Howto: Keeping our servers updated

Aside from the Beach projects that host our websites, we have two servers:

Updating the system software

To keep those updated we need to regularly log into them using SSH, run aptitude -u, update the packages and reboot if needed using shutdown -r now. As simple as that, but

  • pause the monitoring at uptimerobot.com before
  • check Jenkins isn’t running any jobs
  • when rebooting mountain, you need to use the dashboard at cloud.digitalocean.com to open the recovery console, wait for the reboot to finish and then run service networking restart for the machine to be reachable again.
  • un-pause the monitoring at uptimerobot.com afterwards

Any solution for the latter is highly welcome, by the way…

The servers send reminders about available package updates via email, they end up in tickets.neos.io, close them after updating things.

Updating the application software

All applications used have their own internal update tooling, too.

  • Jenkins has plugins, update those in the plugin manager (use the “compatible” link at the bottom of the list to select, start the update, then check the “reboot when done” checkbox.
  • Discourse has it’s own update mechanism, the admin dashboard tells you when there are updates available.
  • Matomo updates itself, too - an email is sent when an update is available, just follow the instructions.

Credentials

The needed credentials are available in 1Password, if what you need isn’t accessible through your own user account.

1 Like