FinanceServersMigrationPlan: Difference between revisions

From Newroco Tech Docs
Jump to navigationJump to search
No edit summary
Line 39: Line 39:
** in amqp.broker update host to rabbitmq.thehumanjourney.net instead of 10.0.10.107
** in amqp.broker update host to rabbitmq.thehumanjourney.net instead of 10.0.10.107
** update all functions to use domain names when accessing remote DBs instead of IPs. Former IPs and what they should become:
** update all functions to use domain names when accessing remote DBs instead of IPs. Former IPs and what they should become:
** update hr_update_script user and use instead hrupdatescript
<pre>
<pre>
10.0.10.48 finance.thehumanjourney.net
10.0.10.48 finance.thehumanjourney.net

Revision as of 15:08, 19 May 2017

Overview

This page explains the necessary steps to follow to fully update timesheets, finance, hr and tenders VMs. These communicate with each other and other VMs through direct postgresql connections and also by Rabbit AMQP messages. They are high profile and require down time for users when this procedure is done, so it needs proper preparation before starting to limit the down time and to make sure they will work correctly after migration with minimal impact on users.

Steps before down time

  • Create the VMs according to their needs
  • Install all packages required
  • Copy all scripts on finance and install the same cron jobs
  • Update IPs and passwords in scripts
  • Add sudoers command aliases on finance:
# Cmnd alias specification
Cmnd_Alias FINANCESCRIPT= /home/finance/synchCommand.sh . /home/finance/midnightScripts.sh /home/finance/.financeLock
Cmnd_Alias PULLTSSCRIPT= /home/finance/synchCommand.sh . /home/finance/pullTimeSheets.sh * /home/finance/.financeLock
Cmnd_Alias SLIPEXPSCRIPT= /home/finance/synchCommand.sh . /home/finance/slipExpAndDatedProjects.sh /home/finance/.financeLock

# User www-data needs to run the above command as finance
www-data ALL=(finance) NOPASSWD:FINANCESCRIPT
www-data ALL=(finance) NOPASSWD:PULLTSSCRIPT
www-data ALL=(finance) NOPASSWD:SLIPEXPSCRIPT

  • Take full DB dumps from the old VMs
  • Restore dumps to new VMs
    • create user admin with password '<admin password>';
    • create database admin owner admin;
    • create user financedbadministratorwith password '<financedbadministrator password>';
    • create database finance owner financedbadministrator;
    • create user timesheetadministrator password '<timesheetadministrator password>';
    • create database timesheetsystem owner timesheetadministrator;
    • create user humanresourcedbadministrator'<humanresourcedbadministrator password>';
    • create database humanresource owner humanresourcedbadministrator;
    • create user tenderdbadmin with password '<tenderdbadmin password>';
    • create database tenders owner tenderdbadmin;
    • pg_restore -Fc -d <database name> <database name>-backup.sql
  • Take schema only dump from old VMs and update them:
    • update passwords where necessary
    • update amqp_XXX functions to use different routing_keys so messages from this one are not transmitted to LIVE archives DB. Use instead of ['oas.staff','oas.projects'] these ['oas.staff.test','oas.projects.test']
    • in amqp.broker update host to rabbitmq.thehumanjourney.net instead of 10.0.10.107
    • update all functions to use domain names when accessing remote DBs instead of IPs. Former IPs and what they should become:
    • update hr_update_script user and use instead hrupdatescript
10.0.10.48 finance.thehumanjourney.net
10.0.10.23 timesheets.thehumanjourney.net
10.0.10.42 hrdb.thehumanjourney.net
10.0.10.63 tenders.thehumanjourney.net
10.0.10.130 archives-db.thehumanjourney.net
192.168.98.24 mapdata.thehumanjourney.net
  • Update IPs to DNS names and also passwords in all config.php files on any of the VMs
  • Edit /etc/hosts and add names and IPs to all VMs involved so they can be addressed by DNS rather than IPs:
10.0.10.49 finance.thehumanjourney.net
192.168.98.51 timesheets.thehumanjourney.net
10.0.10.43 hrdb.thehumanjourney.net
10.0.10.64 tenders.thehumanjourney.net
10.0.10.130 archives-db.thehumanjourney.net
192.168.98.24 mapdata.thehumanjourney.net
10.0.10.107 rabbitmq.thehumanjourney.net
  • Upate the firewall to allow finance, timesheets and finance to send e-mails from their allocated .thehumajourney.net domains
  • Open port 5432 on the firewall (IP restricted)
    • for timesheets to access finance
    • for HRDB to access timesheets
    • for tenders to access mapdata
  • Install and configure RabbitMQ client on Finance
  • Test everyhing works well:
    • Test database backup procedures worked correctly
    • Test "pull time sheets" script on PMDB interface - this will test both ways finance - timesheets connection
    • Test making changes to staff on PMDB interface - this will test HRDB connection to timesheets, admin, finance and also RabbitMQ sending messages from Finance to archives
    • Test making changes to projects on PMDB interface - this will test finance RabbitMQ sending messages to archives
    • Test making changes to an episode on Tenders interface and see if the changes were transmitted to mapdata into tenders table on oasites DB
    • Test sending e-mails from timesheets and from finance

Steps during down time

  • Take DB dumps for all old VMs
  • Restore only data to new VMs
  • Change domain names for new VMs by removing "replacement" from the temporary name
  • Update e-mail domains as well by removing "replacement" from the temporary name
  • Change domain names for old VMs by adding "old"
  • Stop old VMs, park them
  • Update DNS records to point to new VMs
    • update amqp_XXX functions to use the LIVE routing_keys so messages from finance can now be transmitted to LIVE archives DB. Use instead of ['oas.staff.test','oas.projects.test'] these ['oas.staff','oas.projects']

Steps after down time

  • Test all interfaces work well
  • Test special functions that might no longer work
    • Make staff changes in HRDB and check if the change was propagated to TRS, Finance, Admin DB on Finance VM, Tenders, Archives
    • Make project changes on Finance and see if the change was propagated to Archives - this checks if RabbitMQ worked well
  • Monitor any support tickets related to any of these services and first find a cause in the migration done.
  • Inform Simon of the new IPs so he can update his ODBC connections