Hi Michael, Thank you for locale/ja_JP/*.po merged. I resumed the migration verification work this morning, and was impressed when it was updated! (Yes, I have automatic yum update turned on.)
This is the main subject. I am moving vsite using easy-migrate.pl, but the PHP DSO site is imported as suPHP. I am considering making some changes and using it. --- /usr/sausalito/sbin/easy-migrate.pl-00 2020-03-05 06:54:15.000000000 +0900 +++ /usr/sausalito/sbin/easy-migrate.pl 2020-05-28 11:21:38.186732577 +0900 @@ -814,7 +814,7 @@ foreach my $x (@diff) { # If the import Vsite has NameSpace keys that we do NOT have locally, then we delete them here: delete $Vsite_NameSpace->{$x}; - #print "Diff in $key: $x \n" + print "Diff in $key: $x \n" } # Cleanup: @@ -885,34 +885,34 @@ } # Handle difference in keys when we come from anything older than 5209R: - if (($SYSTEM{'System'}{'productBuild'} ne '5210R') && ($SYSTEM{'System'}{'productBuild'} ne '5209R')) { - if ($Vsite_NameSpace->{'suPHP_enabled'} eq "1") { - $Vsite_NameSpace->{'mod_ruid_enabled'} = "0"; - $Vsite_NameSpace->{'fpm_enabled'} = "0"; - $Vsite_NameSpace->{'enabled'} = "1"; - } - elsif ($Vsite_NameSpace->{'enabled'} eq "1") { - $Vsite_NameSpace->{'suPHP_enabled'} = "1"; - $Vsite_NameSpace->{'mod_ruid_enabled'} = "0"; - $Vsite_NameSpace->{'fpm_enabled'} = "0"; - } - elsif ($Vsite_NameSpace->{'mod_ruid_enabled'} eq "1") { - $Vsite_NameSpace->{'suPHP_enabled'} = "0"; - $Vsite_NameSpace->{'fpm_enabled'} = "0"; - $Vsite_NameSpace->{'enabled'} = "1"; - } - elsif ($Vsite_NameSpace->{'fpm_enabled'} eq "1") { - $Vsite_NameSpace->{'suPHP_enabled'} = "0"; - $Vsite_NameSpace->{'mod_ruid_enabled'} = "0"; - $Vsite_NameSpace->{'enabled'} = "1"; - } - else { - $Vsite_NameSpace->{'suPHP_enabled'} = "0"; - $Vsite_NameSpace->{'mod_ruid_enabled'} = "0"; - $Vsite_NameSpace->{'fpm_enabled'} = "0"; - $Vsite_NameSpace->{'enabled'} = "0"; - } - } + # if (($SYSTEM{'System'}{'productBuild'} ne '5210R') && ($SYSTEM{'System'}{'productBuild'} ne '5209R')) { + # if ($Vsite_NameSpace->{'suPHP_enabled'} eq "1") { + # $Vsite_NameSpace->{'mod_ruid_enabled'} = "0"; + # $Vsite_NameSpace->{'fpm_enabled'} = "0"; + # $Vsite_NameSpace->{'enabled'} = "1"; + # } + # elsif ($Vsite_NameSpace->{'enabled'} eq "1") { + # $Vsite_NameSpace->{'suPHP_enabled'} = "1"; + # $Vsite_NameSpace->{'mod_ruid_enabled'} = "0"; + # $Vsite_NameSpace->{'fpm_enabled'} = "0"; + # } + # elsif ($Vsite_NameSpace->{'mod_ruid_enabled'} eq "1") { + # $Vsite_NameSpace->{'suPHP_enabled'} = "0"; + # $Vsite_NameSpace->{'fpm_enabled'} = "0"; + # $Vsite_NameSpace->{'enabled'} = "1"; + # } + # elsif ($Vsite_NameSpace->{'fpm_enabled'} eq "1") { + # $Vsite_NameSpace->{'suPHP_enabled'} = "0"; + # $Vsite_NameSpace->{'mod_ruid_enabled'} = "0"; + # $Vsite_NameSpace->{'enabled'} = "1"; + # } + # else { + # $Vsite_NameSpace->{'suPHP_enabled'} = "0"; + # $Vsite_NameSpace->{'mod_ruid_enabled'} = "0"; + # $Vsite_NameSpace->{'fpm_enabled'} = "0"; + # $Vsite_NameSpace->{'enabled'} = "0"; + # } + # } } # Handle individual WebApps: @@ -1191,8 +1191,15 @@ # Actual Rsync: $DirOwner = $VSITE_DIROWNERS->{$directory}; print "[INFO] Starting RSYNC from $host:$sourceDir to $target_Vsite_actiondir\n"; - #print "/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$sourceDir $target_Vsite_actiondir --delete-after --info=progress2 --chown=$DirOwner\n"; - system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$sourceDir $target_Vsite_actiondir --delete-after --info=progress2 --chown=$DirOwner >/dev/null 2>&1 || :"); + # --chown=$DirOwner + print "/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$sourceDir $target_Vsite_actiondir --delete-after --info=progress2\n"; + system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$sourceDir $target_Vsite_actiondir --delete-after --info=progress2"); + { + my ($user, $group) = split /:/, $DirOwner, 2; + my $cmd = "find $target_Vsite_actiondir -not -user $user -or -not -group $group"; + print $cmd,"\n"; + system($cmd); + } } # Fix owner of sitedir: @@ -1430,7 +1437,13 @@ if ($SYSTEM->{'DNS'}->{'DnsIncludeFile'}->{$NEW_VSITE_OBJ_DATA->{'domain'}}) { my $include_File = '/var/named/chroot/var/named/db.' . $NEW_VSITE_OBJ_DATA->{'domain'} . '.include'; print "[INFO] Importing DNS include file for Vsite $NEW_VSITE_OBJ_DATA->{'fqdn'}: $include_File\n"; - system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$include_File $include_File --delete-after --info=progress2 --chown=named:named"); + print("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$include_File $include_File --delete-after --info=progress2\n"); + system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$include_File $include_File --delete-after --info=progress2"); + { + my $cmd = "find $include_File -not -user named -or -not -group named"; + print $cmd,"\n"; + system $cmd; + } } # @@ -1520,7 +1533,13 @@ $sourceDir = '/home/.easy-migrate/'; # Fetch remote SQL databases: - system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$sourceDir $sourceDir --delete-after --info=progress2 --chown=root:root >/dev/null 2>&1 || :"); + print("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$sourceDir $sourceDir --delete-after --info=progress2\n"); + system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$sourceDir $sourceDir --delete-after --info=progress2"); + { + my $cmd = "find $sourceDir -not -user root -or -not -group root"; + print $cmd,"\n"; + system $cmd; + } if (-f '/home/.easy-migrate/mysql-all-dbs.sql') { system("/usr/bin/mysql -u " . $TARGETSYSTEM{'System'}{'MySQL'}{'sql_root'} . " -p" . $TARGETSYSTEM{'System'}{'MySQL'}{'sql_rootpassword'} . " < /home/.easy-migrate/mysql-all-dbs.sql >/dev/null 2>&1 || :"); @@ -1606,7 +1625,13 @@ if ($SYSTEM->{'DNS'}->{'DnsIncludeFile'}->{$CURRENT_DOMAIN}) { my $include_File = '/var/named/chroot/var/named/db.' . $CURRENT_DOMAIN . '.include'; print "[INFO] Importing DNS include file for domain $CURRENT_DOMAIN: $include_File\n"; - system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$include_File $include_File --delete-after --info=progress2 --chown=named:named"); + print("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$include_File $include_File --delete-after --info=progress2\n"); + system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$include_File $include_File --delete-after --info=progress2"); + { + my $cmd = "find $include_File -not -user named -or -not -group named"; + print $cmd,"\n"; + system $cmd; + } } $ret = &CCE_Tramp('DnsRecord', '', { 'type' => $record->{'type'}, 'hostname' => $record->{'hostname'}, 'domainname' => $record->{'domainname'} }, $record_new); @@ -1919,8 +1944,13 @@ # Actual Rsync: print "[INFO] Starting RSYNC from $host:$sourceDir to $userDir \n"; - #print "/usr/bin/rsync -q --dry-run --progress -ar '-e ssh -p $port' $source:$sourceDir $userDir --delete-after --info=progress2 --chown=$import_username:$new_user_group\n"; - system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$sourceDir $userDir --delete-after --info=progress2 --chown=$import_username:$new_user_group >/dev/null 2>&1 || :"); + print "/usr/bin/rsync --progress -ar '-e ssh -p $port' $source:$sourceDir $userDir --delete-after --info=progress2 --chown=$import_username:$new_user_group\n"; + system("/usr/bin/rsync --progress -ar '-e ssh -p $port' $source:$sourceDir $userDir --delete-after --info=progress2"); + { + my $cmd = "find $userDir -not -user $import_username -or -not -group $new_user_group"; + print $cmd,"\n"; + system $cmd; + } # ### Conditionally fix directory permissions based on platform: @@ -1945,8 +1975,13 @@ if ($Import_USERS->{$import_username}->{'UserCron'}) { foreach my $userCron (keys %{ $Import_USERS->{$import_username}->{'UserCron'} }) { print "[INFO] User has own cronjob. Making copy of $host:$userCron to $userCron \n"; - #print "/usr/bin/rsync -q --dry-run --progress -ar '-e ssh -p $port' $source:$userCron $userCron --delete-after --info=progress2 --chown=$import_username:$new_user_group\n"; - system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$userCron $userCron --delete-after --info=progress2 --chown=$import_username:$new_user_group >/dev/null 2>&1 || :"); + print "/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$userCron $userCron --delete-after --info=progress2 --chown=$import_username:$new_user_group\n"; + system("/usr/bin/rsync -q --progress -ar '-e ssh -p $port' $source:$userCron $userCron --delete-after --info=progress2"); + { + my $cmd = "find $userCron -not -user $import_username -or -not -group $new_user_group"; + print $cmd,"\n"; + system $cmd; + } system("chmod 0600 $userCron"); } } I prefer to make as few changes as possible and migrate painlessly. I also know there is a problem with PHP DSO on the 5208R. For example, files created by PHP are not included in the quota because their permissions are apache. I also understand that suPHP uses fork(not "pre"fork) and has a very different execution model than PHP DSO. I assume that the reason for changing to "rsync ... --chwon=" and suPHP in easy-migrate.pl is to try to fix the above problem in this phase. Do you have? If the guess is correct, I would consider not chowning during this phase and having time to fix chown after migration. I am considering migrating multiple vsites at once, so I would like to avoid multiple failures occurring at the same time. There are many sites where the site+apache usage exceeds the site quota. Also, why did you choose suPHP and not mod_ruid2? I think mod_ruid2 fixes UID issues and is more like 5208R PHP (DSO) in terms of DSO. Or are you considering the following? > https://github.com/mind04/mod-ruid2 > -there are some security issues, for instance if attacker successfully > exploits the httpd process, > he can set effective capabilities and setuid to root. i recommend to use some > security patch in kernel (grsec), > or something. Thanks, _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx