Merge pull request 'Updates base OS to Debian 12 (bookworm)' (#176) from feature/update-base-os-to-debian-12 into main
Reviewed-on: #176
This commit is contained in:
commit
713266308b
8 changed files with 47 additions and 14 deletions
|
@ -1,7 +1,7 @@
|
|||
[defaults]
|
||||
inventory =./inventory
|
||||
module_defaults = !hardware
|
||||
interpreter_python = /usr/bin/python3.9
|
||||
interpreter_python = /usr/bin/python3.11
|
||||
|
||||
[inventory]
|
||||
# Ignore `*.example` files
|
||||
|
|
21
doc/upgrade-debian-11-to-12.md
Normal file
21
doc/upgrade-debian-11-to-12.md
Normal file
|
@ -0,0 +1,21 @@
|
|||
# Upgrade Debian 11 to 12
|
||||
|
||||
The upgrade of the underlying OS gets carried out manually (i.e., without the help of Terraform or Ansible).
|
||||
|
||||
## Steps
|
||||
|
||||
- Create a backup of the whole system, e.g., using the Hetzner cloud backup mechanism.
|
||||
- Change all apt repositories in `/etc/apt/sources.list` and `/etc/apt/sources.list.d/*` from `bullseye` to `bookworm`.
|
||||
- `non-free` was changed to `non-free-firmware`.
|
||||
- `$ apt update`
|
||||
- `$ apt full-upgrade`
|
||||
- If the systems asks to configure `iperf3` as automatic service startup, select `no`.
|
||||
- If the systems asks to restart services without manual interaction, select `yes`.
|
||||
- If the systems asks to decide on how to handle updated config files in `/etc/*`, choose `N` (= keep your currently-installed version).
|
||||
- `$ apt autoremove` to clean up old packages.
|
||||
- Reboot.
|
||||
- (Obviously) Check if all services are up and running correctly.
|
||||
- Adapt the Terraform configuration, i.e., change the base image of the system from `debian-11` to `debian-12`.
|
||||
- Be careful when re-running Terraform because it usually wants to recreate the whole system. This can be ommitted by configuring the respective Terraform resource to ignore this specific attribute when considering rebuilding.
|
||||
- Adapt the Ansible confguration.
|
||||
- Adapt all necessary information in Ansible roles, e.g., it is necessary to update `bullseye` to `bookworm` in apt repositories.
|
8
main.tf
8
main.tf
|
@ -4,7 +4,7 @@
|
|||
|
||||
resource "hcloud_server" "production" {
|
||||
name = "production"
|
||||
image = "debian-11"
|
||||
image = "debian-12"
|
||||
server_type = "cpx21"
|
||||
location = "nbg1"
|
||||
ssh_keys = ["${data.hcloud_ssh_key.ssh_key.id}"]
|
||||
|
@ -16,6 +16,12 @@ resource "hcloud_server" "production" {
|
|||
delete_protection = true
|
||||
rebuild_protection = true
|
||||
firewall_ids = [hcloud_firewall.forgejo-fw.id]
|
||||
# Ignore image changes to prevent re-creation of the whole server
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
image,
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
# Set RDNS entry of production server IPv4
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
roles:
|
||||
- name: geerlingguy.pip
|
||||
# - name: geerlingguy.pip
|
||||
- name: geerlingguy.node_exporter
|
||||
|
|
|
@ -8,10 +8,10 @@
|
|||
pkg:
|
||||
- python3-docker
|
||||
- python3-pip
|
||||
- name: Install docker dependencies via pip
|
||||
ansible.builtin.include_role:
|
||||
name: geerlingguy.pip
|
||||
vars:
|
||||
pip_install_packages:
|
||||
- name: docker
|
||||
- name: docker-compose
|
||||
# - name: Install docker dependencies via pip
|
||||
# ansible.builtin.include_role:
|
||||
# name: geerlingguy.pip
|
||||
# vars:
|
||||
# pip_install_packages:
|
||||
# - name: docker
|
||||
# - name: docker-compose
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
- name: Add apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable"
|
||||
repo: "deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable"
|
||||
state: present
|
||||
|
||||
- name: Install Docker packages
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
- name: Add apt repository
|
||||
- name: Remove (old) apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [arch=amd64] https://deb.volian.org/volian/ scar main"
|
||||
state: present
|
||||
state: absent
|
||||
|
||||
- name: Install nala
|
||||
ansible.builtin.apt:
|
||||
|
|
|
@ -22,7 +22,7 @@ resource "hcloud_primary_ip" "staging-ipv6" {
|
|||
|
||||
resource "hcloud_server" "staging" {
|
||||
name = "staging"
|
||||
image = "debian-11"
|
||||
image = "debian-12"
|
||||
server_type = "cx11"
|
||||
location = "nbg1"
|
||||
ssh_keys = ["${data.hcloud_ssh_key.ssh_key.id}"]
|
||||
|
@ -36,6 +36,12 @@ resource "hcloud_server" "staging" {
|
|||
ipv6 = hcloud_primary_ip.staging-ipv6.id
|
||||
}
|
||||
firewall_ids = [hcloud_firewall.forgejo-fw.id]
|
||||
# Ignore image changes to prevent re-creation of the whole server
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
image,
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
# Set RDNS entry of staging server IPv4
|
||||
|
|
Loading…
Reference in a new issue