Ubuntu 16.04 server upgrade

We will soon be making the move to upgrade our servers from Ubuntu 12.04 (which is due to become out of support by the end of April 2017) to Ubuntu 16.04. As part of this, many packages will see a significant version bump, as 12.04 has only received security fixes in recent years. However, there will undoubtedly be incompatibilities and breaking changes to some software. An exact date for the upgrade will be confirmed soon.

A 16.04 server is already up and running, so that you can test your websites or software ahead of the upgrade. Personal and society home directories are shared between pip (the existing web/shell server) and sinkhole (the test 16.04 server). Test versions of all user and society websites are available by replacing "srcf.net" with "sinkhole.srcf.net" in the URL; for example, the test version of http://spqr2.user.srcf.net can be found at http://spqr2.user.sinkhole.srcf.net. If you need to run any programs from a shell, you may connect over SSH to sinkhole.srcf.net with your SRCF username and password.

If you host a website with the SRCF, or make use of databases, please carefully review the notes below. Note that this is not an exhaustive list -- we recommend you test any software for discrepancies between the two systems. If something is working on the current server but not on testing, and not due to following changes, please contact the sysadmins so we can investigate.

Apache

Apache has been upgraded from 2.2 to 2.4, which includes a number of changes to .htaccess parsing (notably, removal of Allow/Deny directives). We have installed a compatibility module which should restore the legacy directives, though please look to convert them to the new Require format. This and other Apache changes are listed here.

If you are currently delegating to your own WSGI server running on pip, this should be bound to localhost and therefore unreachable from sinkhole. You can SSH to sinkhole and try running your server there, though please don't leave long-running processes unattended, as they may be terminated (or the system rebooted) without warning.

PHP

We are now using PHP 7.x, where many deprecated features of PHP 5.x have now been removed. We'll also be running it as an Apache module (i.e. mod_php) instead of over CGI, which should hopefully provide a performance boost. There is an official migration guide here which may be of assistance for updating code.

In particular, the insecure MySQL extension, which provides functions named mysql_*, has now been removed -- if you're still using it, you should switch to the MySQLi or PDO_MySQL drivers instead.

MySQL

MySQL has moved out of pip, and now runs 5.7 (up from 5.5). This is currently shared between the old and new servers, and localhost database connections are handled transparently. The main change was the removal of support for a legacy password hash -- owners of affected accounts have already been contacted regarding their MySQL passwords.

PostgreSQL

Updated: 26th April

PostgreSQL on sinkhole is currently just a clone of the existing Postgres server on pip, so peer authentication (connecting over the local socket with no password, the default when using e.g. psql on the command line) should work on either, but changes made in one database will not be propagated to the other.

As part of the migration, sinkhole's server will become primary (and pip's Postgres will be shut down). For websites or software that use Postgres and run on the web server, peer authentication will continue to work on sinkhole.

We have configured ident authentication, so that internal TCP connections will not need a password, however you will need to update any software to connect to hostname "postgres", as opposed to localhost or over a UNIX socket.