Page MenuHomeDevCentral

Move and migrate Ysul production services elsewhere
Open, NormalPublic



Ysul was our main FreeBSD server before we add an hypervisor with a Docker engine and specialized VMs on it.

As such, it still hosts both legacy development and production services.

Ysul is now superseded by WindRiver as devserver. But to move all Ysul content as is to WindRiver isn't welcome, as we'd prefer a better separation between devserver and production.

A plan is so needed to split Ysul services into prod and dev, and move them accordingly.

Ysul services to move

ServiceRoleContent for this service
MySQLdbserver-mysqlA lot of unmanaged databases, some from Grip, mix of dev, archives and prod
EggdropsviperservDæghrefn and Wearg, and code for Æschere (test one) and TC2 (still needed?)
nginx / php-fpmwebserver-legacyAll PHP and static sites, excepted the ones we deploy through Docker
MediaWikisaas-mediawiki/srv/saas and /srv/mediawiki to serve MediaWiki sites


Plan is:

  • Sort web services
    • Update DNS for *51.* to use, keep that one for dev
    • Keep production sites on
  • Split or templatize nginx definitions: some sites has their 51 experimental counterpart defined in the same vhost file
  • Start a MySQL cluster
    • Provision for MySQL hosting
    • Move every db there, without any dev/archive/test/prod sorting
    • Create somewhere in 172.27.27. a VIP (managed like IPFO outside IntraNought block or an IntraNought to ease routing?)
    • Update EVERY website to use credentials in Vault to access that one BEFORE moving it to web-001
  • Provision for nginx and php-fpm
    • Move production sites to
    • Update DNS for to point to web-001 (or a VIP)
  • Move dev sites to WindRiver
  • Currently keep ViperServ on Ysul: the only issue seems youtube-dl is too slow, but nobody is currently complaining about that one, so can be moved later during Ysul decom to irc-001 or Eglide.

Expected disruptions

Any rogue MySQL use will break. If so, just open a task to get rOPS create and deploy credentials where it's needed.

Event Timeline

dereckson triaged this task as Normal priority.Mar 25 2023, 11:02
dereckson created this task.

DNS part done, at least for domain, Wolfplex should be checked too I guess.

db-B-001 provisioned successfully

web-001 has the core role

Next steps:

Alkane is the name of our PaaS platform to host PHP sites through php-fpm pools and static websites. The legacy term chosen before implied we intended to migrate everything to Docker.

New strategy will instead use 4 volets:

A. Static sites

  • Host static sites on Alkane
  • Build static sites on Jenkins CD, publish them to Alkane

B. Applications in Python, Java, Rust, Go, Node.JS, etc.

  • Host them on Docker PaaS exclusively

C. Applications in PHP

  • Encourage new applications to use the Docker PaaS if suitable
  • Offer up-to-date shared hosting on Alkane PaaS the usual way: separate users, separate pools, up-to-date PHP version (ie PHP 8.2.4 right now)

D. SaaS

  • Maintain our MediaWiki SaaS on Alkane
  • Continue to implement a WordPress SaaS on Alkane too
  • If needed, phpBB SaaS work belongs to Docker too
  • Build from scratch the next PaaS on Docker PaaS as proof of concept

Idea: when a server uses router-001 as gateway, make the card with public IP a secondary one, and tell /etc/ssh/sshd_config to only bind to private address, e.g. ListenAddress

Idea: Alkane can got strict firewall config with only some ports open for its public IP, like 80 and 433. Other traffic will use private network.

dereckson renamed this task from Move Ysul production services elsewhere to Move and migrate Ysul production services elsewhere.May 6 2023, 08:57

[ Alkane tasks are prioritized to be handled in the next operations sprint. ]