Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: Fumetto on August 21, 2024, 12:47:38 AM

Title: Migration, what can go wrong?
Post by: Fumetto on August 21, 2024, 12:47:38 AM
What I'm looking for is advice, but it's a long story... that I'll shorten as best I can.
Maybe it's not the "best" place to ask for this advice, but for me, now, it is.

SME, installed in 2016; few (2 or 3) contribs, more or less regular maintenance. Various upgrades, some "tweaks" (such as a webserver in the local network that must send unauthenticated). At the beginning it was "bare-metal", about 4 years ago it was transformed into a VM on ESXi. Today we have reached 790GB of occupied space out of 950 available; about a hundred users, with about ten "large" in terms of quota disk space.

Cleaning up is out of the question for "company practice".
In the last 2 years the "responsibility"/"money" ratio has dropped to less than one, we are at zero-point "x". That zero-point is given by calls with SLA at -24h and payment at +90d... :-D :-(

I am therefore "forced by circumstances", given the situation and my possibilities, to think about migrating to another system... I don't like this "object" thing, but it seems to work (from the tests I have done and that are in progress), and it is supported by "not me" (directly). This is because the "customer" is not to be "neglected", several families "eat" with (also) the services provided by SME and, potentially, one could think about implementing other "objects" that provide other "services"... Me or other... :-)

Creation of users from scratch on the new system, configuration of dkim, spf and so on, import with imapsync, I pass everything, I turn off the VM with SME and put it in the safe, it is made sure that all the emails are there and bye, asta la vista. :-)

I need advice here... what can go wrong? What am I forgetting?
Title: Re: Migration, what can go wrong?
Post by: Jean-Philippe Pialasse on August 21, 2024, 04:40:30 PM
backup restore using exclusion in backup in order to only backup essential. then when the new one has been restored just rsync the excluded folder from old to new.

what was the old SME version?
Title: Re: Migration, what can go wrong?
Post by: Fumetto on August 22, 2024, 12:54:37 AM
Old SME is version 10.x. Contribs are smeadmin, qmhandle and vacantion.

I've imported a single 30GB email accont from "old" SME to new N***Server8 in 3 hour. 10GB/h is not bad (for me).
At the end, I only need to "transfer" email. qmhandle and vacantion seem to be "standard" on new server.

New server is a VM on 3 node proxmox cluster (actually with 2 of 3 server).
Title: Re: Migration, what can go wrong?
Post by: ReetP on August 22, 2024, 01:52:00 AM
Also look at the migrate script for ideas.

Not sure if that handles v10 - v10?
Title: Re: Migration, what can go wrong?
Post by: mmccarn on August 22, 2024, 02:08:30 PM
Not sure if that handles v10 - v10?

I think OP's new server is not running SME...

Personally I am a "gradualist" about server migrations - I've been a "one man shop" most of my career and try to find a way to migrate one user or service at a time, adjusting both the old and new servers as each user/service is moved using email forwarding for users and proxypass or DNS updates for services. For anything that cannot be migrated this way I create either a script or detailed notes developed during several test migrations before doing the final migration.

As for things that might need extra attention:
* eMail rules, signatures, and message status
* Fetchmail settings
* File ownership and permissions
* Any SME-based service using cookie-based authentication
* Version issues with apache, php, node, javascript, etc that might require config file changes or application modification
* Encryption and Cipher Suites used by any of https, smtps, imaps, ftps
* upstream connections
  * Cloudflare (for example) can be configured to expect a specific certificate from your server -- any upstream system connecting to your SME could have settings that will impact communications with the new server.
  * External SMTP relay (if you're using one)
* downstream connections
  Servers accessed by the SME server itself may need configuration changes to allow connections from the new system.
* Single Sign-On
  Is your SME involved in any sort of SSO?
* daemon users
  Apache may be running as "www" or "apache" instead of "httpd", which would impact service control files and file ownership requirements.
* Active directory domain settings?
* Apache, PHP symlink & basedir (generally - any SME default or db-controlled setting that differs from the default on the new server)
* webapp databases & passwords (eg wordpress)
* Server maintenance (I spent a year or more getting comfortable keeping Ubuntu up-to-date before I moved any production services off of SME)
* System security (SME incorporates good overall security settings by default)
  * service configurations
  * user rights
  * firewall rules
  * fail2ban
* LetsEncrypt



Title: Re: Migration, what can go wrong?
Post by: ReetP on August 22, 2024, 03:57:33 PM
I think OP's new server is not running SME...

Ah yes. "N***Server8" wasn't in the first post....... embarassment is a funny thing.

Not sure why they are asking here then..... Might have helped to have advised this in the first place.

Quote
Maybe it's not the "best" place to ask for this advice, but for me, now, it is.

Hmmmm. For migration to a different system it probably isn't the greatest idea. We are here to support the use of Koozali SME.

Quote
In the last 2 years the "responsibility"/"money" ratio has dropped to less than one, we are at zero-point "x"

Not sure why you'd migrate on that basis, but hey ho.

If you explain exactly why you need to move - it isn't obvious to me - we are always interested in what motivates people to use something else and what we can do to help you remain on SME (not the same as helping you to move elsewhere).




Title: Re: Migration, what can go wrong?
Post by: Fumetto on August 22, 2024, 05:18:16 PM
I would not intend to migrate but:
1 - The responsibility is growing too much and the compensation is decreasing more and more.
2 - SME10 is in EOL, SME11 is still "far away", I do not have the economic/technical power to be able to deal with any problems that may arise.
3 - I do not want to leave them "in their underwear" and therefore I want to migrate them to a system that others can also support; I, under the conditions "imposed" by them, can no longer afford it.

Unfortunately, and I repeat unfortunately, I am forced by circumstances; I like to sleep at night (and not just sleep...).

My request for help was to have indications on something I had not thought of, and in fact you made me think that I have to check pseudonim and groups ... I have a vague memory of some customizations in this sense ... thank you very much!!!
Title: Re: Migration, what can go wrong?
Post by: Jean-Philippe Pialasse on August 22, 2024, 09:26:41 PM
far from SME 11, i would not say that. few weeks to few months. biggest blocker is defining the new signing and publish process of packages.

nethserver did have planned migration at 7 stage from SME but your should only ask help on their forum for this kind of migration.
Also please be aware that their new 8 version is mainly based on docker and there will be no easy turning back. 
Title: Re: Migration, what can go wrong?
Post by: Fumetto on August 23, 2024, 09:51:53 AM
Also please be aware that their new 8 version is mainly based on docker and there will be no easy turning back. 
...and this is why I don't migrate all of my SME... only this...
Title: Re: Migration, what can go wrong?
Post by: ReetP on August 23, 2024, 10:13:26 AM
...and this is why I don't migrate all of my SME... only this...

Kk. Still N8 is some way from SME today and I have no experience of it.

The place to ask is there as they know about their server.

Note also. Unlike us, they are a funded operation with paid devs. Hence they move faster than we can.

As I have said many times, the slow progress here is due to a lack of help from the community. It is everyones fault, and that includes you.... But v11 is not far away. If you used your Rocket account you would know. If you still have SMEs please come and help.

Note that unlike Koozali, the ultimate aim of N8 is to upsell you to their commercial offerings - like most long term open source projects.

"A sprat to catch a mackerel"

Just be aware of that fact.

Quote
All that glisters is not gold

(from The Merchant of Venice, which is delicious irony :lol: )
Title: Re: Migration, what can go wrong?
Post by: Fumetto on September 24, 2024, 10:50:51 PM
Ok, after much discussion it seems that I can reach an agreement to "keep" SME and do the necessary REGULAR maintenance. The only "obstacle" is represented by the fact that the "bitten apple devices" do not accept the self-generated certificate and making them digest it is becoming an impossible thing, with each IOS update it is increasingly "troublesome".

The solutions that I found are
1) using a Let'sEncrypt certificate
2) setting the self-generated certificate with a ten-year expiration (if it can still be done, I remember reading something but it was the time of SME 8)

The first solution seems the best, but the plugin that deals with it seems to me to be "problematic", in the sense that sometimes a couple of console commands are needed (I speak not from direct experience but from "glimpse reading")
The second solution, even if I don't like it, would solve the problem; I set it all up, I "bother" once and for 10 years I'm "fine".

Is there any other solution that I'm not considering in your opinion?

Thanks to all
Title: Re: Migration, what can go wrong?
Post by: ReetP on September 24, 2024, 11:11:30 PM
Quote
1) using a Let'sEncrypt certificate

That's it.

I don't recall any real issues - bar self inflicted - since I first got it running and across multiple servers several years ago.

No brainer.

Title: Re: Migration, what can go wrong?
Post by: TerryF on September 25, 2024, 02:37:20 AM
That's it.

I don't recall any real issues - bar self inflicted - since I first got it running and across multiple servers several years ago.

No brainer.

A ditto with this..just works
Title: Re: Migration, what can go wrong?
Post by: Stefano on September 25, 2024, 11:52:04 AM
That's it.

I don't recall any real issues - bar self inflicted - since I first got it running and across multiple servers several years ago.

No brainer.



me too, using it since epoch on all my servers