AAT/PPI: Road to RHEL7

Introduction

• We need to migrate SSA's 'interface servers' for the new archive to RHEL7
• This project won't consider the legacy archive, which will be deprecated soon'
• This project won't consider the workspaces effort and the new web stack, which are already on RHEL7
• As we do this migration, we will be 're-branding' these servers with new DNS aliases and apache virtual hosts.

Action Items

• SSA to document what makes an interface server unique, what things CIS will have to do beyond just re-installing the OS and getting ganglia and nagios working
• SSA will cleanup anything it can before the upgrades, nuking stale websites and so on.
• Strawman is to upgrade first development, then test, then production, with a week between each upgrade. 14 Sep 2020 for dev, 21 Sep 2020 for test and 28 Sep 2020 for production. SSA will take the strawman schedule to the stakeholders and get try to get buy-in on 05 Aug 2020

Customizations

• The data partition on each machine needs to be intact after the upgrade.
• The SSA16 key should be added to root's authorized keys.
• Each machine needs to be able to submit jobs to its cluster, using the almapipe account for CV and the vlapipe account for NM.
• Each machine needs to see its site's lustre, /cv and /naasc for CV, /aoc for NM.
• Each machine needs apache http (2.4), apache tomcat (7 series) running on Java 8.
• For NM machines: the /var/lib/pgsql directory needs to be backed up and restored after the upgrade. 
• /etc/sudoers.d needs to be backed up and restored after the upgrade.

• the following local accounts need to be in place:

  solr:x:9039:9039::/opt/services/solr:/bin/bash
  rabbitmq:x:9040:9040::/opt/services/rabbitmq:/bin/bash
  webapps:x:9036:9028:NRAO Web Apps:/opt/services/webapps-account:/bin/bash
  influxdb:x:9043:9043:influxdb:/dev/null:/bin/false
  telegraf:x:9044:9044:telegraf:/dev/null:/bin/false