maintenance: ugraded - what's new?

Erik Huelsmann ehuels at
Sat Jul 15 13:52:32 UTC 2017

With respect to the regular services, GitLab was already receiving at least
one upgrade per month and security upgrades were being installed as they
were released by Debian (automatically).

With the upgrade, the system is running a recent version of the Debian
distribution again (Stretch).

Stretch comes with Apache and Nginx versions which support HTTP/2 out of
the box and as we were running on TLS for a long time
already, HTTP/2 is now turned on for all subdomains.

Mail transmission has been configured to use the official

The new distribution comes with a kernel which is recent enough for
container support. Among the next steps, we'll research moving to Mailman3,
which comes - as an option - in Docker containers and a much more modern
web front-end as well as internal architecture.

For those who like to know about the migration strategy for the upgrade:
over the past weeks we created a copy of the VM running and
other services. On that copy, we ran a script for an automated upgrade.
When the upgrade didn't succeed or didn't complete automatically (that is,
required manual intervention), we changed the server configuration and the
script. This process went on until the upgrade completed successfully and
without intervention. Once successful, the configuration was tested and
adjusted for the target software versions. The adjusted configuration was
automatically installed after the upgrade process today, followed by a
reboot to return service.
The migration interval of 3 hours was based on the experience gained from
this exercise.
In the mean time, a separate VM was installed on the IP pointed to by, ensuring that even if services would temporarily be up
during the migration, no users could accidentally access those services.

Thank you for your attention!



Erik. -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the clo-devel mailing list