Project

General

Profile

OS Upgrade » History » Version 12

Marc Dequènes, 2021-10-21 08:01

1 1 Marc Dequènes
h1. OS Upgrade
2
3
This is a list of steps as guidelines for OS upgrades.
4
5
* create a temporary _group_vars/<new-suite>/system.yml_ in a git branch:
6
7
<pre>
8
---
9
system:
10
  distribution:
11
    debian:
12
      codename: bullseye
13
    dc:
14
      codename: bullseye
15
16
</pre>
17
18 3 Marc Dequènes
* (I often choose Elwing first) ansible-playbook --diff -l Elwing -t apt playbooks/common.yml | tee /tmp/dc.log
19 1 Marc Dequènes
* apt upgrade
20 11 Marc Dequènes
* apt full-upgrade (check if removed packages are problematic)
21 9 Marc Dequènes
** accept new version of:
22
*** /etc/services and copy-paste content of _local services_ from _/etc/services.dpkg-old_ to avoid having to redeploy all services
23
*** /etc/grub.d/10_linux but see warning below
24
*** /etc/ssh/ssh_config (we use ssh_config.d in Ansible now) BUT NOT sshd_config!
25 1 Marc Dequènes
** do not accept new versions for:
26
*** /etc/smartd.conf
27
*** /etc/snmp/snmp.conf
28
*** /etc/oidentd.conf
29
*** /etc/sudoers
30
*** /etc/rsyslog.conf
31 2 Marc Dequènes
*** /etc/apt-cacher-ng/acng.conf
32
*** /etc/zabbix/*
33 7 Marc Dequènes
*** /etc/logrotate.d/*
34 1 Marc Dequènes
** check the diff manually for other files
35 12 Marc Dequènes
** purge facts_cache/<host> before running Ansible to detect the new major version
36 3 Marc Dequènes
* if PHP FPM: (to avoid having to redeploy all vhosts) (example for PHP 7.3->7.4)
37
** rm /etc/php/7.4/fpm/pool.d/www.conf
38
** cp /etc/php/7.3/fpm/pool.d/* /etc/php/7.4/fpm/pool.d/
39
** sed -i 's/7\.3/7.4/g' /etc/php/7.4/fpm/pool.d/*
40 4 Marc Dequènes
** systemctl restart php7.4-fpm.service
41 6 Marc Dequènes
** run common web playbook _playbooks/tenants/duckcorp/web.yml_ with _-t web-common_
42 10 Marc Dequènes
* apt purge libpython2.7-minimal
43
* run the _playbooks/common.yml_ playbook with _--skip-tags monitoring_ (until a recent zabbix-cli is packaged)
44 7 Marc Dequènes
45
It is critical that the common playbook is run successfully before rebooting. Especially _/etc/grub.d/10_linux_ must contain the _--unrestricted_ option and the GRUB config must be regenerated or the server will block at the GRUB screen waiting for a login.