... | ... | @@ -87,6 +87,10 @@ block certain upgrades. If you want to bypass that, use regular `apt`: |
|
|
|
|
|
cumin -b 10 '*' 'apt update ; apt upgrade -yy ; TERM=doit dsa-update-apt-status'
|
|
|
|
|
|
Another example, this will upgrade all servers running `bookworm`:
|
|
|
|
|
|
cumin -b 10 'F:lsbdistcodename=bookworm' 'apt update ; unattended-upgrade ; TERM=doit dsa-update-apt-status'
|
|
|
|
|
|
# Special cases and manual restarts
|
|
|
|
|
|
The above covers all upgrades that are automatically applied, but some
|
... | ... | @@ -295,6 +299,10 @@ defined to `justdoit` or `rotation`: |
|
|
echo "rebooting 'rotation' hosts with a 10-minute delay, every 30 minutes...."
|
|
|
./reboot -H $(ssh db.torproject.org 'ldapsearch -H ldap://db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL "(rebootPolicy=rotation)" hostname | awk "\$1 == \"hostname:\" {print \$2}" | sort -R') --delay-shutdown=10 --delay-hosts=1800
|
|
|
|
|
|
Another example, this will reboot all hosts running Debian `bookworm`:
|
|
|
|
|
|
./reboot -H $(ssh puppetdb-01.torproject.org "curl -s -G http://localhost:8080/pdb/query/v4 --data-urlencode 'query=nodes { facts { name = \"lsbdistcodename\" and value = \"bookworm\" }}'" | jq -r .[].certname | sort -R)
|
|
|
|
|
|
## Rebooting KVM hosts
|
|
|
|
|
|
The remaining is the "manual" procedure, which includes one KVM last:
|
... | ... | |