Trying to migrate my ODK deployment and its data from AWS to Digital Ocean

Hello,

My ODK deployment works fine on AWS. However, I would like to move the current deployment as well as its current data/state to a new virtual machine on Digital Ocean (while maintaining the domain name). Any ideas on how to achieve this in the fasted and safest way possible?

The following assumes you're comfortable on the command line and with basic networking. Also, I haven't tried this recently so I'd strongly recommend you try this out on a test install before doing it on a production install.

Pre-reqs

  • Verify your full machine backup and restore works.
  • Verify you can whitelist traffic to Central only from your IP. An upstream firewall is great for this.
  • Verify you have the same OS on the source (src) and destination (dest). If you don't, the folders noted below may not match. Adjust adjust accordingly.
  • Verify you can set the TTL of the DNS record on the domain to something low (~300 secs) to reduce downtime.
  • Verify you have an effective way to communicate a maintenance window with users.

Migration

  1. Take a full machine backup of src.
  2. Over ssh, rsync the key folders (/var/lib/docker, /root/central) from src to dest. This might take some time.
  3. Start the maintenance window.
  4. Block all incoming HTTP/S traffic to src.
  5. Shutdown Central on src with docker-compose stop;
  6. Rsync the key folders from src to dest again to pick up the latest changes to data. This will be faster than the first rsync.
  7. Shutdown src and take another full machine backup.
  8. Only allow incoming HTTP/S traffic only from your IP to dest.
  9. Update the DNS record to point to the dest. This should happen quickly if your DNS TTL is low.
  10. Bring the dest server back up (docker-compose build; docker-compose up -d).
  11. Verify you can login via the Central UI to dest, see records, preview forms, etc.
  12. Allow all incoming HTTP/S traffic to dest.
  13. Stop the maintenance window.

Notes

  • If you value speed over safety, you can skip the backups. I don't recommend it.
  • Running the first rsync outside the maintenance window should be safe, but if you want to be extra safe, you can run it after blocking all incoming traffic.
3 Likes

Thanks for your update.
Please confirm by running sync command, it'll migrate the users and databases etc?

Thanks

Yes, it will move everything about the install including users and data.

Thanks for your quick response.

One question, how can we renew the Letsencrypt SSL for odk central server?

Thanks

LetsEncrypt certs renew automatically.

1 Like

I much appreciate your support. You are the guru. :+1:

2 Likes

Hello @yanokwa.

Users aren't receiving emails like forgot password. Shall we need to add mail server host, port, and authentication details in .env ? Or this will work without adding

Thanks

See https://docs.getodk.org/central-troubleshooting/#users-aren-t-receiving-emails.

Dear @yanokwa,

I wanted to know that how many days before expire letsencrypt ssl automatically renew? As our letsencrypt SSL will be expire on Wednesday, September 6, 2023.
On the server I see the logs and its saying below logs:

++--------------------------------------------------
2023/08/04 11:44:25 [info] Starting certificate renewal process
2023/08/04 11:44:25 [info] Requesting an ECDSA certificate for 'odk.xxx.xxx.org' (http-01 through webroot)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
Certificate not yet due for renewal; no action taken.
++--------------------------------------------------

Can you please help me with this?

Thanks

LetsEncrypt certs auto-renew as necessary (typically every 90 days). You can check the various renewals at https://crt.sh/?q=odk.xxx.xxx.org to see if everything is working as expected. From what you've showed in the logs, it is working. Maybe set a calendar even for Sept 1 and check the cert then.

Thanks for your quick response.

We seeing the attached output.

image