Upgrading the server
#62 Henry, Saturday, 22 May 2010 10:59 AM (Category: Hardware)
(Tags: slackware slackpkg)

I've had my web and mail server stuck on Slackware 10.2 for a few years. Like late 2005. And because things are pretty complicated, I never upgraded it. It was too old to upgrade using slackpkg. It's been a thorn in my side for some time, and I've been nibbling at the edges trying to upgrade it. I set up a temporary server and started to transfer functionality to it.

Last weekend, I moved the DNS and all mail functions to the temp server. Spamassassin is a real pain to install and get working correctly with sendmail. But I got it working. And majordomo for mailing lists... tricky, especially interfacing it with sendmail. But I got all that working last weekend and mail has been running smoothly on the new server.

Then it was time to move the webserver functions over. There were a lot of hidden gotchas in this.

First of all, I'm moving from Apache 1.3.33 to Apache 2.2.15. That's a huge jump in configuration issues. I have a lot of virtual hosts, and I had a lot of config rewriting to do. I took the opportunity to clean out a lot of defunct test and development subdomains. When I cut it over, I ran into one immediate problem. When I tried to access any of the websites, the browser showed "403 Forbidden You don't have permission to access /index.php on this server." and the Apache logs showed "client denied by server configuration: /htroot/hvg/htdocs/index.php".

A lot of Googling and reading showed me that there was one big difference between Apache 1.3 and Apache 2. The defaults. The new default is to deny everything. I added this clause to every virtual host:

< directory /htroot/hvg/htdocs >
      order allow,deny
      allow from all
    < /directory >

and that solved that problem. I think I have done a quick fix only, and I have a lot of reading of Apache docs ahead of me to fine-tune the new installation.

Then the second problem occurred. I had to transfer a lot of data from MySQL from the old server to the new server. MySQL 4.1.4 moving to MySQL 5.1.46. Normally, to transfer MySQL data, I would do this:

mysqldump -u root -p --opt --all-databases > all.sql

transfer the file to the new machine and do this:

mysql -u root -p < all.sql

and all the data would transfer in, including users and passwords. This happened, but users were not recognised and so my web applications did not have access to the databases. Turns out that the changes between MySQL 4 and MySQL 5 are so great that I can't do it this way. I had to create the MySQL instance, then create each database manually, and manually set up each user and password. Then I saved the data from each database and transferred it over.

mysqldump -u root -p --opt database1 > database1.sql

transfer it across and then

mysql -u root -p database1 < database1.sql

That worked fine. But then I ran into my next problem. I couldn't log into anything. The browser didn't show errors, just couldn't log into anything. The Apache logs showed the problem: "PHP Warning: session_start() [function.session-start]: open(/var/lib/php/sess_188a88ad2ca63824acf4d596feb7a6c6, O_RDWR) failed: Permission denied (13)". Okay, I know what that is. The old version of PHP would store session files in /tmp and everyone has write access to /tmp. The new PHP wants to put session files in /var/lib/php, and the way I was setup, it didn't have permission to do this.

I had a choice. I could change the config file (/etc/httpd/php.ini) and change the line that read "session.save_path = "/var/lib/php" and point it to /tmp, or I could change the permissions of /var/lib/php. I changed the permissions of /var/lib/php. Immediately I could log in and I could see the session files being written.

At that point, the new webserver was functioning adequately. I left it live. Today I looked at the logs, and I see I have some more small errors. I will deal with them ASAP.

So now my mail and webserver functions are all running on a temporary server. I will backup the real server, install Slackware, get it up to date, and then transfer the functionality back. It will be easier to do this time, as the versions will all be the same and it's all fresh in my mind.