to new hardware or Ubuntu versions.
Overview
The baulab.us cluster runs on Ubuntu LTS releases. Migration is needed when:
- Hardware reaches end-of-life
- Ubuntu version goes out of support (20.04 → 24.04)
- Expanding capacity
Current Infrastructure
| Server | Ubuntu | Role | Migration Status |
|---|---|---|---|
| baunames | 20.04 | LDAP, Ansible | → baunames24 |
| bauserver | 20.04 | Web server | → bauserver24 |
| baushare | Synology DSM | NAS | No migration needed |
| baunas24 | Synology DSM | NAS | No migration needed |
Migration Scripts
Migration scripts are located in /home/localdavidbau/admin/lab/scripts/:
| Script | Purpose |
|---|---|
backup_ldap_full.sh |
Complete LDAP backup |
gather_system_info.sh |
Collect system info for planning |
restore_ldap_server.sh |
Restore LDAP to new server |
LDAP Server Migration
Step 1: Backup Current Server
On baunames (old server):
cd /home/localdavidbau/admin/lab/scripts
sudo ./backup_ldap_full.sh
# Backup is saved to /share/backup/ldap-full-YYYYMMDD-HHMMSS/
This backs up:
- LDAP configuration (
slapcat -n 0) - LDAP data (
slapcat -n 1) - TLS certificates
- phpLDAPadmin config
Step 2: Prepare New Server
On baunames24 (new server):
# Install base packages
sudo apt update
sudo apt install -y slapd ldap-utils
# Stop slapd for restoration
sudo systemctl stop slapd
Step 3: Restore Data
# Copy backup to new server
scp -r /share/backup/ldap-full-LATEST localdavidbau@baunames24:/tmp/
# On new server, run restore script
ssh baunames24
cd /tmp/ldap-full-LATEST
sudo ./restore_ldap_server.sh
Step 4: Update TLS Certificates
Generate new certificates for the new hostname:
# On new server
sudo openssl req -x509 -nodes -days 3650 \
-newkey rsa:2048 \
-keyout /etc/ldap/baunames24_slapd_key.pem \
-out /etc/ldap/baunames24_slapd_cert.pem \
-subj "/CN=baunames24.khoury.northeastern.edu"
sudo chown openldap:openldap /etc/ldap/baunames24_slapd_*.pem
sudo chmod 640 /etc/ldap/baunames24_slapd_key.pem
Update LDAP TLS config:
cat > /tmp/tls.ldif << EOF
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/baunames24_slapd_cert.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/baunames24_slapd_key.pem
EOF
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/tls.ldif
Step 5: Update Clients
Update all client machines to point to new LDAP server:
# On baunames (ansible controller)
cd /srv/ansible24
# Edit ldap-client/sssd.conf to update ldap_uri
# ldap_uri = ldaps://baunames24.khoury.northeastern.edu
# Deploy to all clients
ansible-playbook ldapclient.yml
Step 6: Verify
# Test LDAP connectivity from a client
ldapsearch -x -H ldap://baunames24 -b "dc=baulab,dc=us" "(uid=davidbau)"
# Test login
ssh testuser@someclient
Web Server Migration
Step 1: Backup
# On bauserver
sudo tar -czf /share/backup/bauserver-$(date +%Y%m%d).tar.gz \
/etc/apache2 \
/etc/letsencrypt \
/var/www
Step 2: Install on New Server
# On bauserver24
sudo apt install -y apache2 libapache2-mod-wsgi-py3
# Enable modules
sudo a2enmod ssl rewrite proxy proxy_http wsgi
Step 3: Restore Configuration
# Copy sites-available configs
sudo cp /share/backup/bauserver-*/etc/apache2/sites-available/* /etc/apache2/sites-available/
# Copy SSL certificates
sudo cp -r /share/backup/bauserver-*/etc/letsencrypt /etc/
# Enable sites
sudo a2ensite baulab-ssl
sudo systemctl reload apache2
Step 4: Update DNS
Contact Khoury IT to update DNS records:
- baulab.us → new bauserver24 IP
- shell.baulab.us → new IP
Ansible Migration
The /srv/ansible24/ directory contains playbooks updated for Ubuntu 24.04.
Key Differences (20.04 → 24.04)
| Component | 20.04 | 24.04 |
|---|---|---|
| Python | 3.8 | 3.12 |
| SSSD config | Minor changes | Updated options |
| systemd | Same | Same |
Updating Playbooks
-
Test on single machine first:
ansible-playbook main.yml -l testhost --check -
Apply to one machine:
ansible-playbook main.yml -l testhost -
Roll out to all:
ansible-playbook main.yml
Pre-Migration Checklist
- Document current IP addresses and DNS entries
- Backup all configuration files
- Test backups can be restored (on test VM)
- Schedule maintenance window
- Notify users of downtime
- Verify new hardware is on network
- Update inventory in
/etc/ansible/hosts
Post-Migration Checklist
- All users can log in
- NFS mounts work
- Web services accessible
- SSL certificates valid
- Monitoring configured
- Old server decommissioned (but kept as backup)
Rollback Plan
If migration fails:
- Stop services on new server
- Update DNS/client configs back to old server
- Restart services on old server
- Investigate and retry migration
Keep old server running (powered off or isolated) for at least 30 days after successful migration.
Related Pages
- LDAP-Server-Administration - LDAP details
- Ansible-Playbook-Reference - Ansible documentation
- Network-Architecture - Network overview