TZMC server upgrade

Our tzmc1 server which hosts the forum and Jitsi runs on Debian. Recently Debian 11 was released. I’m never too eager to upgrade on day 1, I usually wait until the point release. To be clear, I’ll wait for Debian 11.1. Although much care is taken into these releases, not all issues are exposed until a wider audience starts using it. That’s why I’ll wait for Debian 11.1.

The following steps will need to be taken to make this upgrade as smooth as possible.

Run the Ansible playbooks in Ansible Molecule with the Debian 11 image. This will expose any issues with the Ansible playbook that have changed in Debian 11. I’ll add my fixes for Debian 11 in a different branch on our GitLab. This branch will be called “bullseye”, which is the release codename of Debian 11.
Prepare a new VM in the cloud to provision the tzmc1 server with the latest playbook and initiate the VM on there for Jitsi and Discourse (the forum). This VM will then get as a DNS label.
Restore a backup into the new Discourse (forum) instance and check functionality.
Set the TTL of the forum and forum-dev DNS records to 1 minute. And wait for 24 hours to make sure this change has propagated.
If all works fine, put the in read-only. Create one final backup. Restore it on forum-dev, check functionality, and then switch the DNS over from forum-dev to forum and vice versa.
After one week, the old VM can be removed.
Merge the Ansible “bullseye” git branch into the main one.

1 Like

Ansible Molecule is now happy with Debian 11.

PLAY RECAP ***********************************************************************************************************************************************************************************************************************************************************************
tzmc1                      : ok=70   changed=0    unreachable=0    failed=0    skipped=8    rescued=0    ignored=0

INFO     Idempotence completed successfully.
1 Like

Debian 11.1 has been released. Debian 10 will still be supported for a few years. Since the forum’s future will be evaluated around the end of this year, I won’t upgrade untill that uncertainty is cleared up. Such an upgrade is only really needed to support the forum for the next 5 years. Which may not be needed considering the use and popularity of the forum. Resources (time, money, energy) may be put to better use.

For now I’ll mark this one as solved and let it auto-close. When needed I’ll reopen this topic.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

The Jitsi container moved to Debian Bullseye recently. rkhunter didn’t like that and now alerts of a process that uses suspicious files. This is triggered because it sees libraries being used that do not exist. Which makes sense, because they only exist inside the Jitsi container. rkhunter doesn’t seem to work well with containers (yet). But upgrading the container host to Bullseye as well would fix this, since then that path would exist.

The forum will be upgraded on December 23rd with downtime. The fancy plan I had before that had 0 downtime is not worth the money. For that plan I would need to buy the resources of a VM for a month (cannot be just a few days). Since the popularity of this forum isn’t exploding any time soon, I think it’s fine to just have downtime instead.

apt full-upgrade done with the bullseye repos. All seems fine with Ansible as well. I’ll run it like this for a few days, but will do a full clean installation on the 23rd. That gives me a bit more faith for the future.

Full reinstall is complete and all Ansible and documentation changes have been merged with the main branch on GitLab. Maintenance completed within the announced time frame. Happy holidays! :christmas_tree:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.