Ticket #760 (closed maintenance: fixed)
New BOA-2.2.7 Stable Edition
| Reported by: | chris | Owned by: | chris |
|---|---|---|---|
| Priority: | major | Milestone: | Maintenance |
| Component: | Live server | Keywords: | |
| Cc: | ed, ben, sam, paul, annesley | Estimated Number of Hours: | 0.0 |
| Add Hours to Ticket: | 0 | Billable?: | yes |
| Total Hours: | 0.5 |
Description
Email from wiki:PuffinServer:
There is new BOA-2.2.7 Stable Edition available.
Please review the changelog and upgrade as soon as possible
to receive all security updates and new features.
Changelog: http://bit.ly/newboa
The Changelog:
### Stable BOA-2.2.5 Release - Full Edition
### Date: Thu May 8 11:59:23 PDT 2014
### Includes Aegir 2.x-boa-custom version.
### Latest hotfix added on: Sat May 10 09:05:19 PDT 2014
# Release Notes:
This release includes no new features, but does include bug fixes plus latest
Drupal 7.28.1 and Pressflow 6.31.2 core in all built-in Octopus platforms.
There are also three updated distributions included, as listed below.
We also list here all hot-fixes applied to previous stable after its release.
# Important - Read This First! (for self-hosted BOA only)
If you haven't run full barracuda+octopus upgrade to latest BOA Stable
Edition yet, don't use any partial upgrade modes explained in docs/UPGRADE.txt
Once new BOA Stable is released, you must run *full* upgrades with commands:
$ barracuda up-stable
$ octopus up-stable all both
For silent, logged mode with e-mail message sent once the upgrade is
complete, but no progress is displayed in the terminal window, you can run
alternatively, starting with screen session to avoid incomplete upgrade
if your SSH session will be closed for any reason before the upgrade
will complete:
$ screen
$ barracuda up-stable log
$ octopus up-stable all both log
Note that the silent, non-interactive mode will automatically say Y/Yes
to all prompts and is thus useful to run auto-upgrades scheduled in cron.
If you have skipped some recent BOA releases, and you have new default config
option: _PERMISSIONS_FIX=NO in your /root/.barracuda.cnf configuration file,
plus, you are not sure if you follow best practices for managing permissions
as recommended in our docs: https://omega8.cc/node/116 then we recommend
that you change it to _PERMISSIONS_FIX=YES temporarily, or even permanently
if your VPS is fast enough, and then run this powerful script as root:
$ bash /var/xdrago/daily.sh
Note that BOA 'legacy' mode is still at version 2.1.3
# Updated Octopus platforms:
Commons 3.12 ----------------- https://drupal.org/project/commons
Open Atrium 2.18 ------------- https://drupal.org/project/openatrium
Open Outreach 1.6 ------------ https://drupal.org/project/openoutreach
# Changes in this release:
* Add rsyslog/sysklogd to auto-healing procedures.
* Make the aggressive scan_nginx mode optional and use old mode by default.
* Nginx: Add HiScan to blocked crawlers list.
* Nginx: Add Riddler to blocked crawlers list.
* PHP: Use pm.process_idle_timeout = 10s for speed and RAM optimization.
# System upgrades in this release:
* MySecureShell 1.33
* PHP 5.4.28
* PHP 5.5.12
# Fixes in this release:
* Always define _PHP_CN variable properly.
* Firewall: Sync CONNLIMIT for web ports with updated limit_conn in Nginx.
* Fix for _NGINX_DOS_LIMIT logical error in the scan_nginx template.
* Force Pure-FTPd server re-install if key files are missing for any reason.
* Issue #2237167 - Improve authorized IPs detection in all protected vhosts.
* Issue #2262935 - Modules dir must be group writable in custom platforms.
* Nginx: Do not overwrite custom symlinks to the Under Construction template.
* Nginx: Update limit_conn in all instances and vhosts on Barracuda upgrade.
* PHP: Delete pear in legacy paths, if still exists.
* PHP: Fix for CVE-2014-0185 privilege escalation in FPM (doesn't affect BOA)
* Postfix: Force re-install if broken permisions detected on upgrade.
* Pressflow 6: Fix #GH 84 by using drupal_page_is_cacheable().
* Pressflow 6: Merge pull request #GH 85 from pressflow/SA-CORE-2014-002-fix.
* Pressflow 6: Remove duplicate openid_update_6001().
* Revert "Force MariaDB 5.5 re-install".
* Set the TERM env variable if missing to avoid errors.
* Skip packages set on hold when running apticron.
* The ~/static/control must be writeable by lshell user to manage ctrl files.
* Add extra cron semaphore to prevent concurrent cron invocations via
multiple running runner.sh instances.
I can't see any issues that have an immediate impact on us, I'll do the upgrade late one evening.
Change History
comment:2 Changed 2 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.5
- Status changed from new to closed
- Resolution set to fixed
- Total Hours changed from 0.0 to 0.5
Things done and the results:
sudo -i screen cd wget -q -U iCab http://files.aegir.cc/BOA.sh.txt bash BOA.sh.txt BOA Meta Installer setup completed Please check INSTALL.txt and UPGRADE.txt at http://bit.ly/boa-docs for how-to Bye barracuda up-stable Barracuda [Sun Jul 20 20:09:50 BST 2014] ==> BOA Skynet welcomes you aboard! board! Barracuda [Sun Jul 20 20:09:54 BST 2014] ==> INFO: UPGRADE Barracuda [Sun Jul 20 20:09:54 BST 2014] ==> INFO: Reading your /root/.barracuda.cnf config file Barracuda [Sun Jul 20 20:09:55 BST 2014] ==> NOTE! Please review all config options displayed below Barracuda [Sun Jul 20 20:09:55 BST 2014] ==> NOTE! It will *override* all settings in the Barracuda script Barracuda [Sun Jul 20 20:09:55 BST 2014] ==> Legacy PHP-CLI 5.2 is not used on this system Barracuda [Sun Jul 20 20:09:55 BST 2014] ==> Legacy PHP-FPM 5.2 is not used on this system ### ### Configuration created on 121215-1545 ### with Barracuda version BOA-2.0.4 ### ### NOTE: the group of settings displayed bellow will *not* be overriden ### on upgrade by the Barracuda script nor by this configuration file. ### They can be defined only on initial Barracuda install. ### _HTTP_WILDCARD=YES _MY_OWNIP="81.95.52.103" #_MY_OWNIP="" _MY_HOSTN="puffin.webarch.net" #_MY_HOSTN="" _MY_FRONT="master.puffin.webarch.net" _THIS_DB_HOST=localhost #_THIS_DB_HOST=FQDN _SMTP_RELAY_TEST=YES _SMTP_RELAY_HOST="" _LOCAL_NETWORK_IP="" _LOCAL_NETWORK_HN="" ### ### NOTE: the group of settings displayed bellow ### will *override* all listed settings in the Barracuda script, ### both on initial install and upgrade. ### _MY_EMAIL="chris@webarchitects.co.uk" _XTRAS_LIST="PDS CSF CHV" _AUTOPILOT=NO _DEBUG_MODE=NO _DB_SERVER=MariaDB _SSH_PORT=22 _LOCAL_DEBIAN_MIRROR="ftp.debian.org" _LOCAL_UBUNTU_MIRROR="archive.ubuntu.com" _FORCE_GIT_MIRROR="" _DNS_SETUP_TEST=YES _NGINX_EXTRA_CONF="" _NGINX_WORKERS=AUTO _PHP_FPM_WORKERS=AUTO _PHP_FPM_VERSION=5.3 _PHP_CLI_VERSION=5.3 _CUSTOM_CONFIG_CSF=YES #_CUSTOM_CONFIG_SQL=NO _CUSTOM_CONFIG_SQL=YES _CUSTOM_CONFIG_REDIS=NO _CUSTOM_CONFIG_PHP_5_2=NO _CUSTOM_CONFIG_PHP_5_3=NO #_CUSTOM_CONFIG_PHP_5_3=YES _SPEED_VALID_MAX=3600 _NGINX_DOS_LIMIT=300 #_SYSTEM_UPGRADE_ONLY=YES _SYSTEM_UPGRADE_ONLY=NO _NEWRELIC_KEY= _USE_STOCK=NO ### ### Configuration created on 121215-1545 ### with Barracuda version BOA-2.0.4 ### _EXTRA_PACKAGES= _PHP_EXTRA_CONF="" _STRONG_PASSWORDS=YES _DB_BINARY_LOG=NO _DB_ENGINE=InnoDB _NGINX_LDAP=NO _PHP_GEOS=NO _PHP_MONGODB=NO _AEGIR_UPGRADE_ONLY=NO ### Squeeze to Wheezy upgrade config ### See /trac/ticket/535 #_SQUEEZE_TO_WHEEZY=YES _SQUEEZE_TO_WHEEZY=NO _NGINX_FORWARD_SECRECY=YES _NGINX_SPDY=YES _NGINX_NAXSI=NO _PERMISSIONS_FIX=YES _MODULES_FIX=YES _MODULES_SKIP="" _SSL_FROM_SOURCES=NO _SSH_FROM_SOURCES=NO _RESERVED_RAM=0 _PHP_MULTI_INSTALL="5.3" _CUSTOM_CONFIG_LSHELL=NO _CUSTOM_CONFIG_PHP55=NO _CUSTOM_CONFIG_PHP54=NO _CUSTOM_CONFIG_PHP53=NO _CUSTOM_CONFIG_PHP52=NO _CPU_SPIDER_RATIO=3 _CPU_MAX_RATIO=6 _CPU_CRIT_RATIO=9 _PHP_FPM_DENY="" _REDIS_LISTEN_MODE=PORT _STRICT_BIN_PERMISSIONS=NO _DB_SERIES=5.5 _SCOUT_KEY= _INNODB_LOG_FILE_SIZE=AUTO Do you want to proceed with the upgrade? [Y/n] y _INNODB_LOG_FILE_SIZE=AUTO Do you want to proceed with the upgrade? [Y/n] y Barracuda [Sun Jul 20 20:10:52 BST 2014] ==> INFO: Checking your system version... Barracuda [Sun Jul 20 20:10:53 BST 2014] ==> Aegir on Debian/wheezy - Skynet Agent v.BOA-2.2.7 Barracuda [Sun Jul 20 20:10:54 BST 2014] ==> INFO: Updating packages sources list... Barracuda [Sun Jul 20 20:10:54 BST 2014] ==> INFO: We will use Debian mirror ftp.debian.org Barracuda [Sun Jul 20 20:11:05 BST 2014] ==> INFO: Downloading little helpers... Barracuda [Sun Jul 20 20:11:06 BST 2014] ==> INFO: Checking BARRACUDA version... Barracuda [Sun Jul 20 20:11:06 BST 2014] ==> INFO: BARRACUDA version test: OK Barracuda [Sun Jul 20 20:11:07 BST 2014] ==> UPGRADE START -> checkpoint: * Your e-mail address appears to be chris@webarchitects.co.uk - is that correct? * Your server hostname is puffin.webarch.net. * Your Aegir control panel is/will be available at https://master.puffin.webarch.net. Do you want to proceed with the upgrade? [Y/n] y Barracuda [Sun Jul 20 20:11:26 BST 2014] ==> INFO: Installing extra Drush versions Barracuda [Sun Jul 20 20:11:26 BST 2014] ==> INFO: Drush mini-4-14-03-2014 installation complete Barracuda [Sun Jul 20 20:11:27 BST 2014] ==> INFO: Drush mini-6-16-07-2014 installation complete Barracuda [Sun Jul 20 20:11:28 BST 2014] ==> INFO: Running aptitude update... Barracuda [Sun Jul 20 20:12:21 BST 2014] ==> INFO: Upgrading required libraries and tools Barracuda [Sun Jul 20 20:12:21 BST 2014] ==> NOTE! This step may take a few minutes, please wait... Barracuda [Sun Jul 20 20:13:17 BST 2014] ==> INFO: Testing Nginx version... Barracuda [Sun Jul 20 20:13:17 BST 2014] ==> INFO: Installed Nginx version nginx/1.7.2, upgrade required Barracuda [Sun Jul 20 20:13:18 BST 2014] ==> INFO: Upgrading Nginx... Barracuda [Sun Jul 20 20:14:35 BST 2014] ==> INFO: Running aptitude full-upgrade, please wait... Barracuda [Sun Jul 20 20:15:10 BST 2014] ==> INFO: Testing Nginx version... Barracuda [Sun Jul 20 20:15:10 BST 2014] ==> INFO: Installed Nginx version nginx/1.7.3, OK Barracuda [Sun Jul 20 20:15:11 BST 2014] ==> INFO: Installing MySecureShell 1.33... Barracuda [Sun Jul 20 20:15:38 BST 2014] ==> INFO: Checking SMTP connections... Barracuda [Sun Jul 20 20:15:38 BST 2014] ==> INFO: Upgrading a few more tools... Barracuda [Sun Jul 20 20:15:47 BST 2014] ==> INFO: Checking if PHP upgrade is available Barracuda [Sun Jul 20 20:15:54 BST 2014] ==> INFO: PHP EXTRA is --with-ldap --with-gmp --with-xpm-dir=/usr Barracuda [Sun Jul 20 20:15:54 BST 2014] ==> INFO: Installed PHP version 5.3.28, OK Barracuda [Sun Jul 20 20:15:54 BST 2014] ==> INFO: Installing PhpRedis upgrade for PHP-FPM 5.3.28... Barracuda [Sun Jul 20 20:16:19 BST 2014] ==> INFO: Installed Redis version 2.8.11, upgrade required Barracuda [Sun Jul 20 20:16:19 BST 2014] ==> INFO: Installing Redis update for Debian/wheezy... Barracuda [Sun Jul 20 20:17:32 BST 2014] ==> INFO: Generating random password for Redis server Barracuda [Sun Jul 20 20:17:32 BST 2014] ==> INFO: Updating MariaDB and PHP configuration Barracuda [Sun Jul 20 20:17:34 BST 2014] ==> INFO: OS and services upgrade completed Barracuda [Sun Jul 20 20:17:34 BST 2014] ==> INFO: Restarting MariaDB server, please wait... Barracuda [Sun Jul 20 20:17:52 BST 2014] ==> INFO: Upgrading MariaDB tables if necessary, please wait a minute... Do you want to upgrade Aegir Master Instance? [Y/n] y Barracuda [Sun Jul 20 20:19:06 BST 2014] ==> INFO: Running Aegir Master Instance upgrade Barracuda [Sun Jul 20 20:19:08 BST 2014] ==> INFO: Syncing provision backend db_passwd... Barracuda [Sun Jul 20 20:19:13 BST 2014] ==> INFO: Running hosting-dispatch (1/3)... Barracuda [Sun Jul 20 20:19:27 BST 2014] ==> INFO: Running hosting-dispatch (2/3)... Barracuda [Sun Jul 20 20:19:34 BST 2014] ==> INFO: Running hosting-dispatch (3/3)... Barracuda [Sun Jul 20 20:19:35 BST 2014] ==> INFO: Syncing hostmaster frontend db_passwd... Barracuda [Sun Jul 20 20:19:36 BST 2014] ==> INFO: Testing previous install... Barracuda [Sun Jul 20 20:19:36 BST 2014] ==> INFO: Test OK, we can proceed with Hostmaster upgrade Barracuda [Sun Jul 20 20:19:36 BST 2014] ==> INFO: Moving old directories Barracuda [Sun Jul 20 20:19:36 BST 2014] ==> INFO: Downloading drush... Barracuda [Sun Jul 20 20:19:37 BST 2014] ==> INFO: Drush seems to be functioning properly Barracuda [Sun Jul 20 20:19:37 BST 2014] ==> INFO: Installing provision backend in /var/aegir/.drush Barracuda [Sun Jul 20 20:19:37 BST 2014] ==> INFO: Downloading Drush and Provision extensions... Barracuda [Sun Jul 20 20:19:38 BST 2014] ==> INFO: Running hostmaster-migrate, please wait... Barracuda [Sun Jul 20 20:20:25 BST 2014] ==> INFO: Syncing hostmaster frontend db_passwd... Barracuda [Sun Jul 20 20:21:20 BST 2014] ==> INFO: Aegir Master Instance upgrade completed Do you want to install Chive MariaDB Manager? [Y/n] y Barracuda [Sun Jul 20 20:22:48 BST 2014] ==> INFO: Installing Chive MariaDB Manager... Barracuda [Sun Jul 20 20:22:50 BST 2014] ==> INFO: Chive MariaDB Manager installation completed Barracuda [Sun Jul 20 20:22:50 BST 2014] ==> INFO: _PHP_CN set to www53 for Chive MariaDB Manager Barracuda [Sun Jul 20 20:22:56 BST 2014] ==> INFO: _PHP_CN set to www53 for Collectd Graph Panel Barracuda [Sun Jul 20 20:23:01 BST 2014] ==> INFO: Restarting Redis, PHP-FPM and Nginx Barracuda [Sun Jul 20 20:23:09 BST 2014] ==> INFO: Restarting MariaDB server Barracuda [Sun Jul 20 20:23:21 BST 2014] ==> INFO: New secure random password for MariaDB generated and updated Barracuda [Sun Jul 20 20:23:21 BST 2014] ==> INFO: New entry added to /var/log/barracuda_log.txt Barracuda [Sun Jul 20 20:23:21 BST 2014] ==> INFO: Cleaning up system swap, it may take a moment, please wait... Barracuda [Sun Jul 20 20:23:29 BST 2014] ==> CARD: Now charging your credit card for this auto-upgrade magic... Barracuda [Sun Jul 20 20:23:35 BST 2014] ==> JOKE: Just kidding! Enjoy your Aegir Hosting System :) Barracuda [Sun Jul 20 20:23:35 BST 2014] ==> Final post-upgrade cleaning, please wait a moment... Barracuda [Sun Jul 20 20:27:50 BST 2014] ==> BYE! BARRACUDA upgrade completed Bye
Fix for Munin after Redis password change, PuffinServer#Muninconfigchanges and PuffinServer#nginxconfigchanges applied.
The site was checked and everything looks fine, so closing this ticket.
comment:3 Changed 2 years ago by chris
I forgot to do the last step of the upgrade, octopus up-stable all. I have updated the notes, to try to ensure this doesn't happen again, see PuffinServer#UpgradingBOA and there is also another BOA upgrade to do tonight, see ticket:765.
Note: See
TracTickets for help on using
tickets.
I'm going to do this upgrade now - Sunday night is one of the lowest traffic times for the site.
I'm going to follow the steps here wiki:PuffinServer#UpgradingBOA