Advice Needed - IP Migrations

Hello All,

I’m really looking for some advice here in regards to an IP Migration that we have got to do in the near future.

We are currently using our Datacentres own IP Block however as we grow we want to create a bit more ‘independance’ etc, so we have been assigned our own IP Block for use with our servers.

Currently we have two Iworx boxes with this supplier that we wish to migrate to this new box, however it has to be done in one shot as apparently the machine cannot use both sets of the (old) IP Addresses and (new) IP Addresses at the same time.

Now, on ServerA (for ex) we have around 150 domains, with about 15 SSL Certs, ServerB around 50 domains and about 3 SSL Certs. I mention the SSL Certs because obviuosly these sites run their own dedicated IP and there is more config in the virtualhostname.conf file.

One of my questions is; when using the ‘Allow IP Changes’ button in the Edit Screen of Nodeworx, will this also automtacially change the IP Address that the SSL Cert is bound to? Anybody noticed any issues?

As we have to make the switch in one go - would you suggest reducing the TTL’s on the domains down to (something low) maybe 24 hours before?

Just really looking for some advice from anyone that may have had to do something similar :slight_smile:

Many thanks,

William

I don’t know much about the migration part, as I haven’t done much with it, but I would just say that you should reduce the TTL earlier than 24 hours - 48-72 hours should be sufficient :slight_smile:

Thanks for your comments Fr3d :slight_smile:

Does anyone (Iworx boys?) know if I can run a simple SQL command on the internal iworx database, dns_records table to alter the ttl for the whole servers domains in one go? I dont fancy manually editting over 1500 individual dns records for nearly 300 domains :frowning:

Any input chaps?

EverythingWeb,

As always, the usual caveats apply: we don’t encourage people to go editing the internal iworx database, and this isn’t something we’ll support, so proceed at your own risk. :slight_smile:

That said, simply changing the TTLs should be fairly simple.

1.) First, get the iworx dsn from the iworx.ini file:
[root@test ~]# grep dsn ~iworx/iworx.ini
dsn=“mysql://iworx:IWORXPASS@unix(/home/interworx/var/run/mysql.sock)/iworx”

2.) Then, go to https://yourserver.com:2443/mysql. Enter ‘iworx’ as the user, the IWORXPASS found above as the password, choose the second “localhost” in the dropdown, and login.

3.) Chose the “iworx” database from the dropdown on the left, and choose the “dns_records” table.

4.) Run the following query:

UPDATE dns_records SET ttl=200;

or some other low number. This will change the records for all types (‘A’, ‘CNAME’, ‘NS’, ‘HOST’, ‘MX’, ‘PTR’, ‘NSSOA’, ‘SOA’, and ‘TXT’).

After about 5 minutes or so, the records will be exported out of that database and passed on to djbdns and take effect.

5.) Now log out immediately and don’t change anything else! :wink:

And remember, proceed at your own risk. :slight_smile:

Socheat

Just confirmed what I was thinking of doing :wink:

Recieving you loud ‘n’ clear with the caveats :slight_smile:

Perhaps this kind of feature is in Iworx 3.0, or could be put into 3.0.1/3.1.0? :smiley:

Hello Again,

Can anyone confirm my other question about SSL?

One of my questions is; when using the ‘Allow IP Changes’ button in the Edit Screen of Nodeworx, will this also automtacially change the IP Address that the SSL Cert is bound to? Anybody noticed any issues?

:slight_smile:

SSL is bound to the domain, not the IP. As long as you change the IP of the domain to another unused, static/dedicated IP, you should be fine.

Socheat

Perfect, thanks Socheat. I was just wondering whether that ‘instance’ of the IP in the virtualhost settings in /etc/httpd/conf.d/<domain>.conf would be updated. I am sure when the first one is done we shall see :smiley:

Sorry, Me again!

Due to ‘limitations’ from our upstream, we need to make all the IP switches in one go. Can we use the command line to change the IP addresses assigned to the accouts?

Is there a way we can run a command on the ssh line to ‘suspend’ all sites so we can then change over the IP’s (again, preferably through command line) reboot the machine, and then bring the sites back online on their new IP’s?

Thanks.

EverythingWeb,

Reducing the DNS TTL’s is a good idea, but to eliminate downtime completely, this is what we do:[LIST=1]

  • Copy the existing Apache configuration:
    # cd /etc/httpd/conf.d/
    # cp $DOMAIN.conf $DOMAIN_$OLD_IP.conf
    
  • Change the IP with InterWorx-CP.
  • [I][B]Wait at least as long as your DNS TTL.[/B][/I] ``` # cd /etc/httpd/conf.d/ # rm $DOMAIN_$OLD_IP.conf # apachectl graceful ``` [/LIST]In step #2, InterWorx-CP will edit $DOMAIN.conf and restart Apache (and completely ignore $DOMAIN_$OLD_IP.conf). Apache will now serve both configurations: one with the new IP and one with the old IP. During the DNS TTL period, some visitors will hit your server from $OLD_IP and some will hit it from the new IP.

    Why this allows for 100% uptime:[LIST=1]

  • Apache will serve the domain on both IP's.
  • Qmail listens on all IP's and sorts it out by [EMAIL="user@domain.com"]user@domain.com[/EMAIL] usernames.
  • ProFTP listens on all IP's and sorts it out by [EMAIL="user@domain.com"]user@domain.com[/EMAIL] usernames.[/LIST] Regarding your need to mass edit your accounts, basic shell commands will help (with the above info), but I don't think InterWorx-CP has much of a CLI command set, yet. :(
  • jimp,

    Your idea seems a perfect idea. We have had notification that our provider is underdoing rack upgrades so we are going to wait until after then when the servers are resettled in their new homes before we start fudging around with the config.

    With regards to the CLI - when tail’ing the iworx.log file you can see the calls to make the siteworx account changes, and it is this “direct” commands which I would like to know are open to us?

    The script/programming is there, so I would have thought it was just a case of sending the correct commands to it.

    Thanks. :slight_smile:

    Pay no attention to that man behind the curtain! :wink:

    In all seriousness, yes, while there are a bunch of command line scripts being executed during the normal operation of InterWorx, some aren’t very user friendly. For example, the account creation script is called package.activate.pex, but the parameters it uses to create the account are actually inserted into the database by the NodeWorx interface. There’s no way for you to pass creation parameters to the activate script.

    Making InterWorx more scriptable in some form or another (either via shell scripts or an API) has long been on our todo list, and we’ve made progress, albeit slow, towards this end in each release. :slight_smile:

    Socheat

    I never found any documentation, so I assumed the control panel was just making internal function calls. Thanks for the tip! There have been times that I really wished for CLI control of InterWorx-CP. Perhaps some of my old server automation needs/solutions can be achieved now. :slight_smile:

    Thanks Socheat for the post.

    The man behind the curtain is duely ignored :wink:

    Can you just confirm, is it possible to only change the IP Address of an accout via CLI which would update DNS and Apache config?

    pretty please :smiley:

    Hello again,

    After doing a couple of site moves, I noticed this command being run:

    httpd.php --updateip --ip XX.XX.XX.XX --domain DOMAIN.COM

    Where XX is the new IP and DOMAIN.COM is, the domain.

    Can this be run ‘as it is’ or will that only update the httpd config?