OS Upgrade » History » Revision 14
Revision 13 (Marc Dequènes, 2021-10-21 08:32) → Revision 14/28 (Marc Dequènes, 2021-10-21 10:39)
h1. OS Upgrade
This is a list of steps as guidelines for OS upgrades.
* create a temporary _group_vars/<new-suite>/system.yml_ in a git branch:
<pre>
---
system:
distribution:
debian:
codename: bullseye
dc:
codename: bullseye
</pre>
* (I often choose Elwing first) ansible-playbook --diff -l Elwing -t apt playbooks/common.yml | tee /tmp/dc.log
* apt upgrade
* apt full-upgrade (check if removed packages are problematic)
** accept new version of:
*** /etc/services and copy-paste content of _local services_ from _/etc/services.dpkg-old_ to avoid having to redeploy all services
*** /etc/grub.d/10_linux but see warning below
*** /etc/ssh/ssh_config (we use ssh_config.d in Ansible now) BUT NOT sshd_config!
** do not accept new versions for:
*** /etc/smartd.conf
*** /etc/snmp/snmp.conf
*** /etc/oidentd.conf
*** /etc/sudoers
*** /etc/rsyslog.conf
*** /etc/apt-cacher-ng/acng.conf
*** /etc/zabbix/*
*** /etc/logrotate.d/*
** check the diff manually for other files
** purge facts_cache/<host> before running Ansible to detect the new major version
* if PHP FPM: (to avoid having to redeploy all vhosts) (example for PHP 7.3->7.4)
** rm /etc/php/7.4/fpm/pool.d/www.conf
** cp /etc/php/7.3/fpm/pool.d/* /etc/php/7.4/fpm/pool.d/
** sed -i 's/7\.3/7.4/g' /etc/php/7.4/fpm/pool.d/*
** systemctl restart php7.4-fpm.service
** sed -i 's/7\.3/7.4/g' /etc/apache2/sites-enabled/*.conf.d/php.conf
** systemctl restart apache2
** run common web playbook _playbooks/tenants/duckcorp/web.yml_ with _-t web-common_
* apt purge libpython2.7-minimal
* run the _playbooks/common.yml_ playbook with _--skip-tags monitoring_ (until a recent zabbix-cli is packaged)
* run the _playbooks/tenants/duckcorp/accounts.yml_ playbook
It is critical that the common playbook is run successfully before rebooting. Especially _/etc/grub.d/10_linux_ must contain the _--unrestricted_ option and the GRUB config must be regenerated or the server will block at the GRUB screen waiting for a login.
* reboot
* check failed services: systemctl --failed