Trying to migrate my ODK deployment and its data from AWS to Digital Ocean

cmuhindo · October 29, 2022, 10:21pm

Hello,

My ODK deployment works fine on AWS. However, I would like to move the current deployment as well as its current data/state to a new virtual machine on Digital Ocean (while maintaining the domain name). Any ideas on how to achieve this in the fasted and safest way possible?

yanokwa · October 30, 2022, 6:57pm

The following assumes you're comfortable on the command line and with basic networking. Also, I haven't tried this recently so I'd strongly recommend you try this out on a test install before doing it on a production install.

Pre-reqs

Verify your full machine backup and restore works.
Verify you can whitelist traffic to Central only from your IP. An upstream firewall is great for this.
Verify you have the same OS on the source (src) and destination (dest). If you don't, the folders noted below may not match. Adjust adjust accordingly.
Verify you can set the TTL of the DNS record on the domain to something low (~300 secs) to reduce downtime.
Verify you have an effective way to communicate a maintenance window with users.

Migration

Take a full machine backup of src.
Over ssh, rsync the key folders (/var/lib/docker, /root/central) from src to dest. This might take some time.
Start the maintenance window.
Block all incoming HTTP/S traffic to src.
Shutdown Central on src with docker-compose stop;
Rsync the key folders from src to dest again to pick up the latest changes to data. This will be faster than the first rsync.
Shutdown src and take another full machine backup.
Only allow incoming HTTP/S traffic only from your IP to dest.
Update the DNS record to point to the dest. This should happen quickly if your DNS TTL is low.
Bring the dest server back up (docker-compose build; docker-compose up -d).
Verify you can login via the Central UI to dest, see records, preview forms, etc.
Allow all incoming HTTP/S traffic to dest.
Stop the maintenance window.

Notes

If you value speed over safety, you can skip the backups. I don't recommend it.
Running the first rsync outside the maintenance window should be safe, but if you want to be extra safe, you can run it after blocking all incoming traffic.

Mohinder_Singh · April 25, 2023, 5:24am

Thanks for your update.
Please confirm by running sync command, it'll migrate the users and databases etc?

Thanks

yanokwa · April 25, 2023, 6:35pm

Yes, it will move everything about the install including users and data.

Mohinder_Singh · April 26, 2023, 6:16am

Thanks for your quick response.

One question, how can we renew the Letsencrypt SSL for odk central server?

Thanks

yanokwa · April 26, 2023, 5:34pm

LetsEncrypt certs renew automatically.

Mohinder_Singh · April 27, 2023, 4:03am

I much appreciate your support. You are the guru.

Mohinder_Singh · May 5, 2023, 7:36am

Hello @yanokwa.

Users aren't receiving emails like forgot password. Shall we need to add mail server host, port, and authentication details in .env ? Or this will work without adding

Thanks

yanokwa · May 5, 2023, 4:42pm

See https://docs.getodk.org/central-troubleshooting/#users-aren-t-receiving-emails.

Mohinder_Singh · August 11, 2023, 1:33pm

Dear @yanokwa,

I wanted to know that how many days before expire letsencrypt ssl automatically renew? As our letsencrypt SSL will be expire on Wednesday, September 6, 2023.
On the server I see the logs and its saying below logs:

++--------------------------------------------------
2023/08/04 11:44:25 [info] Starting certificate renewal process
2023/08/04 11:44:25 [info] Requesting an ECDSA certificate for 'odk.xxx.xxx.org' (http-01 through webroot)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
Certificate not yet due for renewal; no action taken.
++--------------------------------------------------

Can you please help me with this?

Thanks

yanokwa · August 11, 2023, 1:51pm

LetsEncrypt certs auto-renew as necessary (typically every 90 days). You can check the various renewals at https://crt.sh/?q=odk.xxx.xxx.org to see if everything is working as expected. From what you've showed in the logs, it is working. Maybe set a calendar even for Sept 1 and check the cert then.

Mohinder_Singh · August 11, 2023, 2:15pm

Thanks for your quick response.

We seeing the attached output.

manghig · November 12, 2024, 1:22pm

At docker-compose build I'm getting

 - LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 14)
postgres14.dockerfile:1
--------------------
   1 | >>> FROM postgres:14.10
   2 |
   3 |     COPY files/postgres14/start-postgres.sh /usr/local/bin/
--------------------
ERROR: failed to solve: failed to register layer: rename /var/lib/docker/image/overlay2/layerdb/tmp/write-set-702993805 /var/lib/docker/image/overlay2/layerdb/sha256/fb1bd2fc52827db4ce719cc1aafd4a035d68bc71183b3bc39014f23e9e5fa256: file exists
ERROR: Service 'postgres14' failed to build : Build failed

any hint about how to solve this? I'm following your post/instructions to the letter.

thanks in advance

manghig · November 13, 2024, 8:30pm

@yanokwa I have been able to move on after issuing a

docker builder prune -a

anyway now I face a new issue. The resulting Central instance on the new server works. The domain/host name is the same as the original, forms work, what is not working in enketo. The container is up, but forms do not open. The new server is behind a reverse proxy, so I adapted .env and docker-compose.yaml as decribed here

Strange thing, a clean install with the same configs (on the reverse proxy too) results in enketo working without problems.

What could be the issue? Thanks in advance.