Compare commits
8 commits
691ca3bea0
...
713266308b
Author | SHA1 | Date | |
---|---|---|---|
713266308b | |||
dd685732c4 | |||
8deb93b2e6 | |||
cd7be31e2f | |||
83269343cf | |||
156825c169 | |||
8a9491e4d5 | |||
d4cd888b2c |
8 changed files with 47 additions and 14 deletions
|
@ -1,7 +1,7 @@
|
||||||
[defaults]
|
[defaults]
|
||||||
inventory =./inventory
|
inventory =./inventory
|
||||||
module_defaults = !hardware
|
module_defaults = !hardware
|
||||||
interpreter_python = /usr/bin/python3.9
|
interpreter_python = /usr/bin/python3.11
|
||||||
|
|
||||||
[inventory]
|
[inventory]
|
||||||
# Ignore `*.example` files
|
# Ignore `*.example` files
|
||||||
|
|
21
doc/upgrade-debian-11-to-12.md
Normal file
21
doc/upgrade-debian-11-to-12.md
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Upgrade Debian 11 to 12
|
||||||
|
|
||||||
|
The upgrade of the underlying OS gets carried out manually (i.e., without the help of Terraform or Ansible).
|
||||||
|
|
||||||
|
## Steps
|
||||||
|
|
||||||
|
- Create a backup of the whole system, e.g., using the Hetzner cloud backup mechanism.
|
||||||
|
- Change all apt repositories in `/etc/apt/sources.list` and `/etc/apt/sources.list.d/*` from `bullseye` to `bookworm`.
|
||||||
|
- `non-free` was changed to `non-free-firmware`.
|
||||||
|
- `$ apt update`
|
||||||
|
- `$ apt full-upgrade`
|
||||||
|
- If the systems asks to configure `iperf3` as automatic service startup, select `no`.
|
||||||
|
- If the systems asks to restart services without manual interaction, select `yes`.
|
||||||
|
- If the systems asks to decide on how to handle updated config files in `/etc/*`, choose `N` (= keep your currently-installed version).
|
||||||
|
- `$ apt autoremove` to clean up old packages.
|
||||||
|
- Reboot.
|
||||||
|
- (Obviously) Check if all services are up and running correctly.
|
||||||
|
- Adapt the Terraform configuration, i.e., change the base image of the system from `debian-11` to `debian-12`.
|
||||||
|
- Be careful when re-running Terraform because it usually wants to recreate the whole system. This can be ommitted by configuring the respective Terraform resource to ignore this specific attribute when considering rebuilding.
|
||||||
|
- Adapt the Ansible confguration.
|
||||||
|
- Adapt all necessary information in Ansible roles, e.g., it is necessary to update `bullseye` to `bookworm` in apt repositories.
|
8
main.tf
8
main.tf
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
resource "hcloud_server" "production" {
|
resource "hcloud_server" "production" {
|
||||||
name = "production"
|
name = "production"
|
||||||
image = "debian-11"
|
image = "debian-12"
|
||||||
server_type = "cpx21"
|
server_type = "cpx21"
|
||||||
location = "nbg1"
|
location = "nbg1"
|
||||||
ssh_keys = ["${data.hcloud_ssh_key.ssh_key.id}"]
|
ssh_keys = ["${data.hcloud_ssh_key.ssh_key.id}"]
|
||||||
|
@ -16,6 +16,12 @@ resource "hcloud_server" "production" {
|
||||||
delete_protection = true
|
delete_protection = true
|
||||||
rebuild_protection = true
|
rebuild_protection = true
|
||||||
firewall_ids = [hcloud_firewall.forgejo-fw.id]
|
firewall_ids = [hcloud_firewall.forgejo-fw.id]
|
||||||
|
# Ignore image changes to prevent re-creation of the whole server
|
||||||
|
lifecycle {
|
||||||
|
ignore_changes = [
|
||||||
|
image,
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set RDNS entry of production server IPv4
|
# Set RDNS entry of production server IPv4
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
roles:
|
roles:
|
||||||
- name: geerlingguy.pip
|
# - name: geerlingguy.pip
|
||||||
- name: geerlingguy.node_exporter
|
- name: geerlingguy.node_exporter
|
||||||
|
|
|
@ -8,10 +8,10 @@
|
||||||
pkg:
|
pkg:
|
||||||
- python3-docker
|
- python3-docker
|
||||||
- python3-pip
|
- python3-pip
|
||||||
- name: Install docker dependencies via pip
|
# - name: Install docker dependencies via pip
|
||||||
ansible.builtin.include_role:
|
# ansible.builtin.include_role:
|
||||||
name: geerlingguy.pip
|
# name: geerlingguy.pip
|
||||||
vars:
|
# vars:
|
||||||
pip_install_packages:
|
# pip_install_packages:
|
||||||
- name: docker
|
# - name: docker
|
||||||
- name: docker-compose
|
# - name: docker-compose
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
- name: Add apt repository
|
- name: Add apt repository
|
||||||
ansible.builtin.apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
repo: "deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable"
|
repo: "deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable"
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Install Docker packages
|
- name: Install Docker packages
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: Add apt repository
|
- name: Remove (old) apt repository
|
||||||
ansible.builtin.apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
repo: "deb [arch=amd64] https://deb.volian.org/volian/ scar main"
|
repo: "deb [arch=amd64] https://deb.volian.org/volian/ scar main"
|
||||||
state: present
|
state: absent
|
||||||
|
|
||||||
- name: Install nala
|
- name: Install nala
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
|
|
|
@ -22,7 +22,7 @@ resource "hcloud_primary_ip" "staging-ipv6" {
|
||||||
|
|
||||||
resource "hcloud_server" "staging" {
|
resource "hcloud_server" "staging" {
|
||||||
name = "staging"
|
name = "staging"
|
||||||
image = "debian-11"
|
image = "debian-12"
|
||||||
server_type = "cx11"
|
server_type = "cx11"
|
||||||
location = "nbg1"
|
location = "nbg1"
|
||||||
ssh_keys = ["${data.hcloud_ssh_key.ssh_key.id}"]
|
ssh_keys = ["${data.hcloud_ssh_key.ssh_key.id}"]
|
||||||
|
@ -36,6 +36,12 @@ resource "hcloud_server" "staging" {
|
||||||
ipv6 = hcloud_primary_ip.staging-ipv6.id
|
ipv6 = hcloud_primary_ip.staging-ipv6.id
|
||||||
}
|
}
|
||||||
firewall_ids = [hcloud_firewall.forgejo-fw.id]
|
firewall_ids = [hcloud_firewall.forgejo-fw.id]
|
||||||
|
# Ignore image changes to prevent re-creation of the whole server
|
||||||
|
lifecycle {
|
||||||
|
ignore_changes = [
|
||||||
|
image,
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set RDNS entry of staging server IPv4
|
# Set RDNS entry of staging server IPv4
|
||||||
|
|
Loading…
Reference in a new issue