Merge pull request 'Updates base OS to Debian 12 (bookworm)' (#176) from feature/update-base-os-to-debian-12 into main

Reviewed-on: #176
2024-07-21 11:59:36 +00:00 · 2024-07-21 11:59:36 +00:00 · 713266308b
commit 713266308b
parent 691ca3bea0 dd685732c4
8 changed files with 47 additions and 14 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,7 +1,7 @@
 [defaults]
 inventory =./inventory
 module_defaults = !hardware
-interpreter_python = /usr/bin/python3.9
+interpreter_python = /usr/bin/python3.11

 [inventory]
 # Ignore `*.example` files
--- a/doc/upgrade-debian-11-to-12.md
+++ b/doc/upgrade-debian-11-to-12.md
@ -0,0 +1,21 @@
+# Upgrade Debian 11 to 12
+
+The upgrade of the underlying OS gets carried out manually (i.e., without the help of Terraform or Ansible).
+
+## Steps
+
+- Create a backup of the whole system, e.g., using the Hetzner cloud backup mechanism.
+- Change all apt repositories in `/etc/apt/sources.list` and `/etc/apt/sources.list.d/*` from `bullseye` to `bookworm`.
+    - `non-free` was changed to `non-free-firmware`.
+- `$ apt update`
+- `$ apt full-upgrade`
+    - If the systems asks to configure `iperf3` as automatic service startup, select `no`.
+    - If the systems asks to restart services without manual interaction, select `yes`.
+    - If the systems asks to decide on how to handle updated config files in `/etc/*`, choose `N` (= keep your currently-installed version).
+- `$ apt autoremove` to clean up old packages.
+- Reboot.
+- (Obviously) Check if all services are up and running correctly.
+- Adapt the Terraform configuration, i.e., change the base image of the system from `debian-11` to `debian-12`.
+    - Be careful when re-running Terraform because it usually wants to recreate the whole system. This can be ommitted by configuring the respective Terraform resource to ignore this specific attribute when considering rebuilding.
+- Adapt the Ansible confguration.
+- Adapt all necessary information in Ansible roles, e.g., it is necessary to update `bullseye` to `bookworm` in apt repositories.
--- a/main.tf
+++ b/main.tf
@ -4,7 +4,7 @@

 resource "hcloud_server" "production" {
  name = "production"
-  image = "debian-11"
+  image = "debian-12"
  server_type = "cpx21"
  location = "nbg1"
  ssh_keys  = ["${data.hcloud_ssh_key.ssh_key.id}"]
@ -16,6 +16,12 @@ resource "hcloud_server" "production" {
  delete_protection = true
  rebuild_protection = true
  firewall_ids = [hcloud_firewall.forgejo-fw.id]
+  # Ignore image changes to prevent re-creation of the whole server
+  lifecycle {
+    ignore_changes = [
+      image,
+    ]
+  }
 }

 # Set RDNS entry of production server IPv4
--- a/requirements.yml
+++ b/requirements.yml
@ -1,4 +1,4 @@
 ---
 roles:
-  - name: geerlingguy.pip
+  # - name: geerlingguy.pip
  - name: geerlingguy.node_exporter
--- a/roles/ansible/tasks/main.yml
+++ b/roles/ansible/tasks/main.yml
@ -8,10 +8,10 @@
    pkg:
      - python3-docker
      - python3-pip
- name: Install docker dependencies via pip
-  ansible.builtin.include_role:
-    name: geerlingguy.pip
-  vars:
-    pip_install_packages:
-      - name: docker
-      - name: docker-compose
+# - name: Install docker dependencies via pip
+#   ansible.builtin.include_role:
+#     name: geerlingguy.pip
+#   vars:
+#     pip_install_packages:
+#       - name: docker
+#       - name: docker-compose
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -17,7 +17,7 @@

 - name: Add apt repository
  ansible.builtin.apt_repository:
-    repo: "deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable"
+    repo: "deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable"
    state: present

 - name: Install Docker packages
--- a/roles/nala/tasks/main.yml
+++ b/roles/nala/tasks/main.yml
@ -1,8 +1,8 @@
 ---
- name: Add apt repository
+- name: Remove (old) apt repository
  ansible.builtin.apt_repository:
    repo: "deb [arch=amd64] https://deb.volian.org/volian/ scar main"
-    state: present
+    state: absent

 - name: Install nala
  ansible.builtin.apt:
--- a/staging.tf
+++ b/staging.tf
@ -22,7 +22,7 @@ resource "hcloud_primary_ip" "staging-ipv6" {

 resource "hcloud_server" "staging" {
  name = "staging"
-  image = "debian-11"
+  image = "debian-12"
  server_type = "cx11"
  location = "nbg1"
  ssh_keys  = ["${data.hcloud_ssh_key.ssh_key.id}"]
@ -36,6 +36,12 @@ resource "hcloud_server" "staging" {
    ipv6 = hcloud_primary_ip.staging-ipv6.id
  }
  firewall_ids = [hcloud_firewall.forgejo-fw.id]
+  # Ignore image changes to prevent re-creation of the whole server
+  lifecycle {
+    ignore_changes = [
+      image,
+    ]
+  }
 }

 # Set RDNS entry of staging server IPv4