Migrating Shared Hosting Servers (Plesk/cPanel/etc) With Zero Downtime

I met up with one of the guys that I used to work with several years ago when I first started as a sysadmin, maintaining shared web hosts, typically running Plesk, but also cPanel and Ensim. He mentioned that he just used a script that I wrote years ago to migrate his personal webserver (that this site is running on). One of the major problems that we came across was migrating a server, so that all of the customer sites would be on a newer, more powerful server. Typically, this would be done via:

  1. Configuring the new server.
  2. Backing up the old server.
  3. Restoring this backup on the new server.
  4. Telling all customers to change their nameserver details.
  5. Having a very uncomfortable period where some mail arrives on the old server, some on the new, some forum hits go to the old server, and some to the new.

As a result, customers who ran interactive forums (in particular) were most unhappy about having their traffic being spread across two servers for up to 48 hours, with no way of merging the posts afterwards. (Yes, there are other ways around this, but this was bargain hosting for very small customers.)

The idea is that a very short period of downtime to only some services is better than receiving traffic to both servers. The way that we came up with is to use IPTables/IPChains to redirect traffic from the old server to the new:

  1. Shut off mail & FTP on the old server.
  2. Backup and restore sites onto the new server (this should take no more than 30min-1hr, hopefully).
  3. Run the redirect-ALL-traffic.pl script on the old server, to forward all traffic to the new server.

At this point, with a short outage of mail and ftp (no mail will be lost), all traffic going to the old server will be seamlessly redirected to the new server via an IPTables Masquerade. Then, you can ask customers to move NS records to point to the new server. After a week or two, decommission the old server. You will still be able to log into the old server via SSH.

The script to do this is below.

WARNING 1: If your new server is on the same /24 network as the old, this may have the effect of turning your old server into an open mail relay. Some mail servers by default (postfix) forward mail unauthenticated if the sender is on the same /24 network. You will need to disable this first.

WARNING 2: You'll need to edit the script before running it (documentation on how to do this is inside the script), and if you're already doing strange things in IPTables/IPChains, you should be aware that this may have unforeseen interactions.

Files:

This code is released under the GPL version 3 only. It supports both IPChains and IPTables. Feel free to make use of it, as you please, although letting me know if it was a success would be nice!

Updated 01/09/2010: Included suggestions by dakira to have a configurable interface. Also prevent insertion of iptables rules until the script is configured.

Comments