Upgrade to BOA-2.2.5

[chris]

Note this ticket was opened to upgrade to BOA-2.2.4 but when the upgrade was done BOA-2.2.5 was out so BOA-2.2.4 was skipped

From the Changelog at ​http://bit.ly/newboa

### Stable BOA-2.2.4 Release - Full Edition
### Date: Wed Apr 30 17:03:36 PDT 2014
### Includes Aegir 2.x-boa-custom version.

# Release Notes:

  This release includes several bug fixes along with five updated platforms,
  plus some hot-fixes applied to previous stable after its release. We have
  also added a fix for known problem is recent Drupal 7.27 [#2245331] hence
  the change from Drupal 7.27.1 to 7.27.2 in all D7 platforms.

# Important - Read This First! (for self-hosted BOA only)

  If you haven't run full barracuda+octopus upgrade to latest BOA Stable
  Edition yet, don't use any partial upgrade modes explained in docs/UPGRADE.txt
  Once new BOA Stable is released, you must run *full* upgrades with commands:

  $ barracuda up-stable
  $ octopus up-stable all both

  For silent, logged mode with e-mail message sent once the upgrade is
  complete, but no progress is displayed in the terminal window, you can run
  alternatively, starting with screen session to avoid incomplete upgrade
  if your SSH session will be closed for any reason before the upgrade
  will complete:

  $ screen
  $ barracuda up-stable log
  $ octopus up-stable all both log

  Note that the silent, non-interactive mode will automatically say Y/Yes
  to all prompts and is thus useful to run auto-upgrades scheduled in cron.

  If you have skipped some recent BOA releases, and you have new default config
  option: _PERMISSIONS_FIX=NO in your /root/.barracuda.cnf configuration file,
  plus, you are not sure if you follow best practices for managing permissions
  as recommended in our docs: https://omega8.cc/node/116 then we recommend
  that you change it to _PERMISSIONS_FIX=YES temporarily, or even permanently
  if your VPS is fast enough, and then run this powerful script as root:

  $ bash /var/xdrago/daily.sh

  Note that BOA 'legacy' mode is still at version 2.1.3

# Updated Octopus platforms:

  ### Drupal 7.27.2

  Commerce 1.25 ---------------- https://drupal.org/project/commerce_kickstart
  Commerce 2.14 ---------------- https://drupal.org/project/commerce_kickstart
  Commons 3.11 ----------------- https://drupal.org/project/commons
  Panopoly 1.5 ----------------- https://drupal.org/project/panopoly

  ### Pressflow 6.31.1

  Commons 2.17 ----------------- https://drupal.org/project/commons

  Note: Always read and follow upgrade procedure if explained in the distro
  release notes, like for Panopoly 1.5 at https://drupal.org/node/2255133

# New o_contrib modules:

  * print-6.x-1.19 (includes patch to auto-detect /usr/bin/wkhtmltopdf)
  * print-7.x-2.0  (includes patch to auto-detect /usr/bin/wkhtmltopdf)

# New features and enhancements in this release:

  * Support for session.gc_maxlifetime configurable via INI files.

  You can control session garbage collector (EOL) per site and per platform.
  The value (in seconds) of the session_gc_eol variable is used as
  session.gc_maxlifetime value and specifies the number of seconds after which
  data will be seen as 'garbage' and potentially cleaned up, resulting with
  $_SESSION variable discarded and affected authenticated users logged out.

  BOA default defined in the system level global.inc file is 86400 == 24h.

# Changes in this release:

  * Drush: Upgrade command line version 6 to mini-6-26-04-2014
  * Nginx: Use higher defaults for limit_conn to avoid error 503 (CloudFlare)
  * Nginx: Use more aggressive limits against spambots trying to rgstr accounts.
  * Redis: Integration module (the modern variant) upgrade to 7.x-2.x-o8-2.6-B

# System upgrades in this release:

  * Nginx 1.7.0
  * PHP 5.5.12
  * Redis 2.8.9

# Fixes in this release:

  * Add symlinks in the home directory if missing (every 5 minutes).
  * Add warning that Compass Tools install and upgrade may take a LONG time.
  * Always define _PHP_CN variable properly.
  * Do not delete symlinks to wrappers to avoid false LFD alarms.
  * Fix for 'Force backward compatible SERVER_SOFTWARE'.
  * Fix in websh for _IN_PATH logic to not break backend Drush tasks.
  * Fix the logic for wrappers update and symlinks.
  * Force MariaDB 5.5 re-install if installed version doesn't match latest.
  * Improve status messages to display when silent mode is used on upgrade.
  * Improve whitelisting in the websh wrapper.
  * Issue #2238805 - Command filtering - no word containing *drush* is allowed.
  * Issue #2241495 - wkhtmltopdf stopped working after upgrade.
  * Issue #2247997 - Update docs/REMOTE.txt with workaround for websh issue.
  * Issue #2250397 - Always follow (limited) redirects in cURL requests.
  * Issue #GH-304  - [rvm] use $_RUBY_VERSION as default.
  * Issue #GH-305  - Check disk usage before running install/upgrade.
  * Issue #GH-306  - Allow ruby 1.8 to remain installed.
  * Nginx: Allow to configure keywords for aggressive requests rate monitoring.
  * Nginx: Sync FastCGI timeouts with other Nginx and PHP-FPM defaults.
  * PHP: Add /opt/local/bin/php tmp symlink on barracuda/octopus upgrade.
  * PHP: Allow to set custom _PHP_FPM_TIMEOUT but not lower than 60 (in seconds)
  * PHP: Always respect _PHP_FPM_WORKERS variable if set to numeric value > 0
  * PHP: Better defaults for realpath_cache_ttl and realpath_cache_size.
  * PHP: Fix for CVE-2014-0185 privilege escalation in FPM (doesn't affect BOA)
  * PHP: pm.max_children was not properly updated on FPM version self-switch.
  * PHP: Sync incorrect default_socket_timeout with max_execution_time (180s).
  * PHP: Use 30s for pm.process_idle_timeout - it prevents too high RAM usage.
  * PHP: Variable _PROCESS_MAX_FPM is not used on the Satellite Instance level.
  * Postfix: Force re-install if broken permisions detected on upgrade.
  * Prevent duplicate cron invocations with more strict delays.
  * Shell: Proper fix for wildcard in the path (cd command only)
  * Standardize install and upgrade for Chive, SQL Buddy and CGP.
  * Sync Redis timeout with default FPM timeout (180s).
  * Sync SQL connect_timeout with default mysql.connect_timeout in PHP (60s).
  * Update the logic for multi-version PHP support in BOND.
  * Update the logic for multi-version PHP support in docs/REMOTE.txt

[chris]

Replying to chris:

# System upgrades in this release:

• Nginx 1.7.0
• PHP 5.5.12
• Redis 2.8.9

The Nginx update isn't a security update, from ​http://nginx.org/en/CHANGES

Changes with nginx 1.7.0 24 Apr 2014

• Feature: backend SSL certificate verification.
• Feature: support for SNI while working with SSL backends.
• Feature: the $ssl_server_name variable.
• Feature: the "if" parameter of the "access_log" directive.

PHP 5.5.12 is a security update, from ​http://www.php.net/#id2014-04-30-1

The PHP Development Team announces the immediate availability of PHP 5.5.12. This release fixes several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM.

All PHP users are encouraged to upgrade to this new version.

Full PHP changelog here: ​http://www.php.net/ChangeLog-5.php#5.5.12

However the site is using PHP 5.3.28, see ​https://www.transitionnetwork.org/admin/reports/status/php which is the latest in that series, ​http://www.php.net/ChangeLog-5.php#5.3.28 however I don't know which PHP version other things like Chive and the Atrium interface are using?

Redis 2.8.9, from the changelog, ​https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES

--[ Redis 2.8.9 ] Release date: 22 Apr 2014

# UPGRADE URGENCY: LOW, only new features introduced, no bugs fixed.

* [NEW] The HyperLogLog data structure. You can read more about it
        in this blog post. http://antirez.com/news/75
* [NEW] The Sorted Set data type has now support for lexicographic range
        queries, check the new commands ZRANGEBYLEX, ZLEXCOUNT and
        ZREMRANGEBYLEX, which are documented at http://redis.io.

So no urgent need to run this BOA update from the point of view of php, nginx or redis.

I have closed the last ticket, ticket:721 and carried these tasks forwards:

utstanding issue of the documentation on the wiki page being out of date, specifically these sections:

• wiki:PuffinServer#LoadSpikes
• wiki:PuffinServer#php-fpmconfigchange
• wiki:PuffinServer#mysqlconfigchanges
• wiki:PuffinServer#xdragoshellscriptchanges

I have also updated the list of BOA tickets, wiki:PuffinServer#Upgradetickets

Does anyone know if any of the fixes in the ticket description above are relevent to us?

But I note:

Once new BOA Stable is released, you must run *full* upgrades

So perhaps this should be done tonight...

[chris]

Running the upgrade, following the notes at wiki:PuffinServer#UpgradingBOA:

sudo -i
screen
cd
wget -q -U iCab http://files.aegir.cc/BOA.sh.txt
bash BOA.sh.txt

  BOA Meta Installer setup completed
  Please check INSTALL.txt and UPGRADE.txt at http://bit.ly/boa-docs for how-to
  Bye


Barracuda [Thu May  8 22:14:07 BST 2014] ==> BOA Skynet welcomes you aboard!

Barracuda [Thu May  8 22:14:12 BST 2014] ==> INFO: UPGRADE
Barracuda [Thu May  8 22:14:12 BST 2014] ==> INFO: Reading your /root/.barracuda.cnf config file
Barracuda [Thu May  8 22:14:13 BST 2014] ==> NOTE! Please review all config options displayed below
Barracuda [Thu May  8 22:14:13 BST 2014] ==> NOTE! It will *override* all settings in the Barracuda script
Barracuda [Thu May  8 22:14:13 BST 2014] ==> Legacy PHP-CLI 5.2 is not used on this system
Barracuda [Thu May  8 22:14:13 BST 2014] ==> Legacy PHP-FPM 5.2 is not used on this system

###
### Configuration created on 121215-1545
### with Barracuda version BOA-2.0.4
###
### NOTE: the group of settings displayed bellow will *not* be overriden
### on upgrade by the Barracuda script nor by this configuration file.
### They can be defined only on initial Barracuda install.
###
_HTTP_WILDCARD=YES
_MY_OWNIP="81.95.52.103"
#_MY_OWNIP=""
_MY_HOSTN="puffin.webarch.net"
#_MY_HOSTN=""
_MY_FRONT="master.puffin.webarch.net"
_THIS_DB_HOST=localhost
#_THIS_DB_HOST=FQDN
_SMTP_RELAY_TEST=YES
_SMTP_RELAY_HOST=""
_LOCAL_NETWORK_IP=""
_LOCAL_NETWORK_HN=""
###
### NOTE: the group of settings displayed bellow
### will *override* all listed settings in the Barracuda script,
### both on initial install and upgrade.
###
_MY_EMAIL="chris@webarchitects.co.uk"
_XTRAS_LIST="PDS CSF CHV"
_AUTOPILOT=NO
_DEBUG_MODE=NO
_DB_SERVER=MariaDB
_SSH_PORT=22
_LOCAL_DEBIAN_MIRROR="ftp.debian.org"
_LOCAL_UBUNTU_MIRROR="archive.ubuntu.com"
_FORCE_GIT_MIRROR=""
_DNS_SETUP_TEST=YES
_NGINX_EXTRA_CONF=""
_NGINX_WORKERS=AUTO
_PHP_FPM_WORKERS=AUTO
_PHP_FPM_VERSION=5.3
_PHP_CLI_VERSION=5.3
_CUSTOM_CONFIG_CSF=YES
_CUSTOM_CONFIG_SQL=NO
#_CUSTOM_CONFIG_SQL=YES
_CUSTOM_CONFIG_REDIS=NO
_CUSTOM_CONFIG_PHP_5_2=NO
_CUSTOM_CONFIG_PHP_5_3=NO
#_CUSTOM_CONFIG_PHP_5_3=YES
_SPEED_VALID_MAX=3600
_NGINX_DOS_LIMIT=300
#_SYSTEM_UPGRADE_ONLY=YES
_SYSTEM_UPGRADE_ONLY=NO
_NEWRELIC_KEY=
_USE_STOCK=NO
###
### Configuration created on 121215-1545
### with Barracuda version BOA-2.0.4
###
_EXTRA_PACKAGES=
_PHP_EXTRA_CONF=""
_STRONG_PASSWORDS=YES
_DB_BINARY_LOG=NO
_DB_ENGINE=InnoDB
_NGINX_LDAP=NO
_PHP_GEOS=NO
_PHP_MONGODB=NO
_AEGIR_UPGRADE_ONLY=NO
### Squeeze to Wheezy upgrade config
### See /trac/ticket/535
#_SQUEEZE_TO_WHEEZY=YES
_SQUEEZE_TO_WHEEZY=NO
_NGINX_FORWARD_SECRECY=YES
_NGINX_SPDY=YES
_NGINX_NAXSI=NO
_PERMISSIONS_FIX=YES
_MODULES_FIX=YES
_MODULES_SKIP=""
_SSL_FROM_SOURCES=NO
_SSH_FROM_SOURCES=NO
_RESERVED_RAM=0
_PHP_MULTI_INSTALL="5.3"
_CUSTOM_CONFIG_LSHELL=NO
_CUSTOM_CONFIG_PHP55=NO
_CUSTOM_CONFIG_PHP54=NO
_CUSTOM_CONFIG_PHP53=NO
_CUSTOM_CONFIG_PHP52=NO
_CPU_SPIDER_RATIO=3
_CPU_MAX_RATIO=6
_CPU_CRIT_RATIO=9
_PHP_FPM_DENY=""
_REDIS_LISTEN_MODE=PORT
_STRICT_BIN_PERMISSIONS=NO
_DB_SERIES=5.5

Do you want to proceed with the upgrade? [Y/n] Y

Barracuda [Thu May  8 22:15:10 BST 2014] ==> INFO: Checking your system version...
 
Barracuda [Thu May  8 22:15:11 BST 2014] ==> Aegir on Debian/wheezy - Skynet Agent v.BOA-2.2.5
 
Barracuda [Thu May  8 22:15:11 BST 2014] ==> INFO: Updating packages sources list...
Barracuda [Thu May  8 22:15:11 BST 2014] ==> INFO: We will use Debian mirror ftp.debian.org
Barracuda [Thu May  8 22:15:21 BST 2014] ==> INFO: Downloading little helpers...
Barracuda [Thu May  8 22:15:23 BST 2014] ==> INFO: Checking BARRACUDA version...
Barracuda [Thu May  8 22:15:23 BST 2014] ==> INFO: BARRACUDA version test: OK
 
Barracuda [Thu May  8 22:15:23 BST 2014] ==> UPGRADE START -> checkpoint: 

  * Your e-mail address appears to be chris@webarchitects.co.uk - is that correct?
  * Your server hostname is puffin.webarch.net.
  * Your Aegir control panel is/will be available at https://master.puffin.webarch.net.

 
Do you want to proceed with the upgrade? [Y/n] Y

Barracuda [Thu May  8 22:15:33 BST 2014] ==> INFO: Cleaning up temp files in /var/opt/
Barracuda [Thu May  8 22:15:33 BST 2014] ==> INFO: Installing extra Drush versions
Barracuda [Thu May  8 22:15:33 BST 2014] ==> INFO: Drush mini-4-14-03-2014 installation complete
Barracuda [Thu May  8 22:15:33 BST 2014] ==> INFO: Drush mini-6-26-04-2014 installation complete
Barracuda [Thu May  8 22:15:35 BST 2014] ==> INFO: Running aptitude update...
Barracuda [Thu May  8 22:16:27 BST 2014] ==> INFO: Upgrading required libraries and tools
Barracuda [Thu May  8 22:16:27 BST 2014] ==> NOTE! This step may take a few minutes, please wait...
Barracuda [Thu May  8 22:17:17 BST 2014] ==> INFO: Testing Nginx version...
Barracuda [Thu May  8 22:17:17 BST 2014] ==> INFO: Installed Nginx version nginx/1.5.13, upgrade required
Barracuda [Thu May  8 22:17:18 BST 2014] ==> INFO: Upgrading Nginx...
Barracuda [Thu May  8 22:18:33 BST 2014] ==> INFO: Running aptitude full-upgrade, please wait...
Barracuda [Thu May  8 22:19:03 BST 2014] ==> INFO: Testing Nginx version...
Barracuda [Thu May  8 22:19:03 BST 2014] ==> INFO: Installed Nginx version nginx/1.7.0, OK
Barracuda [Thu May  8 22:19:03 BST 2014] ==> INFO: Installing MySecureShell 1.32...
Barracuda [Thu May  8 22:19:29 BST 2014] ==> INFO: Checking SMTP connections...
Barracuda [Thu May  8 22:19:29 BST 2014] ==> INFO: Upgrading a few more tools...
Barracuda [Thu May  8 22:19:33 BST 2014] ==> INFO: Checking if PHP upgrade is available
Barracuda [Thu May  8 22:19:41 BST 2014] ==> INFO: PHP EXTRA is --with-ldap --with-gmp --with-xpm-dir=/usr
Barracuda [Thu May  8 22:19:41 BST 2014] ==> INFO: Installed PHP version 5.3.28, OK
Barracuda [Thu May  8 22:19:41 BST 2014] ==> INFO: Installed Redis version 2.8.8, upgrade required
Barracuda [Thu May  8 22:19:41 BST 2014] ==> INFO: Installing Redis update for Debian/wheezy...
Barracuda [Thu May  8 22:20:52 BST 2014] ==> INFO: Generating random password for Redis server
Barracuda [Thu May  8 22:20:53 BST 2014] ==> INFO: Updating MariaDB and PHP configuration
Barracuda [Thu May  8 22:20:54 BST 2014] ==> INFO: Running MySQLTuner check on all databases...
Barracuda [Thu May  8 22:20:54 BST 2014] ==> NOTE! This step may take a LONG time, please wait...
Barracuda [Thu May  8 22:21:32 BST 2014] ==> INFO: OS and services upgrade completed
 
Barracuda [Thu May  8 22:21:32 BST 2014] ==> INFO: Restarting MariaDB server, please wait...
Barracuda [Thu May  8 22:21:48 BST 2014] ==> INFO: Upgrading MariaDB tables if necessary, please wait a minute...
 
Do you want to upgrade Aegir Master Instance? [Y/n]  Y
Barracuda [Thu May  8 22:23:38 BST 2014] ==> INFO: Running Aegir Master Instance upgrade
Barracuda [Thu May  8 22:23:40 BST 2014] ==> INFO: Syncing provision backend db_passwd...
Barracuda [Thu May  8 22:23:38 BST 2014] ==> INFO: Running Aegir Master Instance upgrade
Barracuda [Thu May  8 22:23:40 BST 2014] ==> INFO: Syncing provision backend db_passwd...
Barracuda [Thu May  8 22:23:43 BST 2014] ==> INFO: Running hosting-dispatch (1/3)...
Barracuda [Thu May  8 22:23:57 BST 2014] ==> INFO: Running hosting-dispatch (2/3)...
Barracuda [Thu May  8 22:24:05 BST 2014] ==> INFO: Running hosting-dispatch (3/3)...
Barracuda [Thu May  8 22:24:06 BST 2014] ==> INFO: Syncing hostmaster frontend db_passwd...
Barracuda [Thu May  8 22:24:06 BST 2014] ==> INFO: Testing previous install...
Barracuda [Thu May  8 22:24:06 BST 2014] ==> INFO: Test OK, we can proceed with Hostmaster upgrade
Barracuda [Thu May  8 22:24:06 BST 2014] ==> INFO: Moving old directories
Barracuda [Thu May  8 22:24:06 BST 2014] ==> INFO: Downloading drush...
Barracuda [Thu May  8 22:24:07 BST 2014] ==> INFO: Drush seems to be functioning properly
Barracuda [Thu May  8 22:24:07 BST 2014] ==> INFO: Installing provision backend in /var/aegir/.drush
Barracuda [Thu May  8 22:24:07 BST 2014] ==> INFO: Downloading Drush and Provision extensions...
Barracuda [Thu May  8 22:24:08 BST 2014] ==> INFO: Running hostmaster-migrate, please wait...
Barracuda [Thu May  8 22:24:47 BST 2014] ==> INFO: Syncing hostmaster frontend db_passwd...
Barracuda [Thu May  8 22:25:32 BST 2014] ==> INFO: Aegir Master Instance upgrade completed
 
 
Do you want to install Chive MariaDB Manager? [Y/n] Y
Barracuda [Thu May  8 22:25:59 BST 2014] ==> INFO: Installing Chive MariaDB Manager...
Barracuda [Thu May  8 22:26:01 BST 2014] ==> INFO: Chive MariaDB Manager installation completed
Barracuda [Thu May  8 22:26:01 BST 2014] ==> INFO: _PHP_CN set to www53 for Chive MariaDB Manager
Barracuda [Thu May  8 22:26:07 BST 2014] ==> INFO: _PHP_CN set to www53 for Collectd Graph Panel
Barracuda [Thu May  8 22:26:11 BST 2014] ==> INFO: Restarting Redis, PHP-FPM and Nginx
Barracuda [Thu May  8 22:26:19 BST 2014] ==> INFO: Restarting MariaDB server

 
Barracuda [Thu May  8 22:26:29 BST 2014] ==> INFO: New secure random password for MariaDB generated and updated
Barracuda [Thu May  8 22:26:29 BST 2014] ==> INFO: New entry added to /var/log/barracuda_log.txt
Barracuda [Thu May  8 22:26:29 BST 2014] ==> INFO: Cleaning up system swap, it may take a moment, please wait...
 
Barracuda [Thu May  8 22:26:36 BST 2014] ==> CARD: Now charging your credit card for this auto-upgrade magic...
Barracuda [Thu May  8 22:26:42 BST 2014] ==> JOKE: Just kidding! Enjoy your Aegir Hosting System :)
 
Barracuda [Thu May  8 22:26:42 BST 2014] ==> Final post-upgrade cleaning, please wait a moment...
Barracuda [Thu May  8 22:33:55 BST 2014] ==> BYE!

BARRACUDA upgrade completed
Bye

The fix for Munin stats, wiki:PuffinServer#UpgradingBOA was applied and Nginx restarted.

The sites seems to be working fine, I'll check the Munin stats in a while.

[chris]

All the Munin stats are working and look fine, updating these sections of the docs is still outstanding:

• wiki:PuffinServer#LoadSpikes
• wiki:PuffinServer#php-fpmconfigchange
• wiki:PuffinServer#mysqlconfigchanges
• wiki:PuffinServer#xdragoshellscriptchanges

[chris]

Note that this upgrade changed the Redis password and it needed copying to the munin-node config file to get the stats to start generating again, see ticket:730

[chris]

Replying to chris:

All the Munin stats are working and look fine, updating these sections of the docs is still outstanding:

• wiki:PuffinServer#LoadSpikes

The above documentation has been archived to wiki:PuffinServerBoaLoadSpikes and the time spent on this has been recorded on ticket:670#comment:22.

• wiki:PuffinServer#php-fpmconfigchange
• wiki:PuffinServer#mysqlconfigchanges
• wiki:PuffinServer#xdragoshellscriptchanges

The above sections still need updating / archiving.

[chris]

Replying to chris:

Replying to chris:

• wiki:PuffinServer#php-fpmconfigchange
• wiki:PuffinServer#mysqlconfigchanges
• wiki:PuffinServer#xdragoshellscriptchanges

The above sections still need updating / archiving.

I have fully updated the wiki:PuffinServer documentation, so closing this ticket.