Skip to content

Instantly share code, notes, and snippets.

@pushcx

pushcx/migration.md

Last active October 25, 2017 13:25
Show Gist options
  • Save pushcx/d81e8002cafadc9e882e51eb49f26377 to your computer and use it in GitHub Desktop.
Save pushcx/d81e8002cafadc9e882e51eb49f26377 to your computer and use it in GitHub Desktop.
Download ZIP
Lobsters migration checklist
Raw
migration.md

2017-10-25: this few open items of this checklist has been migrated to issues on the ansible repo for better visibility and tracking. This gist is left up in the hopes it's useful for anyone setting up their own site using the lobsters codebase.

Prep

  • announce migration + privacy on twitter
  • Lobsters post: this checklist, privacy deadline, migration date
  • post this plan to lobsters
  • transfer lobste.rs registration to pushcx
  • transfer @lobsters twitter account to pushcx
  • transfer github oauth app to Lobsters org
  • transfer pushover api key to pushcx account
  • den.im feed -> twitter: transfer or replace not den.im, is a script
  • copy existing DNS records to registrar, 5m TTL
  • swap nameservers to dnsimple
  • generate new secret token for ansible to deploy
  • ansible playbook:
    • install ruby 2.4 and rubygems
    • install and configure mariadb
    • install and config postfix
    • install and configure nginx
    • install and configure let's encrypt
    • install lobste.rs codebase
    • copy in:
      • config/initializers/production.rb
      • app/views/home privacy about home 404
      • app/views/layouts/_footer
      • app/assets/stylesheets/local/*
      • favicon.ico apple-touch-icon.png apple-touch-icon-144.png to public/
    • install cron job
    • confirm site works
    • exception monitoring
  • generate new dkim/spf/dmarc dns records but don't install yet

Migration

  • jcs existing:
  • turn on maintenance mode
  • take final backup from existing mariadb
  • on prgmr vps:
    • reload backup into new vps
    • test: load the homepage
    • test: send an invite
    • test: accept an invite
    • test: post a comment
    • confirm site can send email
    • confirm site can receive email
    • configure reverse dns
  • update dns to point to prgmr
    • A, AAAA
    • new DKIM, SPF, DMARCS
  • reset hotness mod on announce to 1 + revote the story
  • announce on lobsters
  • announce on twitter
  • move 'admin' hat from jcs to pushcx

Cleanup

  • local assets + icons nested dirs, wrong perms
  • nginx: HSTS headers are missing?
  • nginx: no ssl cert for www
  • nginx, rails: rotate logs daily
  • playbook: precompile assets on deploy
  • playbook: import maria conf
  • playbook: import nginx conf
  • playbook: import unicorn conf
  • playbook: start unicorn at boot
  • playbook: acme-client for letsencrypt
  • playbook: configure automatic security updates
  • playbook: install tarsnap
  • playbook: cron job: back up db, tarsnap db + custom files
  • regenerate Twitter API key
  • regenerate GitHub API key
  • test: reply to comment via email
  • test: trigger db backup cron job
  • test: can retrieve backup from tarsnap
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment