CHG-2025-XX-XX migrate store to hetzner3: Difference between revisions
Jump to navigation
Jump to search
(started hetzner3 side of the migration script (stuck at rsync)) |
(fix rsync to actually copy files from hetzner2 to hetzner3) |
||
| Line 93: | Line 93: | ||
# STEP 2: BACKUP FILES | # STEP 2: BACKUP FILES | ||
time nice tar -czvf ${backupDir_hetzner2}/current/${backupFileName_files_hetzner2} ${vhostDir} | time nice tar -czvf ${backupDir_hetzner2}/current/${backupFileName_files_hetzner2} ${vhostDir} | ||
# STEP 3: COPY TO HETZNER3 | |||
ssh -p 32415 hetzner3 sudo mkdir -p ${backupDir_hetzner3}/{current,old} | |||
ssh -p 32415 hetzner3 sudo mv ${backupDir_hetzner3}/current/* ${backupDir_hetzner3}/old/ | |||
rsync -av --progress --rsync-path="sudo rsync" -e "ssh -p 32415" ${backupDir_hetzner2}/current/* maltfield@hetzner3:${backupDir_hetzner3}/current/ | |||
#################### | #################### | ||
| Line 122: | Line 127: | ||
docrootDir="${vhostDir_hetzner2}/htdocs" | docrootDir="${vhostDir_hetzner2}/htdocs" | ||
# STEP 1 | # STEP 1: ADD DB | ||
# create backup before we start changing the sql file | # create backup before we start changing the sql file | ||
| Line 148: | Line 144: | ||
time nice mysql -uroot -p${mysqlPass} -sNe "GRANT ALL ON ${dbName_hetzner2}.* TO '${dbUser_hetzner2}'@'localhost' IDENTIFIED BY '${dbPass_hetzner2}'; FLUSH PRIVILEGES;" | time nice mysql -uroot -p${mysqlPass} -sNe "GRANT ALL ON ${dbName_hetzner2}.* TO '${dbUser_hetzner2}'@'localhost' IDENTIFIED BY '${dbPass_hetzner2}'; FLUSH PRIVILEGES;" | ||
# STEP | # STEP 2: Add vhost files | ||
mv ${vhostDir_hetzner2}/* ${backupDir_hetzner2}/old/ | mv ${vhostDir_hetzner2}/* ${backupDir_hetzner2}/old/ | ||
tar -xzvf ${backupFileName_files_hetzner1} | tar -xzvf ${backupFileName_files_hetzner1} | ||
Revision as of 02:58, 12 December 2024
Status
2024-12-11 09:52 UTC
Initial Ticket draft created on wiki (WIP)
Purpose
This change does the following for store.opensourceecology.org
- entirely migrate the 'store' wordpress site from hetzner2 (EOL CentOS7) to hetzner3 (Debian 12)
- update core wp from v5.1.1 to v6.6.1
- eliminates subversion from the docroot (which has security issues because the releases are not signed and lacks 3TOFU)
- update plugin 'akismet' from v4.1.1 to v5.3.3
- uninstall plugin 'be-gdpr'
- uninstall plugin 'be-portfolio-post'
- update plugin 'classic-editor' from v1.4 to v1.6.5
- uninstall plugin 'colorhub'
- update plugin 'contact-form-7' from v5.1.1 to v5.9.8
- uninstall plugin 'force-strong-passwords'
- update plugin 'google-authenticator' from v0.48 to 0.54
- uninstall plugin 'masterslider'
- update plugin 'meta-box' from v4.17.3 to v5.10.2
- uninstall plugin 'meta-box-conditional-logic'
- uninstall plugin 'meta-box-show-hide'
- uninstall plugin 'meta-box-tabs'
- uninstall plugin 'oshine-core'
- uninstall plugin 'oshine-modules'
- uninstall plugin 'redux-vendor-support'
- uninstall plugin 'rename-wp-login'
- uninstall plugin 'revslider'
- uninstall plugin 'tatsu'
- uninstall plugin 'typehub'
- update plugin 'vaching' from v1.6.9 to v1.8.3
- update plugin 'woocommerce' from v3.5.7 to v9.3.3
- update plugin 'coingate-for-woocommerce' from v1.2.2 to v2.1.1
- change theme from 'oshin' to 'twentyseventeen'
- update theme 'storefront' from v6.6.4.4 to v7.2.1
- update theme 'twentyeleven' from v3.2 to v4.7
- update theme 'twentyfifteen' from v2.4 to v3.8
- update theme 'twentyfourteen' from v2.6 to v4.0
- update theme 'twentynineteen' from v1.3 to v2.9
- update theme 'twentyseventeen' from v2.1 to v3.7
- update theme 'twentysixteen' from v1.9 to v3.3
- update theme 'twentyten' from v2.8 to v4.2
- update theme 'twentythirteen' from v2.8 to v4.2
- update theme 'twentytwelve' from v2.9 to v4.3
Points of Contact
Change being performed by: Michael Altfield
Service owners: Catarina Mota & Marcin Jakubowski
Apply to Production
# TODO: verify && change everything in this script
####################
# run on hetzner2 #
####################
sudo su -
# STEP 0: CREATE BACKUPS
source /usr/home/osemain/backups/backup.settings
/usr/home/osemain/backups/backup.sh
# when finished, verify that the whole system backup was successful before proceeding
sudo rclone lsl b2:ose-server-backups | grep -i $(date +%Y%m%d)
# DECLARE VARIABLES
vhost_name='store.opensourceecology.org'
dbName='store_db'
dbUser="CHANGEME"
dbPass="CHANGEME"
source /usr/home/osemain/backups/backup.settings
stamp=`date +%Y%m%d`
backupDir_hetzner2="/var/tmp/backups_for_migration_to_hetzner2/${vhost_name}_${stamp}"
backupFileName_db_hetzner2="mysqldump_${vhost_name}.${stamp}.sql.bz2"
backupFileName_files_hetzner2="${vhost_name}_files.${stamp}.tar.gz"
vhostDir='/var/www/html/store.opensourceecology.org'
# STEP 1: BACKUP DB
mkdir -p ${backupDir_hetzner2}/{current,old}
pushd ${backupDir_hetzner2}/current/
mv ${backupDir_hetzner2}/current/* ${backupDir_hetzner2}/old/
# TODO: change this to just be our vhost-specific db (not --all-databases)
time nice mysqldump -u"${dbUser}" -p"${dbPass}" ${dbName} | bzip2 -c > ${backupDir_hetzner2}/current/${backupFileName_db_hetzner2}
# STEP 2: BACKUP FILES
time nice tar -czvf ${backupDir_hetzner2}/current/${backupFileName_files_hetzner2} ${vhostDir}
# STEP 3: COPY TO HETZNER3
ssh -p 32415 hetzner3 sudo mkdir -p ${backupDir_hetzner3}/{current,old}
ssh -p 32415 hetzner3 sudo mv ${backupDir_hetzner3}/current/* ${backupDir_hetzner3}/old/
rsync -av --progress --rsync-path="sudo rsync" -e "ssh -p 32415" ${backupDir_hetzner2}/current/* maltfield@hetzner3:${backupDir_hetzner3}/current/
####################
# run on hetzner3 #
####################
sudo su -
# STEP 0: CREATE BACKUPS
# for good measure, trigger a backup of the entire system's database & files:
time /bin/nice /root/backups/backup.sh &>> /var/log/backups/backup.log
# when finished, verify that the whole system backup was successful before proceeding
rclone lsl b2:ose-server-backups | grep -i $(date +%Y%m%d)
# DECLARE VARIABLES
vhost_name='store.opensourceecology.org'
dbName='store_db'
dbUser="CHANGEME"
dbPass="CHANGEME"
source /root/backups/backup.settings
stamp=`date +%Y%m%d`
backupDir_hetzner2="/var/tmp/backups_for_migration_to_hetzner3/${vhost_name}_${stamp}"
backupDir_hetzner3="/var/tmp/backups_for_migration_from_hetzner2/${vhost_name}_${stamp}"
backupFileName_db_hetzner1="mysqldump_${vhost_name}.${stamp}.sql.bz2"
backupFileName_files_hetzner1="${vhost_name}_files.${stamp}.tar.gz"
vhostDir='/var/www/html/store.opensourceecology.org'
docrootDir="${vhostDir_hetzner2}/htdocs"
# STEP 1: ADD DB
# create backup before we start changing the sql file
pushd ${backupDir_hetzner2}/current
cp ${backupFileName_db_hetzner1} ${backupFileName_db_hetzner1}.orig
# extract .sql.bz2 -> .sql
bzip2 -dc ${backupFileName_db_hetzner1} > db.sql
# verify the first 2 (non-comment) occurances of $dbName meet the naming convention of "<siteName>_db
vim db.sql
time nice mysql -uroot -p${mysqlPass} -sNe "DROP DATABASE IF EXISTS ${dbName_hetzner2};"
time nice mysql -uroot -p${mysqlPass} -sNe "CREATE DATABASE ${dbName_hetzner2}; USE ${dbName_hetzner2};"
time nice mysql -uroot -p${mysqlPass} < "db.sql"
time nice mysql -uroot -p${mysqlPass} -sNe "GRANT ALL ON ${dbName_hetzner2}.* TO '${dbUser_hetzner2}'@'localhost' IDENTIFIED BY '${dbPass_hetzner2}'; FLUSH PRIVILEGES;"
# STEP 2: Add vhost files
mv ${vhostDir_hetzner2}/* ${backupDir_hetzner2}/old/
tar -xzvf ${backupFileName_files_hetzner1}
content_dir=`find ${backupFileName_db_hetzner2} -name wp-content -type d | sort | head -n1`
htaccess_file=`find ${backupFileName_db_hetzner2} -name '.htaccess' -type f | sort | head -n1`
wp_config_file=`find ${backupFileName_db_hetzner2} -name 'wp-config.php' -type f | sort | head -n1`
mkdir -p ${docrootDir_hetzner2}
pushd ${docrootDir_hetzner2}
currentWpVersion=`curl -i https://core.svn.wordpress.org/tags/ | grep '<li>' | tail -n1 | cut -d\" -f2`
svn co https://core.svn.wordpress.org/tags/${currentWpVersion}/ ${docrootDir_hetzner2}
popd
rsync -av --progress ${wp_config_file} ${vhostDir_hetzner2}/
rsync -av --progress ${htaccess_file} ${docrootDir_hetzner2}/
rsync -av --progress ${content_dir} ${docrootDir_hetzner2}/
# make sure this is sudomain, not subdir now
vim ${docrootDir_hetzner2}/.htaccess
# update WP_HOME/WP_SITEURL/DB_NAME/DB_USER/DB_PASSWORD/DB_HOST/
# add/replace salts https://api.wordpress.org/secret-key/1.1/salt/
vim ${vhostDir_hetzner2}/wp-config.php
# SET PERMISSIONS
chown -R not-apache:apache "${vhostDir_hetzner2}"
find "${vhostDir_hetzner2}" -type d -exec chmod 0050 {} \;
find "${vhostDir_hetzner2}" -type f -exec chmod 0040 {} \;
chown not-apache:apache-admins "${vhostDir_hetzner2}/wp-config.php"
chmod 0040 "${vhostDir_hetzner2}/wp-config.php"
[ -d "${docrootDir_hetzner2}/wp-content/uploads" ] || mkdir "${docrootDir_hetzner2}/wp-content/uploads"
chown -R apache:apache "${docrootDir_hetzner2}/wp-content/uploads"
find "${docrootDir_hetzner2}/wp-content/uploads" -type f -exec chmod 0660 {} \;
find "${docrootDir_hetzner2}/wp-content/uploads" -type d -exec chmod 0770 {} \;
# UPDATE EXISTING PLUGINS
sudo -u wp -i wp --path=${docrootDir_hetzner2} plugin update --all
# UPDATE EXISTING THEMES
sudo -u wp -i wp --path=${docrootDir_hetzner2} theme update --all
# INSTALL PLUGINS
# install & configure 2FA plugins
sudo -u wp -i wp --path=${docrootDir_hetzner2} plugin install google-authenticator --activate
sudo -u wp -i wp --path=${docrootDir_hetzner2} plugin install google-authenticator-encourage-user-activation --activate
defaultOtpAccountDescription="`basename ${vhostDir_hetzner2}` wp"
pushd ${docrootDir_hetzner2}/wp-content/plugins/google-authenticator
sed -i "s^\$GA_description\s=\s__(\s[\"'].*[\"']^\$GA_description = __( '$defaultOtpAccountDescription'^" google-authenticator.php
popd
# install 'force-strong-passwords' plugin
sudo -u wp -i wp --path=${docrootDir_hetzner2} plugin install force-strong-passwords --activate
# install rename-wp-login plugin
sudo -u wp -i wp --path=${docrootDir_hetzner2} plugin install rename-wp-login --activate
# install "SSL Insecure Content Fixer" pugin
sudo -u wp -i wp --path=${docrootDir_hetzner2} plugin install ssl-insecure-content-fixer --activate
# install "Varnish Caching" pugin
sudo -u wp -i wp --path=${docrootDir_hetzner2} plugin install vcaching --activate
# SET PERMISSIONS AGAIN
chown -R not-apache:apache "${vhostDir_hetzner2}"
find "${vhostDir_hetzner2}" -type d -exec chmod 0050 {} \;
find "${vhostDir_hetzner2}" -type f -exec chmod 0040 {} \;
chown not-apache:apache-admins "${vhostDir_hetzner2}/wp-config.php"
chmod 0040 "${vhostDir_hetzner2}/wp-config.php"
[ -d "${docrootDir_hetzner2}/wp-content/uploads" ] || mkdir "${docrootDir_hetzner2}/wp-content/uploads"
chown -R apache:apache "${docrootDir_hetzner2}/wp-content/uploads"
find "${docrootDir_hetzner2}/wp-content/uploads" -type f -exec chmod 0660 {} \;
find "${docrootDir_hetzner2}/wp-content/uploads" -type d -exec chmod 0770 {} \;
# finally, log into the new wordpress site (use '/login' instead of '/wp-login.php'. After authenticating, wp will ask you to update, if necessary. Then update settings:
# 1. "Settings" -> "Permalinks" -> "Rename wp-login.php" -> "Login url" = 'ose-hidden-login'
# 2. "Settings" -> "General" -> "Google Authenticator - Encourage User Activation" = "Force the user"
# 3. "Settings" -> "SSL Insecure Content" and then [a] uncheck the "WooCOmmerce" checkbox and [b] change the HTTPS detection from the default "standard WordPress function" to "HTTP_X_FORWARDED_PROTO"
# 4. "Varnish Caching" and then [a] check the "Enable" checkbox, [b] enter "86400" for the "Homepage cache TTL", [c] enter "86400" for the "Cache TTL", [d] enter "127.0.0.1:6081" for "IPs", [e] check the "Dynamic host" checkbox
Finally, update the various content as needed:
- /contributors/, /community-true-fans/, /history-timeline/
- update iframes to knigtlab.com time sliders to be https instead of http
- /cnc-torch-table-workshop/, /eco-tractor_workshop/, /3d-printer-construction-set-workshop-3/
- update the widgets to use new "Custom HTML" widgets instead of "Text" widgets to prevent the eventbright's height from being truncated