OS Upgrade » History » Version 11
Marc Dequènes, 2021-10-21 07:44
1 | 1 | Marc Dequènes | h1. OS Upgrade |
---|---|---|---|
2 | |||
3 | This is a list of steps as guidelines for OS upgrades. |
||
4 | |||
5 | * create a temporary _group_vars/<new-suite>/system.yml_ in a git branch: |
||
6 | |||
7 | <pre> |
||
8 | --- |
||
9 | system: |
||
10 | distribution: |
||
11 | debian: |
||
12 | codename: bullseye |
||
13 | dc: |
||
14 | codename: bullseye |
||
15 | |||
16 | </pre> |
||
17 | |||
18 | 3 | Marc Dequènes | * (I often choose Elwing first) ansible-playbook --diff -l Elwing -t apt playbooks/common.yml | tee /tmp/dc.log |
19 | 1 | Marc Dequènes | * apt upgrade |
20 | 11 | Marc Dequènes | * apt full-upgrade (check if removed packages are problematic) |
21 | 9 | Marc Dequènes | ** accept new version of: |
22 | *** /etc/services and copy-paste content of _local services_ from _/etc/services.dpkg-old_ to avoid having to redeploy all services |
||
23 | *** /etc/grub.d/10_linux but see warning below |
||
24 | *** /etc/ssh/ssh_config (we use ssh_config.d in Ansible now) BUT NOT sshd_config! |
||
25 | 1 | Marc Dequènes | ** do not accept new versions for: |
26 | *** /etc/smartd.conf |
||
27 | *** /etc/snmp/snmp.conf |
||
28 | *** /etc/oidentd.conf |
||
29 | *** /etc/sudoers |
||
30 | *** /etc/rsyslog.conf |
||
31 | 2 | Marc Dequènes | *** /etc/apt-cacher-ng/acng.conf |
32 | *** /etc/zabbix/* |
||
33 | 7 | Marc Dequènes | *** /etc/logrotate.d/* |
34 | 1 | Marc Dequènes | ** check the diff manually for other files |
35 | 3 | Marc Dequènes | * if PHP FPM: (to avoid having to redeploy all vhosts) (example for PHP 7.3->7.4) |
36 | ** rm /etc/php/7.4/fpm/pool.d/www.conf |
||
37 | ** cp /etc/php/7.3/fpm/pool.d/* /etc/php/7.4/fpm/pool.d/ |
||
38 | ** sed -i 's/7\.3/7.4/g' /etc/php/7.4/fpm/pool.d/* |
||
39 | 4 | Marc Dequènes | ** systemctl restart php7.4-fpm.service |
40 | 6 | Marc Dequènes | ** run common web playbook _playbooks/tenants/duckcorp/web.yml_ with _-t web-common_ |
41 | 10 | Marc Dequènes | * apt purge libpython2.7-minimal |
42 | * run the _playbooks/common.yml_ playbook with _--skip-tags monitoring_ (until a recent zabbix-cli is packaged) |
||
43 | 7 | Marc Dequènes | |
44 | It is critical that the common playbook is run successfully before rebooting. Especially _/etc/grub.d/10_linux_ must contain the _--unrestricted_ option and the GRUB config must be regenerated or the server will block at the GRUB screen waiting for a login. |