Moving live system to xen machine

jhite · Oct 3, 2012

PS. When I do "shut it off" I'll start a timer and let you know how long the end users are down. And I'm doing this all remotely.

AlexJ · Oct 3, 2012

You can switch DNS settings(change IP) when you start moving data because it also take a time (usually 2-6 hours, so it's also downtime).
You can do moving stuff by IP only, but mail server will need correct pointers from DNS when it start working. By the way, usually you can't control reverse IP by yourself, so don't forget to call XEN hosting and ask them to assign correct reverse IP in DNS since most email servers rejecting connections from IPs that has incorrect or absent reverse IP.

jhite · Oct 3, 2012

apache, openwebmail, mailman, bind, pop, and smtp are all functioning. Users exist, their files exist (mostly), and their email will be resynced before the final switchover. If I only do the rsync once a day it seems to take about 3 hours. So if I run it once right before the shutdown it should go pretty quickly since not much will have changed. I might even be able to get it going in less than my "few hours" time frame.

jhite · Oct 3, 2012

AlexJ said:
You can switch DNS settings(change IP) when you start moving data because it also take a time (usually 2-6 hours, so it's also downtime).
You can do moving stuff by IP only, but mail server will need correct pointers from DNS when it start working. By the way, usually you can't control reverse IP by yourself, so don't forget to call XEN hosting and ask them to assign correct reverse IP in DNS since most email servers rejecting connections from IPs that has incorrect or absent reverse IP.

I've got the DNS TTL turned down to 5 minutes on that server right now. So the change over there should happen long before the final sync finishes. Honestly though, I hadn't thought about the reverse DNS entry yet. Luckily, I am the DNS and XEN host so I don't have to deal with any third parties. BTW, I've been saying xen all along but in truth it's Cirtix XenServer.

And for those wondering how it is possible this person who obviously should not be doing this is responsible for it... it's simple... if nobody else in my company can do something it becomes my job. I got tasked with this email server and luckily I also got tasked with the new XenServer hardware.

jhite · Oct 6, 2012

I told you I'd let you know how it went. downtime was 4 hours 20 minutes. Everything's up, end users were mostly assleep so none have even noticed that have bothers to speak up about it. Thanks for that help... it went swell.

AlexJ · Oct 6, 2012

I glad that you switched it relatively painlessly.

if nobody else in my company can do something it becomes my job

That is exactly what I thought...

So the change over there should happen long before the final sync finishes

Kinda... most DNS propagate change pretty quickly around the globe but some synchronized once in 6 hours, so it depend what DNS server you query.
To be make sure that your users can reach your server, you need to query outlying their provider DNS servers

Code:

dig @far.dns.server your.server.com any

If you would have a time, take previous advises about moving to latest FreeBSD in account, it was advised with the good reason.

jhite · Oct 6, 2012

That's the plan... at least now I have snapshots, bandwidth, and piece of mind. The last one being the most important.
This server has to go to maildir from mbox, LDAP from passwd, new webmail client, etc. The old one doesn't have quotas turned on at all so some mailboxes are quite ridiculous. There's plenty to get configured now but it will go alot smoother from here I think.

jhite · Oct 6, 2012

AlexJ said:
Kinda... most DNS propagate change pretty quickly around the globe but some synchronized once in 6 hours, so it depend what DNS server you query.
To be make sure that your users can reach your server, you need to query outlying their provider DNS servers

Code:

dig @far.dns.server your.server.com any

I actually had the TTL on that zone turned down to 5 minutes. Everything else is a cname back to it. So every 5 minutes any servers that have cached information would regard it as expired and recheck. I'm on a different ISP and I actually had to go into my /etc/hosts file and put in the server and address there because I switched it over too soon.

kpa · Oct 6, 2012

AlexJ said:
Kinda... most DNS propagate change pretty quickly around the globe but some synchronized once in 6 hours, so it depend what DNS server you query.

DNS doesn't do any kind of active synchronisation either way by default. The existing records just go stale and are deleted when their TTL drops to zero. Only when the records are requested again the new versions of the records get fetched from the authoritative servers. Some resolvers can be configured to automatically refresh the records in the cache when their TTL is getting near zero but it's not a common practise because it can be quite expensive with a large cache.

AlexJ · Oct 8, 2012

Yes, sure, you're absolutely technically right. I missed the point about

I am the DNS and XEN host so I don't have to deal with any third parties.

but some VPS/KVM/XEN providers changing DNS settings manually(even if they have web control panel), so I meant human's delay factor, not a DNS TTL. I'm sorry, for confusion.