Project

General

Profile

Actions

OS Upgrade

This is a list of steps as guidelines for OS upgrades.

  • create a temporary group_vars/<new-suite>/system.yml in a git branch:
---
system:
  distribution:
    debian:
      codename: bullseye
    dc:
      codename: bullseye

  • (I often choose Elwing first) ansible-playbook --diff -l Elwing -t apt playbooks/common.yml | tee /tmp/dc.log
  • apt upgrade
  • apt dist-upgrade (check if removed packages are problematic)
    • accept new version of /etc/services and copy-paste content of local services from /etc/services.dpkg-old to avoid having to redeploy all services
    • do not accept new versions for:
      • /etc/smartd.conf
      • /etc/snmp/snmp.conf
      • /etc/oidentd.conf
      • /etc/sudoers
      • /etc/rsyslog.conf
      • /etc/apt-cacher-ng/acng.conf
      • /etc/zabbix/*
      • /etc/logrotate.d/*
      • /etc/grub.d/10_linux
    • check the diff manually for other files
  • if PHP FPM: (to avoid having to redeploy all vhosts) (example for PHP 7.3->7.4)
    • rm /etc/php/7.4/fpm/pool.d/www.conf
    • cp /etc/php/7.3/fpm/pool.d/* /etc/php/7.4/fpm/pool.d/
    • sed -i 's/7\.3/7.4/g' /etc/php/7.4/fpm/pool.d/*
    • systemctl restart php7.4-fpm.service
    • run common web playbook playbooks/tenants/duckcorp/web.yml with -t web-common
  • run the playbooks/common.yml playbook

It is critical that the common playbook is run successfully before rebooting. Especially /etc/grub.d/10_linux must contain the --unrestricted option and the GRUB config must be regenerated or the server will block at the GRUB screen waiting for a login.

Updated by Marc Dequènes 4 days ago · 7 revisions