Doc::2015 Hosting Upgrade: Difference between revisions

From Computer Science Wiki
Jump to navigation Jump to search
Carnold (talk | contribs)
No edit summary
Carnold (talk | contribs)
No edit summary
 
(One intermediate revision by the same user not shown)
Line 29: Line 29:
* PHP version will be going from 5.3 to 5.4
* PHP version will be going from 5.3 to 5.4
* Database is going from mysql 5.4 to mariadb 5.5
* Database is going from mysql 5.4 to mariadb 5.5
* All sites will be automatically forwarded to SSL encryption by default.  Exceptions may be possible if encryption is not wanted for some reason.
* Some standard ways of redirecting to SSL may not work with the SSL offloading resulting in a loop.
* Some standard ways of redirecting to SSL may not work with the SSL offloading resulting in a loop. Redirecting will longer be necessary since SSL will be the default
* The NAS device does not support ACLs, so ACLs will no longer be supported on /web directories.
* The NAS device does not support ACLs, so ACLs will no longer be supported on /web directories.
* The new database server uses different encryption for passwords, it will not be possible to automatically import old passwords.  New passwords will need to be set for each database.  In many cases, it fairly easy to find a plain text copy of the old password.
* The new database server uses different encryption for passwords, it will not be possible to automatically import old passwords.  New passwords will need to be set for each database.  In many cases, it should be fairly easy to find a plain text copy of the old password.

Latest revision as of 08:31, 13 July 2015

Goal

The goal of the 2015 hosting upgrade is to combine the various CS web hosting options into a single hosting cluster. This will make the hosting environment more consistent, easier to maintain, able to handle more load, and more scalable.

Current Environment

Currently, CS web hosting is split among various virtual servers based on function to provide quasi load balancing.

  • webcore.cs.vt.edu
    • Hosts www.cs.vt.edu, admin.cs.vt.edu, and various internal web sites
  • research.cs.vt.edu
    • Hosts research related websites
  • courses.cs.vt.edu
    • Hosts course related websites
  • people.cs.vt.edu
    • Hosts personal websites
  • hosting.cs.vt.edu
    • Hosts all other CS websites

Each server is configured similarly, but each functions separately. Many have their own local database server running as well. Each server has it's own local storage used for hosting the pages and needs to be exported separately for user access.

Upgraded Environment

The new environment will consist of a number of load balancers splitting the incoming connections among a number of hosting nodes. All sites will be handled by this one system. This allows spikes in load to be split among the various nodes, and allows for easier expansion. Multiple load balancers are used to split the network load and provide redundancy in case of failure. All hosting nodes will be configured exactly the same and work together. The websites will be stored on our NAS device to allow all nodes to share access. SSL overhead will be handled by the load balancers. A clustered multi-master database server will also run on all the hosting nodes.

Important Changes

Moving to a clustered environment involves certain challenges. To overcome these challenges some changes and limitations will have to be made. This is a list of the expected changes involved.

  • OS is going from CentOS 6 to CentOS 7
  • apache version will be going from 2.2 to 2.4
  • PHP version will be going from 5.3 to 5.4
  • Database is going from mysql 5.4 to mariadb 5.5
  • Some standard ways of redirecting to SSL may not work with the SSL offloading resulting in a loop.
  • The NAS device does not support ACLs, so ACLs will no longer be supported on /web directories.
  • The new database server uses different encryption for passwords, it will not be possible to automatically import old passwords. New passwords will need to be set for each database. In many cases, it should be fairly easy to find a plain text copy of the old password.