With most of the physical moves of offices and servers behind us, it is time to do some virtual moves (and upgrades) of servers.
As you may or may not know, many of our important services run on virtual machines (mail, web servers, home disk, login servers etc), and these virtual machines run on a cluster of old computers that are still in the Oort building.
A set of new host computers has been installed in the new server room, and we will one by one create new virtual machines on these servers, and switch over the services. This inevitably will result in some downtime, especially in cases where the virtual machine serves a lot of data that has to be copied. In many cases, we also make use of this occasion to upgrade the virtual machine to a newer version of operating system and server software.
Here is a brief summary of the virtual moves that we have scheduled so far:
This migration will be quick, probably just a few minutes downtime, but existing ssh sessions (and tunnels) will be interrupted. This only affects ssh sessions to this machine, ssh connections directly to desktops are not affected.
We have a setup in place that will switch over all computers to using the new disks. Most running software will not get disrupted, but we haven't tested this with all software, so it might be possible that some programs running from one of these disks will be disrupted.
For logging in, two sets of servers are in use: LDAP, which holds the database of user accounts, and the IDP servers that handle the logins and two-factor authentication on local websites (such as webmail and intranet). Switching the LDAP servers should be quick, just a few minutes. There are two LDAP servers so we will make sure that one is running at all times. To be sure the database is in a consistent state, password changes will not be possible around this time. Switching the IDP servers may affect existing login sessions on websites, so it might be that users get logged out from webmail or intranet during this switch. Existing login sessions on desktops or through ssh will not be affected, and logging in on desktops will work normally.
Unfortunately, ssh logins were not working properly with the new servers; this is being debugged and a new migration date will be planned.
Please check your projects; keys may have to be regenerated.
This day we will switch over our websites, including local.strw.leidenuniv.nl, intranet, helpdesk and everything on the observatory web servers, including project sites hosted here. These websites may be down for ~ 15 minutes. Nothing else will be affected by this change.
A new STRW mail server has been prepared. During this switch, e-mail will temporarily not be available, estimated time ~ 30 minutes. Incoming mail will be delayed but will arrive once the new server is operational. As usual, there will be some changes in the software due to the new versions. Mailing lists (mailman) will be down for a bit longer, since they can only be imported into the new server once it is operational.
Open connections to the VPN will be disrupted. Downtime will be short, and reconnecting your VPN afterwards will be easy, without changes required on clients.
For logging in, two sets of servers are in use: LDAP, which holds the database of user accounts, and the IDP servers that handle the logins and two-factor authentication on local websites (such as webmail and intranet). Switching the LDAP servers should be quick, just a few minutes. There are two LDAP servers so we will make sure that one is running at all times. To be sure the database is in a consistent state, password changes will not be possible around this time.
This is the most disruptive change. Logging in on Linux systems will not work without the home disk, and existing sessions may give errors or get stuck. So it is recommended to close applications and save your open files before this migration. It will probably be prudent to log out as well.
At the same time, we will also move the samba server, the server that connects the home disk for Windows users in the astrophysical and optical labs. Since the home disk isn't available anyway, this will not cause additional downtime for them (this doesn't affect Windows users on the physics domain such as the support staff)
During this change, connections for reserved licenses will be disrupted (eg IDL, Mathematica)
We will send reminders the day before we are moving one of the services.
If you have any questions, do not hesitate to contact us at helpdesk@strw.leidenuniv.nl.
—
Our owncloud server is old and difficult to upgrade. Instead, we have prepared a new server with the NextCloud software to replace it.
Users should connect both servers, and move data they want to preserve to the new server. See nextcloud. When done, you can remove the old owncloud connection from your setup (to avoid any errors when we take owncloud off-line later this year).